From 0b74cf85ea6e9dcf71bb3ff2a440f828cfcc3479 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 13 Aug 2019 14:20:39 +0200 Subject: [PATCH 1/4] Remove psa_key_derivation() and associated static functions --- include/psa/crypto_extra.h | 59 -------- library/psa_crypto.c | 278 ------------------------------------- 2 files changed, 337 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 6dfaa1300..93ff6fb9d 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -224,65 +224,6 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ); psa_status_t mbedtls_psa_inject_entropy(uint8_t *seed, size_t seed_size); -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -/** Set up a key derivation operation. - * - * FIMXE This function is no longer part of the official API. Its prototype - * is only kept around for the sake of tests that haven't been updated yet. - * - * A key derivation algorithm takes three inputs: a secret input \p handle and - * two non-secret inputs \p label and p salt. - * The result of this function is a byte generator which can - * be used to produce keys and other cryptographic material. - * - * The role of \p label and \p salt is as follows: - * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step - * and \p label is the info string used in the "expand" step. - * - * \param[in,out] operation The key derivation object to set up. It must - * have been initialized as per the documentation - * for #psa_key_derivation_operation_t and not - * yet be in use. - * \param handle Handle to the secret key. - * \param alg The key derivation algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). - * \param[in] salt Salt to use. - * \param salt_length Size of the \p salt buffer in bytes. - * \param[in] label Label to use. - * \param label_length Size of the \p label buffer in bytes. - * \param capacity The maximum number of bytes that the - * operation will be able to provide. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c key is not compatible with \c alg, - * or \p capacity is too large for the specified algorithm and key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length, - size_t capacity); -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ - /** \addtogroup crypto_types * @{ */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bd801441a..787b5a737 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4804,284 +4804,6 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut /* Key derivation */ /****************************************************************/ -#if defined(MBEDTLS_MD_C) -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -/* Set up an HKDF-based operation. This is exactly the extract phase - * of the HKDF algorithm. - * - * Note that if this function fails, you must call psa_key_derivation_abort() - * to potentially free embedded data structures and wipe confidential data. - */ -static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf, - const uint8_t *secret, - size_t secret_length, - psa_algorithm_t hash_alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length ) -{ - psa_status_t status; - status = psa_hmac_setup_internal( &hkdf->hmac, - salt, salt_length, - hash_alg ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_hash_update( &hkdf->hmac.hash_ctx, secret, secret_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_hmac_finish_internal( &hkdf->hmac, - hkdf->prk, - sizeof( hkdf->prk ) ); - if( status != PSA_SUCCESS ) - return( status ); - hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg ); - hkdf->block_number = 0; - hkdf->info_length = label_length; - if( label_length != 0 ) - { - hkdf->info = mbedtls_calloc( 1, label_length ); - if( hkdf->info == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - memcpy( hkdf->info, label, label_length ); - } - hkdf->state = HKDF_STATE_KEYED; - hkdf->info_set = 1; - return( PSA_SUCCESS ); -} -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ -#endif /* MBEDTLS_MD_C */ - -#if defined(MBEDTLS_MD_C) -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5). - * - * Note that if this function fails, you must call psa_key_derivation_abort() - * to potentially free embedded data structures and wipe confidential data. - */ -static psa_status_t psa_key_derivation_tls12_prf_setup( - psa_tls12_prf_key_derivation_t *tls12_prf, - const uint8_t *key, - size_t key_len, - psa_algorithm_t hash_alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length ) -{ - uint8_t hash_length = PSA_HASH_SIZE( hash_alg ); - size_t Ai_with_seed_len = hash_length + salt_length + label_length; - int overflow; - - tls12_prf->key = mbedtls_calloc( 1, key_len ); - if( tls12_prf->key == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - tls12_prf->key_len = key_len; - memcpy( tls12_prf->key, key, key_len ); - - overflow = ( salt_length + label_length < salt_length ) || - ( salt_length + label_length + hash_length < hash_length ); - if( overflow ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - tls12_prf->Ai_with_seed = mbedtls_calloc( 1, Ai_with_seed_len ); - if( tls12_prf->Ai_with_seed == NULL ) - return( PSA_ERROR_INSUFFICIENT_MEMORY ); - tls12_prf->Ai_with_seed_len = Ai_with_seed_len; - - /* Write `label + seed' at the end of the `A(i) + seed` buffer, - * leaving the initial `hash_length` bytes unspecified for now. */ - if( label_length != 0 ) - { - memcpy( tls12_prf->Ai_with_seed + hash_length, - label, label_length ); - } - - if( salt_length != 0 ) - { - memcpy( tls12_prf->Ai_with_seed + hash_length + label_length, - salt, salt_length ); - } - - /* The first block gets generated when - * psa_key_derivation_output_bytes() is called. */ - tls12_prf->block_number = 0; - tls12_prf->offset_in_block = hash_length; - - return( PSA_SUCCESS ); -} -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ - -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -/* Set up a TLS-1.2-PSK-to-MS-based operation. */ -static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( - psa_tls12_prf_key_derivation_t *tls12_prf, - const uint8_t *psk, - size_t psk_len, - psa_algorithm_t hash_alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length ) -{ - psa_status_t status; - uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ]; - - if( psk_len > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - /* Quoting RFC 4279, Section 2: - * - * The premaster secret is formed as follows: if the PSK is N octets - * long, concatenate a uint16 with the value N, N zero octets, a second - * uint16 with the value N, and the PSK itself. - */ - - pms[0] = ( psk_len >> 8 ) & 0xff; - pms[1] = ( psk_len >> 0 ) & 0xff; - memset( pms + 2, 0, psk_len ); - pms[2 + psk_len + 0] = pms[0]; - pms[2 + psk_len + 1] = pms[1]; - memcpy( pms + 4 + psk_len, psk, psk_len ); - - status = psa_key_derivation_tls12_prf_setup( tls12_prf, - pms, 4 + 2 * psk_len, - hash_alg, - salt, salt_length, - label, label_length ); - - mbedtls_platform_zeroize( pms, sizeof( pms ) ); - return( status ); -} -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ -#endif /* MBEDTLS_MD_C */ - -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -/* Note that if this function fails, you must call psa_key_derivation_abort() - * to potentially free embedded data structures and wipe confidential data. - */ -static psa_status_t psa_key_derivation_internal( - psa_key_derivation_operation_t *operation, - const uint8_t *secret, size_t secret_length, - psa_algorithm_t alg, - const uint8_t *salt, size_t salt_length, - const uint8_t *label, size_t label_length, - size_t capacity ) -{ - psa_status_t status; - size_t max_capacity; - - /* Set operation->alg even on failure so that abort knows what to do. */ - operation->alg = alg; - -#if defined(MBEDTLS_MD_C) - if( PSA_ALG_IS_HKDF( alg ) ) - { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); - size_t hash_size = PSA_HASH_SIZE( hash_alg ); - if( hash_size == 0 ) - return( PSA_ERROR_NOT_SUPPORTED ); - max_capacity = 255 * hash_size; - status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf, - secret, secret_length, - hash_alg, - salt, salt_length, - label, label_length ); - } - /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ - else if( PSA_ALG_IS_TLS12_PRF( alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) ) - { - psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg ); - size_t hash_size = PSA_HASH_SIZE( hash_alg ); - - /* TLS-1.2 PRF supports only SHA-256 and SHA-384. */ - if( hash_alg != PSA_ALG_SHA_256 && - hash_alg != PSA_ALG_SHA_384 ) - { - return( PSA_ERROR_NOT_SUPPORTED ); - } - - max_capacity = 255 * hash_size; - - if( PSA_ALG_IS_TLS12_PRF( alg ) ) - { - status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf, - secret, secret_length, - hash_alg, salt, salt_length, - label, label_length ); - } - else - { - status = psa_key_derivation_tls12_psk_to_ms_setup( - &operation->ctx.tls12_prf, - secret, secret_length, - hash_alg, salt, salt_length, - label, label_length ); - } - } - else -#endif - { - return( PSA_ERROR_NOT_SUPPORTED ); - } - - if( status != PSA_SUCCESS ) - return( status ); - - if( capacity <= max_capacity ) - operation->capacity = capacity; - else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY ) - operation->capacity = max_capacity; - else - return( PSA_ERROR_INVALID_ARGUMENT ); - - return( PSA_SUCCESS ); -} -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ - -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation, - psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length, - size_t capacity ) -{ - psa_key_slot_t *slot; - psa_status_t status; - - if( operation->alg != 0 ) - return( PSA_ERROR_BAD_STATE ); - - /* Make sure that alg is a key derivation algorithm. This prevents - * key selection algorithms, which psa_key_derivation_internal - * accepts for the sake of key agreement. */ - if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DERIVE, alg ); - if( status != PSA_SUCCESS ) - return( status ); - - if( slot->attr.type != PSA_KEY_TYPE_DERIVE ) - return( PSA_ERROR_INVALID_ARGUMENT ); - - status = psa_key_derivation_internal( operation, - slot->data.raw.data, - slot->data.raw.bytes, - alg, - salt, salt_length, - label, label_length, - capacity ); - if( status != PSA_SUCCESS ) - psa_key_derivation_abort( operation ); - return( status ); -} -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ - static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg ) From 012dcc4b875f7950d50be67e24a0444719024301 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Tue, 13 Aug 2019 14:55:03 +0200 Subject: [PATCH 2/4] Remove PSA_PRE_1_0_KEY_DERIVATION and the corresponding code --- include/psa/crypto_struct.h | 43 ----- library/psa_crypto.c | 218 +----------------------- programs/psa/key_ladder_demo.c | 7 +- tests/suites/test_suite_psa_crypto.data | 106 ++++++------ 4 files changed, 57 insertions(+), 317 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 9e38e53ce..816454992 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -191,49 +191,7 @@ typedef struct } psa_hkdf_key_derivation_t; #endif /* MBEDTLS_MD_C */ -/* - * If this option is not turned on, then the function `psa_key_derivation()` - * is removed. And the new psa_tls12_prf_key_derivation_t context is used along - * with the corresponding new API. - * - * The sole purpose of this option is to make the transition to the new API - * smoother. Once the transition is complete it can and should be removed - * along with the old API and its implementation. - */ -#define PSA_PRE_1_0_KEY_DERIVATION - #if defined(MBEDTLS_MD_C) -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -typedef struct psa_tls12_prf_key_derivation_s -{ - /* The TLS 1.2 PRF uses the key for each HMAC iteration, - * hence we must store it for the lifetime of the operation. - * This is different from HKDF, where the key is only used - * in the extraction phase, but not during expansion. */ - uint8_t *key; - size_t key_len; - - /* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */ - uint8_t *Ai_with_seed; - size_t Ai_with_seed_len; - - /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ - uint8_t output_block[PSA_HASH_MAX_SIZE]; - -#if PSA_HASH_MAX_SIZE > 0xff -#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" -#endif - - /* Indicates how many bytes in the current HMAC block have - * already been read by the user. */ - uint8_t offset_in_block; - - /* The 1-based number of the block. */ - uint8_t block_number; - -} psa_tls12_prf_key_derivation_t; -#else - typedef enum { TLS12_PRF_STATE_INIT, /* no input provided */ @@ -268,7 +226,6 @@ typedef struct psa_tls12_prf_key_derivation_s /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ uint8_t output_block[PSA_HASH_MAX_SIZE]; } psa_tls12_prf_key_derivation_t; -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ struct psa_key_derivation_s diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 787b5a737..073317c04 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2458,14 +2458,6 @@ static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) ); return( psa_hash_abort( &hmac->hash_ctx ) ); } - -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -static void psa_hmac_init_internal( psa_hmac_internal_data *hmac ) -{ - /* Instances of psa_hash_operation_s can be initialized by zeroization. */ - memset( hmac, 0, sizeof( *hmac ) ); -} -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) @@ -4212,21 +4204,6 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { -#if defined(PSA_PRE_1_0_KEY_DERIVATION) - if( operation->ctx.tls12_prf.key != NULL ) - { - mbedtls_platform_zeroize( operation->ctx.tls12_prf.key, - operation->ctx.tls12_prf.key_len ); - mbedtls_free( operation->ctx.tls12_prf.key ); - } - - if( operation->ctx.tls12_prf.Ai_with_seed != NULL ) - { - mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed, - operation->ctx.tls12_prf.Ai_with_seed_len ); - mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed ); - } -#else if( operation->ctx.tls12_prf.seed != NULL ) { mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed, @@ -4245,7 +4222,6 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation /* We leave the fields Ai and output_block to be erased safely by the * mbedtls_platform_zeroize() in the end of this function. */ -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ } else #endif /* MBEDTLS_MD_C */ @@ -4350,119 +4326,6 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( - psa_tls12_prf_key_derivation_t *tls12_prf, - psa_algorithm_t alg ) -{ - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); - uint8_t hash_length = PSA_HASH_SIZE( hash_alg ); - psa_hmac_internal_data hmac; - psa_status_t status, cleanup_status; - - uint8_t *Ai; - size_t Ai_len; - - /* We can't be wanting more output after block 0xff, otherwise - * the capacity check in psa_key_derivation_output_bytes() would have - * prevented this call. It could happen only if the operation - * object was corrupted or if this function is called directly - * inside the library. */ - if( tls12_prf->block_number == 0xff ) - return( PSA_ERROR_BAD_STATE ); - - /* We need a new block */ - ++tls12_prf->block_number; - tls12_prf->offset_in_block = 0; - - /* Recall the definition of the TLS-1.2-PRF from RFC 5246: - * - * PRF(secret, label, seed) = P_(secret, label + seed) - * - * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + - * HMAC_hash(secret, A(2) + seed) + - * HMAC_hash(secret, A(3) + seed) + ... - * - * A(0) = seed - * A(i) = HMAC_hash( secret, A(i-1) ) - * - * The `psa_tls12_prf_key_derivation` structures saves the block - * `HMAC_hash(secret, A(i) + seed)` from which the output - * is currently extracted as `output_block`, while - * `A(i) + seed` is stored in `Ai_with_seed`. - * - * Generating a new block means recalculating `Ai_with_seed` - * from the A(i)-part of it, and afterwards recalculating - * `output_block`. - * - * A(0) is computed at setup time. - * - */ - - psa_hmac_init_internal( &hmac ); - - /* We must distinguish the calculation of A(1) from those - * of A(2) and higher, because A(0)=seed has a different - * length than the other A(i). */ - if( tls12_prf->block_number == 1 ) - { - Ai = tls12_prf->Ai_with_seed + hash_length; - Ai_len = tls12_prf->Ai_with_seed_len - hash_length; - } - else - { - Ai = tls12_prf->Ai_with_seed; - Ai_len = hash_length; - } - - /* Compute A(i+1) = HMAC_hash(secret, A(i)) */ - status = psa_hmac_setup_internal( &hmac, - tls12_prf->key, - tls12_prf->key_len, - hash_alg ); - if( status != PSA_SUCCESS ) - goto cleanup; - - status = psa_hash_update( &hmac.hash_ctx, - Ai, Ai_len ); - if( status != PSA_SUCCESS ) - goto cleanup; - - status = psa_hmac_finish_internal( &hmac, - tls12_prf->Ai_with_seed, - hash_length ); - if( status != PSA_SUCCESS ) - goto cleanup; - - /* Compute the next block `HMAC_hash(secret, A(i+1) + seed)`. */ - status = psa_hmac_setup_internal( &hmac, - tls12_prf->key, - tls12_prf->key_len, - hash_alg ); - if( status != PSA_SUCCESS ) - goto cleanup; - - status = psa_hash_update( &hmac.hash_ctx, - tls12_prf->Ai_with_seed, - tls12_prf->Ai_with_seed_len ); - if( status != PSA_SUCCESS ) - goto cleanup; - - status = psa_hmac_finish_internal( &hmac, - tls12_prf->output_block, - hash_length ); - if( status != PSA_SUCCESS ) - goto cleanup; - -cleanup: - - cleanup_status = psa_hmac_abort_internal( &hmac ); - if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS ) - status = cleanup_status; - - return( status ); -} -#else static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg ) @@ -4570,49 +4433,7 @@ cleanup: return( status ); } -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -/* Read some bytes from an TLS-1.2-PRF-based operation. - * See Section 5 of RFC 5246. */ -static psa_status_t psa_key_derivation_tls12_prf_read( - psa_tls12_prf_key_derivation_t *tls12_prf, - psa_algorithm_t alg, - uint8_t *output, - size_t output_length ) -{ - psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg ); - uint8_t hash_length = PSA_HASH_SIZE( hash_alg ); - psa_status_t status; - - while( output_length != 0 ) - { - /* Copy what remains of the current block */ - uint8_t n = hash_length - tls12_prf->offset_in_block; - - /* Check if we have fully processed the current block. */ - if( n == 0 ) - { - status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf, - alg ); - if( status != PSA_SUCCESS ) - return( status ); - - continue; - } - - if( n > output_length ) - n = (uint8_t) output_length; - memcpy( output, tls12_prf->output_block + tls12_prf->offset_in_block, - n ); - output += n; - output_length -= n; - tls12_prf->offset_in_block += n; - } - - return( PSA_SUCCESS ); -} -#else static psa_status_t psa_key_derivation_tls12_prf_read( psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg, @@ -4651,7 +4472,6 @@ static psa_status_t psa_key_derivation_tls12_prf_read( return( PSA_SUCCESS ); } -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ psa_status_t psa_key_derivation_output_bytes( @@ -4929,38 +4749,6 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, } } -#if defined(PSA_PRE_1_0_KEY_DERIVATION) -static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length ) -{ - (void) prf; - (void) hash_alg; - (void) step; - (void) data; - (void) data_length; - - return( PSA_ERROR_INVALID_ARGUMENT ); -} - -static psa_status_t psa_tls12_prf_psk_to_ms_input( - psa_tls12_prf_key_derivation_t *prf, - psa_algorithm_t hash_alg, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length ) -{ - (void) prf; - (void) hash_alg; - (void) step; - (void) data; - (void) data_length; - - return( PSA_ERROR_INVALID_ARGUMENT ); -} -#else static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf, const uint8_t *data, size_t data_length ) @@ -5092,7 +4880,6 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input( return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) ); } -#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ static psa_status_t psa_key_derivation_input_internal( @@ -5111,10 +4898,7 @@ static psa_status_t psa_key_derivation_input_internal( PSA_ALG_HKDF_GET_HASH( kdf_alg ), step, data, data_length ); } - else -#endif /* MBEDTLS_MD_C */ -#if defined(MBEDTLS_MD_C) - if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) + else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { status = psa_tls12_prf_input( &operation->ctx.tls12_prf, PSA_ALG_HKDF_GET_HASH( kdf_alg ), diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 91e517870..f492e0e5d 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -68,14 +68,13 @@ /* If the build options we need are not enabled, compile a placeholder. */ #if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ - !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) ||\ - defined(PSA_PRE_1_0_KEY_DERIVATION) + !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) int main( void ) { printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " - "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO and/or " - "not defined and/or PSA_PRE_1_0_KEY_DERIVATION defined.\n"); + "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO " + "not defined.\n"); return( 0 ); } #else diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b04984024..759da3548 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -478,7 +478,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256) PSA key policy: derive via TLS 1.2 PRF, permitted -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) PSA key policy: derive via HKDF, not permitted @@ -486,7 +486,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_policy:0:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256) PSA key policy: derive via TLS 1.2 PRF, not permitted -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_policy:0:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) PSA key policy: derive via HKDF, wrong algorithm @@ -494,7 +494,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224) PSA key policy: derive via TLS 1.2 PRF, wrong algorithm -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224) PSA key policy: agreement + KDF, permitted @@ -1488,7 +1488,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_HKDF(PSA_ALG_SHA_256) PSA import/exercise: TLS 1.2 PRF SHA-256 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) PSA sign: RSA PKCS#1 v1.5, raw @@ -1817,39 +1817,39 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_SUCCESS PSA key derivation: TLS 1.2 PRF SHA-256, good case -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS PSA key derivation: TLS 1.2 PRF SHA-256, key first -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE PSA key derivation: TLS 1.2 PRF SHA-256, label first -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE PSA key derivation: TLS 1.2 PRF SHA-256, early label -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE PSA key derivation: TLS 1.2 PRF SHA-256, double seed -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE PSA key derivation: TLS 1.2 PRF SHA-256, double key -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE PSA key derivation: TLS 1.2 PRF SHA-256, bad key type -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE PSA key derivation: HKDF invalid state (double generate + read past capacity) -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256) PSA key derivation: TLS 1.2 PRF invalid state (double generate + read past capacity) -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C test_derive_invalid_key_derivation_state:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) PSA key derivation: invalid state (call read/get_capacity after init and abort) @@ -1906,70 +1906,70 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_K # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":"" PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66" PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66" PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66" PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b" PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":"" PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f" PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f" PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f" PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5" # Test case manually extracted from debug output of TLS-PSK run # Label: "master secret" # Salt: Concatenation of ClientHello.Random and ServerHello.Random PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":"" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":"" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18" PSA key derivation: HKDF SHA-256, request maximum capacity @@ -1989,7 +1989,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes) -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE PSA key derivation: over capacity 42: output 42+1 @@ -2017,98 +2017,98 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1 PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 PSA key derivation: HKDF SHA-256, exercise AES128-CTR -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR PSA key derivation: HKDF SHA-256, exercise AES256-CTR -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR PSA key derivation: HKDF SHA-256, exercise DES-CBC -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 PSA key derivation: HKDF SHA-256, exercise 2-key 3DES-CBC -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 PSA key derivation: HKDF SHA-256, exercise 3-key 3DES-CBC -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 PSA key derivation: HKDF SHA-256, exercise HMAC-SHA-256 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES128-CTR -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES256-CTR -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR PSA key derivation: TLS 1.2 PRF SHA-256, exercise DES-CBC -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 PSA key derivation: TLS 1.2 PRF SHA-256, exercise 2-key 3DES-CBC -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 PSA key derivation: TLS 1.2 PRF SHA-256, exercise 3-key 3DES-CBC -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 PSA key derivation: TLS 1.2 PRF SHA-256, exercise HMAC-SHA-256 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256) PSA key derivation: TLS 1.2 PRF SHA-256, exercise HKDF-SHA-256 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256) PSA key derivation: HKDF SHA-256, derive key export, 16+32 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32 PSA key derivation: HKDF SHA-256, derive key export, 1+41 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41 PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 16+32 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32 PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 1+41 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41 PSA key derivation: invalid type (0) -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK) -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED # This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). PSA key derivation: largest possible key -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS PSA key derivation: key too large -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: ECDH + HKDF-SHA-256: good From 3794dec52bd1fee786af86ec6df4508c40295857 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Wed, 14 Aug 2019 19:23:24 +0200 Subject: [PATCH 3/4] Change the expected error for two key derivation tests --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 759da3548..c9c32eec5 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2094,11 +2094,11 @@ derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b PSA key derivation: invalid type (0) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED +derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED +derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT # This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes # and not expected to be raised any time soon) is less than the maximum From b9b4f09c47d941b9c61a07738cb3ad00d44774d0 Mon Sep 17 00:00:00 2001 From: k-stachowiak Date: Thu, 15 Aug 2019 19:01:59 +0200 Subject: [PATCH 4/4] Document new error type returned from the key derivation API --- include/psa/crypto.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2b5bb97fc..f5d17965d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3201,6 +3201,8 @@ psa_status_t psa_key_derivation_output_bytes( * \retval #PSA_ERROR_NOT_SUPPORTED * The key type or key size is not supported, either by the * implementation in general or in this particular location. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The provided key attributes are not valid for the operation. * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_INSUFFICIENT_STORAGE