diff --git a/include/psa/crypto.h b/include/psa/crypto.h index eb63254fd2..751c3803b6 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -2765,6 +2765,22 @@ static psa_crypto_generator_t psa_crypto_generator_init(void); psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, size_t *capacity); +/** Set the maximum capacity of a generator. + * + * \param[in,out] generator The generator object to modify. + * \param capacity The new capacity of the generator. + * It must be less or equal to the generator's + * current capacity. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p capacity is larger than the generator's current capacity. + * \retval #PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + */ +psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator, + size_t capacity); + /** Read some data from a generator. * * This function reads and returns a sequence of bytes from a generator. @@ -2892,37 +2908,36 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); /** Set up a key derivation operation. * - * A key derivation algorithm takes three inputs: a secret input \p key and - * two non-secret inputs \p label and p salt. - * The result of this function is a byte generator which can - * be used to produce keys and other cryptographic material. + * A key derivation algorithm takes some inputs and uses them to create + * a byte generator which can be used to produce keys and other + * cryptographic material. * - * The role of \p label and \p salt is as follows: - * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step - * and \p label is the info string used in the "expand" step. + * To use a generator for key derivation: + * - Start with an initialized object of type #psa_crypto_generator_t. + * - Call psa_key_derivation_setup() to select the algorithm. + * - Provide the inputs for the key derivation by calling + * psa_key_derivation_input_bytes() or psa_key_derivation_input_key() + * as appropriate. Which inputs are needed, in what order, and whether + * they may be keys and if so of what type depends on the algorithm. + * - Optionally set the generator's maximum capacity with + * psa_set_generator_capacity(). You may do this before, in the middle of + * or after providing inputs. For some algorithms, this step is mandatory + * because the output depends on the maximum capacity. + * - Generate output with psa_generator_read() or + * psa_generator_import_key(). Successive calls to these functions + * use successive output bytes from the generator. + * - Clean up the generator object with psa_generator_abort(). * - * \param[in,out] generator The generator object to set up. It must have - * been initialized as per the documentation for - * #psa_crypto_generator_t and not yet in use. - * \param handle Handle to the secret key. + * \param[in,out] generator The generator object to set up. It must + * have been initialized but not set up yet. * \param alg The key derivation algorithm to compute * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). - * \param[in] salt Salt to use. - * \param salt_length Size of the \p salt buffer in bytes. - * \param[in] label Label to use. - * \param label_length Size of the \p label buffer in bytes. - * \param capacity The maximum number of bytes that the - * generator will be able to provide. * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_EMPTY_SLOT - * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \c key is not compatible with \c alg, - * or \p capacity is too large for the specified algorithm and key. + * \c alg is not a key derivation algorithm. * \retval #PSA_ERROR_NOT_SUPPORTED * \c alg is not supported or is not a key derivation algorithm. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -2930,33 +2945,115 @@ psa_status_t psa_generator_abort(psa_crypto_generator_t *generator); * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE + */ +psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator, + psa_algorithm_t alg); + +/** Provide an input for key derivation or key agreement. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function passes direct inputs. Some inputs must be passed as keys + * using psa_key_derivation_input_key() instead of this function. Refer to + * the documentation of individual step types for information. + * + * \param[in,out] generator The generator object to use. It must + * have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param[in] data Input data to use. + * \param data_length Size of the \p data buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the generator's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step does not allow direct inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The value of \p step is not valid given the state of \p generator. + * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, - psa_key_handle_t handle, - psa_algorithm_t alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length, - size_t capacity); +psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length); -/** Set up a key agreement operation. +/** Provide an input for key derivation in the form of a key. + * + * Which inputs are required and in what order depends on the algorithm. + * Refer to the documentation of each key derivation or key agreement + * algorithm for information. + * + * This function passes key inputs. Some inputs must be passed as keys + * of the appropriate type using this function, while others must be + * passed as direct inputs using psa_key_derivation_input_bytes(). Refer to + * the documentation of individual step types for information. + * + * \param[in,out] generator The generator object to use. It must + * have been set up with + * psa_key_derivation_setup() and must not + * have produced any output yet. + * \param step Which step the input data is for. + * \param handle Handle to the key. It must have an + * appropriate type for \p step and must + * allow the usage #PSA_KEY_USAGE_DERIVE. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step is not compatible with the generator's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c step does not allow key inputs. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The value of \p step is not valid given the state of \p generator. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, + psa_key_handle_t handle); + +/** Perform a key agreement and use the shared secret as input to a key + * derivation. * * A key agreement algorithm takes two inputs: a private key \p private_key * a public key \p peer_key. - * The result of this function is a byte generator which can - * be used to produce keys and other cryptographic material. + * The result of this function is passed as input to a key derivation. + * The output of this key derivation can be extracted by reading from the + * resulting generator to produce keys and other cryptographic material. * - * The resulting generator always has the maximum capacity permitted by - * the algorithm. - * - * \param[in,out] generator The generator object to set up. It must have been - * initialized as per the documentation for - * #psa_crypto_generator_t and not yet in use. - * \param private_key Handle to the private key to use. + * \param[in,out] generator The generator object to use. It must + * have been set up with + * psa_key_derivation_setup() with a + * key agreement and derivation algorithm + * \c alg (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true + * and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg) + * is false). + * The generator must be ready for an + * input of the type given by \p step. + * \param step Which step the input data is for. + * \param private_key Handle to the private key to use. * \param[in] peer_key Public key of the peer. The peer key must be in the * same format that psa_import_key() accepts for the * public key type corresponding to the type of @@ -2971,10 +3068,7 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, * private key is on. The standard formats for public * keys are documented in the documentation of * psa_export_public_key(). - * \param peer_key_length Size of \p peer_key in bytes. - * \param alg The key agreement algorithm to compute - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_KEY_AGREEMENT(\p alg) is true). + * \param peer_key_length Size of \p peer_key in bytes. * * \retval #PSA_SUCCESS * Success. @@ -2993,10 +3087,62 @@ psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, * \retval #PSA_ERROR_TAMPERING_DETECTED */ psa_status_t psa_key_agreement(psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, - size_t peer_key_length, - psa_algorithm_t alg); + size_t peer_key_length); + +/** Perform a key agreement and use the shared secret as input to a key + * derivation. + * + * A key agreement algorithm takes two inputs: a private key \p private_key + * a public key \p peer_key. + * + * \warning The raw result of a key agreement algorithm such as finite-field + * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should + * not be used directly as key material. It should instead be passed as + * input to a key derivation algorithm. To chain a key agreement with + * a key derivation, use psa_key_agreement() and other functions from + * the key derivation and generator interface. + * + * \param private_key Handle to the private key to use. + * \param[in] peer_key Public key of the peer. It must be + * in the same format that psa_import_key() + * accepts. The standard formats for public + * keys are documented in the documentation + * of psa_export_public_key(). + * \param peer_key_length Size of \p peer_key in bytes. + * \param[out] output Buffer where the decrypted message is to + * be written. + * \param output_size Size of the \c output buffer in bytes. + * \param[out] output_length On success, the number of bytes + * that make up the returned output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p alg is not a key agreement algorithm + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p private_key is not compatible with \p alg, + * or \p peer_key is not valid for \p alg or not compatible with + * \p private_key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not a supported key agreement algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + */ +psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length, + uint8_t *output, + size_t output_size, + size_t *output_length); /**@}*/ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 7f08857942..a0eac4dbc8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -120,6 +120,64 @@ void mbedtls_psa_crypto_free( void ); psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, size_t seed_size); +/** Set up a key derivation operation. + * + * FIMXE This function is no longer part of the official API. Its prototype + * is only kept around for the sake of tests that haven't been updated yet. + * + * A key derivation algorithm takes three inputs: a secret input \p key and + * two non-secret inputs \p label and p salt. + * The result of this function is a byte generator which can + * be used to produce keys and other cryptographic material. + * + * The role of \p label and \p salt is as follows: + * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step + * and \p label is the info string used in the "expand" step. + * + * \param[in,out] generator The generator object to set up. It must have + * been initialized as per the documentation for + * #psa_crypto_generator_t and not yet in use. + * \param handle Handle to the secret key. + * \param alg The key derivation algorithm to compute + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true). + * \param[in] salt Salt to use. + * \param salt_length Size of the \p salt buffer in bytes. + * \param[in] label Label to use. + * \param label_length Size of the \p label buffer in bytes. + * \param capacity The maximum number of bytes that the + * generator will be able to provide. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_EMPTY_SLOT + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \c key is not compatible with \c alg, + * or \p capacity is too large for the specified algorithm and key. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \c alg is not supported or is not a key derivation algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_TAMPERING_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_key_derivation(psa_crypto_generator_t *generator, + psa_key_handle_t handle, + psa_algorithm_t alg, + const uint8_t *salt, + size_t salt_length, + const uint8_t *label, + size_t label_length, + size_t capacity); + +/* FIXME Deprecated. Remove this as soon as all the tests are updated. */ +#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001) #ifdef __cplusplus } diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 586e183a78..2414ad5d71 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -186,6 +186,8 @@ typedef struct #endif uint8_t offset_in_block; uint8_t block_number; + uint8_t state : 2; + uint8_t info_set : 1; } psa_hkdf_generator_t; #endif /* MBEDTLS_MD_C */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 9b44d6aef9..637e07c6b2 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -98,4 +98,13 @@ typedef uint32_t psa_key_usage_t; /**@}*/ +/** \defgroup derivation Key derivation + * @{ + */ + +/** \brief Encoding of the step of a key derivation. */ +typedef uint16_t psa_key_derivation_step_t; + +/**@}*/ + #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 33720e4b13..76c5f38a13 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -540,9 +540,8 @@ #define PSA_ALG_CATEGORY_AEAD ((psa_algorithm_t)0x06000000) #define PSA_ALG_CATEGORY_SIGN ((psa_algorithm_t)0x10000000) #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x12000000) -#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x22000000) -#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x30000000) -#define PSA_ALG_CATEGORY_KEY_SELECTION ((psa_algorithm_t)0x31000000) +#define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x20000000) +#define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x30000000) #define PSA_ALG_IS_VENDOR_DEFINED(alg) \ (((alg) & PSA_ALG_VENDOR_FLAG) != 0) @@ -1170,11 +1169,20 @@ ((alg) & PSA_ALG_HASH_MASK) | PSA_ALG_CATEGORY_HASH : \ 0) -#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x30000100) +#define PSA_ALG_HKDF_BASE ((psa_algorithm_t)0x20000100) /** Macro to build an HKDF algorithm. * * For example, `PSA_ALG_HKDF(PSA_ALG_SHA256)` is HKDF using HMAC-SHA-256. * + * This key derivation algorithm uses the following inputs: + * - #PSA_KDF_STEP_SALT is the salt used in the "extract" step. + * It is optional; if omitted, the derivation uses an empty salt. + * - #PSA_KDF_STEP_SECRET is the secret key used in the "extract" step. + * - #PSA_KDF_STEP_INFO is the info string used in the "expand" step. + * You must pass #PSA_KDF_STEP_SALT before #PSA_KDF_STEP_SECRET. + * You may pass #PSA_KDF_STEP_INFO at any time after steup and before + * starting to generate output. + * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). * @@ -1200,7 +1208,7 @@ #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x30000200) +#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x20000200) /** Macro to build a TLS-1.2 PRF algorithm. * * TLS 1.2 uses a custom pseudorandom function (PRF) for key schedule, @@ -1239,7 +1247,7 @@ #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300) +#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x20000300) /** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm. * * In a pure-PSK handshake in TLS 1.2, the master secret is derived @@ -1279,51 +1287,48 @@ #define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) -#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x010fffff) +#define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t)0x080fffff) +#define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t)0x10f00000) -/** Use a shared secret as is. +/** Macro to build a combined algorithm that chains a key agreement with + * a key derivation. * - * Specify this algorithm as the selection component of a key agreement - * to use the raw result of the key agreement as key material. + * \param ka_alg A key agreement algorithm (\c PSA_ALG_XXX value such + * that #PSA_ALG_IS_KEY_AGREEMENT(\p ka_alg) is true). + * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such + * that #PSA_ALG_IS_KEY_DERIVATION(\p kdf_alg) is true). * - * \warning The raw result of a key agreement algorithm such as finite-field - * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should - * not be used directly as key material. It can however be used as the secret - * input in a key derivation algorithm. + * \return The corresponding key agreement and derivation + * algorithm. + * \return Unspecified if \p ka_alg is not a supported + * key agreement algorithm or \p kdf_alg is not a + * supported key derivation algorithm. */ -#define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001) +#define PSA_ALG_KEY_AGREEMENT(ka_alg, kdf_alg) \ + ((ka_alg) | (kdf_alg)) #define PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) \ (((alg) & PSA_ALG_KEY_DERIVATION_MASK) | PSA_ALG_CATEGORY_KEY_DERIVATION) -#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \ - ((alg) & ~PSA_ALG_KEY_DERIVATION_MASK) +#define PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) \ + (((alg) & PSA_ALG_KEY_AGREEMENT_MASK) | PSA_ALG_CATEGORY_KEY_AGREEMENT) -#define PSA_ALG_FFDH_BASE ((psa_algorithm_t)0x22100000) -/** The Diffie-Hellman key agreement algorithm. - * - * This algorithm combines the finite-field Diffie-Hellman (DH) key - * agreement, also known as Diffie-Hellman-Merkle (DHM) key agreement, - * to produce a shared secret from a private key and the peer's - * public key, with a key selection or key derivation algorithm to produce - * one or more shared keys and other shared cryptographic material. +#define PSA_ALG_IS_RAW_KEY_AGREEMENT(alg) \ + (PSA_ALG_KEY_AGREEMENT_GET_KDF(alg) == PSA_ALG_CATEGORY_KEY_DERIVATION) + +#define PSA_ALG_IS_KEY_DERIVATION_OR_AGREEMENT(alg) \ + ((PSA_ALG_IS_KEY_DERIVATION(alg) || PSA_ALG_IS_KEY_AGREEMENT(alg))) + +/** The finite-field Diffie-Hellman (DH) key agreement algorithm. * * The shared secret produced by key agreement and passed as input to the * derivation or selection algorithm \p kdf_alg is the shared secret * `g^{ab}` in big-endian format. * It is `ceiling(m / 8)` bytes long where `m` is the size of the prime `p` * in bits. - * - * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true) - * or a key selection algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true). - * - * \return The Diffie-Hellman algorithm with the specified - * selection or derivation algorithm. */ -#define PSA_ALG_FFDH(kdf_alg) \ - (PSA_ALG_FFDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK)) +#define PSA_ALG_FFDH ((psa_algorithm_t)0x30100000) + /** Whether the specified algorithm is a finite field Diffie-Hellman algorithm. * * This includes every supported key selection or key agreement algorithm @@ -1336,18 +1341,11 @@ * key agreement algorithm identifier. */ #define PSA_ALG_IS_FFDH(alg) \ - (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH_BASE) + (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_FFDH) -#define PSA_ALG_ECDH_BASE ((psa_algorithm_t)0x22200000) /** The elliptic curve Diffie-Hellman (ECDH) key agreement algorithm. * - * This algorithm combines the elliptic curve Diffie-Hellman key - * agreement to produce a shared secret from a private key and the peer's - * public key, with a key selection or key derivation algorithm to produce - * one or more shared keys and other shared cryptographic material. - * - * The shared secret produced by key agreement and passed as input to the - * derivation or selection algorithm \p kdf_alg is the x-coordinate of + * The shared secret produced by key agreement is the x-coordinate of * the shared secret point. It is always `ceiling(m / 8)` bytes long where * `m` is the bit size associated with the curve, i.e. the bit size of the * order of the curve's coordinate field. When `m` is not a multiple of 8, @@ -1369,17 +1367,9 @@ * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` * in big-endian byte order. * The bit size is `m` for the field `F_{2^m}`. - * - * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true) - * or a selection algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true). - * - * \return The Diffie-Hellman algorithm with the specified - * selection or derivation algorithm. */ -#define PSA_ALG_ECDH(kdf_alg) \ - (PSA_ALG_ECDH_BASE | ((kdf_alg) & PSA_ALG_KEY_DERIVATION_MASK)) +#define PSA_ALG_ECDH ((psa_algorithm_t)0x30200000) + /** Whether the specified algorithm is an elliptic curve Diffie-Hellman * algorithm. * @@ -1394,7 +1384,7 @@ * key agreement algorithm identifier. */ #define PSA_ALG_IS_ECDH(alg) \ - (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH_BASE) + (PSA_ALG_KEY_AGREEMENT_GET_BASE(alg) == PSA_ALG_ECDH) /** Whether the specified algorithm encoding is a wildcard. * @@ -1506,4 +1496,34 @@ /**@}*/ +/** \defgroup derivation Key derivation + * @{ + */ + +/** A secret input for key derivation. + * + * This must be a key of type #PSA_KEY_TYPE_DERIVE. + */ +#define PSA_KDF_STEP_SECRET ((psa_key_derivation_step_t)0x0101) + +/** A label for key derivation. + * + * This must be a direct input. + */ +#define PSA_KDF_STEP_LABEL ((psa_key_derivation_step_t)0x0201) + +/** A salt for key derivation. + * + * This must be a direct input. + */ +#define PSA_KDF_STEP_SALT ((psa_key_derivation_step_t)0x0202) + +/** An information string for key derivation. + * + * This must be a direct input. + */ +#define PSA_KDF_STEP_INFO ((psa_key_derivation_step_t)0x0203) + +/**@}*/ + #endif /* PSA_CRYPTO_VALUES_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 416cf5bb9e..be196e59a2 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3399,17 +3399,33 @@ exit: /* Generators */ /****************************************************************/ +#define HKDF_STATE_INIT 0 /* no input yet */ +#define HKDF_STATE_STARTED 1 /* got salt */ +#define HKDF_STATE_KEYED 2 /* got key */ +#define HKDF_STATE_OUTPUT 3 /* output started */ + +static psa_algorithm_t psa_generator_get_kdf_alg( + const psa_crypto_generator_t *generator ) +{ + if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) + return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) ); + else + return( generator->alg ); +} + + psa_status_t psa_generator_abort( psa_crypto_generator_t *generator ) { psa_status_t status = PSA_SUCCESS; - if( generator->alg == 0 ) + psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + if( kdf_alg == 0 ) { /* The object has (apparently) been initialized but it is not * in use. It's ok to call abort on such an object, and there's * nothing to do. */ } else - if( generator->alg == PSA_ALG_SELECT_RAW ) + if( kdf_alg == PSA_ALG_SELECT_RAW ) { if( generator->ctx.buffer.data != NULL ) { @@ -3420,14 +3436,14 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator ) } else #if defined(MBEDTLS_MD_C) - if( PSA_ALG_IS_HKDF( generator->alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) ) { mbedtls_free( generator->ctx.hkdf.info ); status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac ); } - else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) || + else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */ - PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) ) + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { if( generator->ctx.tls12_prf.key != NULL ) { @@ -3452,7 +3468,6 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator ) return( status ); } - psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, size_t *capacity) { @@ -3460,6 +3475,17 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator, return( PSA_SUCCESS ); } +psa_status_t psa_set_generator_capacity( psa_crypto_generator_t *generator, + size_t capacity ) +{ + if( generator->alg == 0 ) + return( PSA_ERROR_BAD_STATE ); + if( capacity > generator->capacity ) + return( PSA_ERROR_INVALID_ARGUMENT ); + generator->capacity = capacity; + return( PSA_SUCCESS ); +} + #if defined(MBEDTLS_MD_C) /* Read some bytes from an HKDF-based generator. This performs a chunk * of the expand phase of the HKDF algorithm. */ @@ -3471,6 +3497,10 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf, uint8_t hash_length = PSA_HASH_SIZE( hash_alg ); psa_status_t status; + if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set ) + return( PSA_ERROR_BAD_STATE ); + hkdf->state = HKDF_STATE_OUTPUT; + while( output_length != 0 ) { /* Copy what remains of the current block */ @@ -3684,6 +3714,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, size_t output_length ) { psa_status_t status; + psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); if( output_length > generator->capacity ) { @@ -3694,7 +3725,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, goto exit; } if( output_length == 0 && - generator->capacity == 0 && generator->alg == 0 ) + generator->capacity == 0 && kdf_alg == 0 ) { /* Edge case: this is a blank or finished generator, and 0 * bytes were requested. The right error in this case could @@ -3706,7 +3737,7 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, } generator->capacity -= output_length; - if( generator->alg == PSA_ALG_SELECT_RAW ) + if( kdf_alg == PSA_ALG_SELECT_RAW ) { /* Initially, the capacity of a selection generator is always * the size of the buffer, i.e. `generator->ctx.buffer.size`, @@ -3724,17 +3755,17 @@ psa_status_t psa_generator_read( psa_crypto_generator_t *generator, } else #if defined(MBEDTLS_MD_C) - if( PSA_ALG_IS_HKDF( generator->alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) ) { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( generator->alg ); + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg, output, output_length ); } - else if( PSA_ALG_IS_TLS12_PRF( generator->alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( generator->alg ) ) + else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf, - generator->alg, output, + kdf_alg, output, output_length ); } else @@ -3841,6 +3872,8 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, return( PSA_ERROR_INSUFFICIENT_MEMORY ); memcpy( hkdf->info, label, label_length ); } + hkdf->state = HKDF_STATE_KEYED; + hkdf->info_set = 1; return( PSA_SUCCESS ); } #endif /* MBEDTLS_MD_C */ @@ -4084,6 +4117,232 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator, return( status ); } +static psa_status_t psa_key_derivation_setup_kdf( + psa_crypto_generator_t *generator, + psa_algorithm_t kdf_alg ) +{ + /* Make sure that kdf_alg is a supported key derivation algorithm. */ +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HKDF( kdf_alg ) || + PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); + size_t hash_size = PSA_HASH_SIZE( hash_alg ); + if( hash_size == 0 ) + return( PSA_ERROR_NOT_SUPPORTED ); + if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) && + ! ( hash_alg == PSA_ALG_SHA_256 && hash_alg == PSA_ALG_SHA_384 ) ) + { + return( PSA_ERROR_NOT_SUPPORTED ); + } + generator->capacity = 255 * hash_size; + return( PSA_SUCCESS ); + } +#endif /* MBEDTLS_MD_C */ + else + return( PSA_ERROR_NOT_SUPPORTED ); +} + +psa_status_t psa_key_derivation_setup( psa_crypto_generator_t *generator, + psa_algorithm_t alg ) +{ + psa_status_t status; + + if( generator->alg != 0 ) + return( PSA_ERROR_BAD_STATE ); + + if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) ) + { + psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + status = psa_key_derivation_setup_kdf( generator, kdf_alg ); + } + else if( PSA_ALG_IS_KEY_DERIVATION( alg ) ) + { + status = psa_key_derivation_setup_kdf( generator, alg ); + } + else + return( PSA_ERROR_INVALID_ARGUMENT ); + + if( status == PSA_SUCCESS ) + generator->alg = alg; + return( status ); +} + +#if defined(MBEDTLS_MD_C) +static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, + psa_algorithm_t hash_alg, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length ) +{ + psa_status_t status; + switch( step ) + { + case PSA_KDF_STEP_SALT: + if( hkdf->state == HKDF_STATE_INIT ) + { + status = psa_hmac_setup_internal( &hkdf->hmac, + data, data_length, + hash_alg ); + if( status != PSA_SUCCESS ) + return( status ); + hkdf->state = HKDF_STATE_STARTED; + return( PSA_SUCCESS ); + } + else + return( PSA_ERROR_BAD_STATE ); + break; + case PSA_KDF_STEP_SECRET: + /* If no salt was provided, use an empty salt. */ + if( hkdf->state == HKDF_STATE_INIT ) + { + status = psa_hmac_setup_internal( &hkdf->hmac, + NULL, 0, + PSA_ALG_HMAC( hash_alg ) ); + if( status != PSA_SUCCESS ) + return( status ); + hkdf->state = HKDF_STATE_STARTED; + } + if( hkdf->state == HKDF_STATE_STARTED ) + { + status = psa_hash_update( &hkdf->hmac.hash_ctx, + data, data_length ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_hmac_finish_internal( &hkdf->hmac, + hkdf->prk, + sizeof( hkdf->prk ) ); + if( status != PSA_SUCCESS ) + return( status ); + hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg ); + hkdf->block_number = 0; + hkdf->state = HKDF_STATE_KEYED; + return( PSA_SUCCESS ); + } + else + return( PSA_ERROR_BAD_STATE ); + break; + case PSA_KDF_STEP_INFO: + if( hkdf->state == HKDF_STATE_OUTPUT ) + return( PSA_ERROR_BAD_STATE ); + if( hkdf->info_set ) + return( PSA_ERROR_BAD_STATE ); + hkdf->info_length = data_length; + if( data_length != 0 ) + { + hkdf->info = mbedtls_calloc( 1, data_length ); + if( hkdf->info == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + memcpy( hkdf->info, data, data_length ); + } + hkdf->info_set = 1; + return( PSA_SUCCESS ); + default: + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} +#endif /* MBEDTLS_MD_C */ + +static psa_status_t psa_key_derivation_input_raw( + psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length ) +{ + psa_status_t status; + psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + + if( kdf_alg == PSA_ALG_SELECT_RAW ) + { + if( generator->capacity != 0 ) + return( PSA_ERROR_INVALID_ARGUMENT ); + generator->ctx.buffer.data = mbedtls_calloc( 1, data_length ); + if( generator->ctx.buffer.data == NULL ) + return( PSA_ERROR_INSUFFICIENT_MEMORY ); + memcpy( generator->ctx.buffer.data, data, data_length ); + generator->ctx.buffer.size = data_length; + generator->capacity = data_length; + status = PSA_SUCCESS; + } + else +#if defined(MBEDTLS_MD_C) + if( PSA_ALG_IS_HKDF( kdf_alg ) ) + { + status = psa_hkdf_input( &generator->ctx.hkdf, + PSA_ALG_HKDF_GET_HASH( kdf_alg ), + step, data, data_length ); + } + else +#endif /* MBEDTLS_MD_C */ +#if defined(MBEDTLS_MD_C) + /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ + if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + { + // TODO + status = PSA_ERROR_NOT_SUPPORTED; + } + else +#endif /* MBEDTLS_MD_C */ + { + /* This can't happen unless the generator object was not initialized */ + return( PSA_ERROR_BAD_STATE ); + } + + if( status != PSA_SUCCESS ) + psa_generator_abort( generator ); + return( status ); +} + +psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length ) +{ + switch( step ) + { + case PSA_KDF_STEP_LABEL: + case PSA_KDF_STEP_SALT: + case PSA_KDF_STEP_INFO: + return( psa_key_derivation_input_raw( generator, step, + data, data_length ) ); + default: + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + +psa_status_t psa_key_derivation_input_key( psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, + psa_key_handle_t handle ) +{ + psa_key_slot_t *slot; + psa_status_t status; + status = psa_get_key_from_slot( handle, &slot, + PSA_KEY_USAGE_DERIVE, + generator->alg ); + if( status != PSA_SUCCESS ) + return( status ); + // TODO: for a key agreement algorithm, allow the corresponding key type and step + if( slot->type != PSA_KEY_TYPE_DERIVE ) + return( PSA_ERROR_INVALID_ARGUMENT ); + /* Don't allow a key to be used as an input that is usually public. + * This is debatable. It's ok from a cryptographic perspective to + * use secret material as an input that is usually public. However + * the material should be dedicated to a particular input step, + * otherwise this may allow the key to be used in an unintended way + * and leak values derived from the key. So be conservative. */ + if( step != PSA_KDF_STEP_SECRET ) + return( PSA_ERROR_INVALID_ARGUMENT ); + return( psa_key_derivation_input_raw( generator, + step, + slot->data.raw.data, + slot->data.raw.bytes ) ); +} + /****************************************************************/ @@ -4140,10 +4399,10 @@ exit: * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, psa_key_slot_t *private_key, const uint8_t *peer_key, - size_t peer_key_length, - psa_algorithm_t alg ) + size_t peer_key_length ) { psa_status_t status; uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE]; @@ -4151,10 +4410,10 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato /* Step 1: run the secret agreement algorithm to generate the shared * secret. */ - switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ) ) + switch( PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg ) ) { #if defined(MBEDTLS_ECDH_C) - case PSA_ALG_ECDH_BASE: + case PSA_ALG_ECDH: if( ! PSA_KEY_TYPE_IS_ECC_KEYPAIR( private_key->type ) ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_key_agreement_ecdh( peer_key, peer_key_length, @@ -4175,34 +4434,31 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato /* Step 2: set up the key derivation to generate key material from * the shared secret. */ - status = psa_key_derivation_internal( generator, - shared_secret, shared_secret_length, - PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ), - NULL, 0, NULL, 0, - PSA_GENERATOR_UNBRIDLED_CAPACITY ); + status = psa_key_derivation_input_raw( generator, step, + shared_secret, shared_secret_length ); + exit: mbedtls_platform_zeroize( shared_secret, shared_secret_length ); return( status ); } psa_status_t psa_key_agreement( psa_crypto_generator_t *generator, + psa_key_derivation_step_t step, psa_key_handle_t private_key, const uint8_t *peer_key, - size_t peer_key_length, - psa_algorithm_t alg ) + size_t peer_key_length ) { psa_key_slot_t *slot; psa_status_t status; - if( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ) + if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_key_from_slot( private_key, &slot, - PSA_KEY_USAGE_DERIVE, alg ); + PSA_KEY_USAGE_DERIVE, generator->alg ); if( status != PSA_SUCCESS ) return( status ); - status = psa_key_agreement_internal( generator, + status = psa_key_agreement_internal( generator, step, slot, - peer_key, peer_key_length, - alg ); + peer_key, peer_key_length ); if( status != PSA_SUCCESS ) psa_generator_abort( generator ); return( status ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2609aab63f..36fbbed9e5 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -474,15 +474,15 @@ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KE PSA key policy: agreement, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH PSA key policy: agreement, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -agreement_key_policy:0:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH(PSA_ALG_SELECT_RAW) +agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH PSA key policy: agreement, wrong algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH(PSA_ALG_SELECT_RAW) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH Hash operation object initializers zero properly hash_operation_init: @@ -1149,7 +1149,7 @@ import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17 PSA import/exercise: ECP SECP256R1 keypair, ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW) +import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):256:PSA_ALG_ECDH PSA sign: RSA PKCS#1 v1.5, raw depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -1674,19 +1674,19 @@ derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0 PSA key agreement setup: ECDH, raw: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS +key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS PSA key agreement setup: ECDH, raw: public key on different curve depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, raw: public key instead of private key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP256R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_ECDH(0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, 0):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: not a key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C @@ -1694,71 +1694,71 @@ key_agreement_setup:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):PSA_KEY_TYPE_ECC_KEYPAIR(PSA PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: capacity=32 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32 +key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":32 PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 32 (full) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"" PSA key agreement: ECDH SECP256R1 with ECDH-only public key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3057301106052b8104010c06082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"" PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 0+32 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 20+12 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9e":"ce7dce03812464d04b9442de" PSA key agreement: ECDH SECP256R1 (RFC 5903), raw: read 7+15 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6ed":"afd13116e0e12565202fef8e9ece7d" PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: capacity=48 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48 +key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":48 PSA key agreement: ECDH SECP384R1 (RFC 5903), raw: read depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP384R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746":"" PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: capacity=66 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66 +key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":66 PSA key agreement: ECDH SECP521R1 (RFC 5903), raw: read depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP521R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"30819b301006072a8648ce3d020106052b81040023038186000400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea":"" PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: capacity=32 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32 +key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":32 PSA key agreement: ECDH brainpoolP256r1 (RFC 7027), raw: read depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P256R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"305a301406072a8648ce3d020106092b2403030208010107034200048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b":"" PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: capacity=48 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48 +key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":48 PSA key agreement: ECDH brainpoolP384r1 (RFC 7027), raw: read depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P384R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"307a301406072a8648ce3d020106092b240303020801010b036200044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42":"" PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: capacity=64 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_capacity:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64 +key_agreement_capacity:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":64 PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":"" +key_agreement_output:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":"" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C -key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"" PSA generate random: 0 bytes generate_random:0 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 15bd87f90d..4d0b2dcf16 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -366,11 +366,30 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, if( usage & PSA_KEY_USAGE_DERIVE ) { - PSA_ASSERT( psa_key_derivation( &generator, - handle, alg, - label, label_length, - seed, seed_length, - sizeof( output ) ) ); + if( PSA_ALG_IS_HKDF( alg ) ) + { + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_KDF_STEP_SALT, + label, + label_length ) ); + PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_KDF_STEP_SECRET, + handle ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_KDF_STEP_INFO, + seed, + seed_length ) ); + } + else + { + // legacy + PSA_ASSERT( psa_key_derivation( &generator, + handle, alg, + label, label_length, + seed, seed_length, + sizeof( output ) ) ); + } PSA_ASSERT( psa_generator_read( &generator, output, sizeof( output ) ) ); @@ -386,8 +405,7 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, - psa_key_handle_t handle, - psa_algorithm_t alg ) + psa_key_handle_t handle ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -409,9 +427,8 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator, public_key, public_key_length, &public_key_length ) ); - status = psa_key_agreement( generator, handle, - public_key, public_key_length, - alg ); + status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle, + public_key, public_key_length ); exit: mbedtls_free( public_key ); return( status ); @@ -429,7 +446,8 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, { /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ - PSA_ASSERT( key_agreement_with_self( &generator, handle, alg ) ); + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + PSA_ASSERT( key_agreement_with_self( &generator, handle ) ); PSA_ASSERT( psa_generator_read( &generator, output, sizeof( output ) ) ); @@ -1753,7 +1771,8 @@ void agreement_key_policy( int policy_usage, PSA_ASSERT( psa_import_key( handle, key_type, key_data->x, key_data->len ) ); - status = key_agreement_with_self( &generator, handle, exercise_alg ); + PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) ); + status = key_agreement_with_self( &generator, handle ); if( policy_alg == exercise_alg && ( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 ) @@ -3476,10 +3495,29 @@ void derive_output( int alg_arg, key_data->len ) ); /* Extraction phase. */ - PSA_ASSERT( psa_key_derivation( &generator, handle, alg, - salt->x, salt->len, - label->x, label->len, - requested_capacity ) ); + if( PSA_ALG_IS_HKDF( alg ) ) + { + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + PSA_ASSERT( psa_set_generator_capacity( &generator, + requested_capacity ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_KDF_STEP_SALT, + salt->x, salt->len ) ); + PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_KDF_STEP_SECRET, + handle ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_KDF_STEP_INFO, + label->x, label->len ) ); + } + else + { + // legacy + PSA_ASSERT( psa_key_derivation( &generator, handle, alg, + salt->x, salt->len, + label->x, label->len, + requested_capacity ) ); + } PSA_ASSERT( psa_get_generator_capacity( &generator, ¤t_capacity ) ); TEST_EQUAL( current_capacity, requested_capacity ); @@ -3556,10 +3594,29 @@ void derive_full( int alg_arg, key_data->len ) ); /* Extraction phase. */ - PSA_ASSERT( psa_key_derivation( &generator, handle, alg, - salt->x, salt->len, - label->x, label->len, - requested_capacity ) ); + if( PSA_ALG_IS_HKDF( alg ) ) + { + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + PSA_ASSERT( psa_set_generator_capacity( &generator, + requested_capacity ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_KDF_STEP_SALT, + salt->x, salt->len ) ); + PSA_ASSERT( psa_key_derivation_input_key( &generator, + PSA_KDF_STEP_SECRET, + handle ) ); + PSA_ASSERT( psa_key_derivation_input_bytes( &generator, + PSA_KDF_STEP_INFO, + label->x, label->len ) ); + } + else + { + // legacy + PSA_ASSERT( psa_key_derivation( &generator, handle, alg, + salt->x, salt->len, + label->x, label->len, + requested_capacity ) ); + } PSA_ASSERT( psa_get_generator_capacity( &generator, ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); @@ -3772,10 +3829,10 @@ void key_agreement_setup( int alg_arg, our_key_data->x, our_key_data->len ) ); - TEST_EQUAL( psa_key_agreement( &generator, + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET, our_key, - peer_key_data->x, peer_key_data->len, - alg ), + peer_key_data->x, peer_key_data->len ), expected_status_arg ); exit: @@ -3811,10 +3868,10 @@ void key_agreement_capacity( int alg_arg, our_key_data->x, our_key_data->len ) ); - PSA_ASSERT( psa_key_agreement( &generator, + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET, our_key, - peer_key_data->x, peer_key_data->len, - alg ) ); + peer_key_data->x, peer_key_data->len ) ); /* Test the advertized capacity. */ PSA_ASSERT( psa_get_generator_capacity( @@ -3868,10 +3925,10 @@ void key_agreement_output( int alg_arg, our_key_data->x, our_key_data->len ) ); - PSA_ASSERT( psa_key_agreement( &generator, + PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) ); + PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET, our_key, - peer_key_data->x, peer_key_data->len, - alg ) ); + peer_key_data->x, peer_key_data->len ) ); PSA_ASSERT( psa_generator_read( &generator, actual_output, diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 1e7a9960f8..edb09a8fc9 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -266,24 +266,21 @@ Key derivation: HKDF using SHA-256 depends_on:MBEDTLS_SHA256_C key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_256 ):ALG_IS_HKDF -Key selection: raw -key_selection_algorithm:PSA_ALG_SELECT_RAW:0 - Key agreement: FFDH, raw output depends_on:MBEDTLS_DHM_C -key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_SELECT_RAW ):ALG_IS_FFDH:PSA_ALG_SELECT_RAW +key_agreement_algorithm:PSA_ALG_FFDH:ALG_IS_FFDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_FFDH:PSA_ALG_CATEGORY_KEY_DERIVATION Key agreement: FFDH, HKDF using SHA-256 depends_on:MBEDTLS_DHM_C -key_agreement_algorithm:PSA_ALG_FFDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 ) +key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_FFDH:PSA_ALG_FFDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 ) Key agreement: ECDH, raw output depends_on:MBEDTLS_ECDH_C -key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_SELECT_RAW ):ALG_IS_ECDH:PSA_ALG_SELECT_RAW +key_agreement_algorithm:PSA_ALG_ECDH:ALG_IS_ECDH | ALG_IS_RAW_KEY_AGREEMENT:PSA_ALG_ECDH:PSA_ALG_CATEGORY_KEY_DERIVATION Key agreement: ECDH, HKDF using SHA-256 depends_on:MBEDTLS_ECDH_C -key_agreement_algorithm:PSA_ALG_ECDH( PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 ) +key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_256 ) Key type: raw data key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 01c8628ce4..1bc8d64d84 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -35,6 +35,7 @@ #define ALG_IS_FFDH ( 1u << 17 ) #define ALG_IS_ECDH ( 1u << 18 ) #define ALG_IS_WILDCARD ( 1u << 19 ) +#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 20 ) /* Flags for key type classification macros. There is a flag for every * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that @@ -73,6 +74,9 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags ) TEST_CLASSIFICATION_MACRO( ALG_IS_RSA_OAEP, alg, flags ); TEST_CLASSIFICATION_MACRO( ALG_IS_HKDF, alg, flags ); TEST_CLASSIFICATION_MACRO( ALG_IS_WILDCARD, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_ECDH, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_FFDH, alg, flags ); + TEST_CLASSIFICATION_MACRO( ALG_IS_RAW_KEY_AGREEMENT, alg, flags ); exit: ; } @@ -113,7 +117,6 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags, TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); /* Length */ @@ -134,7 +137,6 @@ void aead_algorithm_core( psa_algorithm_t alg, int classification_flags, TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); /* Tag length */ @@ -174,7 +176,6 @@ void hash_algorithm( int alg_arg, int length_arg ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, 0 ); /* Dependent algorithms */ @@ -271,7 +272,6 @@ void cipher_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); } /* END_CASE */ @@ -320,7 +320,6 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); } /* END_CASE */ @@ -350,7 +349,6 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); } /* END_CASE */ @@ -359,6 +357,8 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags ) void key_derivation_algorithm( int alg_arg, int classification_flags ) { psa_algorithm_t alg = alg_arg; + psa_algorithm_t ecdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, alg ); + psa_algorithm_t ffdh_alg = PSA_ALG_KEY_AGREEMENT( PSA_ALG_FFDH, alg ); /* Algorithm classification */ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); @@ -369,49 +369,25 @@ void key_derivation_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); /* Check combinations with key agreements */ - TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) ); - TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) ); - TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg ); - TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void key_selection_algorithm( int alg_arg, int classification_flags ) -{ - psa_algorithm_t alg = alg_arg; - - /* Algorithm classification */ - TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( PSA_ALG_IS_KEY_SELECTION( alg ) ); - algorithm_classification( alg, classification_flags ); - - /* Check combinations with key agreements */ - TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_FFDH( alg ) ) ); - TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( PSA_ALG_ECDH( alg ) ) ); - TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_ECDH( alg ) ), alg ); - TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( PSA_ALG_FFDH( alg ) ), alg ); + TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ecdh_alg ) ); + TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( ffdh_alg ) ); + TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ecdh_alg ), alg ); + TEST_EQUAL( PSA_ALG_KEY_AGREEMENT_GET_KDF( ffdh_alg ), alg ); } /* END_CASE */ /* BEGIN_CASE */ void key_agreement_algorithm( int alg_arg, int classification_flags, - int post_alg_arg ) + int ka_alg_arg, int kdf_alg_arg ) { psa_algorithm_t alg = alg_arg; - psa_algorithm_t actual_post_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); - psa_algorithm_t expected_post_alg = post_alg_arg; + psa_algorithm_t actual_ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( alg ); + psa_algorithm_t expected_ka_alg = ka_alg_arg; + psa_algorithm_t actual_kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_algorithm_t expected_kdf_alg = kdf_alg_arg; /* Algorithm classification */ TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); @@ -422,13 +398,11 @@ void key_agreement_algorithm( int alg_arg, int classification_flags, TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); - TEST_ASSERT( ! PSA_ALG_IS_KEY_SELECTION( alg ) ); algorithm_classification( alg, classification_flags ); /* Shared secret derivation properties */ - TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( actual_post_alg ) || - PSA_ALG_IS_KEY_SELECTION( actual_post_alg ) ); - TEST_EQUAL( actual_post_alg, expected_post_alg ); + TEST_EQUAL( actual_ka_alg, expected_ka_alg ); + TEST_EQUAL( actual_kdf_alg, expected_kdf_alg ); } /* END_CASE */