Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac

HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
2025-08-08 17:42:09 +03:00 · 2022-03-17 11:55:48 +01:00
parent 15c0e39fff 88f3b2e502
commit 8d4bc5eeb9
5 changed files with 200 additions and 50 deletions
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3886,35 +3886,84 @@ exit:
 /* END_CASE */

 /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
-void psa_hkdf_expand( int alg, char *hex_info_string,
-                      char *hex_prk_string, char *hex_okm_string )
+void psa_hkdf_extract( int alg,
+                       data_t *ikm,
+                       data_t *salt,
+                       data_t *prk )
+{
+    unsigned char *output_prk = NULL;
+    size_t output_prk_size, output_prk_len;
+
+    PSA_INIT( );
+
+    output_prk_size = PSA_HASH_LENGTH( alg );
+    ASSERT_ALLOC( output_prk, output_prk_size );
+
+    PSA_ASSERT( mbedtls_psa_hkdf_extract( alg, salt->x, salt->len,
+                                          ikm->x, ikm->len,
+                                          output_prk, output_prk_size,
+                                          &output_prk_len ) );
+
+    ASSERT_COMPARE( output_prk, output_prk_len, prk->x, prk->len );
+
+exit:
+    mbedtls_free( output_prk );
+
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+void psa_hkdf_extract_ret( int alg, int ret )
+{
+    int output_ret;
+    unsigned char *salt = NULL;
+    unsigned char *ikm = NULL;
+    unsigned char *prk = NULL;
+    size_t salt_len, ikm_len, prk_len;
+
+    PSA_INIT( );
+
+    ASSERT_ALLOC( prk, PSA_MAC_MAX_SIZE);
+    salt_len = 0;
+    ikm_len = 0;
+    prk_len = 0;
+
+    output_ret = mbedtls_psa_hkdf_extract( alg, salt, salt_len,
+                                           ikm, ikm_len,
+                                           prk, PSA_MAC_MAX_SIZE, &prk_len );
+    TEST_ASSERT( output_ret == ret );
+    TEST_ASSERT( prk_len == 0 );
+
+exit:
+    mbedtls_free( prk );
+
+    PSA_DONE( );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */
+void psa_hkdf_expand( int alg,
+                      data_t *info,
+                      data_t *prk,
+                      data_t *okm )
 {
    enum { OKM_LEN  = 1024 };
-    unsigned char *info = NULL;
-    unsigned char *prk = NULL;
-    unsigned char *okm = NULL;
    unsigned char *output_okm = NULL;
-    size_t info_len, prk_len, okm_len;

    PSA_INIT( );

    ASSERT_ALLOC( output_okm, OKM_LEN );
+    TEST_ASSERT( prk->len == PSA_HASH_LENGTH( alg ) );
+    TEST_ASSERT( okm->len < OKM_LEN );

-    prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
-    info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len );
-    okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len );
-    TEST_ASSERT( prk_len == PSA_HASH_LENGTH( alg ) );
-    TEST_ASSERT( okm_len < OKM_LEN );
-
-    PSA_ASSERT( mbedtls_psa_hkdf_expand( alg, prk, prk_len, info, info_len,
+    PSA_ASSERT( mbedtls_psa_hkdf_expand( alg, prk->x, prk->len,
+                                         info->x, info->len,
                                         output_okm, OKM_LEN ) );

-    ASSERT_COMPARE( output_okm, okm_len, okm, okm_len );
+    ASSERT_COMPARE( output_okm, okm->len, okm->x, okm->len );

 exit:
-    mbedtls_free( info );
-    mbedtls_free( prk );
-    mbedtls_free( okm );
    mbedtls_free( output_okm );

    PSA_DONE( );