Merge pull request #160 from ARMmbed/tls12_prf_as_kdf
PSA: Phase 2: Add support for TLS 1.2 key derivation function
This commit is contained in:
commit
55ed36ba2f
4 changed files with 379 additions and 4 deletions
|
@ -1199,6 +1199,39 @@ typedef uint32_t psa_algorithm_t;
|
|||
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
|
||||
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200)
|
||||
/** Macro to build a TLS-1.2 PRF algorithm.
|
||||
*
|
||||
* For example, `PSA_ALG_TLS12_PRF(PSA_ALG_SHA256)` represents the
|
||||
* TLS 1.2 PRF using HMAC-SHA-256.
|
||||
*
|
||||
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
|
||||
*
|
||||
* \return The corresponding TLS-1.2 PRF algorithm.
|
||||
* \return Unspecified if \p alg is not a supported
|
||||
* hash algorithm.
|
||||
*/
|
||||
#define PSA_ALG_TLS12_PRF(hash_alg) \
|
||||
(PSA_ALG_TLS12_PRF_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
/** Whether the specified algorithm is a TLS-1.2 PRF algorithm.
|
||||
*
|
||||
* TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
|
||||
* specified in Section 5 of RFC 5246. It is based on HMAC and can be
|
||||
* used with either SHA-256 or SHA-384.
|
||||
*
|
||||
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
|
||||
*
|
||||
* \return 1 if \c alg is a TLS-1.2 PRF algorithm, 0 otherwise.
|
||||
* This macro may return either 0 or 1 if \c alg is not a supported
|
||||
* key derivation algorithm identifier.
|
||||
*/
|
||||
#define PSA_ALG_IS_TLS12_PRF(alg) \
|
||||
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PRF_BASE)
|
||||
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
|
||||
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
|
||||
|
||||
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff)
|
||||
|
||||
/** Use a shared secret as is.
|
||||
|
|
|
@ -144,6 +144,35 @@ typedef struct
|
|||
uint8_t block_number;
|
||||
} psa_hkdf_generator_t;
|
||||
|
||||
typedef struct psa_tls12_prf_generator_s
|
||||
{
|
||||
/* The TLS 1.2 PRF uses the key for each HMAC iteration,
|
||||
* hence we must store it for the lifetime of the generator.
|
||||
* This is different from HKDF, where the key is only used
|
||||
* in the extraction phase, but not during expansion. */
|
||||
unsigned char *key;
|
||||
size_t key_len;
|
||||
|
||||
/* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */
|
||||
uint8_t *Ai_with_seed;
|
||||
size_t Ai_with_seed_len;
|
||||
|
||||
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
|
||||
uint8_t output_block[PSA_HASH_MAX_SIZE];
|
||||
|
||||
#if PSA_HASH_MAX_SIZE > 0xff
|
||||
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
|
||||
#endif
|
||||
|
||||
/* Indicates how many bytes in the current HMAC block have
|
||||
* already been read by the user. */
|
||||
uint8_t offset_in_block;
|
||||
|
||||
/* The 1-based number of the block. */
|
||||
uint8_t block_number;
|
||||
|
||||
} psa_tls12_prf_generator_t;
|
||||
|
||||
struct psa_crypto_generator_s
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
|
@ -157,6 +186,7 @@ struct psa_crypto_generator_s
|
|||
} buffer;
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
psa_hkdf_generator_t hkdf;
|
||||
psa_tls12_prf_generator_t tls12_prf;
|
||||
#endif
|
||||
} ctx;
|
||||
};
|
||||
|
|
|
@ -1506,6 +1506,12 @@ static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
|
|||
mbedtls_zeroize( hmac->opad, sizeof( hmac->opad ) );
|
||||
return( psa_hash_abort( &hmac->hash_ctx ) );
|
||||
}
|
||||
|
||||
static void psa_hmac_init_internal( psa_hmac_internal_data *hmac )
|
||||
{
|
||||
/* Instances of psa_hash_operation_s can be initialized by zeroization. */
|
||||
memset( hmac, 0, sizeof( *hmac ) );
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
|
||||
|
@ -3258,6 +3264,22 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
|
|||
mbedtls_free( generator->ctx.hkdf.info );
|
||||
status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
|
||||
}
|
||||
else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) )
|
||||
{
|
||||
if( generator->ctx.tls12_prf.key != NULL )
|
||||
{
|
||||
mbedtls_zeroize( generator->ctx.tls12_prf.key,
|
||||
generator->ctx.tls12_prf.key_len );
|
||||
mbedtls_free( generator->ctx.tls12_prf.key );
|
||||
}
|
||||
|
||||
if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
|
||||
{
|
||||
mbedtls_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
|
||||
generator->ctx.tls12_prf.Ai_with_seed_len );
|
||||
mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
{
|
||||
|
@ -3340,6 +3362,158 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
|
|||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
static psa_status_t psa_generator_tls12_prf_generate_next_block(
|
||||
psa_tls12_prf_generator_t *tls12_prf,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
psa_hmac_internal_data hmac;
|
||||
psa_status_t status, cleanup_status;
|
||||
|
||||
unsigned char *Ai;
|
||||
size_t Ai_len;
|
||||
|
||||
/* We can't be wanting more output after block 0xff, otherwise
|
||||
* the capacity check in psa_generator_read() would have
|
||||
* prevented this call. It could happen only if the generator
|
||||
* object was corrupted or if this function is called directly
|
||||
* inside the library. */
|
||||
if( tls12_prf->block_number == 0xff )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
/* We need a new block */
|
||||
++tls12_prf->block_number;
|
||||
tls12_prf->offset_in_block = 0;
|
||||
|
||||
/* Recall the definition of the TLS-1.2-PRF from RFC 5246:
|
||||
*
|
||||
* PRF(secret, label, seed) = P_<hash>(secret, label + seed)
|
||||
*
|
||||
* P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
|
||||
* HMAC_hash(secret, A(2) + seed) +
|
||||
* HMAC_hash(secret, A(3) + seed) + ...
|
||||
*
|
||||
* A(0) = seed
|
||||
* A(i) = HMAC_hash( secret, A(i-1) )
|
||||
*
|
||||
* The `psa_tls12_prf_generator` structures saves the block
|
||||
* `HMAC_hash(secret, A(i) + seed)` from which the output
|
||||
* is currently extracted as `output_block`, while
|
||||
* `A(i) + seed` is stored in `Ai_with_seed`.
|
||||
*
|
||||
* Generating a new block means recalculating `Ai_with_seed`
|
||||
* from the A(i)-part of it, and afterwards recalculating
|
||||
* `output_block`.
|
||||
*
|
||||
* A(0) is computed at setup time.
|
||||
*
|
||||
*/
|
||||
|
||||
psa_hmac_init_internal( &hmac );
|
||||
|
||||
/* We must distinguish the calculation of A(1) from those
|
||||
* of A(2) and higher, because A(0)=seed has a different
|
||||
* length than the other A(i). */
|
||||
if( tls12_prf->block_number == 1 )
|
||||
{
|
||||
Ai = tls12_prf->Ai_with_seed + hash_length;
|
||||
Ai_len = tls12_prf->Ai_with_seed_len - hash_length;
|
||||
}
|
||||
else
|
||||
{
|
||||
Ai = tls12_prf->Ai_with_seed;
|
||||
Ai_len = hash_length;
|
||||
}
|
||||
|
||||
/* Compute A(i+1) = HMAC_hash(secret, A(i)) */
|
||||
status = psa_hmac_setup_internal( &hmac,
|
||||
tls12_prf->key,
|
||||
tls12_prf->key_len,
|
||||
hash_alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hash_update( &hmac.hash_ctx,
|
||||
Ai, Ai_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hmac_finish_internal( &hmac,
|
||||
tls12_prf->Ai_with_seed,
|
||||
hash_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
/* Compute the next block `HMAC_hash(secret, A(i+1) + seed)`. */
|
||||
status = psa_hmac_setup_internal( &hmac,
|
||||
tls12_prf->key,
|
||||
tls12_prf->key_len,
|
||||
hash_alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hash_update( &hmac.hash_ctx,
|
||||
tls12_prf->Ai_with_seed,
|
||||
tls12_prf->Ai_with_seed_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hmac_finish_internal( &hmac,
|
||||
tls12_prf->output_block,
|
||||
hash_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
cleanup:
|
||||
|
||||
cleanup_status = psa_hmac_abort_internal( &hmac );
|
||||
if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
|
||||
status = cleanup_status;
|
||||
|
||||
return( status );
|
||||
}
|
||||
|
||||
/* Read some bytes from an TLS-1.2-PRF-based generator.
|
||||
* See Section 5 of RFC 5246. */
|
||||
static psa_status_t psa_generator_tls12_prf_read(
|
||||
psa_tls12_prf_generator_t *tls12_prf,
|
||||
psa_algorithm_t alg,
|
||||
uint8_t *output,
|
||||
size_t output_length )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
psa_status_t status;
|
||||
|
||||
while( output_length != 0 )
|
||||
{
|
||||
/* Copy what remains of the current block */
|
||||
uint8_t n = hash_length - tls12_prf->offset_in_block;
|
||||
|
||||
/* Check if we have fully processed the current block. */
|
||||
if( n == 0 )
|
||||
{
|
||||
status = psa_generator_tls12_prf_generate_next_block( tls12_prf,
|
||||
alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if( n > output_length )
|
||||
n = (uint8_t) output_length;
|
||||
memcpy( output, tls12_prf->output_block + tls12_prf->offset_in_block,
|
||||
n );
|
||||
output += n;
|
||||
output_length -= n;
|
||||
tls12_prf->offset_in_block += n;
|
||||
}
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
|
||||
|
@ -3393,6 +3567,12 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
|
|||
status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg,
|
||||
output, output_length );
|
||||
}
|
||||
else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) )
|
||||
{
|
||||
status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf,
|
||||
generator->alg, output,
|
||||
output_length );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
{
|
||||
|
@ -3495,6 +3675,59 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
|
|||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). */
|
||||
static psa_status_t psa_generator_tls12_prf_setup(
|
||||
psa_tls12_prf_generator_t *tls12_prf,
|
||||
const unsigned char *key,
|
||||
size_t key_len,
|
||||
psa_algorithm_t hash_alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length )
|
||||
{
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
size_t Ai_with_seed_len = hash_length + salt_length + label_length;
|
||||
int overflow;
|
||||
|
||||
tls12_prf->key = mbedtls_calloc( 1, key_len );
|
||||
if( tls12_prf->key == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
tls12_prf->key_len = key_len;
|
||||
memcpy( tls12_prf->key, key, key_len );
|
||||
|
||||
overflow = ( salt_length + label_length < salt_length ) ||
|
||||
( salt_length + label_length + hash_length < hash_length );
|
||||
if( overflow )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
tls12_prf->Ai_with_seed = mbedtls_calloc( 1, Ai_with_seed_len );
|
||||
if( tls12_prf->Ai_with_seed == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
tls12_prf->Ai_with_seed_len = Ai_with_seed_len;
|
||||
|
||||
/* Write `label + seed' at the end of the `A(i) + seed` buffer,
|
||||
* leaving the initial `hash_length` bytes unspecified for now. */
|
||||
if( label_length != 0 )
|
||||
{
|
||||
memcpy( tls12_prf->Ai_with_seed + hash_length,
|
||||
label, label_length );
|
||||
}
|
||||
|
||||
if( salt_length != 0 )
|
||||
{
|
||||
memcpy( tls12_prf->Ai_with_seed + hash_length + label_length,
|
||||
salt, salt_length );
|
||||
}
|
||||
|
||||
/* The first block gets generated when
|
||||
* psa_generator_read() is called. */
|
||||
tls12_prf->block_number = 0;
|
||||
tls12_prf->offset_in_block = hash_length;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
static psa_status_t psa_key_derivation_internal(
|
||||
psa_crypto_generator_t *generator,
|
||||
const uint8_t *secret, size_t secret_length,
|
||||
|
@ -3538,6 +3771,24 @@ static psa_status_t psa_key_derivation_internal(
|
|||
salt, salt_length,
|
||||
label, label_length );
|
||||
}
|
||||
else if( PSA_ALG_IS_TLS12_PRF( alg ) )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
|
||||
size_t hash_size = PSA_HASH_SIZE( hash_alg );
|
||||
|
||||
/* TLS-1.2 PRF supports only SHA-256 and SHA-384. */
|
||||
if( hash_alg != PSA_ALG_SHA_256 &&
|
||||
hash_alg != PSA_ALG_SHA_384 )
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
max_capacity = 255 * hash_size;
|
||||
status = psa_generator_tls12_prf_setup( &generator->ctx.tls12_prf,
|
||||
secret, secret_length,
|
||||
hash_alg, salt, salt_length,
|
||||
label, label_length );
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
|
|
|
@ -434,18 +434,30 @@ PSA key policy: asymmetric signature, neither sign nor verify
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
asymmetric_signature_key_policy:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEYPAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_SIGN_RAW
|
||||
|
||||
PSA key policy: derive, permitted
|
||||
PSA key policy: derive via HKDF, permitted
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive, not permitted
|
||||
PSA key policy: derive via TLS 1.2 PRF, permitted
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive via HKDF, not permitted
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:0:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive, wrong algorithm
|
||||
PSA key policy: derive via TLS 1.2 PRF, not permitted
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:0:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive via HKDF, wrong algorithm
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
|
||||
|
||||
PSA key policy: derive via TLS 1.2 PRF, wrong algorithm
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
|
||||
|
||||
PSA key policy: agreement, permitted
|
||||
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
|
||||
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
|
||||
|
@ -1400,10 +1412,18 @@ PSA key derivation: HKDF-SHA-512, good case
|
|||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_512):"":"":42:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: bad key type
|
||||
PSA key derivation: HKDF-SHA-256, bad key type
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_HKDF(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"":"":42:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, bad key type
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"":"":42:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: not a key derivation algorithm (selection)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_SELECT_RAW:"":"":42:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
@ -1476,6 +1496,47 @@ PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0
|
|||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
|
||||
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
|
||||
|
||||
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
|
||||
|
||||
PSA key derivation: HKDF SHA-256, request maximum capacity
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
|
||||
|
|
Loading…
Reference in a new issue