Merge branch 'psa-derive_input_steps-agreement_as_one_step' into psa-api-1.0-beta

Change the key derivation API to take inputs in multiple steps,
instead of a single one-site-fits-poorly function.

Conflicts:
* include/psa/crypto.h: merge independent changes in the documentation
  of psa_key_agreement (public_key from the work on public key formats
  vs general description and other parameters in the work on key derivation).
* tests/suites/test_suite_psa_crypto.data: update the key agreement
  tests from the work on key derivation to the format from the work on
  public key formats.
* tests/suites/test_suite_psa_crypto_metadata.function: reconcile the
  addition of unrelated ALG_IS_xxx macros
This commit is contained in:
Gilles Peskine 2019-01-18 18:51:30 +01:00
commit 9dcc80e628
10 changed files with 753 additions and 234 deletions

View file

@ -2765,6 +2765,22 @@ static psa_crypto_generator_t psa_crypto_generator_init(void);
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
size_t *capacity);
/** Set the maximum capacity of a generator.
*
* \param[in,out] generator The generator object to modify.
* \param capacity The new capacity of the generator.
* It must be less or equal to the generator's
* current capacity.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p capacity is larger than the generator's current capacity.
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
*/
psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator,
size_t capacity);
/** Read some data from a generator.
*
* This function reads and returns a sequence of bytes from a generator.
@ -2892,37 +2908,36 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
/** Set up a key derivation operation.
*
* A key derivation algorithm takes three inputs: a secret input \p key and
* two non-secret inputs \p label and p salt.
* The result of this function is a byte generator which can
* be used to produce keys and other cryptographic material.
* A key derivation algorithm takes some inputs and uses them to create
* a byte generator which can be used to produce keys and other
* cryptographic material.
*
* The role of \p label and \p salt is as follows:
* - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
* and \p label is the info string used in the "expand" step.
* To use a generator for key derivation:
* - Start with an initialized object of type #psa_crypto_generator_t.
* - Call psa_key_derivation_setup() to select the algorithm.
* - Provide the inputs for the key derivation by calling
* psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
* as appropriate. Which inputs are needed, in what order, and whether
* they may be keys and if so of what type depends on the algorithm.
* - Optionally set the generator's maximum capacity with
* psa_set_generator_capacity(). You may do this before, in the middle of
* or after providing inputs. For some algorithms, this step is mandatory
* because the output depends on the maximum capacity.
* - Generate output with psa_generator_read() or
* psa_generator_import_key(). Successive calls to these functions
* use successive output bytes from the generator.
* - Clean up the generator object with psa_generator_abort().
*
* \param[in,out] generator The generator object to set up. It must have
* been initialized as per the documentation for
* #psa_crypto_generator_t and not yet in use.
* \param handle Handle to the secret key.
* \param[in,out] generator The generator object to set up. It must
* have been initialized but not set up yet.
* \param alg The key derivation algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
* \param[in] salt Salt to use.
* \param salt_length Size of the \p salt buffer in bytes.
* \param[in] label Label to use.
* \param label_length Size of the \p label buffer in bytes.
* \param capacity The maximum number of bytes that the
* generator will be able to provide.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg,
* or \p capacity is too large for the specified algorithm and key.
* \c alg is not a key derivation algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
@ -2930,33 +2945,115 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
*/
psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator,
psa_algorithm_t alg);
/** Provide an input for key derivation or key agreement.
*
* Which inputs are required and in what order depends on the algorithm.
* Refer to the documentation of each key derivation or key agreement
* algorithm for information.
*
* This function passes direct inputs. Some inputs must be passed as keys
* using psa_key_derivation_input_key() instead of this function. Refer to
* the documentation of individual step types for information.
*
* \param[in,out] generator The generator object to use. It must
* have been set up with
* psa_key_derivation_setup() and must not
* have produced any output yet.
* \param step Which step the input data is for.
* \param[in] data Input data to use.
* \param data_length Size of the \p data buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step is not compatible with the generator's algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step does not allow direct inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The value of \p step is not valid given the state of \p generator.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *salt,
size_t salt_length,
const uint8_t *label,
size_t label_length,
size_t capacity);
psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length);
/** Set up a key agreement operation.
/** Provide an input for key derivation in the form of a key.
*
* Which inputs are required and in what order depends on the algorithm.
* Refer to the documentation of each key derivation or key agreement
* algorithm for information.
*
* This function passes key inputs. Some inputs must be passed as keys
* of the appropriate type using this function, while others must be
* passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
* the documentation of individual step types for information.
*
* \param[in,out] generator The generator object to use. It must
* have been set up with
* psa_key_derivation_setup() and must not
* have produced any output yet.
* \param step Which step the input data is for.
* \param handle Handle to the key. It must have an
* appropriate type for \p step and must
* allow the usage #PSA_KEY_USAGE_DERIVE.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step is not compatible with the generator's algorithm.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step does not allow key inputs.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The value of \p step is not valid given the state of \p generator.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t handle);
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
*
* A key agreement algorithm takes two inputs: a private key \p private_key
* a public key \p peer_key.
* The result of this function is a byte generator which can
* be used to produce keys and other cryptographic material.
* The result of this function is passed as input to a key derivation.
* The output of this key derivation can be extracted by reading from the
* resulting generator to produce keys and other cryptographic material.
*
* The resulting generator always has the maximum capacity permitted by
* the algorithm.
*
* \param[in,out] generator The generator object to set up. It must have been
* initialized as per the documentation for
* #psa_crypto_generator_t and not yet in use.
* \param private_key Handle to the private key to use.
* \param[in,out] generator The generator object to use. It must
* have been set up with
* psa_key_derivation_setup() with a
* key agreement and derivation algorithm
* \c alg (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true
* and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
* is false).
* The generator must be ready for an
* input of the type given by \p step.
* \param step Which step the input data is for.
* \param private_key Handle to the private key to use.
* \param[in] peer_key Public key of the peer. The peer key must be in the
* same format that psa_import_key() accepts for the
* public key type corresponding to the type of
@ -2971,10 +3068,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
* private key is on. The standard formats for public
* keys are documented in the documentation of
* psa_export_public_key().
* \param peer_key_length Size of \p peer_key in bytes.
* \param alg The key agreement algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true).
* \param peer_key_length Size of \p peer_key in bytes.
*
* \retval #PSA_SUCCESS
* Success.
@ -2993,10 +3087,62 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length,
psa_algorithm_t alg);
size_t peer_key_length);
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
*
* A key agreement algorithm takes two inputs: a private key \p private_key
* a public key \p peer_key.
*
* \warning The raw result of a key agreement algorithm such as finite-field
* Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
* not be used directly as key material. It should instead be passed as
* input to a key derivation algorithm. To chain a key agreement with
* a key derivation, use psa_key_agreement() and other functions from
* the key derivation and generator interface.
*
* \param private_key Handle to the private key to use.
* \param[in] peer_key Public key of the peer. It must be
* in the same format that psa_import_key()
* accepts. The standard formats for public
* keys are documented in the documentation
* of psa_export_public_key().
* \param peer_key_length Size of \p peer_key in bytes.
* \param[out] output Buffer where the decrypted message is to
* be written.
* \param output_size Size of the \c output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a key agreement algorithm
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p private_key is not compatible with \p alg,
* or \p peer_key is not valid for \p alg or not compatible with
* \p private_key.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not a supported key agreement algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/**@}*/

View file

@ -120,6 +120,64 @@ void mbedtls_psa_crypto_free( void );
psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
size_t seed_size);
/** Set up a key derivation operation.
*
* FIMXE This function is no longer part of the official API. Its prototype
* is only kept around for the sake of tests that haven't been updated yet.
*
* A key derivation algorithm takes three inputs: a secret input \p key and
* two non-secret inputs \p label and p salt.
* The result of this function is a byte generator which can
* be used to produce keys and other cryptographic material.
*
* The role of \p label and \p salt is as follows:
* - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
* and \p label is the info string used in the "expand" step.
*
* \param[in,out] generator The generator object to set up. It must have
* been initialized as per the documentation for
* #psa_crypto_generator_t and not yet in use.
* \param handle Handle to the secret key.
* \param alg The key derivation algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
* \param[in] salt Salt to use.
* \param salt_length Size of the \p salt buffer in bytes.
* \param[in] label Label to use.
* \param label_length Size of the \p label buffer in bytes.
* \param capacity The maximum number of bytes that the
* generator will be able to provide.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c key is not compatible with \c alg,
* or \p capacity is too large for the specified algorithm and key.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation(psa_crypto_generator_t *generator,
psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *salt,
size_t salt_length,
const uint8_t *label,
size_t label_length,
size_t capacity);
/* FIXME Deprecated. Remove this as soon as all the tests are updated. */
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
#ifdef __cplusplus
}

View file

@ -186,6 +186,8 @@ typedef struct
#endif
uint8_t offset_in_block;
uint8_t block_number;
uint8_t state : 2;
uint8_t info_set : 1;
} psa_hkdf_generator_t;
#endif /* MBEDTLS_MD_C */

View file

@ -98,4 +98,13 @@ typedef uint32_t psa_key_usage_t;
/**@}*/
/** \defgroup derivation Key derivation
* @{
*/
/** \brief Encoding of the step of a key derivation. */
typedef uint16_t psa_key_derivation_step_t;
/**@}*/
#endif /* PSA_CRYPTO_TYPES_H */

View file

@ -540,9 +540,8 @@
#define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000)
#define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000)
#define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000)
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x22000000)
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x30000000)
#define PSA_ALG_CATEGORY_KEY_SELECTION ((psa_algorithm_t)0x31000000)
#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000)
#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000)
#define PSA_ALG_IS_VENDOR_DEFINED(alg) \
(((alg) & PSA_ALG_VENDOR_FLAG) != 0)
@ -1170,11 +1169,20 @@
((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \
0)
#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100)
#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x20000100)
/** Macro to build an HKDF algorithm.
*
* For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
* - #PSA_KDF_STEP_SALT is the salt used in the "extract" step.
* It is optional; if omitted, the derivation uses an empty salt.
* - #PSA_KDF_STEP_SECRET is the secret key used in the "extract" step.
* - #PSA_KDF_STEP_INFO is the info string used in the "expand" step.
* You must pass #PSA_KDF_STEP_SALT before #PSA_KDF_STEP_SECRET.
* You may pass #PSA_KDF_STEP_INFO at any time after steup and before
* starting to generate output.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
@ -1200,7 +1208,7 @@
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200)
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x20000200)
/** Macro to build a TLS-1.2 PRF algorithm.
*
* TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule,
@ -1239,7 +1247,7 @@
#define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300)
#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x20000300)
/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
*
* In a pure-PSK handshake in TLS 1.2, the master secret is derived
@ -1279,51 +1287,48 @@
#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff)
#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x080fffff)
#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0x10f00000)
/** Use a shared secret as is.
/** Macro to build a combined algorithm that chains a key agreement with
* a key derivation.
*
* Specify this algorithm as the selection component of a key agreement
* to use the raw result of the key agreement as key material.
* \param ka_alg A key agreement algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_AGREEMENT(\p ka_alg) is true).
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_DERIVATION(\p kdf_alg) is true).
*
* \warning The raw result of a key agreement algorithm such as finite-field
* Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
* not be used directly as key material. It can however be used as the secret
* input in a key derivation algorithm.
* \return The corresponding key agreement and derivation
* algorithm.
* \return Unspecified if \p ka_alg is not a supported
* key agreement algorithm or \p kdf_alg is not a
* supported key derivation algorithm.
*/
#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001)
#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \
((ka_alg) | (kdf_alg))
#define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \
(((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION)
#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
((alg) & ~PSA_ALG_KEY_DERIVATION_MASK)
#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \
(((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT)
#define PSA_ALG_FFDH_BASE ((psa_algorithm_t)0x22100000)
/** The Diffie-Hellman key agreement algorithm.
*
* This algorithm combines the finite-field Diffie-Hellman (DH) key
* agreement, also known as Diffie-Hellman-Merkle (DHM) key agreement,
* to produce a shared secret from a private key and the peer's
* public key, with a key selection or key derivation algorithm to produce
* one or more shared keys and other shared cryptographic material.
#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \
(PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION)
#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \
((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg)))
/** The finite-field Diffie-Hellman (DH) key agreement algorithm.
*
* The shared secret produced by key agreement and passed as input to the
* derivation or selection algorithm \p kdf_alg is the shared secret
* `g^{ab}` in big-endian format.
* It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p`
* in bits.
*
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
* or a key selection algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
*
* \return The Diffie-Hellman algorithm with the specified
* selection or derivation algorithm.
*/
#define PSA_ALG_FFDH(kdf_alg) \
(PSA_ALG_FFDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
#define PSA_ALG_FFDH ((psa_algorithm_t)0x30100000)
/** Whether the specified algorithm is a finite field Diffie-Hellman algorithm.
*
* This includes every supported key selection or key agreement algorithm
@ -1336,18 +1341,11 @@
* key agreement algorithm identifier.
*/
#define PSA_ALG_IS_FFDH(alg) \
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE)
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH)
#define PSA_ALG_ECDH_BASE ((psa_algorithm_t)0x22200000)
/** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm.
*
* This algorithm combines the elliptic curve Diffie-Hellman key
* agreement to produce a shared secret from a private key and the peer's
* public key, with a key selection or key derivation algorithm to produce
* one or more shared keys and other shared cryptographic material.
*
* The shared secret produced by key agreement and passed as input to the
* derivation or selection algorithm \p kdf_alg is the x-coordinate of
* The shared secret produced by key agreement is the x-coordinate of
* the shared secret point. It is always `ceiling(m / 8)` bytes long where
* `m` is the bit size associated with the curve, i.e. the bit size of the
* order of the curve's coordinate field. When `m` is not a multiple of 8,
@ -1369,17 +1367,9 @@
* the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A`
* in big-endian byte order.
* The bit size is `m` for the field `F_{2^m}`.
*
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
* or a selection algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
*
* \return The Diffie-Hellman algorithm with the specified
* selection or derivation algorithm.
*/
#define PSA_ALG_ECDH(kdf_alg) \
(PSA_ALG_ECDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK))
#define PSA_ALG_ECDH ((psa_algorithm_t)0x30200000)
/** Whether the specified algorithm is an elliptic curve Diffie-Hellman
* algorithm.
*
@ -1394,7 +1384,7 @@
* key agreement algorithm identifier.
*/
#define PSA_ALG_IS_ECDH(alg) \
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE)
(PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH)
/** Whether the specified algorithm encoding is a wildcard.
*
@ -1506,4 +1496,34 @@
/**@}*/
/** \defgroup derivation Key derivation
* @{
*/
/** A secret input for key derivation.
*
* This must be a key of type #PSA_KEY_TYPE_DERIVE.
*/
#define PSA_KDF_STEP_SECRET ((psa_key_derivation_step_t)0x0101)
/** A label for key derivation.
*
* This must be a direct input.
*/
#define PSA_KDF_STEP_LABEL ((psa_key_derivation_step_t)0x0201)
/** A salt for key derivation.
*
* This must be a direct input.
*/
#define PSA_KDF_STEP_SALT ((psa_key_derivation_step_t)0x0202)
/** An information string for key derivation.
*
* This must be a direct input.
*/
#define PSA_KDF_STEP_INFO ((psa_key_derivation_step_t)0x0203)
/**@}*/
#endif /* PSA_CRYPTO_VALUES_H */

View file

@ -3399,17 +3399,33 @@ exit:
/* Generators */
/****************************************************************/
#define HKDF_STATE_INIT 0 /* no input yet */
#define HKDF_STATE_STARTED 1 /* got salt */
#define HKDF_STATE_KEYED 2 /* got key */
#define HKDF_STATE_OUTPUT 3 /* output started */
static psa_algorithm_t psa_generator_get_kdf_alg(
const psa_crypto_generator_t *generator )
{
if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
else
return( generator->alg );
}
psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
{
psa_status_t status = PSA_SUCCESS;
if( generator->alg == 0 )
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
if( kdf_alg == 0 )
{
/* The object has (apparently) been initialized but it is not
* in use. It's ok to call abort on such an object, and there's
* nothing to do. */
}
else
if( generator->alg == PSA_ALG_SELECT_RAW )
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
if( generator->ctx.buffer.data != NULL )
{
@ -3420,14 +3436,14 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( generator->alg ) )
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
mbedtls_free( generator->ctx.hkdf.info );
status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
}
else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
/* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
if( generator->ctx.tls12_prf.key != NULL )
{
@ -3452,7 +3468,6 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
return( status );
}
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
size_t *capacity)
{
@ -3460,6 +3475,17 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
return( PSA_SUCCESS );
}
psa_status_t psa_set_generator_capacity( psa_crypto_generator_t *generator,
size_t capacity )
{
if( generator->alg == 0 )
return( PSA_ERROR_BAD_STATE );
if( capacity > generator->capacity )
return( PSA_ERROR_INVALID_ARGUMENT );
generator->capacity = capacity;
return( PSA_SUCCESS );
}
#if defined(MBEDTLS_MD_C)
/* Read some bytes from an HKDF-based generator. This performs a chunk
* of the expand phase of the HKDF algorithm. */
@ -3471,6 +3497,10 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
psa_status_t status;
if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set )
return( PSA_ERROR_BAD_STATE );
hkdf->state = HKDF_STATE_OUTPUT;
while( output_length != 0 )
{
/* Copy what remains of the current block */
@ -3684,6 +3714,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
size_t output_length )
{
psa_status_t status;
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
if( output_length > generator->capacity )
{
@ -3694,7 +3725,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
goto exit;
}
if( output_length == 0 &&
generator->capacity == 0 && generator->alg == 0 )
generator->capacity == 0 && kdf_alg == 0 )
{
/* Edge case: this is a blank or finished generator, and 0
* bytes were requested. The right error in this case could
@ -3706,7 +3737,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
}
generator->capacity -= output_length;
if( generator->alg == PSA_ALG_SELECT_RAW )
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
/* Initially, the capacity of a selection generator is always
* the size of the buffer, i.e. `generator->ctx.buffer.size`,
@ -3724,17 +3755,17 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( generator->alg ) )
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( generator->alg );
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg,
output, output_length );
}
else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) )
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf,
generator->alg, output,
kdf_alg, output,
output_length );
}
else
@ -3841,6 +3872,8 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( hkdf->info, label, label_length );
}
hkdf->state = HKDF_STATE_KEYED;
hkdf->info_set = 1;
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_MD_C */
@ -4084,6 +4117,232 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
return( status );
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_crypto_generator_t *generator,
psa_algorithm_t kdf_alg )
{
/* Make sure that kdf_alg is a supported key derivation algorithm. */
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
size_t hash_size = PSA_HASH_SIZE( hash_alg );
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) &&
! ( hash_alg == PSA_ALG_SHA_256 && hash_alg == PSA_ALG_SHA_384 ) )
{
return( PSA_ERROR_NOT_SUPPORTED );
}
generator->capacity = 255 * hash_size;
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_MD_C */
else
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_key_derivation_setup( psa_crypto_generator_t *generator,
psa_algorithm_t alg )
{
psa_status_t status;
if( generator->alg != 0 )
return( PSA_ERROR_BAD_STATE );
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
{
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
status = psa_key_derivation_setup_kdf( generator, kdf_alg );
}
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
{
status = psa_key_derivation_setup_kdf( generator, alg );
}
else
return( PSA_ERROR_INVALID_ARGUMENT );
if( status == PSA_SUCCESS )
generator->alg = alg;
return( status );
}
#if defined(MBEDTLS_MD_C)
static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf,
psa_algorithm_t hash_alg,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
psa_status_t status;
switch( step )
{
case PSA_KDF_STEP_SALT:
if( hkdf->state == HKDF_STATE_INIT )
{
status = psa_hmac_setup_internal( &hkdf->hmac,
data, data_length,
hash_alg );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
return( PSA_SUCCESS );
}
else
return( PSA_ERROR_BAD_STATE );
break;
case PSA_KDF_STEP_SECRET:
/* If no salt was provided, use an empty salt. */
if( hkdf->state == HKDF_STATE_INIT )
{
status = psa_hmac_setup_internal( &hkdf->hmac,
NULL, 0,
PSA_ALG_HMAC( hash_alg ) );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
}
if( hkdf->state == HKDF_STATE_STARTED )
{
status = psa_hash_update( &hkdf->hmac.hash_ctx,
data, data_length );
if( status != PSA_SUCCESS )
return( status );
status = psa_hmac_finish_internal( &hkdf->hmac,
hkdf->prk,
sizeof( hkdf->prk ) );
if( status != PSA_SUCCESS )
return( status );
hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
hkdf->block_number = 0;
hkdf->state = HKDF_STATE_KEYED;
return( PSA_SUCCESS );
}
else
return( PSA_ERROR_BAD_STATE );
break;
case PSA_KDF_STEP_INFO:
if( hkdf->state == HKDF_STATE_OUTPUT )
return( PSA_ERROR_BAD_STATE );
if( hkdf->info_set )
return( PSA_ERROR_BAD_STATE );
hkdf->info_length = data_length;
if( data_length != 0 )
{
hkdf->info = mbedtls_calloc( 1, data_length );
if( hkdf->info == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( hkdf->info, data, data_length );
}
hkdf->info_set = 1;
return( PSA_SUCCESS );
default:
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_key_derivation_input_raw(
psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
psa_status_t status;
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
if( generator->capacity != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
generator->ctx.buffer.data = mbedtls_calloc( 1, data_length );
if( generator->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
memcpy( generator->ctx.buffer.data, data, data_length );
generator->ctx.buffer.size = data_length;
generator->capacity = data_length;
status = PSA_SUCCESS;
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
status = psa_hkdf_input( &generator->ctx.hkdf,
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
step, data, data_length );
}
else
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
/* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
// TODO
status = PSA_ERROR_NOT_SUPPORTED;
}
else
#endif /* MBEDTLS_MD_C */
{
/* This can't happen unless the generator object was not initialized */
return( PSA_ERROR_BAD_STATE );
}
if( status != PSA_SUCCESS )
psa_generator_abort( generator );
return( status );
}
psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
switch( step )
{
case PSA_KDF_STEP_LABEL:
case PSA_KDF_STEP_SALT:
case PSA_KDF_STEP_INFO:
return( psa_key_derivation_input_raw( generator, step,
data, data_length ) );
default:
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
psa_status_t psa_key_derivation_input_key( psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t handle )
{
psa_key_slot_t *slot;
psa_status_t status;
status = psa_get_key_from_slot( handle, &slot,
PSA_KEY_USAGE_DERIVE,
generator->alg );
if( status != PSA_SUCCESS )
return( status );
// TODO: for a key agreement algorithm, allow the corresponding key type and step
if( slot->type != PSA_KEY_TYPE_DERIVE )
return( PSA_ERROR_INVALID_ARGUMENT );
/* Don't allow a key to be used as an input that is usually public.
* This is debatable. It's ok from a cryptographic perspective to
* use secret material as an input that is usually public. However
* the material should be dedicated to a particular input step,
* otherwise this may allow the key to be used in an unintended way
* and leak values derived from the key. So be conservative. */
if( step != PSA_KDF_STEP_SECRET )
return( PSA_ERROR_INVALID_ARGUMENT );
return( psa_key_derivation_input_raw( generator,
step,
slot->data.raw.data,
slot->data.raw.bytes ) );
}
/****************************************************************/
@ -4140,10 +4399,10 @@ exit:
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
psa_key_slot_t *private_key,
const uint8_t *peer_key,
size_t peer_key_length,
psa_algorithm_t alg )
size_t peer_key_length )
{
psa_status_t status;
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
@ -4151,10 +4410,10 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato
/* Step 1: run the secret agreement algorithm to generate the shared
* secret. */
switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ) )
switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg ) )
{
#if defined(MBEDTLS_ECDH_C)
case PSA_ALG_ECDH_BASE:
case PSA_ALG_ECDH:
if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( private_key->type ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_key_agreement_ecdh( peer_key, peer_key_length,
@ -4175,34 +4434,31 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato
/* Step 2: set up the key derivation to generate key material from
* the shared secret. */
status = psa_key_derivation_internal( generator,
shared_secret, shared_secret_length,
PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ),
NULL, 0, NULL, 0,
PSA_GENERATOR_UNBRIDLED_CAPACITY );
status = psa_key_derivation_input_raw( generator, step,
shared_secret, shared_secret_length );
exit:
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
return( status );
}
psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length,
psa_algorithm_t alg )
size_t peer_key_length )
{
psa_key_slot_t *slot;
psa_status_t status;
if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) )
if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( private_key, &slot,
PSA_KEY_USAGE_DERIVE, alg );
PSA_KEY_USAGE_DERIVE, generator->alg );
if( status != PSA_SUCCESS )
return( status );
status = psa_key_agreement_internal( generator,
status = psa_key_agreement_internal( generator, step,
slot,
peer_key, peer_key_length,
alg );
peer_key, peer_key_length );
if( status != PSA_SUCCESS )
psa_generator_abort( generator );
return( status );

View file

@ -474,15 +474,15 @@ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KE
PSA key policy: agreement, permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
PSA key policy: agreement, not permitted
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
agreement_key_policy:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH
PSA key policy: agreement, wrong algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH(PSA_ALG_SELECT_RAW)
agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH
Hash operation object initializers zero properly
hash_operation_init:
@ -1149,7 +1149,7 @@ import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17
PSA import/exercise: ECP SECP256R1 keypair, ECDH
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW)
import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH
PSA sign: RSA PKCS#1 v1.5, raw
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -1674,19 +1674,19 @@ derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0
PSA key agreement setup: ECDH, raw: good
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
PSA key agreement setup: ECDH, raw: public key on different curve
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH, raw: public key instead of private key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH, unknown KDF
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_setup:PSA_ALG_ECDH(0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, 0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED
PSA key agreement setup: not a key agreement algorithm
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
@ -1694,71 +1694,71 @@ key_agreement_setup:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):PSA_KEY_TYPE_ECC_KEYPAIR(PSA
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: capacity=32
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 32 (full)
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
PSA key agreement: ECDH SECP256R1 with ECDH-only public key
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3057301106052b8104010c06082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":""
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 0+32
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 20+12
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de"
PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 7+15
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d"
PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: capacity=48
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48
PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: read
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":""
PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: capacity=66
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66
PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: read
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":""
PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: capacity=32
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32
PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: read
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":""
PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: capacity=48
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48
PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: read
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":""
PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: capacity=64
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64
PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
PSA generate random: 0 bytes
generate_random:0

View file

@ -366,11 +366,30 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
if( usage & PSA_KEY_USAGE_DERIVE )
{
PSA_ASSERT( psa_key_derivation( &generator,
handle, alg,
label, label_length,
seed, seed_length,
sizeof( output ) ) );
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_SALT,
label,
label_length ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_KDF_STEP_SECRET,
handle ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_INFO,
seed,
seed_length ) );
}
else
{
// legacy
PSA_ASSERT( psa_key_derivation( &generator,
handle, alg,
label, label_length,
seed, seed_length,
sizeof( output ) ) );
}
PSA_ASSERT( psa_generator_read( &generator,
output,
sizeof( output ) ) );
@ -386,8 +405,7 @@ exit:
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
psa_key_handle_t handle,
psa_algorithm_t alg )
psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@ -409,9 +427,8 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
public_key, public_key_length,
&public_key_length ) );
status = psa_key_agreement( generator, handle,
public_key, public_key_length,
alg );
status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
return( status );
@ -429,7 +446,8 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
PSA_ASSERT( key_agreement_with_self( &generator, handle, alg ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
PSA_ASSERT( psa_generator_read( &generator,
output,
sizeof( output ) ) );
@ -1753,7 +1771,8 @@ void agreement_key_policy( int policy_usage,
PSA_ASSERT( psa_import_key( handle, key_type,
key_data->x, key_data->len ) );
status = key_agreement_with_self( &generator, handle, exercise_alg );
PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
status = key_agreement_with_self( &generator, handle );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@ -3476,10 +3495,29 @@ void derive_output( int alg_arg,
key_data->len ) );
/* Extraction phase. */
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_set_generator_capacity( &generator,
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_SALT,
salt->x, salt->len ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_KDF_STEP_SECRET,
handle ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_INFO,
label->x, label->len ) );
}
else
{
// legacy
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
}
PSA_ASSERT( psa_get_generator_capacity( &generator,
&current_capacity ) );
TEST_EQUAL( current_capacity, requested_capacity );
@ -3556,10 +3594,29 @@ void derive_full( int alg_arg,
key_data->len ) );
/* Extraction phase. */
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_set_generator_capacity( &generator,
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_SALT,
salt->x, salt->len ) );
PSA_ASSERT( psa_key_derivation_input_key( &generator,
PSA_KDF_STEP_SECRET,
handle ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_INFO,
label->x, label->len ) );
}
else
{
// legacy
PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
}
PSA_ASSERT( psa_get_generator_capacity( &generator,
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
@ -3772,10 +3829,10 @@ void key_agreement_setup( int alg_arg,
our_key_data->x,
our_key_data->len ) );
TEST_EQUAL( psa_key_agreement( &generator,
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
peer_key_data->x, peer_key_data->len,
alg ),
peer_key_data->x, peer_key_data->len ),
expected_status_arg );
exit:
@ -3811,10 +3868,10 @@ void key_agreement_capacity( int alg_arg,
our_key_data->x,
our_key_data->len ) );
PSA_ASSERT( psa_key_agreement( &generator,
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
peer_key_data->x, peer_key_data->len,
alg ) );
peer_key_data->x, peer_key_data->len ) );
/* Test the advertized capacity. */
PSA_ASSERT( psa_get_generator_capacity(
@ -3868,10 +3925,10 @@ void key_agreement_output( int alg_arg,
our_key_data->x,
our_key_data->len ) );
PSA_ASSERT( psa_key_agreement( &generator,
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
peer_key_data->x, peer_key_data->len,
alg ) );
peer_key_data->x, peer_key_data->len ) );
PSA_ASSERT( psa_generator_read( &generator,
actual_output,

View file

@ -266,24 +266,21 @@ Key derivation: HKDF using SHA-256
depends_on:MBEDTLS_SHA256_C
key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF
Key selection: raw
key_selection_algorithm:PSA_ALG_SELECT_RAW:0
Key agreement: FFDH, raw output
depends_on:MBEDTLS_DHM_C
key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_SELECT_RAW ):ALG_IS_FFDH:PSA_ALG_SELECT_RAW
key_agreement_algorithm:PSA_ALG_FFDH:ALG_IS_FFDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_FFDH:PSA_ALG_CATEGORY_KEY_DERIVATION
Key agreement: FFDH, HKDF using SHA-256
depends_on:MBEDTLS_DHM_C
key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
Key agreement: ECDH, raw output
depends_on:MBEDTLS_ECDH_C
key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ):ALG_IS_ECDH:PSA_ALG_SELECT_RAW
key_agreement_algorithm:PSA_ALG_ECDH:ALG_IS_ECDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_ECDH:PSA_ALG_CATEGORY_KEY_DERIVATION
Key agreement: ECDH, HKDF using SHA-256
depends_on:MBEDTLS_ECDH_C
key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 )
Key type: raw data
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED

View file

@ -35,6 +35,7 @@
#define ALG_IS_FFDH ( 1u << 17 )
#define ALG_IS_ECDH ( 1u << 18 )
#define ALG_IS_WILDCARD ( 1u << 19 )
#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 )
/* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@ -73,6 +74,9 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags );
TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags );
exit: ;
}
@ -113,7 +117,6 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Length */
@ -134,7 +137,6 @@ void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Tag length */
@ -174,7 +176,6 @@ void hash_algorithm( int alg_arg, int length_arg )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, 0 );
/* Dependent algorithms */
@ -271,7 +272,6 @@ void cipher_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@ -320,7 +320,6 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@ -350,7 +349,6 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@ -359,6 +357,8 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
void key_derivation_algorithm( int alg_arg, int classification_flags )
{
psa_algorithm_t alg = alg_arg;
psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg );
psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg );
/* Algorithm classification */
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
@ -369,49 +369,25 @@ void key_derivation_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Check combinations with key agreements */
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
}
/* END_CASE */
/* BEGIN_CASE */
void key_selection_algorithm( int alg_arg, int classification_flags )
{
psa_algorithm_t alg = alg_arg;
/* Algorithm classification */
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Check combinations with key agreements */
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) );
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg );
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) );
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg );
TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg );
}
/* END_CASE */
/* BEGIN_CASE */
void key_agreement_algorithm( int alg_arg, int classification_flags,
int post_alg_arg )
int ka_alg_arg, int kdf_alg_arg )
{
psa_algorithm_t alg = alg_arg;
psa_algorithm_t actual_post_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
psa_algorithm_t expected_post_alg = post_alg_arg;
psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg );
psa_algorithm_t expected_ka_alg = ka_alg_arg;
psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
psa_algorithm_t expected_kdf_alg = kdf_alg_arg;
/* Algorithm classification */
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
@ -422,13 +398,11 @@ void key_agreement_algorithm( int alg_arg, int classification_flags,
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) );
algorithm_classification( alg, classification_flags );
/* Shared secret derivation properties */
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( actual_post_alg ) ||
PSA_ALG_IS_KEY_SELECTION( actual_post_alg ) );
TEST_EQUAL( actual_post_alg, expected_post_alg );
TEST_EQUAL( actual_ka_alg, expected_ka_alg );
TEST_EQUAL( actual_kdf_alg, expected_kdf_alg );
}
/* END_CASE */