lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Rename generator functions to psa_key_derivation_xxx

Browse Source 
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
This commit is contained in:
Gilles Peskine
2019-05-16 15:28:51 +02:00
parent d35249e66f
commit a99d3fbd05
9 changed files with 182 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
library/psa_crypto.c
View File

@ -4066,7 +4066,7 @@ exit:
#define HKDF_STATE_OUTPUT 3 /* output started */
static psa_algorithm_t psa_generator_get_kdf_alg(
const psa_crypto_generator_t *generator )
const psa_key_derivation_operation_t *generator )
{
if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
@ -4075,7 +4075,7 @@ static psa_algorithm_t psa_generator_get_kdf_alg(
}
psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator )
{
psa_status_t status = PSA_SUCCESS;
psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator );
@ -4129,7 +4129,7 @@ psa_status_t psa_generator_abort( psa_crypto_generator_t *generator )
return( status );
}
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator,
size_t *capacity)
{
if( generator->alg == 0 )
@ -4142,7 +4142,7 @@ psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
return( PSA_SUCCESS );
}
psa_status_t psa_set_generator_capacity( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *generator,
size_t capacity )
{
if( generator->alg == 0 )
@ -4181,7 +4181,7 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf,
if( output_length == 0 )
break;
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_generator_read() would have
* the capacity check in psa_key_derivation_output_bytes() would have
* prevented this call. It could happen only if the generator
* object was corrupted or if this function is called directly
* inside the library. */
@ -4236,7 +4236,7 @@ static psa_status_t psa_generator_tls12_prf_generate_next_block(
size_t Ai_len;
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_generator_read() would have
* the capacity check in psa_key_derivation_output_bytes() would have
* prevented this call. It could happen only if the generator
* object was corrupted or if this function is called directly
* inside the library. */
@ -4376,7 +4376,7 @@ static psa_status_t psa_generator_tls12_prf_read(
}
#endif /* MBEDTLS_MD_C */
psa_status_t psa_generator_read( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *generator,
uint8_t *output,
size_t output_length )
{
@ -4454,7 +4454,7 @@ exit:
* blank generators, so we can return PSA_ERROR_BAD_STATE on blank
* generators. */
psa_algorithm_t alg = generator->alg;
psa_generator_abort( generator );
psa_key_derivation_abort( generator );
generator->alg = alg;
memset( output, '!', output_length );
}
@ -4476,7 +4476,7 @@ static void psa_des_set_key_parity( uint8_t *data, size_t data_size )
static psa_status_t psa_generate_derived_key_internal(
psa_key_slot_t *slot,
size_t bits,
psa_crypto_generator_t *generator )
psa_key_derivation_operation_t *generator )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
@ -4490,7 +4490,7 @@ static psa_status_t psa_generate_derived_key_internal(
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_generator_read( generator, data, bytes );
status = psa_key_derivation_output_bytes( generator, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
@ -4504,8 +4504,8 @@ exit:
return( status );
}
psa_status_t psa_generate_derived_key( const psa_key_attributes_t *attributes,
psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *generator,
psa_key_handle_t *handle )
{
psa_status_t status;
@ -4530,7 +4530,7 @@ psa_status_t psa_generate_derived_key( const psa_key_attributes_t *attributes,
psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
psa_crypto_generator_t *generator )
psa_key_derivation_operation_t *generator )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
@ -4544,7 +4544,7 @@ psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
status = psa_generator_read( generator, data, bytes );
status = psa_key_derivation_output_bytes( generator, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
@ -4568,7 +4568,7 @@ exit:
/* Set up an HKDF-based generator. This is exactly the extract phase
* of the HKDF algorithm.
*
* Note that if this function fails, you must call psa_generator_abort()
* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
@ -4613,7 +4613,7 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
#if defined(MBEDTLS_MD_C)
/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
*
* Note that if this function fails, you must call psa_generator_abort()
* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_generator_tls12_prf_setup(
@ -4661,7 +4661,7 @@ static psa_status_t psa_generator_tls12_prf_setup(
}
/* The first block gets generated when
* psa_generator_read() is called. */
* psa_key_derivation_output_bytes() is called. */
tls12_prf->block_number = 0;
tls12_prf->offset_in_block = hash_length;
@ -4710,11 +4710,11 @@ static psa_status_t psa_generator_tls12_psk_to_ms_setup(
}
#endif /* MBEDTLS_MD_C */
/* Note that if this function fails, you must call psa_generator_abort()
/* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_derivation_internal(
psa_crypto_generator_t *generator,
psa_key_derivation_operation_t *generator,
const uint8_t *secret, size_t secret_length,
psa_algorithm_t alg,
const uint8_t *salt, size_t salt_length,
@ -4801,7 +4801,7 @@ static psa_status_t psa_key_derivation_internal(
if( capacity <= max_capacity )
generator->capacity = capacity;
else if( capacity == PSA_GENERATOR_UNBRIDLED_CAPACITY )
else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY )
generator->capacity = max_capacity;
else
return( PSA_ERROR_INVALID_ARGUMENT );
@ -4809,7 +4809,7 @@ static psa_status_t psa_key_derivation_internal(
return( PSA_SUCCESS );
}
psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *salt,
@ -4845,12 +4845,12 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
label, label_length,
capacity );
if( status != PSA_SUCCESS )
psa_generator_abort( generator );
psa_key_derivation_abort( generator );
return( status );
}
static psa_status_t psa_key_derivation_setup_kdf(
psa_crypto_generator_t *generator,
psa_key_derivation_operation_t *generator,
psa_algorithm_t kdf_alg )
{
/* Make sure that kdf_alg is a supported key derivation algorithm. */
@ -4877,7 +4877,7 @@ static psa_status_t psa_key_derivation_setup_kdf(
return( PSA_ERROR_NOT_SUPPORTED );
}
psa_status_t psa_key_derivation_setup( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator,
psa_algorithm_t alg )
{
psa_status_t status;
@ -4972,7 +4972,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf,
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_key_derivation_input_raw(
psa_crypto_generator_t *generator,
psa_key_derivation_operation_t *generator,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
@ -5018,11 +5018,11 @@ static psa_status_t psa_key_derivation_input_raw(
}
if( status != PSA_SUCCESS )
psa_generator_abort( generator );
psa_key_derivation_abort( generator );
return( status );
}
psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *generator,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
@ -5039,7 +5039,7 @@ psa_status_t psa_key_derivation_input_bytes( psa_crypto_generator_t *generator,
}
}
psa_status_t psa_key_derivation_input_key( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t handle )
{
@ -5148,10 +5148,10 @@ static psa_status_t psa_key_agreement_raw_internal( psa_algorithm_t alg,
}
}
/* Note that if this function fails, you must call psa_generator_abort()
/* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *generator,
psa_key_derivation_step_t step,
psa_key_slot_t *private_key,
const uint8_t *peer_key,
@ -5183,7 +5183,7 @@ exit:
return( status );
}
psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
@ -5201,7 +5201,7 @@ psa_status_t psa_key_agreement( psa_crypto_generator_t *generator,
slot,
peer_key, peer_key_length );
if( status != PSA_SUCCESS )
psa_generator_abort( generator );
psa_key_derivation_abort( generator );
return( status );
}

10
library/ssl_cli.c
View File

@ -3116,7 +3116,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
unsigned char *own_pubkey_ecpoint;
size_t own_pubkey_ecpoint_len;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
header_len = 4;
@ -3178,7 +3178,7 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
content_len = own_pubkey_ecpoint_len + 1;
/* Compute ECDH shared secret. */
status = psa_key_agreement( &generator,
status = psa_key_derivation_key_agreement( &generator,
handshake->ecdh_psa_privkey,
handshake->ecdh_psa_peerkey,
handshake->ecdh_psa_peerkey_len,
@ -3191,16 +3191,16 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
ssl->handshake->pmslen =
MBEDTLS_PSA_ECC_KEY_BYTES_OF_CURVE( handshake->ecdh_psa_curve );
status = psa_generator_read( &generator,
status = psa_key_derivation_output_bytes( &generator,
ssl->handshake->premaster,
ssl->handshake->pmslen );
if( status != PSA_SUCCESS )
{
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_generator_abort( &generator );
status = psa_key_derivation_abort( &generator );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );

20
library/ssl_tls.c
View File

@ -526,7 +526,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
psa_algorithm_t alg;
psa_key_policy_t policy;
psa_key_handle_t master_slot;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
if( ( status = psa_allocate_key( &master_slot ) ) != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
@ -556,20 +556,20 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
dlen );
if( status != PSA_SUCCESS )
{
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( master_slot );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_generator_read( &generator, dstbuf, dlen );
status = psa_key_derivation_output_bytes( &generator, dstbuf, dlen );
if( status != PSA_SUCCESS )
{
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( master_slot );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_generator_abort( &generator );
status = psa_key_derivation_abort( &generator );
if( status != PSA_SUCCESS )
{
psa_destroy_key( master_slot );
@ -892,7 +892,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
/* Perform PSK-to-MS expansion in a single step. */
psa_status_t status;
psa_algorithm_t alg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_handle_t psk;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "perform PSA-based PSK-to-MS expansion" ) );
@ -913,19 +913,19 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
master_secret_len );
if( status != PSA_SUCCESS )
{
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_generator_read( &generator, session->master,
status = psa_key_derivation_output_bytes( &generator, session->master,
master_secret_len );
if( status != PSA_SUCCESS )
{
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}
status = psa_generator_abort( &generator );
status = psa_key_derivation_abort( &generator );
if( status != PSA_SUCCESS )
return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
}