Add flag for removing deprecated API
Add the compile time option PSA_PRE_1_0_KEY_DERIVATION. If this is not turned on, then the function `psa_key_derivation()` is removed. Most of the tests regarding key derivation haven't been adapted to the new API yet and some of them have only been adapted partially. When this new option is turned off, the tests using the old API and test cases using the old API of partially adapted tests are skipped. The sole purpose of this option is to make the transition to the new API smoother. Once the transition is complete it can and should be removed along with the old API and its implementation.
This commit is contained in:
Janos Follath
parent
ed87d31d7d
commit
71a4c9125b
5 changed files with 54 additions and 23 deletions
|
|
@ -224,6 +224,17 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
|
||||||
psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
|
psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
|
||||||
size_t seed_size);
|
size_t seed_size);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* If this option is not turned on, then the function `psa_key_derivation()`
|
||||||
|
* is removed.
|
||||||
|
*
|
||||||
|
* The sole purpose of this option is to make the transition to the new API
|
||||||
|
* smoother. Once the transition is complete it can and should be removed
|
||||||
|
* along with the old API and its implementation.
|
||||||
|
*/
|
||||||
|
#define PSA_PRE_1_0_KEY_DERIVATION
|
||||||
|
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
/** Set up a key derivation operation.
|
/** Set up a key derivation operation.
|
||||||
*
|
*
|
||||||
* FIMXE This function is no longer part of the official API. Its prototype
|
* FIMXE This function is no longer part of the official API. Its prototype
|
||||||
|
|
@ -280,6 +291,7 @@ psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation,
|
||||||
const uint8_t *label,
|
const uint8_t *label,
|
||||||
size_t label_length,
|
size_t label_length,
|
||||||
size_t capacity);
|
size_t capacity);
|
||||||
|
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
|
|
||||||
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
|
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
|
||||||
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
|
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
|
||||||
|
|
|
||||||
|
|
@ -4311,6 +4311,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
||||||
/****************************************************************/
|
/****************************************************************/
|
||||||
|
|
||||||
#if defined(MBEDTLS_MD_C)
|
#if defined(MBEDTLS_MD_C)
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
/* Set up an HKDF-based operation. This is exactly the extract phase
|
/* Set up an HKDF-based operation. This is exactly the extract phase
|
||||||
* of the HKDF algorithm.
|
* of the HKDF algorithm.
|
||||||
*
|
*
|
||||||
|
|
@ -4354,9 +4355,11 @@ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hk
|
||||||
hkdf->info_set = 1;
|
hkdf->info_set = 1;
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
#endif /* MBEDTLS_MD_C */
|
#endif /* MBEDTLS_MD_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_MD_C)
|
#if defined(MBEDTLS_MD_C)
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
|
/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
|
||||||
*
|
*
|
||||||
* Note that if this function fails, you must call psa_key_derivation_abort()
|
* Note that if this function fails, you must call psa_key_derivation_abort()
|
||||||
|
|
@ -4413,7 +4416,9 @@ static psa_status_t psa_key_derivation_tls12_prf_setup(
|
||||||
|
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
|
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
/* Set up a TLS-1.2-PSK-to-MS-based operation. */
|
/* Set up a TLS-1.2-PSK-to-MS-based operation. */
|
||||||
static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
|
static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
|
||||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||||
|
|
@ -4454,8 +4459,10 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
|
||||||
mbedtls_platform_zeroize( pms, sizeof( pms ) );
|
mbedtls_platform_zeroize( pms, sizeof( pms ) );
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
#endif /* MBEDTLS_MD_C */
|
#endif /* MBEDTLS_MD_C */
|
||||||
|
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
/* Note that if this function fails, you must call psa_key_derivation_abort()
|
/* Note that if this function fails, you must call psa_key_derivation_abort()
|
||||||
* to potentially free embedded data structures and wipe confidential data.
|
* to potentially free embedded data structures and wipe confidential data.
|
||||||
*/
|
*/
|
||||||
|
|
@ -4554,7 +4561,9 @@ static psa_status_t psa_key_derivation_internal(
|
||||||
|
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
|
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
|
psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
|
||||||
psa_key_handle_t handle,
|
psa_key_handle_t handle,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
|
|
@ -4594,6 +4603,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
|
||||||
psa_key_derivation_abort( operation );
|
psa_key_derivation_abort( operation );
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
|
|
||||||
static psa_status_t psa_key_derivation_setup_kdf(
|
static psa_status_t psa_key_derivation_setup_kdf(
|
||||||
psa_key_derivation_operation_t *operation,
|
psa_key_derivation_operation_t *operation,
|
||||||
|
|
|
||||||
|
|
@ -66,12 +66,14 @@
|
||||||
/* If the build options we need are not enabled, compile a placeholder. */
|
/* If the build options we need are not enabled, compile a placeholder. */
|
||||||
#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
|
#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
|
||||||
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
|
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
|
||||||
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
|
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) ||\
|
||||||
|
!defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
int main( void )
|
int main( void )
|
||||||
{
|
{
|
||||||
printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
|
printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
|
||||||
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
|
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
|
||||||
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
|
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO and/or "
|
||||||
|
"PSA_PRE_1_0_KEY_DERIVATION not defined.\n");
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
|
|
|
||||||
|
|
@ -1849,70 +1849,70 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0
|
||||||
|
|
||||||
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
|
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
|
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
|
PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
|
PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
|
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
|
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
|
PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
|
PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
|
PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
|
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
|
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
|
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
|
||||||
|
|
||||||
# Test case manually extracted from debug output of TLS-PSK run
|
# Test case manually extracted from debug output of TLS-PSK run
|
||||||
# Label: "master secret"
|
# Label: "master secret"
|
||||||
# Salt: Concatenation of ClientHello.Random and ServerHello.Random
|
# Salt: Concatenation of ClientHello.Random and ServerHello.Random
|
||||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0
|
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
|
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24
|
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
|
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48
|
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
|
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0
|
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
|
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24
|
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
|
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
|
||||||
|
|
||||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48
|
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48
|
||||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION
|
||||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
|
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
|
||||||
|
|
||||||
PSA key derivation: HKDF SHA-256, request maximum capacity
|
PSA key derivation: HKDF SHA-256, request maximum capacity
|
||||||
|
|
|
||||||
|
|
@ -545,6 +545,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
|
||||||
seed,
|
seed,
|
||||||
seed_length ) );
|
seed_length ) );
|
||||||
}
|
}
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// legacy
|
// legacy
|
||||||
|
|
@ -554,6 +555,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
|
||||||
seed, seed_length,
|
seed, seed_length,
|
||||||
sizeof( output ) ) );
|
sizeof( output ) ) );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
|
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
|
||||||
output,
|
output,
|
||||||
sizeof( output ) ) );
|
sizeof( output ) ) );
|
||||||
|
|
@ -1776,7 +1778,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
void derive_key_policy( int policy_usage,
|
void derive_key_policy( int policy_usage,
|
||||||
int policy_alg,
|
int policy_alg,
|
||||||
int key_type,
|
int key_type,
|
||||||
|
|
@ -4024,7 +4026,7 @@ void key_derivation_init( )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
void derive_setup( int key_type_arg,
|
void derive_setup( int key_type_arg,
|
||||||
data_t *key_data,
|
data_t *key_data,
|
||||||
int alg_arg,
|
int alg_arg,
|
||||||
|
|
@ -4063,7 +4065,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
void test_derive_invalid_key_derivation_state( )
|
void test_derive_invalid_key_derivation_state( )
|
||||||
{
|
{
|
||||||
psa_key_handle_t handle = 0;
|
psa_key_handle_t handle = 0;
|
||||||
|
|
@ -4199,6 +4201,7 @@ void derive_output( int alg_arg,
|
||||||
PSA_KEY_DERIVATION_INPUT_INFO,
|
PSA_KEY_DERIVATION_INPUT_INFO,
|
||||||
label->x, label->len ) );
|
label->x, label->len ) );
|
||||||
}
|
}
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// legacy
|
// legacy
|
||||||
|
|
@ -4207,6 +4210,7 @@ void derive_output( int alg_arg,
|
||||||
label->x, label->len,
|
label->x, label->len,
|
||||||
requested_capacity ) );
|
requested_capacity ) );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
|
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
|
||||||
¤t_capacity ) );
|
¤t_capacity ) );
|
||||||
TEST_EQUAL( current_capacity, requested_capacity );
|
TEST_EQUAL( current_capacity, requested_capacity );
|
||||||
|
|
@ -4295,6 +4299,8 @@ void derive_full( int alg_arg,
|
||||||
PSA_KEY_DERIVATION_INPUT_INFO,
|
PSA_KEY_DERIVATION_INPUT_INFO,
|
||||||
label->x, label->len ) );
|
label->x, label->len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// legacy
|
// legacy
|
||||||
|
|
@ -4303,6 +4309,7 @@ void derive_full( int alg_arg,
|
||||||
label->x, label->len,
|
label->x, label->len,
|
||||||
requested_capacity ) );
|
requested_capacity ) );
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
|
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
|
||||||
¤t_capacity ) );
|
¤t_capacity ) );
|
||||||
TEST_EQUAL( current_capacity, expected_capacity );
|
TEST_EQUAL( current_capacity, expected_capacity );
|
||||||
|
|
@ -4335,7 +4342,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
void derive_key_exercise( int alg_arg,
|
void derive_key_exercise( int alg_arg,
|
||||||
data_t *key_data,
|
data_t *key_data,
|
||||||
data_t *salt,
|
data_t *salt,
|
||||||
|
|
@ -4395,7 +4402,7 @@ exit:
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */
|
||||||
void derive_key_export( int alg_arg,
|
void derive_key_export( int alg_arg,
|
||||||
data_t *key_data,
|
data_t *key_data,
|
||||||
data_t *salt,
|
data_t *salt,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue