From a99d3fbd058bf1247bc23bf051a22fb2f8792515 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 15:28:51 +0200 Subject: [PATCH 1/9] Rename generator functions to psa_key_derivation_xxx Generators are mostly about key derivation (currently: only about key derivation). "Generator" is not a commonly used term in cryptography. So favor "derivation" as terminology. Call a generator a key derivation operation structure, since it behaves like other multipart operation structures. Furthermore, the function names are not fully consistent. In this commit, I rename the functions to consistently have the prefix "psa_key_derivation_". I used the following command: perl -i -pe '%t = ( psa_crypto_generator_t => "psa_key_derivation_operation_t", psa_crypto_generator_init => "psa_key_derivation_init", psa_key_derivation_setup => "psa_key_derivation_setup", psa_key_derivation_input_key => "psa_key_derivation_input_key", psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes", psa_key_agreement => "psa_key_derivation_key_agreement", psa_set_generator_capacity => "psa_key_derivation_set_capacity", psa_get_generator_capacity => "psa_key_derivation_get_capacity", psa_generator_read => "psa_key_derivation_output_bytes", psa_generate_derived_key => "psa_key_derivation_output_key", psa_generator_abort => "psa_key_derivation_abort", PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT", PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY", ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files) --- docs/getting_started.md | 8 +- include/psa/crypto.h | 74 ++++----- include/psa/crypto_extra.h | 6 +- include/psa/crypto_struct.h | 6 +- library/psa_crypto.c | 64 ++++---- library/ssl_cli.c | 10 +- library/ssl_tls.c | 20 +-- programs/psa/key_ladder_demo.c | 14 +- tests/suites/test_suite_psa_crypto.function | 162 ++++++++++---------- 9 files changed, 182 insertions(+), 182 deletions(-) diff --git a/docs/getting_started.md b/docs/getting_started.md index ec8cc08ce..9a702eaed 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -335,7 +335,7 @@ Deriving a new AES-CTR 128-bit encryption key into a given key slot using HKDF w 1. Set up the generator using the `psa_key_derivation` function providing a key slot containing a key that can be used for key derivation and a salt and label (Note: salt and label are optional). 1. Initiate a key policy to for the derived key by calling `psa_key_policy_set_usage()` with `PSA_KEY_USAGE_ENCRYPT` parameter and the algorithm `PSA_ALG_CTR`. 1. Set the key policy to the derived key slot. -1. Import a key from generator into the desired key slot using (`psa_generate_derived_key`). +1. Import a key from generator into the desired key slot using (`psa_key_derivation_output_key`). 1. Clean up generator. At this point the derived key slot holds a new 128-bit AES-CTR encryption key derived from the key, salt and label provided: @@ -358,7 +358,7 @@ At this point the derived key slot holds a new 128-bit AES-CTR encryption key de psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); psa_key_policy_t policy = PSA_KEY_POLICY_INIT; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; size_t derived_bits = 128; size_t capacity = PSA_BITS_TO_BYTES(derived_bits); @@ -378,10 +378,10 @@ At this point the derived key slot holds a new 128-bit AES-CTR encryption key de psa_set_key_policy(derived_key, &policy); - psa_generate_derived_key(derived_key, PSA_KEY_TYPE_AES, derived_bits, &generator); + psa_key_derivation_output_key(derived_key, PSA_KEY_TYPE_AES, derived_bits, &generator); /* Clean up generator and key */ - psa_generator_abort(&generator); + psa_key_derivation_abort(&generator); /* as part of clean up you may want to clean up the keys used by calling: * psa_destroy_key( base_key ); or psa_destroy_key( derived_key ); */ mbedtls_psa_crypto_free(); diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8c42e932e..0bff6cee9 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -183,10 +183,10 @@ psa_status_t psa_crypto_init(void); * domain parameters, call psa_set_key_domain_parameters() instead. * Skip this step if copying an existing key with psa_copy_key(). * -# When generating a random key with psa_generate_random_key() or deriving a key - * with psa_generate_derived_key(), set the desired key size with + * with psa_key_derivation_output_key(), set the desired key size with * psa_set_key_bits(). * -# Call a key creation function: psa_import_key(), psa_generate_random_key(), - * psa_generate_derived_key() or psa_copy_key(). This function reads + * psa_key_derivation_output_key() or psa_copy_key(). This function reads * the attribute structure, creates a key with these attributes, and * outputs a handle to the newly created key. * -# The attribute structure is now no longer necessary. If you called @@ -217,7 +217,7 @@ typedef struct psa_key_attributes_s psa_key_attributes_t; * The persistent key will be written to storage when the attribute * structure is passed to a key creation function such as * psa_import_key(), psa_generate_random_key(), - * psa_generate_derived_key() or psa_copy_key(). + * psa_key_derivation_output_key() or psa_copy_key(). * * This function may be declared as `static` (i.e. without external * linkage). This function may be provided as a function-like macro, @@ -242,7 +242,7 @@ static void psa_set_key_id(psa_key_attributes_t *attributes, * The persistent key will be written to storage when the attribute * structure is passed to a key creation function such as * psa_import_key(), psa_generate_random_key(), - * psa_generate_derived_key() or psa_copy_key(). + * psa_key_derivation_output_key() or psa_copy_key(). * * This function may be declared as `static` (i.e. without external * linkage). This function may be provided as a function-like macro, @@ -2979,46 +2979,46 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, * initialize it by any of the following means: * - Set the structure to all-bits-zero, for example: * \code - * psa_crypto_generator_t generator; + * psa_key_derivation_operation_t generator; * memset(&generator, 0, sizeof(generator)); * \endcode * - Initialize the structure to logical zero values, for example: * \code - * psa_crypto_generator_t generator = {0}; + * psa_key_derivation_operation_t generator = {0}; * \endcode - * - Initialize the structure to the initializer #PSA_CRYPTO_GENERATOR_INIT, + * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT, * for example: * \code - * psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + * psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; * \endcode - * - Assign the result of the function psa_crypto_generator_init() + * - Assign the result of the function psa_key_derivation_operation_init() * to the structure, for example: * \code - * psa_crypto_generator_t generator; - * generator = psa_crypto_generator_init(); + * psa_key_derivation_operation_t generator; + * generator = psa_key_derivation_operation_init(); * \endcode * * This is an implementation-defined \c struct. Applications should not * make any assumptions about the content of this structure except * as directed by the documentation of a specific implementation. */ -typedef struct psa_crypto_generator_s psa_crypto_generator_t; +typedef struct psa_crypto_generator_s psa_key_derivation_operation_t; -/** \def PSA_CRYPTO_GENERATOR_INIT +/** \def PSA_KEY_DERIVATION_OPERATION_INIT * * This macro returns a suitable initializer for a generator object - * of type #psa_crypto_generator_t. + * of type #psa_key_derivation_operation_t. */ #ifdef __DOXYGEN_ONLY__ /* This is an example definition for documentation purposes. * Implementations should define a suitable value in `crypto_struct.h`. */ -#define PSA_CRYPTO_GENERATOR_INIT {0} +#define PSA_KEY_DERIVATION_OPERATION_INIT {0} #endif /** Return an initial value for a generator object. */ -static psa_crypto_generator_t psa_crypto_generator_init(void); +static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); /** Retrieve the current capacity of a generator. * @@ -3032,7 +3032,7 @@ static psa_crypto_generator_t psa_crypto_generator_init(void); * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator, size_t *capacity); /** Set the maximum capacity of a generator. @@ -3048,7 +3048,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *generator, size_t capacity); /** Read some data from a generator. @@ -3076,7 +3076,7 @@ psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_generator_read(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *generator, uint8_t *output, size_t output_length); @@ -3088,7 +3088,7 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * * - For key types for which the key is an arbitrary sequence of bytes * of a given size, - * this function is functionally equivalent to calling #psa_generator_read + * this function is functionally equivalent to calling #psa_key_derivation_output_bytes * and passing the resulting output to #psa_import_key. * However, this function has a security benefit: * if the implementation provides an isolation boundary then @@ -3188,8 +3188,8 @@ psa_status_t psa_generator_read(psa_crypto_generator_t *generator, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_generate_derived_key(const psa_key_attributes_t *attributes, - psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *generator, psa_key_handle_t *handle); /** Abort a generator. @@ -3199,9 +3199,9 @@ psa_status_t psa_generate_derived_key(const psa_key_attributes_t *attributes, * \c generator structure itself. * * This function may be called at any time as long as the generator - * object has been initialized to #PSA_CRYPTO_GENERATOR_INIT, to - * psa_crypto_generator_init() or a zero value. In particular, it is valid - * to call psa_generator_abort() twice, or to call psa_generator_abort() + * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to + * psa_key_derivation_operation_init() or a zero value. In particular, it is valid + * to call psa_key_derivation_abort() twice, or to call psa_key_derivation_abort() * on a generator that has not been set up. * * Once aborted, the generator object may be called. @@ -3214,7 +3214,7 @@ psa_status_t psa_generate_derived_key(const psa_key_attributes_t *attributes, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); +psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *generator); /** Use the maximum possible capacity for a generator. * @@ -3223,7 +3223,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * The value of the maximum possible capacity depends on the generator * algorithm. */ -#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1)) +#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1)) /**@}*/ @@ -3238,20 +3238,20 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * cryptographic material. * * To use a generator for key derivation: - * - Start with an initialized object of type #psa_crypto_generator_t. + * - Start with an initialized object of type #psa_key_derivation_operation_t. * - Call psa_key_derivation_setup() to select the algorithm. * - Provide the inputs for the key derivation by calling * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() * as appropriate. Which inputs are needed, in what order, and whether * they may be keys and if so of what type depends on the algorithm. * - Optionally set the generator's maximum capacity with - * psa_set_generator_capacity(). You may do this before, in the middle of + * psa_key_derivation_set_capacity(). You may do this before, in the middle of * or after providing inputs. For some algorithms, this step is mandatory * because the output depends on the maximum capacity. - * - Generate output with psa_generator_read() or - * psa_generate_derived_key(). Successive calls to these functions + * - Generate output with psa_key_derivation_output_bytes() or + * psa_key_derivation_output_key(). Successive calls to these functions * use successive output bytes from the generator. - * - Clean up the generator object with psa_generator_abort(). + * - Clean up the generator object with psa_key_derivation_abort(). * * \param[in,out] generator The generator object to set up. It must * have been initialized but not set up yet. @@ -3271,7 +3271,7 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *generator, psa_algorithm_t alg); /** Provide an input for key derivation or key agreement. @@ -3309,7 +3309,7 @@ psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length); @@ -3354,7 +3354,7 @@ psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, psa_key_handle_t handle); @@ -3411,7 +3411,7 @@ psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, @@ -3427,7 +3427,7 @@ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should * not be used directly as key material. It should instead be passed as * input to a key derivation algorithm. To chain a key agreement with - * a key derivation, use psa_key_agreement() and other functions from + * a key derivation, use psa_key_derivation_key_agreement() and other functions from * the key derivation and generator interface. * * \param alg The key agreement algorithm to compute diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 216039c85..66e5dbc64 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -159,7 +159,7 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * * \param[in,out] generator The generator object to set up. It must have * been initialized as per the documentation for - * #psa_crypto_generator_t and not yet in use. + * #psa_key_derivation_operation_t and not yet in use. * \param handle Handle to the secret key. * \param alg The key derivation algorithm to compute * (\c PSA_ALG_XXX value such that @@ -190,7 +190,7 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation(psa_key_derivation_operation_t *generator, psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *salt, @@ -433,7 +433,7 @@ psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle, psa_status_t psa_generate_derived_key_to_handle(psa_key_handle_t handle, psa_key_type_t type, size_t bits, - psa_crypto_generator_t *generator); + psa_key_derivation_operation_t *generator); psa_status_t psa_generate_random_key_to_handle(psa_key_handle_t handle, psa_key_type_t type, diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index df765711c..74e362d8e 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -240,10 +240,10 @@ struct psa_crypto_generator_s } ctx; }; -#define PSA_CRYPTO_GENERATOR_INIT {0, 0, {{0, 0}}} -static inline struct psa_crypto_generator_s psa_crypto_generator_init( void ) +#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {{0, 0}}} +static inline struct psa_crypto_generator_s psa_key_derivation_operation_init( void ) { - const struct psa_crypto_generator_s v = PSA_CRYPTO_GENERATOR_INIT; + const struct psa_crypto_generator_s v = PSA_KEY_DERIVATION_OPERATION_INIT; return( v ); } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 90de4fa87..88e646ab1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4066,7 +4066,7 @@ exit: #define HKDF_STATE_OUTPUT 3 /* output started */ static psa_algorithm_t psa_generator_get_kdf_alg( - const psa_crypto_generator_t *generator ) + const psa_key_derivation_operation_t *generator ) { if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) ); @@ -4075,7 +4075,7 @@ static psa_algorithm_t psa_generator_get_kdf_alg( } -psa_status_t psa_generator_abort( psa_crypto_generator_t *generator ) +psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator ) { psa_status_t status = PSA_SUCCESS; psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); @@ -4129,7 +4129,7 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator ) return( status ); } -psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator, size_t *capacity) { if( generator->alg == 0 ) @@ -4142,7 +4142,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, return( PSA_SUCCESS ); } -psa_status_t psa_set_generator_capacity( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *generator, size_t capacity ) { if( generator->alg == 0 ) @@ -4181,7 +4181,7 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf, if( output_length == 0 ) break; /* We can't be wanting more output after block 0xff, otherwise - * the capacity check in psa_generator_read() would have + * the capacity check in psa_key_derivation_output_bytes() would have * prevented this call. It could happen only if the generator * object was corrupted or if this function is called directly * inside the library. */ @@ -4236,7 +4236,7 @@ static psa_status_t psa_generator_tls12_prf_generate_next_block( size_t Ai_len; /* We can't be wanting more output after block 0xff, otherwise - * the capacity check in psa_generator_read() would have + * the capacity check in psa_key_derivation_output_bytes() would have * prevented this call. It could happen only if the generator * object was corrupted or if this function is called directly * inside the library. */ @@ -4376,7 +4376,7 @@ static psa_status_t psa_generator_tls12_prf_read( } #endif /* MBEDTLS_MD_C */ -psa_status_t psa_generator_read( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *generator, uint8_t *output, size_t output_length ) { @@ -4454,7 +4454,7 @@ exit: * blank generators, so we can return PSA_ERROR_BAD_STATE on blank * generators. */ psa_algorithm_t alg = generator->alg; - psa_generator_abort( generator ); + psa_key_derivation_abort( generator ); generator->alg = alg; memset( output, '!', output_length ); } @@ -4476,7 +4476,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size ) static psa_status_t psa_generate_derived_key_internal( psa_key_slot_t *slot, size_t bits, - psa_crypto_generator_t *generator ) + psa_key_derivation_operation_t *generator ) { uint8_t *data = NULL; size_t bytes = PSA_BITS_TO_BYTES( bits ); @@ -4490,7 +4490,7 @@ static psa_status_t psa_generate_derived_key_internal( if( data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_generator_read( generator, data, bytes ); + status = psa_key_derivation_output_bytes( generator, data, bytes ); if( status != PSA_SUCCESS ) goto exit; #if defined(MBEDTLS_DES_C) @@ -4504,8 +4504,8 @@ exit: return( status ); } -psa_status_t psa_generate_derived_key( const psa_key_attributes_t *attributes, - psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *generator, psa_key_handle_t *handle ) { psa_status_t status; @@ -4530,7 +4530,7 @@ psa_status_t psa_generate_derived_key( const psa_key_attributes_t *attributes, psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle, psa_key_type_t type, size_t bits, - psa_crypto_generator_t *generator ) + psa_key_derivation_operation_t *generator ) { uint8_t *data = NULL; size_t bytes = PSA_BITS_TO_BYTES( bits ); @@ -4544,7 +4544,7 @@ psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle, if( data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_generator_read( generator, data, bytes ); + status = psa_key_derivation_output_bytes( generator, data, bytes ); if( status != PSA_SUCCESS ) goto exit; #if defined(MBEDTLS_DES_C) @@ -4568,7 +4568,7 @@ exit: /* Set up an HKDF-based generator. This is exactly the extract phase * of the HKDF algorithm. * - * Note that if this function fails, you must call psa_generator_abort() + * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, @@ -4613,7 +4613,7 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, #if defined(MBEDTLS_MD_C) /* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). * - * Note that if this function fails, you must call psa_generator_abort() + * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_generator_tls12_prf_setup( @@ -4661,7 +4661,7 @@ static psa_status_t psa_generator_tls12_prf_setup( } /* The first block gets generated when - * psa_generator_read() is called. */ + * psa_key_derivation_output_bytes() is called. */ tls12_prf->block_number = 0; tls12_prf->offset_in_block = hash_length; @@ -4710,11 +4710,11 @@ static psa_status_t psa_generator_tls12_psk_to_ms_setup( } #endif /* MBEDTLS_MD_C */ -/* Note that if this function fails, you must call psa_generator_abort() +/* Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_key_derivation_internal( - psa_crypto_generator_t *generator, + psa_key_derivation_operation_t *generator, const uint8_t *secret, size_t secret_length, psa_algorithm_t alg, const uint8_t *salt, size_t salt_length, @@ -4801,7 +4801,7 @@ static psa_status_t psa_key_derivation_internal( if( capacity <= max_capacity ) generator->capacity = capacity; - else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY ) + else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ) generator->capacity = max_capacity; else return( PSA_ERROR_INVALID_ARGUMENT ); @@ -4809,7 +4809,7 @@ static psa_status_t psa_key_derivation_internal( return( PSA_SUCCESS ); } -psa_status_t psa_key_derivation( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator, psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *salt, @@ -4845,12 +4845,12 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator, label, label_length, capacity ); if( status != PSA_SUCCESS ) - psa_generator_abort( generator ); + psa_key_derivation_abort( generator ); return( status ); } static psa_status_t psa_key_derivation_setup_kdf( - psa_crypto_generator_t *generator, + psa_key_derivation_operation_t *generator, psa_algorithm_t kdf_alg ) { /* Make sure that kdf_alg is a supported key derivation algorithm. */ @@ -4877,7 +4877,7 @@ static psa_status_t psa_key_derivation_setup_kdf( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t psa_key_derivation_setup( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator, psa_algorithm_t alg ) { psa_status_t status; @@ -4972,7 +4972,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, #endif /* MBEDTLS_MD_C */ static psa_status_t psa_key_derivation_input_raw( - psa_crypto_generator_t *generator, + psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) @@ -5018,11 +5018,11 @@ static psa_status_t psa_key_derivation_input_raw( } if( status != PSA_SUCCESS ) - psa_generator_abort( generator ); + psa_key_derivation_abort( generator ); return( status ); } -psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) @@ -5039,7 +5039,7 @@ psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator, } } -psa_status_t psa_key_derivation_input_key( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, psa_key_handle_t handle ) { @@ -5148,10 +5148,10 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, } } -/* Note that if this function fails, you must call psa_generator_abort() +/* Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator, +static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, psa_key_slot_t *private_key, const uint8_t *peer_key, @@ -5183,7 +5183,7 @@ exit: return( status ); } -psa_status_t psa_key_agreement( psa_crypto_generator_t *generator, +psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *generator, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, @@ -5201,7 +5201,7 @@ psa_status_t psa_key_agreement( psa_crypto_generator_t *generator, slot, peer_key, peer_key_length ); if( status != PSA_SUCCESS ) - psa_generator_abort( generator ); + psa_key_derivation_abort( generator ); return( status ); } diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 81c69dd5f..41c2bd23a 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -3116,7 +3116,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) unsigned char *own_pubkey_ecpoint; size_t own_pubkey_ecpoint_len; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; header_len = 4; @@ -3178,7 +3178,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) content_len = own_pubkey_ecpoint_len + 1; /* Compute ECDH shared secret. */ - status = psa_key_agreement( &generator, + status = psa_key_derivation_key_agreement( &generator, handshake->ecdh_psa_privkey, handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, @@ -3191,16 +3191,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) ssl->handshake->pmslen = MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve ); - status = psa_generator_read( &generator, + status = psa_key_derivation_output_bytes( &generator, ssl->handshake->premaster, ssl->handshake->pmslen ); if( status != PSA_SUCCESS ) { - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - status = psa_generator_abort( &generator ); + status = psa_key_derivation_abort( &generator ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 26814429e..42d823063 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -526,7 +526,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, psa_algorithm_t alg; psa_key_policy_t policy; psa_key_handle_t master_slot; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; if( ( status = psa_allocate_key( &master_slot ) ) != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); @@ -556,20 +556,20 @@ static int tls_prf_generic( mbedtls_md_type_t md_type, dlen ); if( status != PSA_SUCCESS ) { - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( master_slot ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - status = psa_generator_read( &generator, dstbuf, dlen ); + status = psa_key_derivation_output_bytes( &generator, dstbuf, dlen ); if( status != PSA_SUCCESS ) { - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( master_slot ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - status = psa_generator_abort( &generator ); + status = psa_key_derivation_abort( &generator ); if( status != PSA_SUCCESS ) { psa_destroy_key( master_slot ); @@ -892,7 +892,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) /* Perform PSK-to-MS expansion in a single step. */ psa_status_t status; psa_algorithm_t alg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_handle_t psk; MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) ); @@ -913,19 +913,19 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl ) master_secret_len ); if( status != PSA_SUCCESS ) { - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - status = psa_generator_read( &generator, session->master, + status = psa_key_derivation_output_bytes( &generator, session->master, master_secret_len ); if( status != PSA_SUCCESS ) { - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } - status = psa_generator_abort( &generator ); + status = psa_key_derivation_abort( &generator ); if( status != PSA_SUCCESS ) return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED ); } diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index aded3bc38..4ebb7e049 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -279,7 +279,7 @@ static psa_status_t derive_key_ladder( const char *ladder[], { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; size_t i; psa_set_key_usage_flags( &attributes, @@ -306,13 +306,13 @@ static psa_status_t derive_key_ladder( const char *ladder[], *key_handle = 0; /* Use the generator obtained from the parent key to create * the next intermediate key. */ - PSA_CHECK( psa_generate_derived_key( &attributes, &generator, + PSA_CHECK( psa_key_derivation_output_key( &attributes, &generator, key_handle ) ); - PSA_CHECK( psa_generator_abort( &generator ) ); + PSA_CHECK( psa_key_derivation_abort( &generator ) ); } exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); if( status != PSA_SUCCESS ) { psa_close_key( *key_handle ); @@ -328,7 +328,7 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, { psa_status_t status = PSA_SUCCESS; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; *wrapping_key_handle = 0; psa_set_key_usage_flags( &attributes, usage ); @@ -343,11 +343,11 @@ static psa_status_t derive_wrapping_key( psa_key_usage_t usage, WRAPPING_KEY_SALT, WRAPPING_KEY_SALT_LENGTH, NULL, 0, PSA_BITS_TO_BYTES( WRAPPING_KEY_BITS ) ) ); - PSA_CHECK( psa_generate_derived_key( &attributes, &generator, + PSA_CHECK( psa_key_derivation_output_key( &attributes, &generator, wrapping_key_handle ) ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); if( status != PSA_SUCCESS ) { psa_close_key( *wrapping_key_handle ); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 8b5773733..ab74bafb3 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -525,7 +525,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, psa_key_usage_t usage, psa_algorithm_t alg ) { - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char label[16] = "This is a label."; size_t label_length = sizeof( label ); unsigned char seed[16] = "abcdefghijklmnop"; @@ -558,10 +558,10 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, seed, seed_length, sizeof( output ) ) ); } - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, output, sizeof( output ) ) ); - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); } return( 1 ); @@ -572,7 +572,7 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ -static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, +static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *generator, psa_key_handle_t handle ) { psa_key_type_t private_key_type; @@ -581,7 +581,7 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, uint8_t *public_key = NULL; size_t public_key_length; /* Return GENERIC_ERROR if something other than the final call to - * psa_key_agreement fails. This isn't fully satisfactory, but it's + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's * good enough: callers will report it as a failed test anyway. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -596,7 +596,7 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, public_key, public_key_length, &public_key_length ) ); - status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle, + status = psa_key_derivation_key_agreement( generator, PSA_KDF_STEP_SECRET, handle, public_key, public_key_length ); exit: mbedtls_free( public_key ); @@ -617,7 +617,7 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, uint8_t output[1024]; size_t output_length; /* Return GENERIC_ERROR if something other than the final call to - * psa_key_agreement fails. This isn't fully satisfactory, but it's + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's * good enough: callers will report it as a failed test anyway. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -664,7 +664,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, psa_key_usage_t usage, psa_algorithm_t alg ) { - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char output[1]; int ok = 0; @@ -674,10 +674,10 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, * private key against its own public key. */ PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); PSA_ASSERT( key_agreement_with_self( &generator, handle ) ); - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, output, sizeof( output ) ) ); - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); } ok = 1; @@ -1844,7 +1844,7 @@ void derive_key_policy( int policy_usage, { psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -1868,7 +1868,7 @@ void derive_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -1884,7 +1884,7 @@ void agreement_key_policy( int policy_usage, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -1906,7 +1906,7 @@ void agreement_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -1922,7 +1922,7 @@ void raw_agreement_key_policy( int policy_usage, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -1943,7 +1943,7 @@ void raw_agreement_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4003,24 +4003,24 @@ void crypto_generator_init( ) * though it's OK by the C standard. We could test for this, but we'd need * to supress the Clang warning for the test. */ size_t capacity; - psa_crypto_generator_t func = psa_crypto_generator_init( ); - psa_crypto_generator_t init = PSA_CRYPTO_GENERATOR_INIT; - psa_crypto_generator_t zero; + psa_key_derivation_operation_t func = psa_key_derivation_operation_init( ); + psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t zero; memset( &zero, 0, sizeof( zero ) ); /* A default generator should not be able to report its capacity. */ - TEST_EQUAL( psa_get_generator_capacity( &func, &capacity ), + TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ), PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_get_generator_capacity( &init, &capacity ), + TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ), PSA_ERROR_BAD_STATE ); - TEST_EQUAL( psa_get_generator_capacity( &zero, &capacity ), + TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ), PSA_ERROR_BAD_STATE ); /* A default generator should be abortable without error. */ - PSA_ASSERT( psa_generator_abort(&func) ); - PSA_ASSERT( psa_generator_abort(&init) ); - PSA_ASSERT( psa_generator_abort(&zero) ); + PSA_ASSERT( psa_key_derivation_abort(&func) ); + PSA_ASSERT( psa_key_derivation_abort(&init) ); + PSA_ASSERT( psa_key_derivation_abort(&zero) ); } /* END_CASE */ @@ -4038,7 +4038,7 @@ void derive_setup( int key_type_arg, psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_status_t expected_status = expected_status_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -4057,7 +4057,7 @@ void derive_setup( int key_type_arg, expected_status ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4068,7 +4068,7 @@ void test_derive_invalid_generator_state( ) { psa_key_handle_t handle = 0; size_t key_type = PSA_KEY_TYPE_DERIVE; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 ); uint8_t buffer[42]; size_t capacity = sizeof( buffer ); @@ -4100,13 +4100,13 @@ void test_derive_invalid_generator_state( ) capacity ), PSA_ERROR_BAD_STATE ); - PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) ); + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, buffer, capacity ) ); - TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ), + TEST_EQUAL( psa_key_derivation_output_bytes( &generator, buffer, capacity ), PSA_ERROR_INSUFFICIENT_DATA ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4118,24 +4118,24 @@ void test_derive_invalid_generator_tests( ) uint8_t output_buffer[16]; size_t buffer_size = 16; size_t capacity = 0; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; - TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); - TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity ) + TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity ) == PSA_ERROR_BAD_STATE ); - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); - TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); - TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity ) + TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity ) == PSA_ERROR_BAD_STATE ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); } /* END_CASE */ @@ -4151,7 +4151,7 @@ void derive_output( int alg_arg, psa_key_handle_t handle = 0; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *expected_outputs[2] = {expected_output1->x, expected_output2->x}; size_t output_sizes[2] = @@ -4185,7 +4185,7 @@ void derive_output( int alg_arg, if( PSA_ALG_IS_HKDF( alg ) ) { PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_set_generator_capacity( &generator, + PSA_ASSERT( psa_key_derivation_set_capacity( &generator, requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, PSA_KDF_STEP_SALT, @@ -4205,7 +4205,7 @@ void derive_output( int alg_arg, label->x, label->len, requested_capacity ) ); } - PSA_ASSERT( psa_get_generator_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &generator, ¤t_capacity ) ); TEST_EQUAL( current_capacity, requested_capacity ); expected_capacity = requested_capacity; @@ -4214,7 +4214,7 @@ void derive_output( int alg_arg, for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ ) { /* Read some bytes. */ - status = psa_generator_read( &generator, + status = psa_key_derivation_output_bytes( &generator, output_buffer, output_sizes[i] ); if( expected_capacity == 0 && output_sizes[i] == 0 ) { @@ -4238,15 +4238,15 @@ void derive_output( int alg_arg, expected_outputs[i], output_sizes[i] ); /* Check the generator status. */ expected_capacity -= output_sizes[i]; - PSA_ASSERT( psa_get_generator_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &generator, ¤t_capacity ) ); TEST_EQUAL( expected_capacity, current_capacity ); } - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); exit: mbedtls_free( output_buffer ); - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4262,7 +4262,7 @@ void derive_full( int alg_arg, psa_key_handle_t handle = 0; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char output_buffer[16]; size_t expected_capacity = requested_capacity; size_t current_capacity; @@ -4281,7 +4281,7 @@ void derive_full( int alg_arg, if( PSA_ALG_IS_HKDF( alg ) ) { PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_set_generator_capacity( &generator, + PSA_ASSERT( psa_key_derivation_set_capacity( &generator, requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, PSA_KDF_STEP_SALT, @@ -4301,7 +4301,7 @@ void derive_full( int alg_arg, label->x, label->len, requested_capacity ) ); } - PSA_ASSERT( psa_get_generator_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &generator, ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); @@ -4311,23 +4311,23 @@ void derive_full( int alg_arg, size_t read_size = sizeof( output_buffer ); if( read_size > current_capacity ) read_size = current_capacity; - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, read_size ) ); expected_capacity -= read_size; - PSA_ASSERT( psa_get_generator_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &generator, ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); } /* Check that the generator refuses to go over capacity. */ - TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ), + TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output_buffer, 1 ), PSA_ERROR_INSUFFICIENT_DATA ); - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4351,7 +4351,7 @@ void derive_key_exercise( int alg_arg, psa_key_usage_t derived_usage = derived_usage_arg; psa_algorithm_t derived_alg = derived_alg_arg; size_t capacity = PSA_BITS_TO_BYTES( derived_bits ); - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4372,7 +4372,7 @@ void derive_key_exercise( int alg_arg, psa_set_key_algorithm( &attributes, derived_alg ); psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); - PSA_ASSERT( psa_generate_derived_key( &attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator, &derived_handle ) ); /* Test the key information */ @@ -4385,7 +4385,7 @@ void derive_key_exercise( int alg_arg, goto exit; exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_reset_key_attributes( &got_attributes ); psa_destroy_key( base_handle ); psa_destroy_key( derived_handle ); @@ -4407,7 +4407,7 @@ void derive_key_export( int alg_arg, size_t bytes1 = bytes1_arg; size_t bytes2 = bytes2_arg; size_t capacity = bytes1 + bytes2; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *output_buffer = NULL; uint8_t *export_buffer = NULL; psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4429,10 +4429,10 @@ void derive_key_export( int alg_arg, salt->x, salt->len, label->x, label->len, capacity ) ); - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, capacity ) ); - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); /* Derive the same output again, but this time store it in key objects. */ PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg, @@ -4443,7 +4443,7 @@ void derive_key_export( int alg_arg, psa_set_key_algorithm( &derived_attributes, 0 ); psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); - PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator, &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer, bytes1, @@ -4451,7 +4451,7 @@ void derive_key_export( int alg_arg, TEST_EQUAL( length, bytes1 ); PSA_ASSERT( psa_destroy_key( derived_handle ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); - PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator, &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer + bytes1, bytes2, @@ -4465,7 +4465,7 @@ void derive_key_export( int alg_arg, exit: mbedtls_free( output_buffer ); mbedtls_free( export_buffer ); - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( base_handle ); psa_destroy_key( derived_handle ); mbedtls_psa_crypto_free( ); @@ -4481,7 +4481,7 @@ void key_agreement_setup( int alg_arg, psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; psa_status_t status; @@ -4502,7 +4502,7 @@ void key_agreement_setup( int alg_arg, status = psa_key_derivation_setup( &generator, alg ); if( status == PSA_SUCCESS ) { - TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET, + TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET, our_key, peer_key_data->x, peer_key_data->len ), expected_status ); @@ -4513,7 +4513,7 @@ void key_agreement_setup( int alg_arg, } exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( our_key ); mbedtls_psa_crypto_free( ); } @@ -4565,7 +4565,7 @@ void key_agreement_capacity( int alg_arg, psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t actual_capacity; unsigned char output[16]; @@ -4580,7 +4580,7 @@ void key_agreement_capacity( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET, + PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET, our_key, peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) @@ -4592,24 +4592,24 @@ void key_agreement_capacity( int alg_arg, } /* Test the advertized capacity. */ - PSA_ASSERT( psa_get_generator_capacity( + PSA_ASSERT( psa_key_derivation_get_capacity( &generator, &actual_capacity ) ); TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg ); /* Test the actual capacity by reading the output. */ while( actual_capacity > sizeof( output ) ) { - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, output, sizeof( output ) ) ); actual_capacity -= sizeof( output ); } - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, output, actual_capacity ) ); - TEST_EQUAL( psa_generator_read( &generator, output, 1 ), + TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output, 1 ), PSA_ERROR_INSUFFICIENT_DATA ); exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( our_key ); mbedtls_psa_crypto_free( ); } @@ -4624,7 +4624,7 @@ void key_agreement_output( int alg_arg, psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_output = NULL; @@ -4641,7 +4641,7 @@ void key_agreement_output( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET, + PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET, our_key, peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) @@ -4652,14 +4652,14 @@ void key_agreement_output( int alg_arg, NULL, 0 ) ); } - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, actual_output, expected_output1->len ) ); ASSERT_COMPARE( actual_output, expected_output1->len, expected_output1->x, expected_output1->len ); if( expected_output2->len != 0 ) { - PSA_ASSERT( psa_generator_read( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &generator, actual_output, expected_output2->len ) ); ASSERT_COMPARE( actual_output, expected_output2->len, @@ -4667,7 +4667,7 @@ void key_agreement_output( int alg_arg, } exit: - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( our_key ); mbedtls_psa_crypto_free( ); mbedtls_free( actual_output ); @@ -4886,7 +4886,7 @@ void persistent_key_load_key_from_storage( data_t *data, size_t bits = bits_arg; psa_key_usage_t usage_flags = usage_flags_arg; psa_algorithm_t alg = alg_arg; - psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT; + psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char *first_export = NULL; unsigned char *second_export = NULL; size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits ); @@ -4940,9 +4940,9 @@ void persistent_key_load_key_from_storage( data_t *data, PSA_ASSERT( psa_key_derivation_input_bytes( &generator, PSA_KDF_STEP_INFO, NULL, 0 ) ); - PSA_ASSERT( psa_generate_derived_key( &attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator, &handle ) ); - PSA_ASSERT( psa_generator_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &generator ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); base_key = 0; } @@ -4994,7 +4994,7 @@ exit: psa_reset_key_attributes( &attributes ); mbedtls_free( first_export ); mbedtls_free( second_export ); - psa_generator_abort( &generator ); + psa_key_derivation_abort( &generator ); psa_destroy_key( base_key ); if( handle == 0 ) { From 03410b5c5f5229661ddf57745b8511f050b522f2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 16:05:19 +0200 Subject: [PATCH 2/9] Rename PSA_KDF_STEP_xxx -> PSA_KEY_DERIVATION_INPUT_xxx More consistent with the new function names. --- include/psa/crypto_values.h | 18 +++++------ library/psa_crypto.c | 14 ++++----- tests/suites/test_suite_psa_crypto.function | 34 ++++++++++----------- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index e67fc6098..c57d06a36 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1216,12 +1216,12 @@ * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256. * * This key derivation algorithm uses the following inputs: - * - #PSA_KDF_STEP_SALT is the salt used in the "extract" step. + * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt used in the "extract" step. * It is optional; if omitted, the derivation uses an empty salt. - * - #PSA_KDF_STEP_SECRET is the secret key used in the "extract" step. - * - #PSA_KDF_STEP_INFO is the info string used in the "expand" step. - * You must pass #PSA_KDF_STEP_SALT before #PSA_KDF_STEP_SECRET. - * You may pass #PSA_KDF_STEP_INFO at any time after steup and before + * - #PSA_KEY_DERIVATION_INPUT_SECRET is the secret key used in the "extract" step. + * - #PSA_KEY_DERIVATION_INPUT_INFO is the info string used in the "expand" step. + * You must pass #PSA_KEY_DERIVATION_INPUT_SALT before #PSA_KEY_DERIVATION_INPUT_SECRET. + * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before * starting to generate output. * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that @@ -1590,25 +1590,25 @@ * * This must be a key of type #PSA_KEY_TYPE_DERIVE. */ -#define PSA_KDF_STEP_SECRET ((psa_key_derivation_step_t)0x0101) +#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) /** A label for key derivation. * * This must be a direct input. */ -#define PSA_KDF_STEP_LABEL ((psa_key_derivation_step_t)0x0201) +#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201) /** A salt for key derivation. * * This must be a direct input. */ -#define PSA_KDF_STEP_SALT ((psa_key_derivation_step_t)0x0202) +#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202) /** An information string for key derivation. * * This must be a direct input. */ -#define PSA_KDF_STEP_INFO ((psa_key_derivation_step_t)0x0203) +#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203) /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 88e646ab1..71648eba2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4914,7 +4914,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, psa_status_t status; switch( step ) { - case PSA_KDF_STEP_SALT: + case PSA_KEY_DERIVATION_INPUT_SALT: if( hkdf->state != HKDF_STATE_INIT ) return( PSA_ERROR_BAD_STATE ); status = psa_hmac_setup_internal( &hkdf->hmac, @@ -4924,7 +4924,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, return( status ); hkdf->state = HKDF_STATE_STARTED; return( PSA_SUCCESS ); - case PSA_KDF_STEP_SECRET: + case PSA_KEY_DERIVATION_INPUT_SECRET: /* If no salt was provided, use an empty salt. */ if( hkdf->state == HKDF_STATE_INIT ) { @@ -4950,7 +4950,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, hkdf->block_number = 0; hkdf->state = HKDF_STATE_KEYED; return( PSA_SUCCESS ); - case PSA_KDF_STEP_INFO: + case PSA_KEY_DERIVATION_INPUT_INFO: if( hkdf->state == HKDF_STATE_OUTPUT ) return( PSA_ERROR_BAD_STATE ); if( hkdf->info_set ) @@ -5029,9 +5029,9 @@ psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *gen { switch( step ) { - case PSA_KDF_STEP_LABEL: - case PSA_KDF_STEP_SALT: - case PSA_KDF_STEP_INFO: + case PSA_KEY_DERIVATION_INPUT_LABEL: + case PSA_KEY_DERIVATION_INPUT_SALT: + case PSA_KEY_DERIVATION_INPUT_INFO: return( psa_key_derivation_input_raw( generator, step, data, data_length ) ); default: @@ -5058,7 +5058,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener * the material should be dedicated to a particular input step, * otherwise this may allow the key to be used in an unintended way * and leak values derived from the key. So be conservative. */ - if( step != PSA_KDF_STEP_SECRET ) + if( step != PSA_KEY_DERIVATION_INPUT_SECRET ) return( PSA_ERROR_INVALID_ARGUMENT ); return( psa_key_derivation_input_raw( generator, step, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ab74bafb3..5527e3966 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -538,14 +538,14 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, { PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_SALT, + PSA_KEY_DERIVATION_INPUT_SALT, label, label_length ) ); PSA_ASSERT( psa_key_derivation_input_key( &generator, - PSA_KDF_STEP_SECRET, + PSA_KEY_DERIVATION_INPUT_SECRET, handle ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_INFO, + PSA_KEY_DERIVATION_INPUT_INFO, seed, seed_length ) ); } @@ -596,7 +596,7 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *gen public_key, public_key_length, &public_key_length ) ); - status = psa_key_derivation_key_agreement( generator, PSA_KDF_STEP_SECRET, handle, + status = psa_key_derivation_key_agreement( generator, PSA_KEY_DERIVATION_INPUT_SECRET, handle, public_key, public_key_length ); exit: mbedtls_free( public_key ); @@ -4188,13 +4188,13 @@ void derive_output( int alg_arg, PSA_ASSERT( psa_key_derivation_set_capacity( &generator, requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_SALT, + PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); PSA_ASSERT( psa_key_derivation_input_key( &generator, - PSA_KDF_STEP_SECRET, + PSA_KEY_DERIVATION_INPUT_SECRET, handle ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_INFO, + PSA_KEY_DERIVATION_INPUT_INFO, label->x, label->len ) ); } else @@ -4284,13 +4284,13 @@ void derive_full( int alg_arg, PSA_ASSERT( psa_key_derivation_set_capacity( &generator, requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_SALT, + PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); PSA_ASSERT( psa_key_derivation_input_key( &generator, - PSA_KDF_STEP_SECRET, + PSA_KEY_DERIVATION_INPUT_SECRET, handle ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_INFO, + PSA_KEY_DERIVATION_INPUT_INFO, label->x, label->len ) ); } else @@ -4502,7 +4502,7 @@ void key_agreement_setup( int alg_arg, status = psa_key_derivation_setup( &generator, alg ); if( status == PSA_SUCCESS ) { - TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET, + TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET, our_key, peer_key_data->x, peer_key_data->len ), expected_status ); @@ -4580,14 +4580,14 @@ void key_agreement_capacity( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET, + PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET, our_key, peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_INFO, + PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); } @@ -4641,14 +4641,14 @@ void key_agreement_output( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET, + PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET, our_key, peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ PSA_ASSERT( psa_key_derivation_input_bytes( &generator, - PSA_KDF_STEP_INFO, + PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); } @@ -4935,10 +4935,10 @@ void persistent_key_load_key_from_storage( data_t *data, /* Derive a key. */ PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) ); PSA_ASSERT( psa_key_derivation_input_key( &generator, - PSA_KDF_STEP_SECRET, + PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( - &generator, PSA_KDF_STEP_INFO, + &generator, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator, &handle ) ); From cbe6650394bfff149f4221ac7db7653cde5214ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 16:59:18 +0200 Subject: [PATCH 3/9] Rename generator-related internal identifiers perl -pe 's/crypto_generator/key_derivation/gi' $(git ls-files) perl -pe 's/_generator/_key_derivation/gi' $(git ls-files) --- include/psa/crypto.h | 2 +- include/psa/crypto_struct.h | 16 +++---- library/psa_crypto.c | 46 ++++++++++----------- tests/suites/test_suite_psa_crypto.data | 6 +-- tests/suites/test_suite_psa_crypto.function | 6 +-- 5 files changed, 38 insertions(+), 38 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0bff6cee9..17af57dec 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3002,7 +3002,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, * make any assumptions about the content of this structure except * as directed by the documentation of a specific implementation. */ -typedef struct psa_crypto_generator_s psa_key_derivation_operation_t; +typedef struct psa_key_derivation_s psa_key_derivation_operation_t; /** \def PSA_KEY_DERIVATION_OPERATION_INIT * diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 74e362d8e..be570c2fa 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -188,11 +188,11 @@ typedef struct uint8_t block_number; unsigned int state : 2; unsigned int info_set : 1; -} psa_hkdf_generator_t; +} psa_hkdf_key_derivation_t; #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_MD_C) -typedef struct psa_tls12_prf_generator_s +typedef struct psa_tls12_prf_key_derivation_s { /* The TLS 1.2 PRF uses the key for each HMAC iteration, * hence we must store it for the lifetime of the generator. @@ -219,10 +219,10 @@ typedef struct psa_tls12_prf_generator_s /* The 1-based number of the block. */ uint8_t block_number; -} psa_tls12_prf_generator_t; +} psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_MD_C */ -struct psa_crypto_generator_s +struct psa_key_derivation_s { psa_algorithm_t alg; size_t capacity; @@ -234,16 +234,16 @@ struct psa_crypto_generator_s size_t size; } buffer; #if defined(MBEDTLS_MD_C) - psa_hkdf_generator_t hkdf; - psa_tls12_prf_generator_t tls12_prf; + psa_hkdf_key_derivation_t hkdf; + psa_tls12_prf_key_derivation_t tls12_prf; #endif } ctx; }; #define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {{0, 0}}} -static inline struct psa_crypto_generator_s psa_key_derivation_operation_init( void ) +static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void ) { - const struct psa_crypto_generator_s v = PSA_KEY_DERIVATION_OPERATION_INIT; + const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; return( v ); } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 71648eba2..29a0496bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4065,7 +4065,7 @@ exit: #define HKDF_STATE_KEYED 2 /* got key */ #define HKDF_STATE_OUTPUT 3 /* output started */ -static psa_algorithm_t psa_generator_get_kdf_alg( +static psa_algorithm_t psa_key_derivation_get_kdf_alg( const psa_key_derivation_operation_t *generator ) { if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) @@ -4078,7 +4078,7 @@ static psa_algorithm_t psa_generator_get_kdf_alg( psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator ) { psa_status_t status = PSA_SUCCESS; - psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); if( kdf_alg == 0 ) { /* The object has (apparently) been initialized but it is not @@ -4156,7 +4156,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *ge #if defined(MBEDTLS_MD_C) /* Read some bytes from an HKDF-based generator. This performs a chunk * of the expand phase of the HKDF algorithm. */ -static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf, +static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, uint8_t *output, size_t output_length ) @@ -4223,8 +4223,8 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf, return( PSA_SUCCESS ); } -static psa_status_t psa_generator_tls12_prf_generate_next_block( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( + psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); @@ -4258,7 +4258,7 @@ static psa_status_t psa_generator_tls12_prf_generate_next_block( * A(0) = seed * A(i) = HMAC_hash( secret, A(i-1) ) * - * The `psa_tls12_prf_generator` structures saves the block + * The `psa_tls12_prf_key_derivation` structures saves the block * `HMAC_hash(secret, A(i) + seed)` from which the output * is currently extracted as `output_block`, while * `A(i) + seed` is stored in `Ai_with_seed`. @@ -4337,8 +4337,8 @@ cleanup: /* Read some bytes from an TLS-1.2-PRF-based generator. * See Section 5 of RFC 5246. */ -static psa_status_t psa_generator_tls12_prf_read( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_prf_read( + psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg, uint8_t *output, size_t output_length ) @@ -4355,7 +4355,7 @@ static psa_status_t psa_generator_tls12_prf_read( /* Check if we have fully processed the current block. */ if( n == 0 ) { - status = psa_generator_tls12_prf_generate_next_block( tls12_prf, + status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4381,7 +4381,7 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge size_t output_length ) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); if( generator->alg == 0 ) { @@ -4430,13 +4430,13 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge if( PSA_ALG_IS_HKDF( kdf_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg, + status = psa_key_derivation_hkdf_read( &generator->ctx.hkdf, hash_alg, output, output_length ); } else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { - status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf, + status = psa_key_derivation_tls12_prf_read( &generator->ctx.tls12_prf, kdf_alg, output, output_length ); } @@ -4571,7 +4571,7 @@ exit: * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, +static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf, const uint8_t *secret, size_t secret_length, psa_algorithm_t hash_alg, @@ -4616,8 +4616,8 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_generator_tls12_prf_setup( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_prf_setup( + psa_tls12_prf_key_derivation_t *tls12_prf, const unsigned char *key, size_t key_len, psa_algorithm_t hash_alg, @@ -4669,8 +4669,8 @@ static psa_status_t psa_generator_tls12_prf_setup( } /* Set up a TLS-1.2-PSK-to-MS-based generator. */ -static psa_status_t psa_generator_tls12_psk_to_ms_setup( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( + psa_tls12_prf_key_derivation_t *tls12_prf, const unsigned char *psk, size_t psk_len, psa_algorithm_t hash_alg, @@ -4699,7 +4699,7 @@ static psa_status_t psa_generator_tls12_psk_to_ms_setup( pms[2 + psk_len + 1] = pms[1]; memcpy( pms + 4 + psk_len, psk, psk_len ); - status = psa_generator_tls12_prf_setup( tls12_prf, + status = psa_key_derivation_tls12_prf_setup( tls12_prf, pms, 4 + 2 * psk_len, hash_alg, salt, salt_length, @@ -4752,7 +4752,7 @@ static psa_status_t psa_key_derivation_internal( if( hash_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); max_capacity = 255 * hash_size; - status = psa_generator_hkdf_setup( &generator->ctx.hkdf, + status = psa_key_derivation_hkdf_setup( &generator->ctx.hkdf, secret, secret_length, hash_alg, salt, salt_length, @@ -4776,14 +4776,14 @@ static psa_status_t psa_key_derivation_internal( if( PSA_ALG_IS_TLS12_PRF( alg ) ) { - status = psa_generator_tls12_prf_setup( &generator->ctx.tls12_prf, + status = psa_key_derivation_tls12_prf_setup( &generator->ctx.tls12_prf, secret, secret_length, hash_alg, salt, salt_length, label, label_length ); } else { - status = psa_generator_tls12_psk_to_ms_setup( + status = psa_key_derivation_tls12_psk_to_ms_setup( &generator->ctx.tls12_prf, secret, secret_length, hash_alg, salt, salt_length, @@ -4905,7 +4905,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator } #if defined(MBEDTLS_MD_C) -static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, +static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, psa_key_derivation_step_t step, const uint8_t *data, @@ -4978,7 +4978,7 @@ static psa_status_t psa_key_derivation_input_raw( size_t data_length ) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); if( kdf_alg == PSA_ALG_SELECT_RAW ) { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 991d91a3e..d98470d3d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1717,7 +1717,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT Crypto generator initializers zero properly -crypto_generator_init: +key_derivation_init: PSA key derivation: HKDF-SHA-256, good case depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C @@ -1757,11 +1757,11 @@ derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b": PSA key derivation: invalid generator state ( double generate + read past capacity ) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -test_derive_invalid_generator_state: +test_derive_invalid_key_derivation_state: PSA key derivation: invalid generator state ( call read/get_capacity after init and abort ) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -test_derive_invalid_generator_tests: +test_derive_invalid_key_derivation_tests: PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5527e3966..52c41e7eb 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3996,7 +3996,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void crypto_generator_init( ) +void key_derivation_init( ) { /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even @@ -4064,7 +4064,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void test_derive_invalid_generator_state( ) +void test_derive_invalid_key_derivation_state( ) { psa_key_handle_t handle = 0; size_t key_type = PSA_KEY_TYPE_DERIVE; @@ -4113,7 +4113,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void test_derive_invalid_generator_tests( ) +void test_derive_invalid_key_derivation_tests( ) { uint8_t output_buffer[16]; size_t buffer_size = 16; From 35675b6b26c222105b5d1c8be7532bf982eab3f6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 17:26:11 +0200 Subject: [PATCH 4/9] Terminology: say "key derivation operation", not "generator" Generators are mostly about key derivation (currently: only about key derivation). "Generator" is not a commonly used term in cryptography. So favor "derivation" as terminology. This commit updates the function descriptions. --- include/psa/crypto.h | 202 +++++++++++++++++++----------------- include/psa/crypto_extra.h | 8 +- include/psa/crypto_struct.h | 2 +- 3 files changed, 112 insertions(+), 100 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 17af57dec..c4aab460f 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2969,33 +2969,33 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, /**@}*/ -/** \defgroup generators Generators +/** \defgroup key_derivation Key derivation and pseudorandom generation * @{ */ -/** The type of the state data structure for generators. +/** The type of the state data structure for key derivation operations. * - * Before calling any function on a generator, the application must - * initialize it by any of the following means: + * Before calling any function on a key derivation operation object, the + * application must initialize it by any of the following means: * - Set the structure to all-bits-zero, for example: * \code - * psa_key_derivation_operation_t generator; - * memset(&generator, 0, sizeof(generator)); + * psa_key_derivation_operation_t operation; + * memset(&operation, 0, sizeof(operation)); * \endcode * - Initialize the structure to logical zero values, for example: * \code - * psa_key_derivation_operation_t generator = {0}; + * psa_key_derivation_operation_t operation = {0}; * \endcode * - Initialize the structure to the initializer #PSA_KEY_DERIVATION_OPERATION_INIT, * for example: * \code - * psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + * psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; * \endcode * - Assign the result of the function psa_key_derivation_operation_init() * to the structure, for example: * \code - * psa_key_derivation_operation_t generator; - * generator = psa_key_derivation_operation_init(); + * psa_key_derivation_operation_t operation; + * operation = psa_key_derivation_operation_init(); * \endcode * * This is an implementation-defined \c struct. Applications should not @@ -3006,8 +3006,8 @@ typedef struct psa_key_derivation_s psa_key_derivation_operation_t; /** \def PSA_KEY_DERIVATION_OPERATION_INIT * - * This macro returns a suitable initializer for a generator object - * of type #psa_key_derivation_operation_t. + * This macro returns a suitable initializer for a key derivation operation + * object of type #psa_key_derivation_operation_t. */ #ifdef __DOXYGEN_ONLY__ /* This is an example definition for documentation purposes. @@ -3016,58 +3016,66 @@ typedef struct psa_key_derivation_s psa_key_derivation_operation_t; #define PSA_KEY_DERIVATION_OPERATION_INIT {0} #endif -/** Return an initial value for a generator object. +/** Return an initial value for a key derivation operation object. */ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); -/** Retrieve the current capacity of a generator. +/** Retrieve the current capacity of a key derivation operation. * - * The capacity of a generator is the maximum number of bytes that it can - * return. Reading *N* bytes from a generator reduces its capacity by *N*. + * The capacity of a key derivation is the maximum number of bytes that it can + * return. When you get *N* bytes of output from a key derivation operation, + * this reduces its capacity by *N*. * - * \param[in] generator The generator to query. - * \param[out] capacity On success, the capacity of the generator. + * \param[in] operation The operation to query. + * \param[out] capacity On success, the capacity of the operation. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, size_t *capacity); -/** Set the maximum capacity of a generator. +/** Set the maximum capacity of a key derivation operation. * - * \param[in,out] generator The generator object to modify. - * \param capacity The new capacity of the generator. - * It must be less or equal to the generator's + * The capacity of a key derivation operation is the maximum number of bytes + * that the key derivation operation can return from this point onwards. + * + * \param[in,out] operation The key derivation operation object to modify. + * \param capacity The new capacity of the operation. + * It must be less or equal to the operation's * current capacity. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p capacity is larger than the generator's current capacity. + * \p capacity is larger than the operation's current capacity. + * In this case, the operation object remains valid and its capacity + * remains unchanged. * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, size_t capacity); -/** Read some data from a generator. +/** Read some data from a key derivation operation. * - * This function reads and returns a sequence of bytes from a generator. - * The data that is read is discarded from the generator. The generator's - * capacity is decreased by the number of bytes read. + * This function calculates output bytes from a key derivation algorithm and + * return those bytes. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads the requested number of bytes from the + * stream. + * The operation's capacity decreases by the number of bytes read. * - * \param[in,out] generator The generator object to read from. - * \param[out] output Buffer where the generator output will be - * written. + * \param[in,out] operation The key derivation operation object to read from. + * \param[out] output Buffer where the output will be written. * \param output_length Number of bytes to output. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INSUFFICIENT_DATA - * There were fewer than \p output_length bytes - * in the generator. Note that in this case, no - * output is written to the output buffer. - * The generator's capacity is set to 0, thus + * The operation's capacity was less than + * \p output_length bytes. Note that in this case, + * no output is written to the output buffer. + * The operation's capacity is set to 0, thus * subsequent calls to this function will not * succeed, even with a smaller output buffer. * \retval #PSA_ERROR_BAD_STATE @@ -3076,15 +3084,21 @@ psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *gen * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation, uint8_t *output, size_t output_length); -/** Generate a key deterministically from data read from a generator. +/** Derive a key from an ongoing key derivation operation. * - * This function uses the output of a generator to derive a key. - * How much output it consumes and how the key is derived depends on the - * key type. + * This function calculates output bytes from a key derivation algorithm + * and uses those bytes to generate a key deterministically. + * If you view the key derivation's output as a stream of bytes, this + * function destructively reads as many bytes as required from the + * stream. + * The operation's capacity decreases by the number of bytes read. + * + * How much output is produced and consumed from the operation, and how + * the key is derived, depends on the key type: * * - For key types for which the key is an arbitrary sequence of bytes * of a given size, @@ -3094,7 +3108,7 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *gen * if the implementation provides an isolation boundary then * the key material is not exposed outside the isolation boundary. * As a consequence, for these key types, this function always consumes - * exactly (\p bits / 8) bytes from the generator. + * exactly (\p bits / 8) bytes from the operation. * The following key types defined in this specification follow this scheme: * * - #PSA_KEY_TYPE_AES; @@ -3120,7 +3134,7 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *gen * up to the nearest whole number of bytes. If the resulting byte string * is acceptable, it becomes the key, otherwise the drawn bytes are discarded. * This process is repeated until an acceptable byte string is drawn. - * The byte string drawn from the generator is interpreted as specified + * The byte string drawn from the operation is interpreted as specified * for the output produced by psa_export_key(). * The following key types defined in this specification follow this scheme: * @@ -3130,7 +3144,7 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *gen * successively (for example, for 3-key triple-DES, * if the first 8 bytes specify a weak key and the next 8 bytes do not, * discard the first 8 bytes, use the next 8 bytes as the first key, - * and continue reading output from the generator to derive the other + * and continue reading output from the operation to derive the other * two keys). * - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEYPAIR), * DSA keys (#PSA_KEY_TYPE_DSA_KEYPAIR), and @@ -3151,14 +3165,14 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *gen * FIPS 186-4 §B.4.2 for elliptic curve keys. * * - For other key types, including #PSA_KEY_TYPE_RSA_KEYPAIR, - * the way in which the generator output is consumed is + * the way in which the operation output is consumed is * implementation-defined. * - * In all cases, the data that is read is discarded from the generator. - * The generator's capacity is decreased by the number of bytes read. + * In all cases, the data that is read is discarded from the operation. + * The operation's capacity is decreased by the number of bytes read. * * \param[in] attributes The attributes for the new key. - * \param[in,out] generator The generator object to read from. + * \param[in,out] operation The key derivation operation object to read from. * \param[out] handle On success, a handle to the newly created key. * \c 0 on failure. * @@ -3172,7 +3186,7 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *gen * \retval #PSA_ERROR_INSUFFICIENT_DATA * There was not enough data to create the desired key. * Note that in this case, no output is written to the output buffer. - * The generator's capacity is set to 0, thus subsequent calls to + * The operation's capacity is set to 0, thus subsequent calls to * this function will not succeed, even with a smaller output buffer. * \retval #PSA_ERROR_NOT_SUPPORTED * The key type or key size is not supported, either by the @@ -3189,24 +3203,24 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *gen * results in this error code. */ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *generator, + psa_key_derivation_operation_t *operation, psa_key_handle_t *handle); -/** Abort a generator. +/** Abort a key derivation operation. * - * Once a generator has been aborted, its capacity is zero. - * Aborting a generator frees all associated resources except for the - * \c generator structure itself. + * Once a key derivation operation has been aborted, its capacity is zero. + * Aborting an operation frees all associated resources except for the + * \c operation structure itself. * - * This function may be called at any time as long as the generator + * This function may be called at any time as long as the operation * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to * psa_key_derivation_operation_init() or a zero value. In particular, it is valid * to call psa_key_derivation_abort() twice, or to call psa_key_derivation_abort() - * on a generator that has not been set up. + * on an operation that has not been set up. * - * Once aborted, the generator object may be called. + * Once aborted, the key derivation operation object may be called. * - * \param[in,out] generator The generator to abort. + * \param[in,out] operation The operation to abort. * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_BAD_STATE @@ -3214,46 +3228,44 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *generator); +psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation); -/** Use the maximum possible capacity for a generator. +/** Use the maximum possible capacity for a key derivation operation. * - * Use this value as the capacity argument when setting up a generator - * to indicate that the generator should have the maximum possible capacity. - * The value of the maximum possible capacity depends on the generator + * Use this value as the capacity argument when setting up a key derivation + * to indicate that the operation should have the maximum possible capacity. + * The value of the maximum possible capacity depends on the key derivation * algorithm. */ #define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1)) -/**@}*/ - -/** \defgroup derivation Key derivation - * @{ - */ - /** Set up a key derivation operation. * - * A key derivation algorithm takes some inputs and uses them to create - * a byte generator which can be used to produce keys and other + * A key derivation algorithm takes some inputs and uses them to generate + * a byte stream in a deterministic way. + * This byte stream can be used to produce keys and other * cryptographic material. * - * To use a generator for key derivation: + * To derive a key: * - Start with an initialized object of type #psa_key_derivation_operation_t. * - Call psa_key_derivation_setup() to select the algorithm. * - Provide the inputs for the key derivation by calling * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() * as appropriate. Which inputs are needed, in what order, and whether * they may be keys and if so of what type depends on the algorithm. - * - Optionally set the generator's maximum capacity with + * - Optionally set the operation's maximum capacity with * psa_key_derivation_set_capacity(). You may do this before, in the middle of * or after providing inputs. For some algorithms, this step is mandatory * because the output depends on the maximum capacity. - * - Generate output with psa_key_derivation_output_bytes() or - * psa_key_derivation_output_key(). Successive calls to these functions - * use successive output bytes from the generator. - * - Clean up the generator object with psa_key_derivation_abort(). + * - To derive a key, call psa_key_derivation_output_key(). + * To derive a byte string for a different purpose, call + * - psa_key_derivation_output_bytes(). + * Successive calls to these functions use successive output bytes + * calculated by the key derivation algorithm. + * - Clean up the key derivation operation object with psa_key_derivation_abort(). * - * \param[in,out] generator The generator object to set up. It must + * \param[in,out] operation The key derivation operation object + * to set up. It must * have been initialized but not set up yet. * \param alg The key derivation algorithm to compute * (\c PSA_ALG_XXX value such that @@ -3271,7 +3283,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *generator) * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, psa_algorithm_t alg); /** Provide an input for key derivation or key agreement. @@ -3284,8 +3296,8 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *generator, * using psa_key_derivation_input_key() instead of this function. Refer to * the documentation of individual step types for information. * - * \param[in,out] generator The generator object to use. It must - * have been set up with + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with * psa_key_derivation_setup() and must not * have produced any output yet. * \param step Which step the input data is for. @@ -3295,7 +3307,7 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *generator, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the generator's algorithm. + * \c step is not compatible with the operation's algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT * \c step does not allow direct inputs. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -3303,13 +3315,13 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *generator, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The value of \p step is not valid given the state of \p generator. + * The value of \p step is not valid given the state of \p operation. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length); @@ -3325,8 +3337,8 @@ psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *gene * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to * the documentation of individual step types for information. * - * \param[in,out] generator The generator object to use. It must - * have been set up with + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with * psa_key_derivation_setup() and must not * have produced any output yet. * \param step Which step the input data is for. @@ -3340,7 +3352,7 @@ psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *gene * \retval #PSA_ERROR_DOES_NOT_EXIST * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the generator's algorithm. + * \c step is not compatible with the operation's algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT * \c step does not allow key inputs. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -3348,13 +3360,13 @@ psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *gene * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The value of \p step is not valid given the state of \p generator. + * The value of \p step is not valid given the state of \p operation. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_handle_t handle); @@ -3365,17 +3377,17 @@ psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *genera * a public key \p peer_key. * The result of this function is passed as input to a key derivation. * The output of this key derivation can be extracted by reading from the - * resulting generator to produce keys and other cryptographic material. + * resulting operation to produce keys and other cryptographic material. * - * \param[in,out] generator The generator object to use. It must - * have been set up with + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with * psa_key_derivation_setup() with a * key agreement and derivation algorithm * \c alg (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg) * is false). - * The generator must be ready for an + * The operation must be ready for an * input of the type given by \p step. * \param step Which step the input data is for. * \param private_key Handle to the private key to use. @@ -3411,7 +3423,7 @@ psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *genera * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, @@ -3428,7 +3440,7 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *ge * not be used directly as key material. It should instead be passed as * input to a key derivation algorithm. To chain a key agreement with * a key derivation, use psa_key_derivation_key_agreement() and other functions from - * the key derivation and generator interface. + * the key derivation interface. * * \param alg The key agreement algorithm to compute * (\c PSA_ALG_XXX value such that diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 66e5dbc64..1fb052b27 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -157,7 +157,7 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step * and \p label is the info string used in the "expand" step. * - * \param[in,out] generator The generator object to set up. It must have + * \param[in,out] operation The key derivation object to set up. It must have * been initialized as per the documentation for * #psa_key_derivation_operation_t and not yet in use. * \param handle Handle to the secret key. @@ -169,7 +169,7 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * \param[in] label Label to use. * \param label_length Size of the \p label buffer in bytes. * \param capacity The maximum number of bytes that the - * generator will be able to provide. + * operation will be able to provide. * * \retval #PSA_SUCCESS * Success. @@ -190,7 +190,7 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation(psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *salt, @@ -433,7 +433,7 @@ psa_status_t psa_copy_key_to_handle(psa_key_handle_t source_handle, psa_status_t psa_generate_derived_key_to_handle(psa_key_handle_t handle, psa_key_type_t type, size_t bits, - psa_key_derivation_operation_t *generator); + psa_key_derivation_operation_t *operation); psa_status_t psa_generate_random_key_to_handle(psa_key_handle_t handle, psa_key_type_t type, diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index be570c2fa..01d3069bf 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -195,7 +195,7 @@ typedef struct typedef struct psa_tls12_prf_key_derivation_s { /* The TLS 1.2 PRF uses the key for each HMAC iteration, - * hence we must store it for the lifetime of the generator. + * hence we must store it for the lifetime of the operation. * This is different from HKDF, where the key is only used * in the extraction phase, but not during expansion. */ unsigned char *key; From 51ae0e4b79718b9e31d7fb9b80b302b8851f3ad3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 17:31:03 +0200 Subject: [PATCH 5/9] Rename "generator" to "operation" Generators are now key derivation operations. Keep "random generator" intact. --- library/psa_crypto.c | 232 ++++++++++---------- tests/suites/test_suite_psa_crypto.data | 6 +- tests/suites/test_suite_psa_crypto.function | 218 +++++++++--------- 3 files changed, 228 insertions(+), 228 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 29a0496bc..3e77dceb0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4066,19 +4066,19 @@ exit: #define HKDF_STATE_OUTPUT 3 /* output started */ static psa_algorithm_t psa_key_derivation_get_kdf_alg( - const psa_key_derivation_operation_t *generator ) + const psa_key_derivation_operation_t *operation ) { - if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) - return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) ); + if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) + return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) ); else - return( generator->alg ); + return( operation->alg ); } -psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator ) +psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation ) { psa_status_t status = PSA_SUCCESS; - psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); if( kdf_alg == 0 ) { /* The object has (apparently) been initialized but it is not @@ -4088,36 +4088,36 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator else if( kdf_alg == PSA_ALG_SELECT_RAW ) { - if( generator->ctx.buffer.data != NULL ) + if( operation->ctx.buffer.data != NULL ) { - mbedtls_platform_zeroize( generator->ctx.buffer.data, - generator->ctx.buffer.size ); - mbedtls_free( generator->ctx.buffer.data ); + mbedtls_platform_zeroize( operation->ctx.buffer.data, + operation->ctx.buffer.size ); + mbedtls_free( operation->ctx.buffer.data ); } } else #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { - mbedtls_free( generator->ctx.hkdf.info ); - status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac ); + mbedtls_free( operation->ctx.hkdf.info ); + status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); } else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */ + /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { - if( generator->ctx.tls12_prf.key != NULL ) + if( operation->ctx.tls12_prf.key != NULL ) { - mbedtls_platform_zeroize( generator->ctx.tls12_prf.key, - generator->ctx.tls12_prf.key_len ); - mbedtls_free( generator->ctx.tls12_prf.key ); + mbedtls_platform_zeroize( operation->ctx.tls12_prf.key, + operation->ctx.tls12_prf.key_len ); + mbedtls_free( operation->ctx.tls12_prf.key ); } - if( generator->ctx.tls12_prf.Ai_with_seed != NULL ) + if( operation->ctx.tls12_prf.Ai_with_seed != NULL ) { - mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed, - generator->ctx.tls12_prf.Ai_with_seed_len ); - mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed ); + mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed, + operation->ctx.tls12_prf.Ai_with_seed_len ); + mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed ); } } else @@ -4125,36 +4125,36 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator { status = PSA_ERROR_BAD_STATE; } - memset( generator, 0, sizeof( *generator ) ); + memset( operation, 0, sizeof( *operation ) ); return( status ); } -psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, size_t *capacity) { - if( generator->alg == 0 ) + if( operation->alg == 0 ) { - /* This is a blank generator. */ + /* This is a blank key derivation operation. */ return PSA_ERROR_BAD_STATE; } - *capacity = generator->capacity; + *capacity = operation->capacity; return( PSA_SUCCESS ); } -psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation, size_t capacity ) { - if( generator->alg == 0 ) + if( operation->alg == 0 ) return( PSA_ERROR_BAD_STATE ); - if( capacity > generator->capacity ) + if( capacity > operation->capacity ) return( PSA_ERROR_INVALID_ARGUMENT ); - generator->capacity = capacity; + operation->capacity = capacity; return( PSA_SUCCESS ); } #if defined(MBEDTLS_MD_C) -/* Read some bytes from an HKDF-based generator. This performs a chunk +/* Read some bytes from an HKDF-based operation. This performs a chunk * of the expand phase of the HKDF algorithm. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, @@ -4182,7 +4182,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd break; /* We can't be wanting more output after block 0xff, otherwise * the capacity check in psa_key_derivation_output_bytes() would have - * prevented this call. It could happen only if the generator + * prevented this call. It could happen only if the operation * object was corrupted or if this function is called directly * inside the library. */ if( hkdf->block_number == 0xff ) @@ -4237,7 +4237,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( /* We can't be wanting more output after block 0xff, otherwise * the capacity check in psa_key_derivation_output_bytes() would have - * prevented this call. It could happen only if the generator + * prevented this call. It could happen only if the operation * object was corrupted or if this function is called directly * inside the library. */ if( tls12_prf->block_number == 0xff ) @@ -4335,7 +4335,7 @@ cleanup: return( status ); } -/* Read some bytes from an TLS-1.2-PRF-based generator. +/* Read some bytes from an TLS-1.2-PRF-based operation. * See Section 5 of RFC 5246. */ static psa_status_t psa_key_derivation_tls12_prf_read( psa_tls12_prf_key_derivation_t *tls12_prf, @@ -4376,53 +4376,53 @@ static psa_status_t psa_key_derivation_tls12_prf_read( } #endif /* MBEDTLS_MD_C */ -psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, uint8_t *output, size_t output_length ) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); - if( generator->alg == 0 ) + if( operation->alg == 0 ) { - /* This is a blank generator. */ + /* This is a blank operation. */ return PSA_ERROR_BAD_STATE; } - if( output_length > generator->capacity ) + if( output_length > operation->capacity ) { - generator->capacity = 0; + operation->capacity = 0; /* Go through the error path to wipe all confidential data now - * that the generator object is useless. */ + * that the operation object is useless. */ status = PSA_ERROR_INSUFFICIENT_DATA; goto exit; } - if( output_length == 0 && generator->capacity == 0 ) + if( output_length == 0 && operation->capacity == 0 ) { - /* Edge case: this is a finished generator, and 0 bytes + /* Edge case: this is a finished operation, and 0 bytes * were requested. The right error in this case could * be either INSUFFICIENT_CAPACITY or BAD_STATE. Return * INSUFFICIENT_CAPACITY, which is right for a finished - * generator, for consistency with the case when + * operation, for consistency with the case when * output_length > 0. */ return( PSA_ERROR_INSUFFICIENT_DATA ); } - generator->capacity -= output_length; + operation->capacity -= output_length; if( kdf_alg == PSA_ALG_SELECT_RAW ) { - /* Initially, the capacity of a selection generator is always - * the size of the buffer, i.e. `generator->ctx.buffer.size`, + /* Initially, the capacity of a selection operation is always + * the size of the buffer, i.e. `operation->ctx.buffer.size`, * abbreviated in this comment as `size`. When the remaining * capacity is `c`, the next bytes to serve start `c` bytes * from the end of the buffer, i.e. `size - c` from the - * beginning of the buffer. Since `generator->capacity` was just + * beginning of the buffer. Since `operation->capacity` was just * decremented above, we need to serve the bytes from - * `size - generator->capacity - output_length` to - * `size - generator->capacity`. */ + * `size - operation->capacity - output_length` to + * `size - operation->capacity`. */ size_t offset = - generator->ctx.buffer.size - generator->capacity - output_length; - memcpy( output, generator->ctx.buffer.data + offset, output_length ); + operation->ctx.buffer.size - operation->capacity - output_length; + memcpy( output, operation->ctx.buffer.data + offset, output_length ); status = PSA_SUCCESS; } else @@ -4430,13 +4430,13 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge if( PSA_ALG_IS_HKDF( kdf_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - status = psa_key_derivation_hkdf_read( &generator->ctx.hkdf, hash_alg, + status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg, output, output_length ); } else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { - status = psa_key_derivation_tls12_prf_read( &generator->ctx.tls12_prf, + status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf, kdf_alg, output, output_length ); } @@ -4450,12 +4450,12 @@ exit: if( status != PSA_SUCCESS ) { /* Preserve the algorithm upon errors, but clear all sensitive state. - * This allows us to differentiate between exhausted generators and - * blank generators, so we can return PSA_ERROR_BAD_STATE on blank - * generators. */ - psa_algorithm_t alg = generator->alg; - psa_key_derivation_abort( generator ); - generator->alg = alg; + * This allows us to differentiate between exhausted operations and + * blank operations, so we can return PSA_ERROR_BAD_STATE on blank + * operations. */ + psa_algorithm_t alg = operation->alg; + psa_key_derivation_abort( operation ); + operation->alg = alg; memset( output, '!', output_length ); } return( status ); @@ -4476,7 +4476,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size ) static psa_status_t psa_generate_derived_key_internal( psa_key_slot_t *slot, size_t bits, - psa_key_derivation_operation_t *generator ) + psa_key_derivation_operation_t *operation ) { uint8_t *data = NULL; size_t bytes = PSA_BITS_TO_BYTES( bits ); @@ -4490,7 +4490,7 @@ static psa_status_t psa_generate_derived_key_internal( if( data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_key_derivation_output_bytes( generator, data, bytes ); + status = psa_key_derivation_output_bytes( operation, data, bytes ); if( status != PSA_SUCCESS ) goto exit; #if defined(MBEDTLS_DES_C) @@ -4505,7 +4505,7 @@ exit: } psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *generator, + psa_key_derivation_operation_t *operation, psa_key_handle_t *handle ) { psa_status_t status; @@ -4515,7 +4515,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut { status = psa_generate_derived_key_internal( slot, attributes->bits, - generator ); + operation ); } if( status == PSA_SUCCESS ) status = psa_finish_key_creation( slot ); @@ -4530,7 +4530,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle, psa_key_type_t type, size_t bits, - psa_key_derivation_operation_t *generator ) + psa_key_derivation_operation_t *operation ) { uint8_t *data = NULL; size_t bytes = PSA_BITS_TO_BYTES( bits ); @@ -4544,7 +4544,7 @@ psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle, if( data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - status = psa_key_derivation_output_bytes( generator, data, bytes ); + status = psa_key_derivation_output_bytes( operation, data, bytes ); if( status != PSA_SUCCESS ) goto exit; #if defined(MBEDTLS_DES_C) @@ -4565,7 +4565,7 @@ exit: /****************************************************************/ #if defined(MBEDTLS_MD_C) -/* Set up an HKDF-based generator. This is exactly the extract phase +/* Set up an HKDF-based operation. This is exactly the extract phase * of the HKDF algorithm. * * Note that if this function fails, you must call psa_key_derivation_abort() @@ -4611,7 +4611,7 @@ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hk #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_MD_C) -/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). +/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5). * * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. @@ -4668,7 +4668,7 @@ static psa_status_t psa_key_derivation_tls12_prf_setup( return( PSA_SUCCESS ); } -/* Set up a TLS-1.2-PSK-to-MS-based generator. */ +/* Set up a TLS-1.2-PSK-to-MS-based operation. */ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( psa_tls12_prf_key_derivation_t *tls12_prf, const unsigned char *psk, @@ -4714,7 +4714,7 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_key_derivation_internal( - psa_key_derivation_operation_t *generator, + psa_key_derivation_operation_t *operation, const uint8_t *secret, size_t secret_length, psa_algorithm_t alg, const uint8_t *salt, size_t salt_length, @@ -4724,8 +4724,8 @@ static psa_status_t psa_key_derivation_internal( psa_status_t status; size_t max_capacity; - /* Set generator->alg even on failure so that abort knows what to do. */ - generator->alg = alg; + /* Set operation->alg even on failure so that abort knows what to do. */ + operation->alg = alg; if( alg == PSA_ALG_SELECT_RAW ) { @@ -4735,11 +4735,11 @@ static psa_status_t psa_key_derivation_internal( (void) label; if( label_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length ); - if( generator->ctx.buffer.data == NULL ) + operation->ctx.buffer.data = mbedtls_calloc( 1, secret_length ); + if( operation->ctx.buffer.data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( generator->ctx.buffer.data, secret, secret_length ); - generator->ctx.buffer.size = secret_length; + memcpy( operation->ctx.buffer.data, secret, secret_length ); + operation->ctx.buffer.size = secret_length; max_capacity = secret_length; status = PSA_SUCCESS; } @@ -4752,7 +4752,7 @@ static psa_status_t psa_key_derivation_internal( if( hash_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); max_capacity = 255 * hash_size; - status = psa_key_derivation_hkdf_setup( &generator->ctx.hkdf, + status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf, secret, secret_length, hash_alg, salt, salt_length, @@ -4776,7 +4776,7 @@ static psa_status_t psa_key_derivation_internal( if( PSA_ALG_IS_TLS12_PRF( alg ) ) { - status = psa_key_derivation_tls12_prf_setup( &generator->ctx.tls12_prf, + status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf, secret, secret_length, hash_alg, salt, salt_length, label, label_length ); @@ -4784,7 +4784,7 @@ static psa_status_t psa_key_derivation_internal( else { status = psa_key_derivation_tls12_psk_to_ms_setup( - &generator->ctx.tls12_prf, + &operation->ctx.tls12_prf, secret, secret_length, hash_alg, salt, salt_length, label, label_length ); @@ -4800,16 +4800,16 @@ static psa_status_t psa_key_derivation_internal( return( status ); if( capacity <= max_capacity ) - generator->capacity = capacity; + operation->capacity = capacity; else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ) - generator->capacity = max_capacity; + operation->capacity = max_capacity; else return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_SUCCESS ); } -psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg, const uint8_t *salt, @@ -4821,7 +4821,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator, psa_key_slot_t *slot; psa_status_t status; - if( generator->alg != 0 ) + if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); /* Make sure that alg is a key derivation algorithm. This prevents @@ -4837,7 +4837,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator, if( slot->type != PSA_KEY_TYPE_DERIVE ) return( PSA_ERROR_INVALID_ARGUMENT ); - status = psa_key_derivation_internal( generator, + status = psa_key_derivation_internal( operation, slot->data.raw.data, slot->data.raw.bytes, alg, @@ -4845,12 +4845,12 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator, label, label_length, capacity ); if( status != PSA_SUCCESS ) - psa_key_derivation_abort( generator ); + psa_key_derivation_abort( operation ); return( status ); } static psa_status_t psa_key_derivation_setup_kdf( - psa_key_derivation_operation_t *generator, + psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg ) { /* Make sure that kdf_alg is a supported key derivation algorithm. */ @@ -4869,7 +4869,7 @@ static psa_status_t psa_key_derivation_setup_kdf( { return( PSA_ERROR_NOT_SUPPORTED ); } - generator->capacity = 255 * hash_size; + operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } #endif /* MBEDTLS_MD_C */ @@ -4877,12 +4877,12 @@ static psa_status_t psa_key_derivation_setup_kdf( return( PSA_ERROR_NOT_SUPPORTED ); } -psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation, psa_algorithm_t alg ) { psa_status_t status; - if( generator->alg != 0 ) + if( operation->alg != 0 ) return( PSA_ERROR_BAD_STATE ); if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) @@ -4890,17 +4890,17 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) { psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); - status = psa_key_derivation_setup_kdf( generator, kdf_alg ); + status = psa_key_derivation_setup_kdf( operation, kdf_alg ); } else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) { - status = psa_key_derivation_setup_kdf( generator, alg ); + status = psa_key_derivation_setup_kdf( operation, alg ); } else return( PSA_ERROR_INVALID_ARGUMENT ); if( status == PSA_SUCCESS ) - generator->alg = alg; + operation->alg = alg; return( status ); } @@ -4972,31 +4972,31 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, #endif /* MBEDTLS_MD_C */ static psa_status_t psa_key_derivation_input_raw( - psa_key_derivation_operation_t *generator, + psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation ); if( kdf_alg == PSA_ALG_SELECT_RAW ) { - if( generator->capacity != 0 ) + if( operation->capacity != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); - generator->ctx.buffer.data = mbedtls_calloc( 1, data_length ); - if( generator->ctx.buffer.data == NULL ) + operation->ctx.buffer.data = mbedtls_calloc( 1, data_length ); + if( operation->ctx.buffer.data == NULL ) return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( generator->ctx.buffer.data, data, data_length ); - generator->ctx.buffer.size = data_length; - generator->capacity = data_length; + memcpy( operation->ctx.buffer.data, data, data_length ); + operation->ctx.buffer.size = data_length; + operation->capacity = data_length; status = PSA_SUCCESS; } else #if defined(MBEDTLS_MD_C) if( PSA_ALG_IS_HKDF( kdf_alg ) ) { - status = psa_hkdf_input( &generator->ctx.hkdf, + status = psa_hkdf_input( &operation->ctx.hkdf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } @@ -5013,16 +5013,16 @@ static psa_status_t psa_key_derivation_input_raw( else #endif /* MBEDTLS_MD_C */ { - /* This can't happen unless the generator object was not initialized */ + /* This can't happen unless the operation object was not initialized */ return( PSA_ERROR_BAD_STATE ); } if( status != PSA_SUCCESS ) - psa_key_derivation_abort( generator ); + psa_key_derivation_abort( operation ); return( status ); } -psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) @@ -5032,14 +5032,14 @@ psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *gen case PSA_KEY_DERIVATION_INPUT_LABEL: case PSA_KEY_DERIVATION_INPUT_SALT: case PSA_KEY_DERIVATION_INPUT_INFO: - return( psa_key_derivation_input_raw( generator, step, + return( psa_key_derivation_input_raw( operation, step, data, data_length ) ); default: return( PSA_ERROR_INVALID_ARGUMENT ); } } -psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_handle_t handle ) { @@ -5047,7 +5047,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener psa_status_t status; status = psa_get_key_from_slot( handle, &slot, PSA_KEY_USAGE_DERIVE, - generator->alg ); + operation->alg ); if( status != PSA_SUCCESS ) return( status ); if( slot->type != PSA_KEY_TYPE_DERIVE ) @@ -5060,7 +5060,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener * and leak values derived from the key. So be conservative. */ if( step != PSA_KEY_DERIVATION_INPUT_SECRET ) return( PSA_ERROR_INVALID_ARGUMENT ); - return( psa_key_derivation_input_raw( generator, + return( psa_key_derivation_input_raw( operation, step, slot->data.raw.data, slot->data.raw.bytes ) ); @@ -5151,7 +5151,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg, /* Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *generator, +static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_slot_t *private_key, const uint8_t *peer_key, @@ -5160,7 +5160,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t * psa_status_t status; uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE]; size_t shared_secret_length = 0; - psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg ); + psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg ); /* Step 1: run the secret agreement algorithm to generate the shared * secret. */ @@ -5175,7 +5175,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t * /* Step 2: set up the key derivation to generate key material from * the shared secret. */ - status = psa_key_derivation_input_raw( generator, step, + status = psa_key_derivation_input_raw( operation, step, shared_secret, shared_secret_length ); exit: @@ -5183,7 +5183,7 @@ exit: return( status ); } -psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *generator, +psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, @@ -5191,17 +5191,17 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *g { psa_key_slot_t *slot; psa_status_t status; - if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) + if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_key_from_slot( private_key, &slot, - PSA_KEY_USAGE_DERIVE, generator->alg ); + PSA_KEY_USAGE_DERIVE, operation->alg ); if( status != PSA_SUCCESS ) return( status ); - status = psa_key_agreement_internal( generator, step, + status = psa_key_agreement_internal( operation, step, slot, peer_key, peer_key_length ); if( status != PSA_SUCCESS ) - psa_key_derivation_abort( generator ); + psa_key_derivation_abort( operation ); return( status ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d98470d3d..abc73aebe 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1716,7 +1716,7 @@ PSA decrypt: RSA OAEP-SHA-256, input too large depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT -Crypto generator initializers zero properly +Crypto derivation operation object initializers zero properly key_derivation_init: PSA key derivation: HKDF-SHA-256, good case @@ -1755,11 +1755,11 @@ PSA key derivation: unsupported key derivation algorithm depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED -PSA key derivation: invalid generator state ( double generate + read past capacity ) +PSA key derivation: invalid state (double generate + read past capacity) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C test_derive_invalid_key_derivation_state: -PSA key derivation: invalid generator state ( call read/get_capacity after init and abort ) +PSA key derivation: invalid state (call read/get_capacity after init and abort) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C test_derive_invalid_key_derivation_tests: diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 52c41e7eb..4c28b80a6 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -525,7 +525,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, psa_key_usage_t usage, psa_algorithm_t alg ) { - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char label[16] = "This is a label."; size_t label_length = sizeof( label ); unsigned char seed[16] = "abcdefghijklmnop"; @@ -536,15 +536,15 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, { if( PSA_ALG_IS_HKDF( alg ) ) { - PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, label, label_length ) ); - PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_ASSERT( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, seed, seed_length ) ); @@ -552,16 +552,16 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, else { // legacy - PSA_ASSERT( psa_key_derivation( &generator, + PSA_ASSERT( psa_key_derivation( &operation, handle, alg, label, label_length, seed, seed_length, sizeof( output ) ) ); } - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); } return( 1 ); @@ -572,7 +572,7 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ -static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *generator, +static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation, psa_key_handle_t handle ) { psa_key_type_t private_key_type; @@ -596,7 +596,7 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *gen public_key, public_key_length, &public_key_length ) ); - status = psa_key_derivation_key_agreement( generator, PSA_KEY_DERIVATION_INPUT_SECRET, handle, + status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, public_key, public_key_length ); exit: mbedtls_free( public_key ); @@ -664,7 +664,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, psa_key_usage_t usage, psa_algorithm_t alg ) { - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char output[1]; int ok = 0; @@ -672,12 +672,12 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( key_agreement_with_self( &generator, handle ) ); - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( key_agreement_with_self( &operation, handle ) ); + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); } ok = 1; @@ -1844,7 +1844,7 @@ void derive_key_policy( int policy_usage, { psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -1856,7 +1856,7 @@ void derive_key_policy( int policy_usage, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - status = psa_key_derivation( &generator, handle, + status = psa_key_derivation( &operation, handle, exercise_alg, NULL, 0, NULL, 0, @@ -1868,7 +1868,7 @@ void derive_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -1884,7 +1884,7 @@ void agreement_key_policy( int policy_usage, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -1896,8 +1896,8 @@ void agreement_key_policy( int policy_usage, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) ); - status = key_agreement_with_self( &generator, handle ); + PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) ); + status = key_agreement_with_self( &operation, handle ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) @@ -1906,7 +1906,7 @@ void agreement_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -1922,7 +1922,7 @@ void raw_agreement_key_policy( int policy_usage, psa_key_handle_t handle = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type = key_type_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_status_t status; PSA_ASSERT( psa_crypto_init( ) ); @@ -1943,7 +1943,7 @@ void raw_agreement_key_policy( int policy_usage, TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4009,7 +4009,7 @@ void key_derivation_init( ) memset( &zero, 0, sizeof( zero ) ); - /* A default generator should not be able to report its capacity. */ + /* A default operation should not be able to report its capacity. */ TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ), PSA_ERROR_BAD_STATE ); TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ), @@ -4017,7 +4017,7 @@ void key_derivation_init( ) TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ), PSA_ERROR_BAD_STATE ); - /* A default generator should be abortable without error. */ + /* A default operation should be abortable without error. */ PSA_ASSERT( psa_key_derivation_abort(&func) ); PSA_ASSERT( psa_key_derivation_abort(&init) ); PSA_ASSERT( psa_key_derivation_abort(&zero) ); @@ -4038,7 +4038,7 @@ void derive_setup( int key_type_arg, psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; psa_status_t expected_status = expected_status_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; PSA_ASSERT( psa_crypto_init( ) ); @@ -4050,14 +4050,14 @@ void derive_setup( int key_type_arg, PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len, &handle ) ); - TEST_EQUAL( psa_key_derivation( &generator, handle, alg, + TEST_EQUAL( psa_key_derivation( &operation, handle, alg, salt->x, salt->len, label->x, label->len, requested_capacity ), expected_status ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4068,7 +4068,7 @@ void test_derive_invalid_key_derivation_state( ) { psa_key_handle_t handle = 0; size_t key_type = PSA_KEY_TYPE_DERIVE; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 ); uint8_t buffer[42]; size_t capacity = sizeof( buffer ); @@ -4088,25 +4088,25 @@ void test_derive_invalid_key_derivation_state( ) &handle ) ); /* valid key derivation */ - PSA_ASSERT( psa_key_derivation( &generator, handle, alg, + PSA_ASSERT( psa_key_derivation( &operation, handle, alg, NULL, 0, NULL, 0, capacity ) ); - /* state of generator shouldn't allow additional generation */ - TEST_EQUAL( psa_key_derivation( &generator, handle, alg, + /* state of operation shouldn't allow additional generation */ + TEST_EQUAL( psa_key_derivation( &operation, handle, alg, NULL, 0, NULL, 0, capacity ), PSA_ERROR_BAD_STATE ); - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, buffer, capacity ) ); + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) ); - TEST_EQUAL( psa_key_derivation_output_bytes( &generator, buffer, capacity ), + TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ), PSA_ERROR_INSUFFICIENT_DATA ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4118,24 +4118,24 @@ void test_derive_invalid_key_derivation_tests( ) uint8_t output_buffer[16]; size_t buffer_size = 16; size_t capacity = 0; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); - TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity ) + TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) == PSA_ERROR_BAD_STATE ); - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); - TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); - TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity ) + TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) == PSA_ERROR_BAD_STATE ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); } /* END_CASE */ @@ -4151,7 +4151,7 @@ void derive_output( int alg_arg, psa_key_handle_t handle = 0; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *expected_outputs[2] = {expected_output1->x, expected_output2->x}; size_t output_sizes[2] = @@ -4184,28 +4184,28 @@ void derive_output( int alg_arg, /* Extraction phase. */ if( PSA_ALG_IS_HKDF( alg ) ) { - PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_set_capacity( &generator, + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( psa_key_derivation_set_capacity( &operation, requested_capacity ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); - PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_ASSERT( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, label->x, label->len ) ); } else { // legacy - PSA_ASSERT( psa_key_derivation( &generator, handle, alg, + PSA_ASSERT( psa_key_derivation( &operation, handle, alg, salt->x, salt->len, label->x, label->len, requested_capacity ) ); } - PSA_ASSERT( psa_key_derivation_get_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &operation, ¤t_capacity ) ); TEST_EQUAL( current_capacity, requested_capacity ); expected_capacity = requested_capacity; @@ -4214,7 +4214,7 @@ void derive_output( int alg_arg, for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ ) { /* Read some bytes. */ - status = psa_key_derivation_output_bytes( &generator, + status = psa_key_derivation_output_bytes( &operation, output_buffer, output_sizes[i] ); if( expected_capacity == 0 && output_sizes[i] == 0 ) { @@ -4236,17 +4236,17 @@ void derive_output( int alg_arg, if( output_sizes[i] != 0 ) ASSERT_COMPARE( output_buffer, output_sizes[i], expected_outputs[i], output_sizes[i] ); - /* Check the generator status. */ + /* Check the operation status. */ expected_capacity -= output_sizes[i]; - PSA_ASSERT( psa_key_derivation_get_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &operation, ¤t_capacity ) ); TEST_EQUAL( expected_capacity, current_capacity ); } - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); exit: mbedtls_free( output_buffer ); - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4262,7 +4262,7 @@ void derive_full( int alg_arg, psa_key_handle_t handle = 0; psa_algorithm_t alg = alg_arg; size_t requested_capacity = requested_capacity_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char output_buffer[16]; size_t expected_capacity = requested_capacity; size_t current_capacity; @@ -4280,28 +4280,28 @@ void derive_full( int alg_arg, /* Extraction phase. */ if( PSA_ALG_IS_HKDF( alg ) ) { - PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_set_capacity( &generator, + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( psa_key_derivation_set_capacity( &operation, requested_capacity ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); - PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_ASSERT( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle ) ); - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, label->x, label->len ) ); } else { // legacy - PSA_ASSERT( psa_key_derivation( &generator, handle, alg, + PSA_ASSERT( psa_key_derivation( &operation, handle, alg, salt->x, salt->len, label->x, label->len, requested_capacity ) ); } - PSA_ASSERT( psa_key_derivation_get_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &operation, ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); @@ -4311,23 +4311,23 @@ void derive_full( int alg_arg, size_t read_size = sizeof( output_buffer ); if( read_size > current_capacity ) read_size = current_capacity; - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, read_size ) ); expected_capacity -= read_size; - PSA_ASSERT( psa_key_derivation_get_capacity( &generator, + PSA_ASSERT( psa_key_derivation_get_capacity( &operation, ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); } - /* Check that the generator refuses to go over capacity. */ - TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output_buffer, 1 ), + /* Check that the operation refuses to go over capacity. */ + TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ), PSA_ERROR_INSUFFICIENT_DATA ); - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( handle ); mbedtls_psa_crypto_free( ); } @@ -4351,7 +4351,7 @@ void derive_key_exercise( int alg_arg, psa_key_usage_t derived_usage = derived_usage_arg; psa_algorithm_t derived_alg = derived_alg_arg; size_t capacity = PSA_BITS_TO_BYTES( derived_bits ); - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4364,7 +4364,7 @@ void derive_key_exercise( int alg_arg, &base_handle ) ); /* Derive a key. */ - PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg, + PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg, salt->x, salt->len, label->x, label->len, capacity ) ); @@ -4372,7 +4372,7 @@ void derive_key_exercise( int alg_arg, psa_set_key_algorithm( &attributes, derived_alg ); psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); - PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, &derived_handle ) ); /* Test the key information */ @@ -4385,7 +4385,7 @@ void derive_key_exercise( int alg_arg, goto exit; exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_reset_key_attributes( &got_attributes ); psa_destroy_key( base_handle ); psa_destroy_key( derived_handle ); @@ -4407,7 +4407,7 @@ void derive_key_export( int alg_arg, size_t bytes1 = bytes1_arg; size_t bytes2 = bytes2_arg; size_t capacity = bytes1 + bytes2; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t *output_buffer = NULL; uint8_t *export_buffer = NULL; psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -4425,17 +4425,17 @@ void derive_key_export( int alg_arg, &base_handle ) ); /* Derive some material and output it. */ - PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg, + PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg, salt->x, salt->len, label->x, label->len, capacity ) ); - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, capacity ) ); - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ - PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg, + PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg, salt->x, salt->len, label->x, label->len, capacity ) ); @@ -4443,7 +4443,7 @@ void derive_key_export( int alg_arg, psa_set_key_algorithm( &derived_attributes, 0 ); psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); - PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer, bytes1, @@ -4451,7 +4451,7 @@ void derive_key_export( int alg_arg, TEST_EQUAL( length, bytes1 ); PSA_ASSERT( psa_destroy_key( derived_handle ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); - PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer + bytes1, bytes2, @@ -4465,7 +4465,7 @@ void derive_key_export( int alg_arg, exit: mbedtls_free( output_buffer ); mbedtls_free( export_buffer ); - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( base_handle ); psa_destroy_key( derived_handle ); mbedtls_psa_crypto_free( ); @@ -4481,7 +4481,7 @@ void key_agreement_setup( int alg_arg, psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t expected_status = expected_status_arg; psa_status_t status; @@ -4499,10 +4499,10 @@ void key_agreement_setup( int alg_arg, * Test cases that fail at the setup step should be changed to call * key_derivation_setup instead, and this function should be renamed * to key_agreement_fail. */ - status = psa_key_derivation_setup( &generator, alg ); + status = psa_key_derivation_setup( &operation, alg ); if( status == PSA_SUCCESS ) { - TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET, + TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, our_key, peer_key_data->x, peer_key_data->len ), expected_status ); @@ -4513,7 +4513,7 @@ void key_agreement_setup( int alg_arg, } exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( our_key ); mbedtls_psa_crypto_free( ); } @@ -4565,7 +4565,7 @@ void key_agreement_capacity( int alg_arg, psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t actual_capacity; unsigned char output[16]; @@ -4579,37 +4579,37 @@ void key_agreement_capacity( int alg_arg, our_key_data->x, our_key_data->len, &our_key ) ); - PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET, + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, our_key, peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); } /* Test the advertized capacity. */ PSA_ASSERT( psa_key_derivation_get_capacity( - &generator, &actual_capacity ) ); + &operation, &actual_capacity ) ); TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg ); /* Test the actual capacity by reading the output. */ while( actual_capacity > sizeof( output ) ) { - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); actual_capacity -= sizeof( output ); } - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, actual_capacity ) ); - TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output, 1 ), + TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ), PSA_ERROR_INSUFFICIENT_DATA ); exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( our_key ); mbedtls_psa_crypto_free( ); } @@ -4624,7 +4624,7 @@ void key_agreement_output( int alg_arg, psa_key_handle_t our_key = 0; psa_algorithm_t alg = alg_arg; psa_key_type_t our_key_type = our_key_type_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t *actual_output = NULL; @@ -4640,26 +4640,26 @@ void key_agreement_output( int alg_arg, our_key_data->x, our_key_data->len, &our_key ) ); - PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET, + PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); + PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, our_key, peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ - PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); } - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, actual_output, expected_output1->len ) ); ASSERT_COMPARE( actual_output, expected_output1->len, expected_output1->x, expected_output1->len ); if( expected_output2->len != 0 ) { - PSA_ASSERT( psa_key_derivation_output_bytes( &generator, + PSA_ASSERT( psa_key_derivation_output_bytes( &operation, actual_output, expected_output2->len ) ); ASSERT_COMPARE( actual_output, expected_output2->len, @@ -4667,7 +4667,7 @@ void key_agreement_output( int alg_arg, } exit: - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( our_key ); mbedtls_psa_crypto_free( ); mbedtls_free( actual_output ); @@ -4886,7 +4886,7 @@ void persistent_key_load_key_from_storage( data_t *data, size_t bits = bits_arg; psa_key_usage_t usage_flags = usage_flags_arg; psa_algorithm_t alg = alg_arg; - psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; unsigned char *first_export = NULL; unsigned char *second_export = NULL; size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits ); @@ -4933,16 +4933,16 @@ void persistent_key_load_key_from_storage( data_t *data, data->x, data->len, &base_key ) ); /* Derive a key. */ - PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) ); - PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) ); + PSA_ASSERT( psa_key_derivation_input_key( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( - &generator, PSA_KEY_DERIVATION_INPUT_INFO, + &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); - PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator, + PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, &handle ) ); - PSA_ASSERT( psa_key_derivation_abort( &generator ) ); + PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); base_key = 0; } @@ -4994,7 +4994,7 @@ exit: psa_reset_key_attributes( &attributes ); mbedtls_free( first_export ); mbedtls_free( second_export ); - psa_key_derivation_abort( &generator ); + psa_key_derivation_abort( &operation ); psa_destroy_key( base_key ); if( handle == 0 ) { From cf7292e25783d455cbf561b614df4f722e09b3f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 17:53:40 +0200 Subject: [PATCH 6/9] Wrap and reindent some lines After renaming several identifiers, re-wrap and re-indent some lines to make the code prettier. --- include/psa/crypto.h | 80 ++++++++------ include/psa/crypto_extra.h | 7 +- include/psa/crypto_values.h | 8 +- library/psa_crypto.c | 50 ++++----- tests/suites/test_suite_psa_crypto.function | 116 +++++++++++--------- 5 files changed, 140 insertions(+), 121 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c4aab460f..959af96fb 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3033,8 +3033,9 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, - size_t *capacity); +psa_status_t psa_key_derivation_get_capacity( + const psa_key_derivation_operation_t *operation, + size_t *capacity); /** Set the maximum capacity of a key derivation operation. * @@ -3054,8 +3055,9 @@ psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_ * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, - size_t capacity); +psa_status_t psa_key_derivation_set_capacity( + psa_key_derivation_operation_t *operation, + size_t capacity); /** Read some data from a key derivation operation. * @@ -3084,9 +3086,10 @@ psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *ope * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation, - uint8_t *output, - size_t output_length); +psa_status_t psa_key_derivation_output_bytes( + psa_key_derivation_operation_t *operation, + uint8_t *output, + size_t output_length); /** Derive a key from an ongoing key derivation operation. * @@ -3101,8 +3104,8 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *ope * the key is derived, depends on the key type: * * - For key types for which the key is an arbitrary sequence of bytes - * of a given size, - * this function is functionally equivalent to calling #psa_key_derivation_output_bytes + * of a given size, this function is functionally equivalent to + * calling #psa_key_derivation_output_bytes * and passing the resulting output to #psa_import_key. * However, this function has a security benefit: * if the implementation provides an isolation boundary then @@ -3202,9 +3205,10 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *ope * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle); +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + psa_key_handle_t *handle); /** Abort a key derivation operation. * @@ -3214,9 +3218,9 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute * * This function may be called at any time as long as the operation * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to - * psa_key_derivation_operation_init() or a zero value. In particular, it is valid - * to call psa_key_derivation_abort() twice, or to call psa_key_derivation_abort() - * on an operation that has not been set up. + * psa_key_derivation_operation_init() or a zero value. In particular, + * it is valid to call psa_key_derivation_abort() twice, or to call + * psa_key_derivation_abort() on an operation that has not been set up. * * Once aborted, the key derivation operation object may be called. * @@ -3228,7 +3232,8 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation); +psa_status_t psa_key_derivation_abort( + psa_key_derivation_operation_t *operation); /** Use the maximum possible capacity for a key derivation operation. * @@ -3254,15 +3259,16 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) * as appropriate. Which inputs are needed, in what order, and whether * they may be keys and if so of what type depends on the algorithm. * - Optionally set the operation's maximum capacity with - * psa_key_derivation_set_capacity(). You may do this before, in the middle of - * or after providing inputs. For some algorithms, this step is mandatory + * psa_key_derivation_set_capacity(). You may do this before, in the middle + * of or after providing inputs. For some algorithms, this step is mandatory * because the output depends on the maximum capacity. * - To derive a key, call psa_key_derivation_output_key(). * To derive a byte string for a different purpose, call * - psa_key_derivation_output_bytes(). * Successive calls to these functions use successive output bytes * calculated by the key derivation algorithm. - * - Clean up the key derivation operation object with psa_key_derivation_abort(). + * - Clean up the key derivation operation object with + * psa_key_derivation_abort(). * * \param[in,out] operation The key derivation operation object * to set up. It must @@ -3283,8 +3289,9 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, - psa_algorithm_t alg); +psa_status_t psa_key_derivation_setup( + psa_key_derivation_operation_t *operation, + psa_algorithm_t alg); /** Provide an input for key derivation or key agreement. * @@ -3321,10 +3328,11 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length); +psa_status_t psa_key_derivation_input_bytes( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length); /** Provide an input for key derivation in the form of a key. * @@ -3366,9 +3374,10 @@ psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *oper * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t handle); +psa_status_t psa_key_derivation_input_key( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_handle_t handle); /** Perform a key agreement and use the shared secret as input to a key * derivation. @@ -3423,11 +3432,12 @@ psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operat * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length); +psa_status_t psa_key_derivation_key_agreement( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length); /** Perform a key agreement and use the shared secret as input to a key * derivation. @@ -3439,8 +3449,8 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *op * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should * not be used directly as key material. It should instead be passed as * input to a key derivation algorithm. To chain a key agreement with - * a key derivation, use psa_key_derivation_key_agreement() and other functions from - * the key derivation interface. + * a key derivation, use psa_key_derivation_key_agreement() and other + * functions from the key derivation interface. * * \param alg The key agreement algorithm to compute * (\c PSA_ALG_XXX value such that diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 1fb052b27..45655ddfc 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -157,9 +157,10 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step * and \p label is the info string used in the "expand" step. * - * \param[in,out] operation The key derivation object to set up. It must have - * been initialized as per the documentation for - * #psa_key_derivation_operation_t and not yet in use. + * \param[in,out] operation The key derivation object to set up. It must + * have been initialized as per the documentation + * for #psa_key_derivation_operation_t and not + * yet be in use. * \param handle Handle to the secret key. * \param alg The key derivation algorithm to compute * (\c PSA_ALG_XXX value such that diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index c57d06a36..c54fc9a60 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1590,25 +1590,25 @@ * * This must be a key of type #PSA_KEY_TYPE_DERIVE. */ -#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) +#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) /** A label for key derivation. * * This must be a direct input. */ -#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201) +#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201) /** A salt for key derivation. * * This must be a direct input. */ -#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202) +#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202) /** An information string for key derivation. * * This must be a direct input. */ -#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203) +#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203) /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3e77dceb0..4b6dcf0a5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4572,13 +4572,13 @@ exit: * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf, - const uint8_t *secret, - size_t secret_length, - psa_algorithm_t hash_alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length ) + const uint8_t *secret, + size_t secret_length, + psa_algorithm_t hash_alg, + const uint8_t *salt, + size_t salt_length, + const uint8_t *label, + size_t label_length ) { psa_status_t status; status = psa_hmac_setup_internal( &hkdf->hmac, @@ -4637,7 +4637,7 @@ static psa_status_t psa_key_derivation_tls12_prf_setup( memcpy( tls12_prf->key, key, key_len ); overflow = ( salt_length + label_length < salt_length ) || - ( salt_length + label_length + hash_length < hash_length ); + ( salt_length + label_length + hash_length < hash_length ); if( overflow ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -4700,10 +4700,10 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( memcpy( pms + 4 + psk_len, psk, psk_len ); status = psa_key_derivation_tls12_prf_setup( tls12_prf, - pms, 4 + 2 * psk_len, - hash_alg, - salt, salt_length, - label, label_length ); + pms, 4 + 2 * psk_len, + hash_alg, + salt, salt_length, + label, label_length ); mbedtls_platform_zeroize( pms, sizeof( pms ) ); return( status ); @@ -4753,10 +4753,10 @@ static psa_status_t psa_key_derivation_internal( return( PSA_ERROR_NOT_SUPPORTED ); max_capacity = 255 * hash_size; status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf, - secret, secret_length, - hash_alg, - salt, salt_length, - label, label_length ); + secret, secret_length, + hash_alg, + salt, salt_length, + label, label_length ); } /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ else if( PSA_ALG_IS_TLS12_PRF( alg ) || @@ -4777,9 +4777,9 @@ static psa_status_t psa_key_derivation_internal( if( PSA_ALG_IS_TLS12_PRF( alg ) ) { status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf, - secret, secret_length, - hash_alg, salt, salt_length, - label, label_length ); + secret, secret_length, + hash_alg, salt, salt_length, + label, label_length ); } else { @@ -5003,9 +5003,9 @@ static psa_status_t psa_key_derivation_input_raw( else #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_MD_C) - /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ + /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { // To do: implement this status = PSA_ERROR_NOT_SUPPORTED; @@ -5184,10 +5184,10 @@ exit: } psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length ) + psa_key_derivation_step_t step, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length ) { psa_key_slot_t *slot; psa_status_t status; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4c28b80a6..e9fd3f612 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -559,8 +559,8 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, sizeof( output ) ) ); } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - sizeof( output ) ) ); + output, + sizeof( output ) ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); } @@ -572,8 +572,9 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ -static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation, - psa_key_handle_t handle ) +static psa_status_t key_agreement_with_self( + psa_key_derivation_operation_t *operation, + psa_key_handle_t handle ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -581,8 +582,8 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *ope uint8_t *public_key = NULL; size_t public_key_length; /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's - * good enough: callers will report it as a failed test anyway. */ + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -596,8 +597,9 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *ope public_key, public_key_length, &public_key_length ) ); - status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, - public_key, public_key_length ); + status = psa_key_derivation_key_agreement( + operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, + public_key, public_key_length ); exit: mbedtls_free( public_key ); psa_reset_key_attributes( &attributes ); @@ -617,8 +619,8 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, uint8_t output[1024]; size_t output_length; /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's - * good enough: callers will report it as a failed test anyway. */ + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -675,8 +677,8 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); PSA_ASSERT( key_agreement_with_self( &operation, handle ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - sizeof( output ) ) ); + output, + sizeof( output ) ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); } ok = 1; @@ -2488,7 +2490,7 @@ void mac_bad_order( ) /* Call update after verify finish. */ PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2511,7 +2513,7 @@ void mac_bad_order( ) /* Call verify finish twice in a row. */ PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2531,7 +2533,7 @@ void mac_bad_order( ) /* Setup verify but try sign. */ PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -4120,7 +4122,8 @@ void test_derive_invalid_key_derivation_tests( ) size_t capacity = 0; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &operation, + output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) @@ -4128,7 +4131,8 @@ void test_derive_invalid_key_derivation_tests( ) PSA_ASSERT( psa_key_derivation_abort( &operation ) ); - TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &operation, + output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) @@ -4186,7 +4190,7 @@ void derive_output( int alg_arg, { PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); PSA_ASSERT( psa_key_derivation_set_capacity( &operation, - requested_capacity ) ); + requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); @@ -4206,7 +4210,7 @@ void derive_output( int alg_arg, requested_capacity ) ); } PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( current_capacity, requested_capacity ); expected_capacity = requested_capacity; @@ -4215,7 +4219,7 @@ void derive_output( int alg_arg, { /* Read some bytes. */ status = psa_key_derivation_output_bytes( &operation, - output_buffer, output_sizes[i] ); + output_buffer, output_sizes[i] ); if( expected_capacity == 0 && output_sizes[i] == 0 ) { /* Reading 0 bytes when 0 bytes are available can go either way. */ @@ -4239,7 +4243,7 @@ void derive_output( int alg_arg, /* Check the operation status. */ expected_capacity -= output_sizes[i]; PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( expected_capacity, current_capacity ); } PSA_ASSERT( psa_key_derivation_abort( &operation ) ); @@ -4282,7 +4286,7 @@ void derive_full( int alg_arg, { PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); PSA_ASSERT( psa_key_derivation_set_capacity( &operation, - requested_capacity ) ); + requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); @@ -4302,7 +4306,7 @@ void derive_full( int alg_arg, requested_capacity ) ); } PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); /* Expansion phase. */ @@ -4312,11 +4316,11 @@ void derive_full( int alg_arg, if( read_size > current_capacity ) read_size = current_capacity; PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output_buffer, - read_size ) ); + output_buffer, + read_size ) ); expected_capacity -= read_size; PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); } @@ -4373,7 +4377,7 @@ void derive_key_exercise( int alg_arg, psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &derived_handle ) ); + &derived_handle ) ); /* Test the key information */ PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) ); @@ -4430,8 +4434,8 @@ void derive_key_export( int alg_arg, label->x, label->len, capacity ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output_buffer, - capacity ) ); + output_buffer, + capacity ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ @@ -4444,7 +4448,7 @@ void derive_key_export( int alg_arg, psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); + &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer, bytes1, &length ) ); @@ -4452,7 +4456,7 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_destroy_key( derived_handle ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); + &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer + bytes1, bytes2, &length ) ); @@ -4502,9 +4506,10 @@ void key_agreement_setup( int alg_arg, status = psa_key_derivation_setup( &operation, alg ); if( status == PSA_SUCCESS ) { - TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - our_key, - peer_key_data->x, peer_key_data->len ), + TEST_EQUAL( psa_key_derivation_key_agreement( + &operation, PSA_KEY_DERIVATION_INPUT_SECRET, + our_key, + peer_key_data->x, peer_key_data->len ), expected_status ); } else @@ -4580,9 +4585,10 @@ void key_agreement_capacity( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - our_key, - peer_key_data->x, peer_key_data->len ) ); + PSA_ASSERT( psa_key_derivation_key_agreement( + &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, our_key, + peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ @@ -4600,11 +4606,11 @@ void key_agreement_capacity( int alg_arg, while( actual_capacity > sizeof( output ) ) { PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, sizeof( output ) ) ); + output, sizeof( output ) ) ); actual_capacity -= sizeof( output ); } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, actual_capacity ) ); + output, actual_capacity ) ); TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ), PSA_ERROR_INSUFFICIENT_DATA ); @@ -4641,9 +4647,10 @@ void key_agreement_output( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - our_key, - peer_key_data->x, peer_key_data->len ) ); + PSA_ASSERT( psa_key_derivation_key_agreement( + &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, our_key, + peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ @@ -4653,15 +4660,15 @@ void key_agreement_output( int alg_arg, } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - actual_output, - expected_output1->len ) ); + actual_output, + expected_output1->len ) ); ASSERT_COMPARE( actual_output, expected_output1->len, expected_output1->x, expected_output1->len ); if( expected_output2->len != 0 ) { PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - actual_output, - expected_output2->len ) ); + actual_output, + expected_output2->len ) ); ASSERT_COMPARE( actual_output, expected_output2->len, expected_output2->x, expected_output2->len ); } @@ -4842,8 +4849,8 @@ void generate_key_rsa( int bits_arg, * publicExponent INTEGER } -- e */ TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ) ); + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ) ); TEST_ASSERT( asn1_skip_integer( &p, end, bits, bits, 1 ) ); TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_INTEGER ) ); @@ -4934,19 +4941,20 @@ void persistent_key_load_key_from_storage( data_t *data, &base_key ) ); /* Derive a key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) ); - PSA_ASSERT( psa_key_derivation_input_key( &operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - base_key ) ); + PSA_ASSERT( psa_key_derivation_input_key( + &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); - PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &handle ) ); + PSA_ASSERT( psa_key_derivation_output_key( &attributes, + &operation, + &handle ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); base_key = 0; } - break; + break; } psa_reset_key_attributes( &attributes ); From 1cb9a08d6a916eb230a98faa8fbe6771b895707e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 17:56:47 +0200 Subject: [PATCH 7/9] Reorder key derivation functions in the header file Present key derivation functions in a more logical order, corresponding roughly to the order in which an application would call them. --- include/psa/crypto.h | 408 +++++++++++++++++++++---------------------- 1 file changed, 204 insertions(+), 204 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 959af96fb..1d4fc319a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3020,6 +3020,55 @@ typedef struct psa_key_derivation_s psa_key_derivation_operation_t; */ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); +/** Set up a key derivation operation. + * + * A key derivation algorithm takes some inputs and uses them to generate + * a byte stream in a deterministic way. + * This byte stream can be used to produce keys and other + * cryptographic material. + * + * To derive a key: + * - Start with an initialized object of type #psa_key_derivation_operation_t. + * - Call psa_key_derivation_setup() to select the algorithm. + * - Provide the inputs for the key derivation by calling + * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() + * as appropriate. Which inputs are needed, in what order, and whether + * they may be keys and if so of what type depends on the algorithm. + * - Optionally set the operation's maximum capacity with + * psa_key_derivation_set_capacity(). You may do this before, in the middle + * of or after providing inputs. For some algorithms, this step is mandatory + * because the output depends on the maximum capacity. + * - To derive a key, call psa_key_derivation_output_key(). + * To derive a byte string for a different purpose, call + * - psa_key_derivation_output_bytes(). + * Successive calls to these functions use successive output bytes + * calculated by the key derivation algorithm. + * - Clean up the key derivation operation object with + * psa_key_derivation_abort(). + * + * \param[in,out] operation The key derivation operation object + * to set up. It must + * have been initialized but not set up yet. + * \param alg The key derivation algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c alg is not a key derivation algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a key derivation algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + */ +psa_status_t psa_key_derivation_setup( + psa_key_derivation_operation_t *operation, + psa_algorithm_t alg); + /** Retrieve the current capacity of a key derivation operation. * * The capacity of a key derivation is the maximum number of bytes that it can @@ -3059,6 +3108,161 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation, size_t capacity); +/** Use the maximum possible capacity for a key derivation operation. + * + * Use this value as the capacity argument when setting up a key derivation + * to indicate that the operation should have the maximum possible capacity. + * The value of the maximum possible capacity depends on the key derivation + * algorithm. + */ +#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1)) + +/** Provide an input for key derivation or key agreement. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function passes direct inputs. Some inputs must be passed as keys + * using psa_key_derivation_input_key() instead of this function. Refer to + * the documentation of individual step types for information. + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param[in] data Input data to use. + * \param data_length Size of the \p data buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step does not allow direct inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The value of \p step is not valid given the state of \p operation. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_bytes( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length); + +/** Provide an input for key derivation in the form of a key. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function passes key inputs. Some inputs must be passed as keys + * of the appropriate type using this function, while others must be + * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to + * the documentation of individual step types for information. + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param handle Handle to the key. It must have an + * appropriate type for \p step and must + * allow the usage #PSA_KEY_USAGE_DERIVE. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the operation's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step does not allow key inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The value of \p step is not valid given the state of \p operation. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_key( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_handle_t handle); + +/** Perform a key agreement and use the shared secret as input to a key + * derivation. + * + * A key agreement algorithm takes two inputs: a private key \p private_key + * a public key \p peer_key. + * The result of this function is passed as input to a key derivation. + * The output of this key derivation can be extracted by reading from the + * resulting operation to produce keys and other cryptographic material. + * + * \param[in,out] operation The key derivation operation object to use. + * It must have been set up with + * psa_key_derivation_setup() with a + * key agreement and derivation algorithm + * \c alg (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true + * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg) + * is false). + * The operation must be ready for an + * input of the type given by \p step. + * \param step Which step the input data is for. + * \param private_key Handle to the private key to use. + * \param[in] peer_key Public key of the peer. The peer key must be in the + * same format that psa_import_key() accepts for the + * public key type corresponding to the type of + * private_key. That is, this function performs the + * equivalent of + * #psa_import_key(..., + * `peer_key`, `peer_key_length`) where + * with key attributes indicating the public key + * type corresponding to the type of `private_key`. + * For example, for EC keys, this means that peer_key + * is interpreted as a point on the curve that the + * private key is on. The standard formats for public + * keys are documented in the documentation of + * psa_export_public_key(). + * \param peer_key_length Size of \p peer_key in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c private_key is not compatible with \c alg, + * or \p peer_key is not valid for \c alg or not compatible with + * \c private_key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a key derivation algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + */ +psa_status_t psa_key_derivation_key_agreement( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length); + /** Read some data from a key derivation operation. * * This function calculates output bytes from a key derivation algorithm and @@ -3235,210 +3439,6 @@ psa_status_t psa_key_derivation_output_key( psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation); -/** Use the maximum possible capacity for a key derivation operation. - * - * Use this value as the capacity argument when setting up a key derivation - * to indicate that the operation should have the maximum possible capacity. - * The value of the maximum possible capacity depends on the key derivation - * algorithm. - */ -#define PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ((size_t)(-1)) - -/** Set up a key derivation operation. - * - * A key derivation algorithm takes some inputs and uses them to generate - * a byte stream in a deterministic way. - * This byte stream can be used to produce keys and other - * cryptographic material. - * - * To derive a key: - * - Start with an initialized object of type #psa_key_derivation_operation_t. - * - Call psa_key_derivation_setup() to select the algorithm. - * - Provide the inputs for the key derivation by calling - * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() - * as appropriate. Which inputs are needed, in what order, and whether - * they may be keys and if so of what type depends on the algorithm. - * - Optionally set the operation's maximum capacity with - * psa_key_derivation_set_capacity(). You may do this before, in the middle - * of or after providing inputs. For some algorithms, this step is mandatory - * because the output depends on the maximum capacity. - * - To derive a key, call psa_key_derivation_output_key(). - * To derive a byte string for a different purpose, call - * - psa_key_derivation_output_bytes(). - * Successive calls to these functions use successive output bytes - * calculated by the key derivation algorithm. - * - Clean up the key derivation operation object with - * psa_key_derivation_abort(). - * - * \param[in,out] operation The key derivation operation object - * to set up. It must - * have been initialized but not set up yet. - * \param alg The key derivation algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c alg is not a key derivation algorithm. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - */ -psa_status_t psa_key_derivation_setup( - psa_key_derivation_operation_t *operation, - psa_algorithm_t alg); - -/** Provide an input for key derivation or key agreement. - * - * Which inputs are required and in what order depends on the algorithm. - * Refer to the documentation of each key derivation or key agreement - * algorithm for information. - * - * This function passes direct inputs. Some inputs must be passed as keys - * using psa_key_derivation_input_key() instead of this function. Refer to - * the documentation of individual step types for information. - * - * \param[in,out] operation The key derivation operation object to use. - * It must have been set up with - * psa_key_derivation_setup() and must not - * have produced any output yet. - * \param step Which step the input data is for. - * \param[in] data Input data to use. - * \param data_length Size of the \p data buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step does not allow direct inputs. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The value of \p step is not valid given the state of \p operation. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_key_derivation_input_bytes( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length); - -/** Provide an input for key derivation in the form of a key. - * - * Which inputs are required and in what order depends on the algorithm. - * Refer to the documentation of each key derivation or key agreement - * algorithm for information. - * - * This function passes key inputs. Some inputs must be passed as keys - * of the appropriate type using this function, while others must be - * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to - * the documentation of individual step types for information. - * - * \param[in,out] operation The key derivation operation object to use. - * It must have been set up with - * psa_key_derivation_setup() and must not - * have produced any output yet. - * \param step Which step the input data is for. - * \param handle Handle to the key. It must have an - * appropriate type for \p step and must - * allow the usage #PSA_KEY_USAGE_DERIVE. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step is not compatible with the operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c step does not allow key inputs. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The value of \p step is not valid given the state of \p operation. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_key_derivation_input_key( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t handle); - -/** Perform a key agreement and use the shared secret as input to a key - * derivation. - * - * A key agreement algorithm takes two inputs: a private key \p private_key - * a public key \p peer_key. - * The result of this function is passed as input to a key derivation. - * The output of this key derivation can be extracted by reading from the - * resulting operation to produce keys and other cryptographic material. - * - * \param[in,out] operation The key derivation operation object to use. - * It must have been set up with - * psa_key_derivation_setup() with a - * key agreement and derivation algorithm - * \c alg (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true - * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg) - * is false). - * The operation must be ready for an - * input of the type given by \p step. - * \param step Which step the input data is for. - * \param private_key Handle to the private key to use. - * \param[in] peer_key Public key of the peer. The peer key must be in the - * same format that psa_import_key() accepts for the - * public key type corresponding to the type of - * private_key. That is, this function performs the - * equivalent of - * #psa_import_key(..., - * `peer_key`, `peer_key_length`) where - * with key attributes indicating the public key - * type corresponding to the type of `private_key`. - * For example, for EC keys, this means that peer_key - * is interpreted as a point on the curve that the - * private key is on. The standard formats for public - * keys are documented in the documentation of - * psa_export_public_key(). - * \param peer_key_length Size of \p peer_key in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_DOES_NOT_EXIST - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c private_key is not compatible with \c alg, - * or \p peer_key is not valid for \c alg or not compatible with - * \c private_key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_TAMPERING_DETECTED - */ -psa_status_t psa_key_derivation_key_agreement( - psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length); - /** Perform a key agreement and use the shared secret as input to a key * derivation. * From be697d8324d245be969c5a1f2c07bf909072329f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 18:00:41 +0200 Subject: [PATCH 8/9] Shorten the name of psa_key_agreement_raw_shared_secret There is less of a risk of confusion with the KA+KDF function now. --- include/psa/crypto.h | 14 +++++++------- library/psa_crypto.c | 14 +++++++------- tests/suites/test_suite_psa_crypto.function | 15 +++++++-------- 3 files changed, 21 insertions(+), 22 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 1d4fc319a..53babd46d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3487,13 +3487,13 @@ psa_status_t psa_key_derivation_abort( * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *output, - size_t output_size, - size_t *output_length); +psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length); /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4b6dcf0a5..01ef0f5d5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5205,13 +5205,13 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o return( status ); } -psa_status_t psa_key_agreement_raw_shared_secret( psa_algorithm_t alg, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length, - uint8_t *output, - size_t output_size, - size_t *output_length ) +psa_status_t psa_raw_key_agreement( psa_algorithm_t alg, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length ) { psa_key_slot_t *slot; psa_status_t status; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index e9fd3f612..e695ea568 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -634,10 +634,9 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, public_key, public_key_length, &public_key_length ) ); - status = psa_key_agreement_raw_shared_secret( - alg, handle, - public_key, public_key_length, - output, sizeof( output ), &output_length ); + status = psa_raw_key_agreement( alg, handle, + public_key, public_key_length, + output, sizeof( output ), &output_length ); exit: mbedtls_free( public_key ); psa_reset_key_attributes( &attributes ); @@ -4547,10 +4546,10 @@ void raw_key_agreement( int alg_arg, our_key_data->x, our_key_data->len, &our_key ) ); - PSA_ASSERT( psa_key_agreement_raw_shared_secret( - alg, our_key, - peer_key_data->x, peer_key_data->len, - output, expected_output->len, &output_length ) ); + PSA_ASSERT( psa_raw_key_agreement( alg, our_key, + peer_key_data->x, peer_key_data->len, + output, expected_output->len, + &output_length ) ); ASSERT_COMPARE( output, output_length, expected_output->x, expected_output->len ); From 58fe9e8afe3d9426a6cbbdea1c7a2efe9b5b4456 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 16 May 2019 18:01:45 +0200 Subject: [PATCH 9/9] Correct the description of psa_raw_key_agreement There was some copypasta from the KA+KDF function's description. --- include/psa/crypto.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 53babd46d..84026c91c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3439,11 +3439,7 @@ psa_status_t psa_key_derivation_output_key( psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation); -/** Perform a key agreement and use the shared secret as input to a key - * derivation. - * - * A key agreement algorithm takes two inputs: a private key \p private_key - * a public key \p peer_key. +/** Perform a key agreement and return the raw shared secret. * * \warning The raw result of a key agreement algorithm such as finite-field * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should