mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 18:15:37 +01:00
Merge branch 'psa-derive_input_steps-agreement_as_one_step' into psa-api-1.0-beta
Change the key derivation API to take inputs in multiple steps, instead of a single one-site-fits-poorly function. Conflicts: * include/psa/crypto.h: merge independent changes in the documentation of psa_key_agreement (public_key from the work on public key formats vs general description and other parameters in the work on key derivation). * tests/suites/test_suite_psa_crypto.data: update the key agreement tests from the work on key derivation to the format from the work on public key formats. * tests/suites/test_suite_psa_crypto_metadata.function: reconcile the addition of unrelated ALG_IS_xxx macros
This commit is contained in:
commit
9dcc80e628
@ -2765,6 +2765,22 @@ static psa_crypto_generator_t psa_crypto_generator_init(void);
|
||||
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
|
||||
size_t *capacity);
|
||||
|
||||
/** Set the maximum capacity of a generator.
|
||||
*
|
||||
* \param[in,out] generator The generator object to modify.
|
||||
* \param capacity The new capacity of the generator.
|
||||
* It must be less or equal to the generator's
|
||||
* current capacity.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p capacity is larger than the generator's current capacity.
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
*/
|
||||
psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator,
|
||||
size_t capacity);
|
||||
|
||||
/** Read some data from a generator.
|
||||
*
|
||||
* This function reads and returns a sequence of bytes from a generator.
|
||||
@ -2892,37 +2908,36 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
|
||||
|
||||
/** Set up a key derivation operation.
|
||||
*
|
||||
* A key derivation algorithm takes three inputs: a secret input \p key and
|
||||
* two non-secret inputs \p label and p salt.
|
||||
* The result of this function is a byte generator which can
|
||||
* be used to produce keys and other cryptographic material.
|
||||
* A key derivation algorithm takes some inputs and uses them to create
|
||||
* a byte generator which can be used to produce keys and other
|
||||
* cryptographic material.
|
||||
*
|
||||
* The role of \p label and \p salt is as follows:
|
||||
* - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
|
||||
* and \p label is the info string used in the "expand" step.
|
||||
* To use a generator for key derivation:
|
||||
* - Start with an initialized object of type #psa_crypto_generator_t.
|
||||
* - Call psa_key_derivation_setup() to select the algorithm.
|
||||
* - Provide the inputs for the key derivation by calling
|
||||
* psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
|
||||
* as appropriate. Which inputs are needed, in what order, and whether
|
||||
* they may be keys and if so of what type depends on the algorithm.
|
||||
* - Optionally set the generator's maximum capacity with
|
||||
* psa_set_generator_capacity(). You may do this before, in the middle of
|
||||
* or after providing inputs. For some algorithms, this step is mandatory
|
||||
* because the output depends on the maximum capacity.
|
||||
* - Generate output with psa_generator_read() or
|
||||
* psa_generator_import_key(). Successive calls to these functions
|
||||
* use successive output bytes from the generator.
|
||||
* - Clean up the generator object with psa_generator_abort().
|
||||
*
|
||||
* \param[in,out] generator The generator object to set up. It must have
|
||||
* been initialized as per the documentation for
|
||||
* #psa_crypto_generator_t and not yet in use.
|
||||
* \param handle Handle to the secret key.
|
||||
* \param[in,out] generator The generator object to set up. It must
|
||||
* have been initialized but not set up yet.
|
||||
* \param alg The key derivation algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
|
||||
* \param[in] salt Salt to use.
|
||||
* \param salt_length Size of the \p salt buffer in bytes.
|
||||
* \param[in] label Label to use.
|
||||
* \param label_length Size of the \p label buffer in bytes.
|
||||
* \param capacity The maximum number of bytes that the
|
||||
* generator will be able to provide.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_EMPTY_SLOT
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c key is not compatible with \c alg,
|
||||
* or \p capacity is too large for the specified algorithm and key.
|
||||
* \c alg is not a key derivation algorithm.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \c alg is not supported or is not a key derivation algorithm.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
@ -2930,33 +2945,115 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
*/
|
||||
psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator,
|
||||
psa_algorithm_t alg);
|
||||
|
||||
/** Provide an input for key derivation or key agreement.
|
||||
*
|
||||
* Which inputs are required and in what order depends on the algorithm.
|
||||
* Refer to the documentation of each key derivation or key agreement
|
||||
* algorithm for information.
|
||||
*
|
||||
* This function passes direct inputs. Some inputs must be passed as keys
|
||||
* using psa_key_derivation_input_key() instead of this function. Refer to
|
||||
* the documentation of individual step types for information.
|
||||
*
|
||||
* \param[in,out] generator The generator object to use. It must
|
||||
* have been set up with
|
||||
* psa_key_derivation_setup() and must not
|
||||
* have produced any output yet.
|
||||
* \param step Which step the input data is for.
|
||||
* \param[in] data Input data to use.
|
||||
* \param data_length Size of the \p data buffer in bytes.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step is not compatible with the generator's algorithm.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step does not allow direct inputs.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The value of \p step is not valid given the state of \p generator.
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
|
||||
psa_key_handle_t handle,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length,
|
||||
size_t capacity);
|
||||
psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
const uint8_t *data,
|
||||
size_t data_length);
|
||||
|
||||
/** Set up a key agreement operation.
|
||||
/** Provide an input for key derivation in the form of a key.
|
||||
*
|
||||
* Which inputs are required and in what order depends on the algorithm.
|
||||
* Refer to the documentation of each key derivation or key agreement
|
||||
* algorithm for information.
|
||||
*
|
||||
* This function passes key inputs. Some inputs must be passed as keys
|
||||
* of the appropriate type using this function, while others must be
|
||||
* passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
|
||||
* the documentation of individual step types for information.
|
||||
*
|
||||
* \param[in,out] generator The generator object to use. It must
|
||||
* have been set up with
|
||||
* psa_key_derivation_setup() and must not
|
||||
* have produced any output yet.
|
||||
* \param step Which step the input data is for.
|
||||
* \param handle Handle to the key. It must have an
|
||||
* appropriate type for \p step and must
|
||||
* allow the usage #PSA_KEY_USAGE_DERIVE.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_EMPTY_SLOT
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step is not compatible with the generator's algorithm.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step does not allow key inputs.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The value of \p step is not valid given the state of \p generator.
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_handle_t handle);
|
||||
|
||||
/** Perform a key agreement and use the shared secret as input to a key
|
||||
* derivation.
|
||||
*
|
||||
* A key agreement algorithm takes two inputs: a private key \p private_key
|
||||
* a public key \p peer_key.
|
||||
* The result of this function is a byte generator which can
|
||||
* be used to produce keys and other cryptographic material.
|
||||
* The result of this function is passed as input to a key derivation.
|
||||
* The output of this key derivation can be extracted by reading from the
|
||||
* resulting generator to produce keys and other cryptographic material.
|
||||
*
|
||||
* The resulting generator always has the maximum capacity permitted by
|
||||
* the algorithm.
|
||||
*
|
||||
* \param[in,out] generator The generator object to set up. It must have been
|
||||
* initialized as per the documentation for
|
||||
* #psa_crypto_generator_t and not yet in use.
|
||||
* \param private_key Handle to the private key to use.
|
||||
* \param[in,out] generator The generator object to use. It must
|
||||
* have been set up with
|
||||
* psa_key_derivation_setup() with a
|
||||
* key agreement and derivation algorithm
|
||||
* \c alg (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true
|
||||
* and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
|
||||
* is false).
|
||||
* The generator must be ready for an
|
||||
* input of the type given by \p step.
|
||||
* \param step Which step the input data is for.
|
||||
* \param private_key Handle to the private key to use.
|
||||
* \param[in] peer_key Public key of the peer. The peer key must be in the
|
||||
* same format that psa_import_key() accepts for the
|
||||
* public key type corresponding to the type of
|
||||
@ -2971,10 +3068,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
|
||||
* private key is on. The standard formats for public
|
||||
* keys are documented in the documentation of
|
||||
* psa_export_public_key().
|
||||
* \param peer_key_length Size of \p peer_key in bytes.
|
||||
* \param alg The key agreement algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
|
||||
* \param peer_key_length Size of \p peer_key in bytes.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
@ -2993,10 +3087,62 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
*/
|
||||
psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_handle_t private_key,
|
||||
const uint8_t *peer_key,
|
||||
size_t peer_key_length,
|
||||
psa_algorithm_t alg);
|
||||
size_t peer_key_length);
|
||||
|
||||
/** Perform a key agreement and use the shared secret as input to a key
|
||||
* derivation.
|
||||
*
|
||||
* A key agreement algorithm takes two inputs: a private key \p private_key
|
||||
* a public key \p peer_key.
|
||||
*
|
||||
* \warning The raw result of a key agreement algorithm such as finite-field
|
||||
* Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
|
||||
* not be used directly as key material. It should instead be passed as
|
||||
* input to a key derivation algorithm. To chain a key agreement with
|
||||
* a key derivation, use psa_key_agreement() and other functions from
|
||||
* the key derivation and generator interface.
|
||||
*
|
||||
* \param private_key Handle to the private key to use.
|
||||
* \param[in] peer_key Public key of the peer. It must be
|
||||
* in the same format that psa_import_key()
|
||||
* accepts. The standard formats for public
|
||||
* keys are documented in the documentation
|
||||
* of psa_export_public_key().
|
||||
* \param peer_key_length Size of \p peer_key in bytes.
|
||||
* \param[out] output Buffer where the decrypted message is to
|
||||
* be written.
|
||||
* \param output_size Size of the \c output buffer in bytes.
|
||||
* \param[out] output_length On success, the number of bytes
|
||||
* that make up the returned output.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_EMPTY_SLOT
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p alg is not a key agreement algorithm
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \p private_key is not compatible with \p alg,
|
||||
* or \p peer_key is not valid for \p alg or not compatible with
|
||||
* \p private_key.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \p alg is not a supported key agreement algorithm.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
*/
|
||||
psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg,
|
||||
psa_key_handle_t private_key,
|
||||
const uint8_t *peer_key,
|
||||
size_t peer_key_length,
|
||||
uint8_t *output,
|
||||
size_t output_size,
|
||||
size_t *output_length);
|
||||
|
||||
/**@}*/
|
||||
|
||||
|
@ -120,6 +120,64 @@ void mbedtls_psa_crypto_free( void );
|
||||
psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
|
||||
size_t seed_size);
|
||||
|
||||
/** Set up a key derivation operation.
|
||||
*
|
||||
* FIMXE This function is no longer part of the official API. Its prototype
|
||||
* is only kept around for the sake of tests that haven't been updated yet.
|
||||
*
|
||||
* A key derivation algorithm takes three inputs: a secret input \p key and
|
||||
* two non-secret inputs \p label and p salt.
|
||||
* The result of this function is a byte generator which can
|
||||
* be used to produce keys and other cryptographic material.
|
||||
*
|
||||
* The role of \p label and \p salt is as follows:
|
||||
* - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
|
||||
* and \p label is the info string used in the "expand" step.
|
||||
*
|
||||
* \param[in,out] generator The generator object to set up. It must have
|
||||
* been initialized as per the documentation for
|
||||
* #psa_crypto_generator_t and not yet in use.
|
||||
* \param handle Handle to the secret key.
|
||||
* \param alg The key derivation algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
|
||||
* \param[in] salt Salt to use.
|
||||
* \param salt_length Size of the \p salt buffer in bytes.
|
||||
* \param[in] label Label to use.
|
||||
* \param label_length Size of the \p label buffer in bytes.
|
||||
* \param capacity The maximum number of bytes that the
|
||||
* generator will be able to provide.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_EMPTY_SLOT
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c key is not compatible with \c alg,
|
||||
* or \p capacity is too large for the specified algorithm and key.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \c alg is not supported or is not a key derivation algorithm.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_TAMPERING_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
|
||||
psa_key_handle_t handle,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length,
|
||||
size_t capacity);
|
||||
|
||||
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
|
||||
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
|
@ -186,6 +186,8 @@ typedef struct
|
||||
#endif
|
||||
uint8_t offset_in_block;
|
||||
uint8_t block_number;
|
||||
uint8_t state : 2;
|
||||
uint8_t info_set : 1;
|
||||
} psa_hkdf_generator_t;
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
|
@ -98,4 +98,13 @@ typedef uint32_t psa_key_usage_t;
|
||||
|
||||
/**@}*/
|
||||
|
||||
/** \defgroup derivation Key derivation
|
||||
* @{
|
||||
*/
|
||||
|
||||
/** \brief Encoding of the step of a key derivation. */
|
||||
typedef uint16_t psa_key_derivation_step_t;
|
||||
|
||||
/**@}*/
|
||||
|
||||
#endif /* PSA_CRYPTO_TYPES_H */
|
||||
|
@ -540,9 +540,8 @@
|
||||
#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000)
|
||||
#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000)
|
||||
#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000)
|
||||
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x22000000)
|
||||
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x30000000)
|
||||
#define PSA_ALG_CATEGORY_KEY_SELECTION ((psa_algorithm_t)0x31000000)
|
||||
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000)
|
||||
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000)
|
||||
|
||||
#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
|
||||
(((alg) & PSA_ALG_VENDOR_FLAG) != 0)
|
||||
@ -1170,11 +1169,20 @@
|
||||
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
|
||||
0)
|
||||
|
||||
#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100)
|
||||
#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x20000100)
|
||||
/** Macro to build an HKDF algorithm.
|
||||
*
|
||||
* For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
|
||||
*
|
||||
* This key derivation algorithm uses the following inputs:
|
||||
* - #PSA_KDF_STEP_SALT is the salt used in the "extract" step.
|
||||
* It is optional; if omitted, the derivation uses an empty salt.
|
||||
* - #PSA_KDF_STEP_SECRET is the secret key used in the "extract" step.
|
||||
* - #PSA_KDF_STEP_INFO is the info string used in the "expand" step.
|
||||
* You must pass #PSA_KDF_STEP_SALT before #PSA_KDF_STEP_SECRET.
|
||||
* You may pass #PSA_KDF_STEP_INFO at any time after steup and before
|
||||
* starting to generate output.
|
||||
*
|
||||
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
||||
*
|
||||
@ -1200,7 +1208,7 @@
|
||||
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
|
||||
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200)
|
||||
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x20000200)
|
||||
/** Macro to build a TLS-1.2 PRF algorithm.
|
||||
*
|
||||
* TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
|
||||
@ -1239,7 +1247,7 @@
|
||||
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
|
||||
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300)
|
||||
#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x20000300)
|
||||
/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
|
||||
*
|
||||
* In a pure-PSK handshake in TLS 1.2, the master secret is derived
|
||||
@ -1279,51 +1287,48 @@
|
||||
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
|
||||
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff)
|
||||
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x080fffff)
|
||||
#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0x10f00000)
|
||||
|
||||
/** Use a shared secret as is.
|
||||
/** Macro to build a combined algorithm that chains a key agreement with
|
||||
* a key derivation.
|
||||
*
|
||||
* Specify this algorithm as the selection component of a key agreement
|
||||
* to use the raw result of the key agreement as key material.
|
||||
* \param ka_alg A key agreement algorithm (\c PSA_ALG_XXX value such
|
||||
* that #PSA_ALG_IS_KEY_AGREEMENT(\p ka_alg) is true).
|
||||
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
|
||||
* that #PSA_ALG_IS_KEY_DERIVATION(\p kdf_alg) is true).
|
||||
*
|
||||
* \warning The raw result of a key agreement algorithm such as finite-field
|
||||
* Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
|
||||
* not be used directly as key material. It can however be used as the secret
|
||||
* input in a key derivation algorithm.
|
||||
* \return The corresponding key agreement and derivation
|
||||
* algorithm.
|
||||
* \return Unspecified if \p ka_alg is not a supported
|
||||
* key agreement algorithm or \p kdf_alg is not a
|
||||
* supported key derivation algorithm.
|
||||
*/
|
||||
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
|
||||
#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
|
||||
((ka_alg) | (kdf_alg))
|
||||
|
||||
#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
|
||||
(((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
|
||||
|
||||
#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
|
||||
((alg) & ~PSA_ALG_KEY_DERIVATION_MASK)
|
||||
#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
|
||||
(((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
|
||||
|
||||
#define PSA_ALG_FFDH_BASE ((psa_algorithm_t)0x22100000)
|
||||
/** The Diffie-Hellman key agreement algorithm.
|
||||
*
|
||||
* This algorithm combines the finite-field Diffie-Hellman (DH) key
|
||||
* agreement, also known as Diffie-Hellman-Merkle (DHM) key agreement,
|
||||
* to produce a shared secret from a private key and the peer's
|
||||
* public key, with a key selection or key derivation algorithm to produce
|
||||
* one or more shared keys and other shared cryptographic material.
|
||||
#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
|
||||
(PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
|
||||
|
||||
#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
|
||||
((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
|
||||
|
||||
/** The finite-field Diffie-Hellman (DH) key agreement algorithm.
|
||||
*
|
||||
* The shared secret produced by key agreement and passed as input to the
|
||||
* derivation or selection algorithm \p kdf_alg is the shared secret
|
||||
* `g^{ab}` in big-endian format.
|
||||
* It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
|
||||
* in bits.
|
||||
*
|
||||
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
|
||||
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
|
||||
* or a key selection algorithm (\c PSA_ALG_XXX value such
|
||||
* that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
|
||||
*
|
||||
* \return The Diffie-Hellman algorithm with the specified
|
||||
* selection or derivation algorithm.
|
||||
*/
|
||||
#define PSA_ALG_FFDH(kdf_alg) \
|
||||
(PSA_ALG_FFDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
|
||||
#define PSA_ALG_FFDH ((psa_algorithm_t)0x30100000)
|
||||
|
||||
/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
|
||||
*
|
||||
* This includes every supported key selection or key agreement algorithm
|
||||
@ -1336,18 +1341,11 @@
|
||||
* key agreement algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_FFDH(alg) \
|
||||
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE)
|
||||
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
|
||||
|
||||
#define PSA_ALG_ECDH_BASE ((psa_algorithm_t)0x22200000)
|
||||
/** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
|
||||
*
|
||||
* This algorithm combines the elliptic curve Diffie-Hellman key
|
||||
* agreement to produce a shared secret from a private key and the peer's
|
||||
* public key, with a key selection or key derivation algorithm to produce
|
||||
* one or more shared keys and other shared cryptographic material.
|
||||
*
|
||||
* The shared secret produced by key agreement and passed as input to the
|
||||
* derivation or selection algorithm \p kdf_alg is the x-coordinate of
|
||||
* The shared secret produced by key agreement is the x-coordinate of
|
||||
* the shared secret point. It is always `ceiling(m / 8)` bytes long where
|
||||
* `m` is the bit size associated with the curve, i.e. the bit size of the
|
||||
* order of the curve's coordinate field. When `m` is not a multiple of 8,
|
||||
@ -1369,17 +1367,9 @@
|
||||
* the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
|
||||
* in big-endian byte order.
|
||||
* The bit size is `m` for the field `F_{2^m}`.
|
||||
*
|
||||
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
|
||||
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
|
||||
* or a selection algorithm (\c PSA_ALG_XXX value such
|
||||
* that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
|
||||
*
|
||||
* \return The Diffie-Hellman algorithm with the specified
|
||||
* selection or derivation algorithm.
|
||||
*/
|
||||
#define PSA_ALG_ECDH(kdf_alg) \
|
||||
(PSA_ALG_ECDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
|
||||
#define PSA_ALG_ECDH ((psa_algorithm_t)0x30200000)
|
||||
|
||||
/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
|
||||
* algorithm.
|
||||
*
|
||||
@ -1394,7 +1384,7 @@
|
||||
* key agreement algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_ECDH(alg) \
|
||||
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE)
|
||||
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
|
||||
|
||||
/** Whether the specified algorithm encoding is a wildcard.
|
||||
*
|
||||
@ -1506,4 +1496,34 @@
|
||||
|
||||
/**@}*/
|
||||
|
||||
/** \defgroup derivation Key derivation
|
||||
* @{
|
||||
*/
|
||||
|
||||
/** A secret input for key derivation.
|
||||
*
|
||||
* This must be a key of type #PSA_KEY_TYPE_DERIVE.
|
||||
*/
|
||||
#define PSA_KDF_STEP_SECRET ((psa_key_derivation_step_t)0x0101)
|
||||
|
||||
/** A label for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
*/
|
||||
#define PSA_KDF_STEP_LABEL ((psa_key_derivation_step_t)0x0201)
|
||||
|
||||
/** A salt for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
*/
|
||||
#define PSA_KDF_STEP_SALT ((psa_key_derivation_step_t)0x0202)
|
||||
|
||||
/** An information string for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
*/
|
||||
#define PSA_KDF_STEP_INFO ((psa_key_derivation_step_t)0x0203)
|
||||
|
||||
/**@}*/
|
||||
|
||||
#endif /* PSA_CRYPTO_VALUES_H */
|
||||
|
@ -3399,17 +3399,33 @@ exit:
|
||||
/* Generators */
|
||||
/****************************************************************/
|
||||
|
||||
#define HKDF_STATE_INIT 0 /* no input yet */
|
||||
#define HKDF_STATE_STARTED 1 /* got salt */
|
||||
#define HKDF_STATE_KEYED 2 /* got key */
|
||||
#define HKDF_STATE_OUTPUT 3 /* output started */
|
||||
|
||||
static psa_algorithm_t psa_generator_get_kdf_alg(
|
||||
const psa_crypto_generator_t *generator )
|
||||
{
|
||||
if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
|
||||
return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
|
||||
else
|
||||
return( generator->alg );
|
||||
}
|
||||
|
||||
|
||||
psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
|
||||
{
|
||||
psa_status_t status = PSA_SUCCESS;
|
||||
if( generator->alg == 0 )
|
||||
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
|
||||
if( kdf_alg == 0 )
|
||||
{
|
||||
/* The object has (apparently) been initialized but it is not
|
||||
* in use. It's ok to call abort on such an object, and there's
|
||||
* nothing to do. */
|
||||
}
|
||||
else
|
||||
if( generator->alg == PSA_ALG_SELECT_RAW )
|
||||
if( kdf_alg == PSA_ALG_SELECT_RAW )
|
||||
{
|
||||
if( generator->ctx.buffer.data != NULL )
|
||||
{
|
||||
@ -3420,14 +3436,14 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
|
||||
}
|
||||
else
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_HKDF( generator->alg ) )
|
||||
if( PSA_ALG_IS_HKDF( kdf_alg ) )
|
||||
{
|
||||
mbedtls_free( generator->ctx.hkdf.info );
|
||||
status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
|
||||
}
|
||||
else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
|
||||
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
|
||||
/* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
|
||||
{
|
||||
if( generator->ctx.tls12_prf.key != NULL )
|
||||
{
|
||||
@ -3452,7 +3468,6 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
|
||||
return( status );
|
||||
}
|
||||
|
||||
|
||||
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
|
||||
size_t *capacity)
|
||||
{
|
||||
@ -3460,6 +3475,17 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
psa_status_t psa_set_generator_capacity( psa_crypto_generator_t *generator,
|
||||
size_t capacity )
|
||||
{
|
||||
if( generator->alg == 0 )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
if( capacity > generator->capacity )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
generator->capacity = capacity;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
/* Read some bytes from an HKDF-based generator. This performs a chunk
|
||||
* of the expand phase of the HKDF algorithm. */
|
||||
@ -3471,6 +3497,10 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
psa_status_t status;
|
||||
|
||||
if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
hkdf->state = HKDF_STATE_OUTPUT;
|
||||
|
||||
while( output_length != 0 )
|
||||
{
|
||||
/* Copy what remains of the current block */
|
||||
@ -3684,6 +3714,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
|
||||
size_t output_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
|
||||
|
||||
if( output_length > generator->capacity )
|
||||
{
|
||||
@ -3694,7 +3725,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
|
||||
goto exit;
|
||||
}
|
||||
if( output_length == 0 &&
|
||||
generator->capacity == 0 && generator->alg == 0 )
|
||||
generator->capacity == 0 && kdf_alg == 0 )
|
||||
{
|
||||
/* Edge case: this is a blank or finished generator, and 0
|
||||
* bytes were requested. The right error in this case could
|
||||
@ -3706,7 +3737,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
|
||||
}
|
||||
generator->capacity -= output_length;
|
||||
|
||||
if( generator->alg == PSA_ALG_SELECT_RAW )
|
||||
if( kdf_alg == PSA_ALG_SELECT_RAW )
|
||||
{
|
||||
/* Initially, the capacity of a selection generator is always
|
||||
* the size of the buffer, i.e. `generator->ctx.buffer.size`,
|
||||
@ -3724,17 +3755,17 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
|
||||
}
|
||||
else
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_HKDF( generator->alg ) )
|
||||
if( PSA_ALG_IS_HKDF( kdf_alg ) )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( generator->alg );
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
|
||||
status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg,
|
||||
output, output_length );
|
||||
}
|
||||
else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
|
||||
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
|
||||
{
|
||||
status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf,
|
||||
generator->alg, output,
|
||||
kdf_alg, output,
|
||||
output_length );
|
||||
}
|
||||
else
|
||||
@ -3841,6 +3872,8 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
memcpy( hkdf->info, label, label_length );
|
||||
}
|
||||
hkdf->state = HKDF_STATE_KEYED;
|
||||
hkdf->info_set = 1;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
@ -4084,6 +4117,232 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
|
||||
return( status );
|
||||
}
|
||||
|
||||
static psa_status_t psa_key_derivation_setup_kdf(
|
||||
psa_crypto_generator_t *generator,
|
||||
psa_algorithm_t kdf_alg )
|
||||
{
|
||||
/* Make sure that kdf_alg is a supported key derivation algorithm. */
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_HKDF( kdf_alg ) ||
|
||||
PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
|
||||
size_t hash_size = PSA_HASH_SIZE( hash_alg );
|
||||
if( hash_size == 0 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
|
||||
! ( hash_alg == PSA_ALG_SHA_256 && hash_alg == PSA_ALG_SHA_384 ) )
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
generator->capacity = 255 * hash_size;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
else
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
psa_status_t psa_key_derivation_setup( psa_crypto_generator_t *generator,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_status_t status;
|
||||
|
||||
if( generator->alg != 0 )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
|
||||
{
|
||||
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
|
||||
status = psa_key_derivation_setup_kdf( generator, kdf_alg );
|
||||
}
|
||||
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
|
||||
{
|
||||
status = psa_key_derivation_setup_kdf( generator, alg );
|
||||
}
|
||||
else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( status == PSA_SUCCESS )
|
||||
generator->alg = alg;
|
||||
return( status );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf,
|
||||
psa_algorithm_t hash_alg,
|
||||
psa_key_derivation_step_t step,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
switch( step )
|
||||
{
|
||||
case PSA_KDF_STEP_SALT:
|
||||
if( hkdf->state == HKDF_STATE_INIT )
|
||||
{
|
||||
status = psa_hmac_setup_internal( &hkdf->hmac,
|
||||
data, data_length,
|
||||
hash_alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
hkdf->state = HKDF_STATE_STARTED;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
else
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
break;
|
||||
case PSA_KDF_STEP_SECRET:
|
||||
/* If no salt was provided, use an empty salt. */
|
||||
if( hkdf->state == HKDF_STATE_INIT )
|
||||
{
|
||||
status = psa_hmac_setup_internal( &hkdf->hmac,
|
||||
NULL, 0,
|
||||
PSA_ALG_HMAC( hash_alg ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
hkdf->state = HKDF_STATE_STARTED;
|
||||
}
|
||||
if( hkdf->state == HKDF_STATE_STARTED )
|
||||
{
|
||||
status = psa_hash_update( &hkdf->hmac.hash_ctx,
|
||||
data, data_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_hmac_finish_internal( &hkdf->hmac,
|
||||
hkdf->prk,
|
||||
sizeof( hkdf->prk ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
|
||||
hkdf->block_number = 0;
|
||||
hkdf->state = HKDF_STATE_KEYED;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
else
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
break;
|
||||
case PSA_KDF_STEP_INFO:
|
||||
if( hkdf->state == HKDF_STATE_OUTPUT )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
if( hkdf->info_set )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
hkdf->info_length = data_length;
|
||||
if( data_length != 0 )
|
||||
{
|
||||
hkdf->info = mbedtls_calloc( 1, data_length );
|
||||
if( hkdf->info == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
memcpy( hkdf->info, data, data_length );
|
||||
}
|
||||
hkdf->info_set = 1;
|
||||
return( PSA_SUCCESS );
|
||||
default:
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
static psa_status_t psa_key_derivation_input_raw(
|
||||
psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
|
||||
|
||||
if( kdf_alg == PSA_ALG_SELECT_RAW )
|
||||
{
|
||||
if( generator->capacity != 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
generator->ctx.buffer.data = mbedtls_calloc( 1, data_length );
|
||||
if( generator->ctx.buffer.data == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
memcpy( generator->ctx.buffer.data, data, data_length );
|
||||
generator->ctx.buffer.size = data_length;
|
||||
generator->capacity = data_length;
|
||||
status = PSA_SUCCESS;
|
||||
}
|
||||
else
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_HKDF( kdf_alg ) )
|
||||
{
|
||||
status = psa_hkdf_input( &generator->ctx.hkdf,
|
||||
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
|
||||
step, data, data_length );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
/* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
|
||||
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
|
||||
{
|
||||
// TODO
|
||||
status = PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
{
|
||||
/* This can't happen unless the generator object was not initialized */
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_generator_abort( generator );
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
switch( step )
|
||||
{
|
||||
case PSA_KDF_STEP_LABEL:
|
||||
case PSA_KDF_STEP_SALT:
|
||||
case PSA_KDF_STEP_INFO:
|
||||
return( psa_key_derivation_input_raw( generator, step,
|
||||
data, data_length ) );
|
||||
default:
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
}
|
||||
|
||||
psa_status_t psa_key_derivation_input_key( psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_handle_t handle )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
status = psa_get_key_from_slot( handle, &slot,
|
||||
PSA_KEY_USAGE_DERIVE,
|
||||
generator->alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
// TODO: for a key agreement algorithm, allow the corresponding key type and step
|
||||
if( slot->type != PSA_KEY_TYPE_DERIVE )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
/* Don't allow a key to be used as an input that is usually public.
|
||||
* This is debatable. It's ok from a cryptographic perspective to
|
||||
* use secret material as an input that is usually public. However
|
||||
* the material should be dedicated to a particular input step,
|
||||
* otherwise this may allow the key to be used in an unintended way
|
||||
* and leak values derived from the key. So be conservative. */
|
||||
if( step != PSA_KDF_STEP_SECRET )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
return( psa_key_derivation_input_raw( generator,
|
||||
step,
|
||||
slot->data.raw.data,
|
||||
slot->data.raw.bytes ) );
|
||||
}
|
||||
|
||||
|
||||
|
||||
/****************************************************************/
|
||||
@ -4140,10 +4399,10 @@ exit:
|
||||
* to potentially free embedded data structures and wipe confidential data.
|
||||
*/
|
||||
static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_slot_t *private_key,
|
||||
const uint8_t *peer_key,
|
||||
size_t peer_key_length,
|
||||
psa_algorithm_t alg )
|
||||
size_t peer_key_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
|
||||
@ -4151,10 +4410,10 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato
|
||||
|
||||
/* Step 1: run the secret agreement algorithm to generate the shared
|
||||
* secret. */
|
||||
switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ) )
|
||||
switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg ) )
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_C)
|
||||
case PSA_ALG_ECDH_BASE:
|
||||
case PSA_ALG_ECDH:
|
||||
if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( private_key->type ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
status = psa_key_agreement_ecdh( peer_key, peer_key_length,
|
||||
@ -4175,34 +4434,31 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato
|
||||
|
||||
/* Step 2: set up the key derivation to generate key material from
|
||||
* the shared secret. */
|
||||
status = psa_key_derivation_internal( generator,
|
||||
shared_secret, shared_secret_length,
|
||||
PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ),
|
||||
NULL, 0, NULL, 0,
|
||||
PSA_GENERATOR_UNBRIDLED_CAPACITY );
|
||||
status = psa_key_derivation_input_raw( generator, step,
|
||||
shared_secret, shared_secret_length );
|
||||
|
||||
exit:
|
||||
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
|
||||
return( status );
|
||||
}
|
||||
|
||||
psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_handle_t private_key,
|
||||
const uint8_t *peer_key,
|
||||
size_t peer_key_length,
|
||||
psa_algorithm_t alg )
|
||||
size_t peer_key_length )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
|
||||
if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
status = psa_get_key_from_slot( private_key, &slot,
|
||||
PSA_KEY_USAGE_DERIVE, alg );
|
||||
PSA_KEY_USAGE_DERIVE, generator->alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_key_agreement_internal( generator,
|
||||
status = psa_key_agreement_internal( generator, step,
|
||||
slot,
|
||||
peer_key, peer_key_length,
|
||||
alg );
|
||||
peer_key, peer_key_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_generator_abort( generator );
|
||||
return( status );
|
||||
|
@ -474,15 +474,15 @@ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KE
|
||||
|
||||
PSA key policy: agreement, permitted
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
|
||||
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
|
||||
|
||||
PSA key policy: agreement, not permitted
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
agreement_key_policy:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
|
||||
agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
|
||||
|
||||
PSA key policy: agreement, wrong algorithm
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH(PSA_ALG_SELECT_RAW)
|
||||
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH
|
||||
|
||||
Hash operation object initializers zero properly
|
||||
hash_operation_init:
|
||||
@ -1149,7 +1149,7 @@ import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17
|
||||
|
||||
PSA import/exercise: ECP SECP256R1 keypair, ECDH
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
|
||||
import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH
|
||||
|
||||
PSA sign: RSA PKCS#1 v1.5, raw
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
@ -1674,19 +1674,19 @@ derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0
|
||||
|
||||
PSA key agreement setup: ECDH, raw: good
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
|
||||
key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
|
||||
|
||||
PSA key agreement setup: ECDH, raw: public key on different curve
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
|
||||
key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key agreement setup: ECDH, raw: public key instead of private key
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
|
||||
key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key agreement setup: ECDH, unknown KDF
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_setup:PSA_ALG_ECDH(0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
|
||||
key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, 0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA key agreement setup: not a key agreement algorithm
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
@ -1694,71 +1694,71 @@ key_agreement_setup:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):PSA_KEY_TYPE_ECC_KEYPAIR(PSA
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: capacity=32
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
|
||||
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 32 (full)
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 with ECDH-only public key
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3057301106052b8104010c06082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 0+32
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 20+12
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 7+15
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
|
||||
|
||||
PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: capacity=48
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
|
||||
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
|
||||
|
||||
PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: read
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
|
||||
|
||||
PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: capacity=66
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
|
||||
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
|
||||
|
||||
PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: read
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
|
||||
|
||||
PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: capacity=32
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
|
||||
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
|
||||
|
||||
PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: read
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
|
||||
|
||||
PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: capacity=48
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
|
||||
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
|
||||
|
||||
PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: read
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
|
||||
|
||||
PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: capacity=64
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
|
||||
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
|
||||
|
||||
PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
|
||||
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
|
||||
|
||||
PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
|
||||
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
|
||||
key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
|
||||
|
||||
PSA generate random: 0 bytes
|
||||
generate_random:0
|
||||
|
@ -366,11 +366,30 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
|
||||
|
||||
if( usage & PSA_KEY_USAGE_DERIVE )
|
||||
{
|
||||
PSA_ASSERT( psa_key_derivation( &generator,
|
||||
handle, alg,
|
||||
label, label_length,
|
||||
seed, seed_length,
|
||||
sizeof( output ) ) );
|
||||
if( PSA_ALG_IS_HKDF( alg ) )
|
||||
{
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
|
||||
PSA_KDF_STEP_SALT,
|
||||
label,
|
||||
label_length ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_key( &generator,
|
||||
PSA_KDF_STEP_SECRET,
|
||||
handle ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
|
||||
PSA_KDF_STEP_INFO,
|
||||
seed,
|
||||
seed_length ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
// legacy
|
||||
PSA_ASSERT( psa_key_derivation( &generator,
|
||||
handle, alg,
|
||||
label, label_length,
|
||||
seed, seed_length,
|
||||
sizeof( output ) ) );
|
||||
}
|
||||
PSA_ASSERT( psa_generator_read( &generator,
|
||||
output,
|
||||
sizeof( output ) ) );
|
||||
@ -386,8 +405,7 @@ exit:
|
||||
/* We need two keys to exercise key agreement. Exercise the
|
||||
* private key against its own public key. */
|
||||
static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
|
||||
psa_key_handle_t handle,
|
||||
psa_algorithm_t alg )
|
||||
psa_key_handle_t handle )
|
||||
{
|
||||
psa_key_type_t private_key_type;
|
||||
psa_key_type_t public_key_type;
|
||||
@ -409,9 +427,8 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
|
||||
public_key, public_key_length,
|
||||
&public_key_length ) );
|
||||
|
||||
status = psa_key_agreement( generator, handle,
|
||||
public_key, public_key_length,
|
||||
alg );
|
||||
status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle,
|
||||
public_key, public_key_length );
|
||||
exit:
|
||||
mbedtls_free( public_key );
|
||||
return( status );
|
||||
@ -429,7 +446,8 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
|
||||
{
|
||||
/* We need two keys to exercise key agreement. Exercise the
|
||||
* private key against its own public key. */
|
||||
PSA_ASSERT( key_agreement_with_self( &generator, handle, alg ) );
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
|
||||
PSA_ASSERT( psa_generator_read( &generator,
|
||||
output,
|
||||
sizeof( output ) ) );
|
||||
@ -1753,7 +1771,8 @@ void agreement_key_policy( int policy_usage,
|
||||
PSA_ASSERT( psa_import_key( handle, key_type,
|
||||
key_data->x, key_data->len ) );
|
||||
|
||||
status = key_agreement_with_self( &generator, handle, exercise_alg );
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
|
||||
status = key_agreement_with_self( &generator, handle );
|
||||
|
||||
if( policy_alg == exercise_alg &&
|
||||
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
|
||||
@ -3476,10 +3495,29 @@ void derive_output( int alg_arg,
|
||||
key_data->len ) );
|
||||
|
||||
/* Extraction phase. */
|
||||
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
|
||||
salt->x, salt->len,
|
||||
label->x, label->len,
|
||||
requested_capacity ) );
|
||||
if( PSA_ALG_IS_HKDF( alg ) )
|
||||
{
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
PSA_ASSERT( psa_set_generator_capacity( &generator,
|
||||
requested_capacity ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
|
||||
PSA_KDF_STEP_SALT,
|
||||
salt->x, salt->len ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_key( &generator,
|
||||
PSA_KDF_STEP_SECRET,
|
||||
handle ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
|
||||
PSA_KDF_STEP_INFO,
|
||||
label->x, label->len ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
// legacy
|
||||
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
|
||||
salt->x, salt->len,
|
||||
label->x, label->len,
|
||||
requested_capacity ) );
|
||||
}
|
||||
PSA_ASSERT( psa_get_generator_capacity( &generator,
|
||||
¤t_capacity ) );
|
||||
TEST_EQUAL( current_capacity, requested_capacity );
|
||||
@ -3556,10 +3594,29 @@ void derive_full( int alg_arg,
|
||||
key_data->len ) );
|
||||
|
||||
/* Extraction phase. */
|
||||
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
|
||||
salt->x, salt->len,
|
||||
label->x, label->len,
|
||||
requested_capacity ) );
|
||||
if( PSA_ALG_IS_HKDF( alg ) )
|
||||
{
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
PSA_ASSERT( psa_set_generator_capacity( &generator,
|
||||
requested_capacity ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
|
||||
PSA_KDF_STEP_SALT,
|
||||
salt->x, salt->len ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_key( &generator,
|
||||
PSA_KDF_STEP_SECRET,
|
||||
handle ) );
|
||||
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
|
||||
PSA_KDF_STEP_INFO,
|
||||
label->x, label->len ) );
|
||||
}
|
||||
else
|
||||
{
|
||||
// legacy
|
||||
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
|
||||
salt->x, salt->len,
|
||||
label->x, label->len,
|
||||
requested_capacity ) );
|
||||
}
|
||||
PSA_ASSERT( psa_get_generator_capacity( &generator,
|
||||
¤t_capacity ) );
|
||||
TEST_EQUAL( current_capacity, expected_capacity );
|
||||
@ -3772,10 +3829,10 @@ void key_agreement_setup( int alg_arg,
|
||||
our_key_data->x,
|
||||
our_key_data->len ) );
|
||||
|
||||
TEST_EQUAL( psa_key_agreement( &generator,
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
|
||||
our_key,
|
||||
peer_key_data->x, peer_key_data->len,
|
||||
alg ),
|
||||
peer_key_data->x, peer_key_data->len ),
|
||||
expected_status_arg );
|
||||
|
||||
exit:
|
||||
@ -3811,10 +3868,10 @@ void key_agreement_capacity( int alg_arg,
|
||||
our_key_data->x,
|
||||
our_key_data->len ) );
|
||||
|
||||
PSA_ASSERT( psa_key_agreement( &generator,
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
|
||||
our_key,
|
||||
peer_key_data->x, peer_key_data->len,
|
||||
alg ) );
|
||||
peer_key_data->x, peer_key_data->len ) );
|
||||
|
||||
/* Test the advertized capacity. */
|
||||
PSA_ASSERT( psa_get_generator_capacity(
|
||||
@ -3868,10 +3925,10 @@ void key_agreement_output( int alg_arg,
|
||||
our_key_data->x,
|
||||
our_key_data->len ) );
|
||||
|
||||
PSA_ASSERT( psa_key_agreement( &generator,
|
||||
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
|
||||
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
|
||||
our_key,
|
||||
peer_key_data->x, peer_key_data->len,
|
||||
alg ) );
|
||||
peer_key_data->x, peer_key_data->len ) );
|
||||
|
||||
PSA_ASSERT( psa_generator_read( &generator,
|
||||
actual_output,
|
||||
|
@ -266,24 +266,21 @@ Key derivation: HKDF using SHA-256
|
||||
depends_on:MBEDTLS_SHA256_C
|
||||
key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF
|
||||
|
||||
Key selection: raw
|
||||
key_selection_algorithm:PSA_ALG_SELECT_RAW:0
|
||||
|
||||
Key agreement: FFDH, raw output
|
||||
depends_on:MBEDTLS_DHM_C
|
||||
key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_SELECT_RAW ):ALG_IS_FFDH:PSA_ALG_SELECT_RAW
|
||||
key_agreement_algorithm:PSA_ALG_FFDH:ALG_IS_FFDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_FFDH:PSA_ALG_CATEGORY_KEY_DERIVATION
|
||||
|
||||
Key agreement: FFDH, HKDF using SHA-256
|
||||
depends_on:MBEDTLS_DHM_C
|
||||
key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
|
||||
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
|
||||
|
||||
Key agreement: ECDH, raw output
|
||||
depends_on:MBEDTLS_ECDH_C
|
||||
key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ):ALG_IS_ECDH:PSA_ALG_SELECT_RAW
|
||||
key_agreement_algorithm:PSA_ALG_ECDH:ALG_IS_ECDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_ECDH:PSA_ALG_CATEGORY_KEY_DERIVATION
|
||||
|
||||
Key agreement: ECDH, HKDF using SHA-256
|
||||
depends_on:MBEDTLS_ECDH_C
|
||||
key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
|
||||
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
|
||||
|
||||
Key type: raw data
|
||||
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
|
||||
|
@ -35,6 +35,7 @@
|
||||
#define ALG_IS_FFDH ( 1u << 17 )
|
||||
#define ALG_IS_ECDH ( 1u << 18 )
|
||||
#define ALG_IS_WILDCARD ( 1u << 19 )
|
||||
#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 )
|
||||
|
||||
/* Flags for key type classification macros. There is a flag for every
|
||||
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
|
||||
@ -73,6 +74,9 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
|
||||
TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
|
||||
TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
|
||||
TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
|
||||
TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags );
|
||||
TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags );
|
||||
TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
|
||||
exit: ;
|
||||
}
|
||||
|
||||
@ -113,7 +117,6 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
|
||||
/* Length */
|
||||
@ -134,7 +137,6 @@ void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
|
||||
/* Tag length */
|
||||
@ -174,7 +176,6 @@ void hash_algorithm( int alg_arg, int length_arg )
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, 0 );
|
||||
|
||||
/* Dependent algorithms */
|
||||
@ -271,7 +272,6 @@ void cipher_algorithm( int alg_arg, int classification_flags )
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
}
|
||||
/* END_CASE */
|
||||
@ -320,7 +320,6 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
}
|
||||
/* END_CASE */
|
||||
@ -350,7 +349,6 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
|
||||
TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
}
|
||||
/* END_CASE */
|
||||
@ -359,6 +357,8 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
|
||||
void key_derivation_algorithm( int alg_arg, int classification_flags )
|
||||
{
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg );
|
||||
psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg );
|
||||
|
||||
/* Algorithm classification */
|
||||
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
|
||||
@ -369,49 +369,25 @@ void key_derivation_algorithm( int alg_arg, int classification_flags )
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
|
||||
/* Check combinations with key agreements */
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
|
||||
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
|
||||
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void key_selection_algorithm( int alg_arg, int classification_flags )
|
||||
{
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
|
||||
/* Algorithm classification */
|
||||
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
|
||||
/* Check combinations with key agreements */
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
|
||||
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
|
||||
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) );
|
||||
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg );
|
||||
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void key_agreement_algorithm( int alg_arg, int classification_flags,
|
||||
int post_alg_arg )
|
||||
int ka_alg_arg, int kdf_alg_arg )
|
||||
{
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
psa_algorithm_t actual_post_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
|
||||
psa_algorithm_t expected_post_alg = post_alg_arg;
|
||||
psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
|
||||
psa_algorithm_t expected_ka_alg = ka_alg_arg;
|
||||
psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
|
||||
psa_algorithm_t expected_kdf_alg = kdf_alg_arg;
|
||||
|
||||
/* Algorithm classification */
|
||||
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
|
||||
@ -422,13 +398,11 @@ void key_agreement_algorithm( int alg_arg, int classification_flags,
|
||||
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
|
||||
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
|
||||
algorithm_classification( alg, classification_flags );
|
||||
|
||||
/* Shared secret derivation properties */
|
||||
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( actual_post_alg ) ||
|
||||
PSA_ALG_IS_KEY_SELECTION( actual_post_alg ) );
|
||||
TEST_EQUAL( actual_post_alg, expected_post_alg );
|
||||
TEST_EQUAL( actual_ka_alg, expected_ka_alg );
|
||||
TEST_EQUAL( actual_kdf_alg, expected_kdf_alg );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user