yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rename "generator" to "operation"

Browse source 
Generators are now key derivation operations.

Keep "random generator" intact.
This commit is contained in:
Gilles Peskine 2019-05-16 17:31:03 +02:00
parent 35675b6b26
commit 51ae0e4b79
3 changed files with 228 additions and 228 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

232
library/psa_crypto.c
View file

@ -4066,19 +4066,19 @@ exit:
#define HKDF_STATE_OUTPUT 3 /* output started */
static psa_algorithm_t psa_key_derivation_get_kdf_alg(
const psa_key_derivation_operation_t *generator )
const psa_key_derivation_operation_t *operation )
{
if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
else
return( generator->alg );
return( operation->alg );
}
psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator )
psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
{
psa_status_t status = PSA_SUCCESS;
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
if( kdf_alg == 0 )
{
/* The object has (apparently) been initialized but it is not
@ -4088,36 +4088,36 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator
else
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
if( generator->ctx.buffer.data != NULL )
if( operation->ctx.buffer.data != NULL )
{
mbedtls_platform_zeroize( generator->ctx.buffer.data,
generator->ctx.buffer.size );
mbedtls_free( generator->ctx.buffer.data );
mbedtls_platform_zeroize( operation->ctx.buffer.data,
operation->ctx.buffer.size );
mbedtls_free( operation->ctx.buffer.data );
}
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
mbedtls_free( generator->ctx.hkdf.info );
status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
mbedtls_free( operation->ctx.hkdf.info );
status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac );
}
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
/* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
/* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
if( generator->ctx.tls12_prf.key != NULL )
if( operation->ctx.tls12_prf.key != NULL )
{
mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
generator->ctx.tls12_prf.key_len );
mbedtls_free( generator->ctx.tls12_prf.key );
mbedtls_platform_zeroize( operation->ctx.tls12_prf.key,
operation->ctx.tls12_prf.key_len );
mbedtls_free( operation->ctx.tls12_prf.key );
}
if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
if( operation->ctx.tls12_prf.Ai_with_seed != NULL )
{
mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
generator->ctx.tls12_prf.Ai_with_seed_len );
mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed,
operation->ctx.tls12_prf.Ai_with_seed_len );
mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed );
}
}
else
@ -4125,36 +4125,36 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator
{
status = PSA_ERROR_BAD_STATE;
}
memset( generator, 0, sizeof( *generator ) );
memset( operation, 0, sizeof( *operation ) );
return( status );
}
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
size_t *capacity)
{
if( generator->alg == 0 )
if( operation->alg == 0 )
{
/* This is a blank generator. */
/* This is a blank key derivation operation. */
return PSA_ERROR_BAD_STATE;
}
*capacity = generator->capacity;
*capacity = operation->capacity;
return( PSA_SUCCESS );
}
psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
size_t capacity )
{
if( generator->alg == 0 )
if( operation->alg == 0 )
return( PSA_ERROR_BAD_STATE );
if( capacity > generator->capacity )
if( capacity > operation->capacity )
return( PSA_ERROR_INVALID_ARGUMENT );
generator->capacity = capacity;
operation->capacity = capacity;
return( PSA_SUCCESS );
}
#if defined(MBEDTLS_MD_C)
/* Read some bytes from an HKDF-based generator. This performs a chunk
/* Read some bytes from an HKDF-based operation. This performs a chunk
* of the expand phase of the HKDF algorithm. */
static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
psa_algorithm_t hash_alg,
@ -4182,7 +4182,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd
break;
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_key_derivation_output_bytes() would have
* prevented this call. It could happen only if the generator
* prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
if( hkdf->block_number == 0xff )
@ -4237,7 +4237,7 @@ static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_key_derivation_output_bytes() would have
* prevented this call. It could happen only if the generator
* prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
if( tls12_prf->block_number == 0xff )
@ -4335,7 +4335,7 @@ cleanup:
return( status );
}
/* Read some bytes from an TLS-1.2-PRF-based generator.
/* Read some bytes from an TLS-1.2-PRF-based operation.
* See Section 5 of RFC 5246. */
static psa_status_t psa_key_derivation_tls12_prf_read(
psa_tls12_prf_key_derivation_t *tls12_prf,
@ -4376,53 +4376,53 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
}
#endif /* MBEDTLS_MD_C */
psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation,
uint8_t *output,
size_t output_length )
{
psa_status_t status;
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
if( generator->alg == 0 )
if( operation->alg == 0 )
{
/* This is a blank generator. */
/* This is a blank operation. */
return PSA_ERROR_BAD_STATE;
}
if( output_length > generator->capacity )
if( output_length > operation->capacity )
{
generator->capacity = 0;
operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
* that the generator object is useless. */
* that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
if( output_length == 0 && generator->capacity == 0 )
if( output_length == 0 && operation->capacity == 0 )
{
/* Edge case: this is a finished generator, and 0 bytes
/* Edge case: this is a finished operation, and 0 bytes
* were requested. The right error in this case could
* be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
* INSUFFICIENT_CAPACITY, which is right for a finished
* generator, for consistency with the case when
* operation, for consistency with the case when
* output_length > 0. */
return( PSA_ERROR_INSUFFICIENT_DATA );
}
generator->capacity -= output_length;
operation->capacity -= output_length;
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
/* Initially, the capacity of a selection generator is always
* the size of the buffer, i.e. `generator->ctx.buffer.size`,
/* Initially, the capacity of a selection operation is always
* the size of the buffer, i.e. `operation->ctx.buffer.size`,
* abbreviated in this comment as `size`. When the remaining
* capacity is `c`, the next bytes to serve start `c` bytes
* from the end of the buffer, i.e. `size - c` from the
* beginning of the buffer. Since `generator->capacity` was just
* beginning of the buffer. Since `operation->capacity` was just
* decremented above, we need to serve the bytes from
* `size - generator->capacity - output_length` to
* `size - generator->capacity`. */
* `size - operation->capacity - output_length` to
* `size - operation->capacity`. */
size_t offset =
generator->ctx.buffer.size - generator->capacity - output_length;
memcpy( output, generator->ctx.buffer.data + offset, output_length );
operation->ctx.buffer.size - operation->capacity - output_length;
memcpy( output, operation->ctx.buffer.data + offset, output_length );
status = PSA_SUCCESS;
}
else
@ -4430,13 +4430,13 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
status = psa_key_derivation_hkdf_read( &generator->ctx.hkdf, hash_alg,
status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
output, output_length );
}
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
status = psa_key_derivation_tls12_prf_read( &generator->ctx.tls12_prf,
status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
kdf_alg, output,
output_length );
}
@ -4450,12 +4450,12 @@ exit:
if( status != PSA_SUCCESS )
{
/* Preserve the algorithm upon errors, but clear all sensitive state.
* This allows us to differentiate between exhausted generators and
* blank generators, so we can return PSA_ERROR_BAD_STATE on blank
* generators. */
psa_algorithm_t alg = generator->alg;
psa_key_derivation_abort( generator );
generator->alg = alg;
* This allows us to differentiate between exhausted operations and
* blank operations, so we can return PSA_ERROR_BAD_STATE on blank
* operations. */
psa_algorithm_t alg = operation->alg;
psa_key_derivation_abort( operation );
operation->alg = alg;
memset( output, '!', output_length );
}
return( status );
@ -4476,7 +4476,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
static psa_status_t psa_generate_derived_key_internal(
psa_key_slot_t *slot,
size_t bits,
psa_key_derivation_operation_t *generator )
psa_key_derivation_operation_t *operation )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
@ -4490,7 +4490,7 @@ static psa_status_t psa_generate_derived_key_internal(
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_key_derivation_output_bytes( generator, data, bytes );
status = psa_key_derivation_output_bytes( operation, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
@ -4505,7 +4505,7 @@ exit:
}
psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *generator,
psa_key_derivation_operation_t *operation,
psa_key_handle_t *handle )
{
psa_status_t status;
@ -4515,7 +4515,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
{
status = psa_generate_derived_key_internal( slot,
attributes->bits,
generator );
operation );
}
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( slot );
@ -4530,7 +4530,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
psa_key_derivation_operation_t *generator )
psa_key_derivation_operation_t *operation )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
@ -4544,7 +4544,7 @@ psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_key_derivation_output_bytes( generator, data, bytes );
status = psa_key_derivation_output_bytes( operation, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
@ -4565,7 +4565,7 @@ exit:
/****************************************************************/
#if defined(MBEDTLS_MD_C)
/* Set up an HKDF-based generator. This is exactly the extract phase
/* Set up an HKDF-based operation. This is exactly the extract phase
* of the HKDF algorithm.
*
* Note that if this function fails, you must call psa_key_derivation_abort()
@ -4611,7 +4611,7 @@ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hk
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
*
* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
@ -4668,7 +4668,7 @@ static psa_status_t psa_key_derivation_tls12_prf_setup(
return( PSA_SUCCESS );
}
/* Set up a TLS-1.2-PSK-to-MS-based generator. */
/* Set up a TLS-1.2-PSK-to-MS-based operation. */
static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
psa_tls12_prf_key_derivation_t *tls12_prf,
const unsigned char *psk,
@ -4714,7 +4714,7 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_derivation_internal(
psa_key_derivation_operation_t *generator,
psa_key_derivation_operation_t *operation,
const uint8_t *secret, size_t secret_length,
psa_algorithm_t alg,
const uint8_t *salt, size_t salt_length,
@ -4724,8 +4724,8 @@ static psa_status_t psa_key_derivation_internal(
psa_status_t status;
size_t max_capacity;
/* Set generator->alg even on failure so that abort knows what to do. */
generator->alg = alg;
/* Set operation->alg even on failure so that abort knows what to do. */
operation->alg = alg;
if( alg == PSA_ALG_SELECT_RAW )
{
@ -4735,11 +4735,11 @@ static psa_status_t psa_key_derivation_internal(
(void) label;
if( label_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
if( generator->ctx.buffer.data == NULL )
operation->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
if( operation->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( generator->ctx.buffer.data, secret, secret_length );
generator->ctx.buffer.size = secret_length;
memcpy( operation->ctx.buffer.data, secret, secret_length );
operation->ctx.buffer.size = secret_length;
max_capacity = secret_length;
status = PSA_SUCCESS;
}
@ -4752,7 +4752,7 @@ static psa_status_t psa_key_derivation_internal(
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
max_capacity = 255 * hash_size;
status = psa_key_derivation_hkdf_setup( &generator->ctx.hkdf,
status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf,
secret, secret_length,
hash_alg,
salt, salt_length,
@ -4776,7 +4776,7 @@ static psa_status_t psa_key_derivation_internal(
if( PSA_ALG_IS_TLS12_PRF( alg ) )
{
status = psa_key_derivation_tls12_prf_setup( &generator->ctx.tls12_prf,
status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf,
secret, secret_length,
hash_alg, salt, salt_length,
label, label_length );
@ -4784,7 +4784,7 @@ static psa_status_t psa_key_derivation_internal(
else
{
status = psa_key_derivation_tls12_psk_to_ms_setup(
&generator->ctx.tls12_prf,
&operation->ctx.tls12_prf,
secret, secret_length,
hash_alg, salt, salt_length,
label, label_length );
@ -4800,16 +4800,16 @@ static psa_status_t psa_key_derivation_internal(
return( status );
if( capacity <= max_capacity )
generator->capacity = capacity;
operation->capacity = capacity;
else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY )
generator->capacity = max_capacity;
operation->capacity = max_capacity;
else
return( PSA_ERROR_INVALID_ARGUMENT );
return( PSA_SUCCESS );
}
psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *salt,
@ -4821,7 +4821,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
psa_key_slot_t *slot;
psa_status_t status;
if( generator->alg != 0 )
if( operation->alg != 0 )
return( PSA_ERROR_BAD_STATE );
/* Make sure that alg is a key derivation algorithm. This prevents
@ -4837,7 +4837,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
if( slot->type != PSA_KEY_TYPE_DERIVE )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_key_derivation_internal( generator,
status = psa_key_derivation_internal( operation,
slot->data.raw.data,
slot->data.raw.bytes,
alg,
@ -4845,12 +4845,12 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
label, label_length,
capacity );
if( status != PSA_SUCCESS )
psa_key_derivation_abort( generator );
psa_key_derivation_abort( operation );
return( status );
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *generator,
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg )
{
/* Make sure that kdf_alg is a supported key derivation algorithm. */
@ -4869,7 +4869,7 @@ static psa_status_t psa_key_derivation_setup_kdf(
{
return( PSA_ERROR_NOT_SUPPORTED );
}
generator->capacity = 255 * hash_size;
operation->capacity = 255 * hash_size;
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_MD_C */
@ -4877,12 +4877,12 @@ static psa_status_t psa_key_derivation_setup_kdf(
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
psa_algorithm_t alg )
{
psa_status_t status;
if( generator->alg != 0 )
if( operation->alg != 0 )
return( PSA_ERROR_BAD_STATE );
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
@ -4890,17 +4890,17 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
{
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
status = psa_key_derivation_setup_kdf( generator, kdf_alg );
status = psa_key_derivation_setup_kdf( operation, kdf_alg );
}
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
{
status = psa_key_derivation_setup_kdf( generator, alg );
status = psa_key_derivation_setup_kdf( operation, alg );
}
else
return( PSA_ERROR_INVALID_ARGUMENT );
if( status == PSA_SUCCESS )
generator->alg = alg;
operation->alg = alg;
return( status );
}
@ -4972,31 +4972,31 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_key_derivation_input_raw(
psa_key_derivation_operation_t *generator,
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
psa_status_t status;
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
if( generator->capacity != 0 )
if( operation->capacity != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
generator->ctx.buffer.data = mbedtls_calloc( 1, data_length );
if( generator->ctx.buffer.data == NULL )
operation->ctx.buffer.data = mbedtls_calloc( 1, data_length );
if( operation->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( generator->ctx.buffer.data, data, data_length );
generator->ctx.buffer.size = data_length;
generator->capacity = data_length;
memcpy( operation->ctx.buffer.data, data, data_length );
operation->ctx.buffer.size = data_length;
operation->capacity = data_length;
status = PSA_SUCCESS;
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
status = psa_hkdf_input( &generator->ctx.hkdf,
status = psa_hkdf_input( &operation->ctx.hkdf,
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
step, data, data_length );
}
@ -5013,16 +5013,16 @@ static psa_status_t psa_key_derivation_input_raw(
else
#endif /* MBEDTLS_MD_C */
{
/* This can't happen unless the generator object was not initialized */
/* This can't happen unless the operation object was not initialized */
return( PSA_ERROR_BAD_STATE );
}
if( status != PSA_SUCCESS )
psa_key_derivation_abort( generator );
psa_key_derivation_abort( operation );
return( status );
}
psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
@ -5032,14 +5032,14 @@ psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *gen
case PSA_KEY_DERIVATION_INPUT_LABEL:
case PSA_KEY_DERIVATION_INPUT_SALT:
case PSA_KEY_DERIVATION_INPUT_INFO:
return( psa_key_derivation_input_raw( generator, step,
return( psa_key_derivation_input_raw( operation, step,
data, data_length ) );
default:
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t handle )
{
@ -5047,7 +5047,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener
psa_status_t status;
status = psa_get_key_from_slot( handle, &slot,
PSA_KEY_USAGE_DERIVE,
generator->alg );
operation->alg );
if( status != PSA_SUCCESS )
return( status );
if( slot->type != PSA_KEY_TYPE_DERIVE )
@ -5060,7 +5060,7 @@ psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *gener
* and leak values derived from the key. So be conservative. */
if( step != PSA_KEY_DERIVATION_INPUT_SECRET )
return( PSA_ERROR_INVALID_ARGUMENT );
return( psa_key_derivation_input_raw( generator,
return( psa_key_derivation_input_raw( operation,
step,
slot->data.raw.data,
slot->data.raw.bytes ) );
@ -5151,7 +5151,7 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
/* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *generator,
static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_slot_t *private_key,
const uint8_t *peer_key,
@ -5160,7 +5160,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
psa_status_t status;
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
size_t shared_secret_length = 0;
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg );
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
/* Step 1: run the secret agreement algorithm to generate the shared
* secret. */
@ -5175,7 +5175,7 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
/* Step 2: set up the key derivation to generate key material from
* the shared secret. */
status = psa_key_derivation_input_raw( generator, step,
status = psa_key_derivation_input_raw( operation, step,
shared_secret, shared_secret_length );
exit:
@ -5183,7 +5183,7 @@ exit:
return( status );
}
psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *generator,
psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
@ -5191,17 +5191,17 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *g
{
psa_key_slot_t *slot;
psa_status_t status;
if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( private_key, &slot,
PSA_KEY_USAGE_DERIVE, generator->alg );
PSA_KEY_USAGE_DERIVE, operation->alg );
if( status != PSA_SUCCESS )
return( status );
status = psa_key_agreement_internal( generator, step,
status = psa_key_agreement_internal( operation, step,
slot,
peer_key, peer_key_length );
if( status != PSA_SUCCESS )
psa_key_derivation_abort( generator );
psa_key_derivation_abort( operation );
return( status );
}

6
tests/suites/test_suite_psa_crypto.data
View file

@ -1716,7 +1716,7 @@ PSA decrypt: RSA OAEP-SHA-256, input too large
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
Crypto generator initializers zero properly
Crypto derivation operation object initializers zero properly
key_derivation_init:
PSA key derivation: HKDF-SHA-256, good case
@ -1755,11 +1755,11 @@ PSA key derivation: unsupported key derivation algorithm
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED
PSA key derivation: invalid generator state ( double generate + read past capacity )
PSA key derivation: invalid state (double generate + read past capacity)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
test_derive_invalid_key_derivation_state:
PSA key derivation: invalid generator state ( call read/get_capacity after init and abort )
PSA key derivation: invalid state (call read/get_capacity after init and abort)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
test_derive_invalid_key_derivation_tests:

218
tests/suites/test_suite_psa_crypto.function
View file

@ -525,7 +525,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char label[16] = "This is a label.";
size_t label_length = sizeof( label );
unsigned char seed[16] = "abcdefghijklmnop";
@ -536,15 +536,15 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
{
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
label,
label_length ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
handle ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
seed,
seed_length ) );
@ -552,16 +552,16 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
else
{
// legacy
PSA_ASSERT( psa_key_derivation( &generator,
PSA_ASSERT( psa_key_derivation( &operation,
handle, alg,
label, label_length,
seed, seed_length,
sizeof( output ) ) );
}
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
return( 1 );
@ -572,7 +572,7 @@ exit:
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *generator,
static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation,
psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
@ -596,7 +596,7 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *gen
public_key, public_key_length,
&public_key_length ) );
status = psa_key_derivation_key_agreement( generator, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
@ -664,7 +664,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output[1];
int ok = 0;
@ -672,12 +672,12 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
ok = 1;
@ -1844,7 +1844,7 @@ void derive_key_policy( int policy_usage,
{
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@ -1856,7 +1856,7 @@ void derive_key_policy( int policy_usage,
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
status = psa_key_derivation( &generator, handle,
status = psa_key_derivation( &operation, handle,
exercise_alg,
NULL, 0,
NULL, 0,
@ -1868,7 +1868,7 @@ void derive_key_policy( int policy_usage,
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -1884,7 +1884,7 @@ void agreement_key_policy( int policy_usage,
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@ -1896,8 +1896,8 @@ void agreement_key_policy( int policy_usage,
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
status = key_agreement_with_self( &generator, handle );
PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
status = key_agreement_with_self( &operation, handle );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@ -1906,7 +1906,7 @@ void agreement_key_policy( int policy_usage,
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -1922,7 +1922,7 @@ void raw_agreement_key_policy( int policy_usage,
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@ -1943,7 +1943,7 @@ void raw_agreement_key_policy( int policy_usage,
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4009,7 +4009,7 @@ void key_derivation_init( )
memset( &zero, 0, sizeof( zero ) );
/* A default generator should not be able to report its capacity. */
/* A default operation should not be able to report its capacity. */
TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
PSA_ERROR_BAD_STATE );
TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
@ -4017,7 +4017,7 @@ void key_derivation_init( )
TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
PSA_ERROR_BAD_STATE );
/* A default generator should be abortable without error. */
/* A default operation should be abortable without error. */
PSA_ASSERT( psa_key_derivation_abort(&func) );
PSA_ASSERT( psa_key_derivation_abort(&init) );
PSA_ASSERT( psa_key_derivation_abort(&zero) );
@ -4038,7 +4038,7 @@ void derive_setup( int key_type_arg,
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_status_t expected_status = expected_status_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -4050,14 +4050,14 @@ void derive_setup( int key_type_arg,
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
TEST_EQUAL( psa_key_derivation( &operation, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ),
expected_status );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4068,7 +4068,7 @@ void test_derive_invalid_key_derivation_state( )
{
psa_key_handle_t handle = 0;
size_t key_type = PSA_KEY_TYPE_DERIVE;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
uint8_t buffer[42];
size_t capacity = sizeof( buffer );
@ -4088,25 +4088,25 @@ void test_derive_invalid_key_derivation_state( )
&handle ) );
/* valid key derivation */
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
NULL, 0,
NULL, 0,
capacity ) );
/* state of generator shouldn't allow additional generation */
TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
/* state of operation shouldn't allow additional generation */
TEST_EQUAL( psa_key_derivation( &operation, handle, alg,
NULL, 0,
NULL, 0,
capacity ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_key_derivation_output_bytes( &generator, buffer, capacity ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
TEST_EQUAL( psa_key_derivation_output_bytes( &generator, buffer, capacity ),
TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4118,24 +4118,24 @@ void test_derive_invalid_key_derivation_tests( )
uint8_t output_buffer[16];
size_t buffer_size = 16;
size_t capacity = 0;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
== PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
== PSA_ERROR_BAD_STATE );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
}
/* END_CASE */
@ -4151,7 +4151,7 @@ void derive_output( int alg_arg,
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
{expected_output1->x, expected_output2->x};
size_t output_sizes[2] =
@ -4184,28 +4184,28 @@ void derive_output( int alg_arg,
/* Extraction phase. */
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
salt->x, salt->len ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
handle ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
label->x, label->len ) );
}
else
{
// legacy
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
}
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
TEST_EQUAL( current_capacity, requested_capacity );
expected_capacity = requested_capacity;
@ -4214,7 +4214,7 @@ void derive_output( int alg_arg,
for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
{
/* Read some bytes. */
status = psa_key_derivation_output_bytes( &generator,
status = psa_key_derivation_output_bytes( &operation,
output_buffer, output_sizes[i] );
if( expected_capacity == 0 && output_sizes[i] == 0 )
{
@ -4236,17 +4236,17 @@ void derive_output( int alg_arg,
if( output_sizes[i] != 0 )
ASSERT_COMPARE( output_buffer, output_sizes[i],
expected_outputs[i], output_sizes[i] );
/* Check the generator status. */
/* Check the operation status. */
expected_capacity -= output_sizes[i];
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
TEST_EQUAL( expected_capacity, current_capacity );
}
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
exit:
mbedtls_free( output_buffer );
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4262,7 +4262,7 @@ void derive_full( int alg_arg,
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output_buffer[16];
size_t expected_capacity = requested_capacity;
size_t current_capacity;
@ -4280,28 +4280,28 @@ void derive_full( int alg_arg,
/* Extraction phase. */
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
salt->x, salt->len ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
handle ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
label->x, label->len ) );
}
else
{
// legacy
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
}
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
@ -4311,23 +4311,23 @@ void derive_full( int alg_arg,
size_t read_size = sizeof( output_buffer );
if( read_size > current_capacity )
read_size = current_capacity;
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer,
read_size ) );
expected_capacity -= read_size;
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
}
/* Check that the generator refuses to go over capacity. */
TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output_buffer, 1 ),
/* Check that the operation refuses to go over capacity. */
TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4351,7 +4351,7 @@ void derive_key_exercise( int alg_arg,
psa_key_usage_t derived_usage = derived_usage_arg;
psa_algorithm_t derived_alg = derived_alg_arg;
size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -4364,7 +4364,7 @@ void derive_key_exercise( int alg_arg,
&base_handle ) );
/* Derive a key. */
PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
@ -4372,7 +4372,7 @@ void derive_key_exercise( int alg_arg,
psa_set_key_algorithm( &attributes, derived_alg );
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
&derived_handle ) );
/* Test the key information */
@ -4385,7 +4385,7 @@ void derive_key_exercise( int alg_arg,
goto exit;
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_reset_key_attributes( &got_attributes );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
@ -4407,7 +4407,7 @@ void derive_key_export( int alg_arg,
size_t bytes1 = bytes1_arg;
size_t bytes2 = bytes2_arg;
size_t capacity = bytes1 + bytes2;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *output_buffer = NULL;
uint8_t *export_buffer = NULL;
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -4425,17 +4425,17 @@ void derive_key_export( int alg_arg,
&base_handle ) );
/* Derive some material and output it. */
PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer,
capacity ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
/* Derive the same output again, but this time store it in key objects. */
PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
@ -4443,7 +4443,7 @@ void derive_key_export( int alg_arg,
psa_set_key_algorithm( &derived_attributes, 0 );
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer, bytes1,
@ -4451,7 +4451,7 @@ void derive_key_export( int alg_arg,
TEST_EQUAL( length, bytes1 );
PSA_ASSERT( psa_destroy_key( derived_handle ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer + bytes1, bytes2,
@ -4465,7 +4465,7 @@ void derive_key_export( int alg_arg,
exit:
mbedtls_free( output_buffer );
mbedtls_free( export_buffer );
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
mbedtls_psa_crypto_free( );
@ -4481,7 +4481,7 @@ void key_agreement_setup( int alg_arg,
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@ -4499,10 +4499,10 @@ void key_agreement_setup( int alg_arg,
* Test cases that fail at the setup step should be changed to call
* key_derivation_setup instead, and this function should be renamed
* to key_agreement_fail. */
status = psa_key_derivation_setup( &generator, alg );
status = psa_key_derivation_setup( &operation, alg );
if( status == PSA_SUCCESS )
{
TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ),
expected_status );
@ -4513,7 +4513,7 @@ void key_agreement_setup( int alg_arg,
}
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
}
@ -4565,7 +4565,7 @@ void key_agreement_capacity( int alg_arg,
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t actual_capacity;
unsigned char output[16];
@ -4579,37 +4579,37 @@ void key_agreement_capacity( int alg_arg,
our_key_data->x, our_key_data->len,
&our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
{
/* The test data is for info="" */
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
}
/* Test the advertized capacity. */
PSA_ASSERT( psa_key_derivation_get_capacity(
&generator, &actual_capacity ) );
&operation, &actual_capacity ) );
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
/* Test the actual capacity by reading the output. */
while( actual_capacity > sizeof( output ) )
{
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output, sizeof( output ) ) );
actual_capacity -= sizeof( output );
}
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output, actual_capacity ) );
TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output, 1 ),
TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
}
@ -4624,7 +4624,7 @@ void key_agreement_output( int alg_arg,
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
@ -4640,26 +4640,26 @@ void key_agreement_output( int alg_arg,
our_key_data->x, our_key_data->len,
&our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
{
/* The test data is for info="" */
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
}
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
actual_output,
expected_output1->len ) );
ASSERT_COMPARE( actual_output, expected_output1->len,
expected_output1->x, expected_output1->len );
if( expected_output2->len != 0 )
{
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
actual_output,
expected_output2->len ) );
ASSERT_COMPARE( actual_output, expected_output2->len,
@ -4667,7 +4667,7 @@ void key_agreement_output( int alg_arg,
}
exit:
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
mbedtls_free( actual_output );
@ -4886,7 +4886,7 @@ void persistent_key_load_key_from_storage( data_t *data,
size_t bits = bits_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
@ -4933,16 +4933,16 @@ void persistent_key_load_key_from_storage( data_t *data,
data->x, data->len,
&base_key ) );
/* Derive a key. */
PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
base_key ) );
PSA_ASSERT( psa_key_derivation_input_bytes(
&generator, PSA_KEY_DERIVATION_INPUT_INFO,
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
&handle ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = 0;
}
@ -4994,7 +4994,7 @@ exit:
psa_reset_key_attributes( &attributes );
mbedtls_free( first_export );
mbedtls_free( second_export );
psa_key_derivation_abort( &generator );
psa_key_derivation_abort( &operation );
psa_destroy_key( base_key );
if( handle == 0 )
{