lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity

Rename generator functions to psa_key_derivation_xxx

Browse Source 
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
This commit is contained in:
Gilles Peskine
2019-05-16 15:28:51 +02:00
parent d35249e66f
commit a99d3fbd05
9 changed files with 182 additions and 182 deletions
Download Patch File Download Diff File Expand all files Collapse all files

162
tests/suites/test_suite_psa_crypto.function
View File

@ -525,7 +525,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char label[16] = "This is a label.";
size_t label_length = sizeof( label );
unsigned char seed[16] = "abcdefghijklmnop";
@ -558,10 +558,10 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
seed, seed_length,
sizeof( output ) ) );
}
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
output,
sizeof( output ) ) );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
}
return( 1 );
@ -572,7 +572,7 @@ exit:
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *generator,
psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
@ -581,7 +581,7 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
uint8_t *public_key = NULL;
size_t public_key_length;
/* Return GENERIC_ERROR if something other than the final call to
* psa_key_agreement fails. This isn't fully satisfactory, but it's
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -596,7 +596,7 @@ static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
public_key, public_key_length,
&public_key_length ) );
status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle,
status = psa_key_derivation_key_agreement( generator, PSA_KDF_STEP_SECRET, handle,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
@ -617,7 +617,7 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
uint8_t output[1024];
size_t output_length;
/* Return GENERIC_ERROR if something other than the final call to
* psa_key_agreement fails. This isn't fully satisfactory, but it's
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -664,7 +664,7 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
psa_key_usage_t usage,
psa_algorithm_t alg )
{
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output[1];
int ok = 0;
@ -674,10 +674,10 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
* private key against its own public key. */
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
output,
sizeof( output ) ) );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
}
ok = 1;
@ -1844,7 +1844,7 @@ void derive_key_policy( int policy_usage,
{
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@ -1868,7 +1868,7 @@ void derive_key_policy( int policy_usage,
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -1884,7 +1884,7 @@ void agreement_key_policy( int policy_usage,
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@ -1906,7 +1906,7 @@ void agreement_key_policy( int policy_usage,
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -1922,7 +1922,7 @@ void raw_agreement_key_policy( int policy_usage,
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@ -1943,7 +1943,7 @@ void raw_agreement_key_policy( int policy_usage,
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4003,24 +4003,24 @@ void crypto_generator_init( )
* though it's OK by the C standard. We could test for this, but we'd need
* to supress the Clang warning for the test. */
size_t capacity;
psa_crypto_generator_t func = psa_crypto_generator_init( );
psa_crypto_generator_t init = PSA_CRYPTO_GENERATOR_INIT;
psa_crypto_generator_t zero;
psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_derivation_operation_t zero;
memset( &zero, 0, sizeof( zero ) );
/* A default generator should not be able to report its capacity. */
TEST_EQUAL( psa_get_generator_capacity( &func, &capacity ),
TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
PSA_ERROR_BAD_STATE );
TEST_EQUAL( psa_get_generator_capacity( &init, &capacity ),
TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
PSA_ERROR_BAD_STATE );
TEST_EQUAL( psa_get_generator_capacity( &zero, &capacity ),
TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
PSA_ERROR_BAD_STATE );
/* A default generator should be abortable without error. */
PSA_ASSERT( psa_generator_abort(&func) );
PSA_ASSERT( psa_generator_abort(&init) );
PSA_ASSERT( psa_generator_abort(&zero) );
PSA_ASSERT( psa_key_derivation_abort(&func) );
PSA_ASSERT( psa_key_derivation_abort(&init) );
PSA_ASSERT( psa_key_derivation_abort(&zero) );
}
/* END_CASE */
@ -4038,7 +4038,7 @@ void derive_setup( int key_type_arg,
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_status_t expected_status = expected_status_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@ -4057,7 +4057,7 @@ void derive_setup( int key_type_arg,
expected_status );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4068,7 +4068,7 @@ void test_derive_invalid_generator_state( )
{
psa_key_handle_t handle = 0;
size_t key_type = PSA_KEY_TYPE_DERIVE;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
uint8_t buffer[42];
size_t capacity = sizeof( buffer );
@ -4100,13 +4100,13 @@ void test_derive_invalid_generator_state( )
capacity ),
PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_generator_read( &generator, buffer, capacity ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &generator, buffer, capacity ) );
TEST_EQUAL( psa_generator_read( &generator, buffer, capacity ),
TEST_EQUAL( psa_key_derivation_output_bytes( &generator, buffer, capacity ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4118,24 +4118,24 @@ void test_derive_invalid_generator_tests( )
uint8_t output_buffer[16];
size_t buffer_size = 16;
size_t capacity = 0;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
== PSA_ERROR_BAD_STATE );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
TEST_ASSERT( psa_generator_read( &generator, output_buffer, buffer_size )
TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
TEST_ASSERT( psa_get_generator_capacity( &generator, &capacity )
TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
== PSA_ERROR_BAD_STATE );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
}
/* END_CASE */
@ -4151,7 +4151,7 @@ void derive_output( int alg_arg,
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
{expected_output1->x, expected_output2->x};
size_t output_sizes[2] =
@ -4185,7 +4185,7 @@ void derive_output( int alg_arg,
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_set_generator_capacity( &generator,
PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_SALT,
@ -4205,7 +4205,7 @@ void derive_output( int alg_arg,
label->x, label->len,
requested_capacity ) );
}
PSA_ASSERT( psa_get_generator_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
&current_capacity ) );
TEST_EQUAL( current_capacity, requested_capacity );
expected_capacity = requested_capacity;
@ -4214,7 +4214,7 @@ void derive_output( int alg_arg,
for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
{
/* Read some bytes. */
status = psa_generator_read( &generator,
status = psa_key_derivation_output_bytes( &generator,
output_buffer, output_sizes[i] );
if( expected_capacity == 0 && output_sizes[i] == 0 )
{
@ -4238,15 +4238,15 @@ void derive_output( int alg_arg,
expected_outputs[i], output_sizes[i] );
/* Check the generator status. */
expected_capacity -= output_sizes[i];
PSA_ASSERT( psa_get_generator_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
&current_capacity ) );
TEST_EQUAL( expected_capacity, current_capacity );
}
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
exit:
mbedtls_free( output_buffer );
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4262,7 +4262,7 @@ void derive_full( int alg_arg,
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output_buffer[16];
size_t expected_capacity = requested_capacity;
size_t current_capacity;
@ -4281,7 +4281,7 @@ void derive_full( int alg_arg,
if( PSA_ALG_IS_HKDF( alg ) )
{
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_set_generator_capacity( &generator,
PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
PSA_KDF_STEP_SALT,
@ -4301,7 +4301,7 @@ void derive_full( int alg_arg,
label->x, label->len,
requested_capacity ) );
}
PSA_ASSERT( psa_get_generator_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
@ -4311,23 +4311,23 @@ void derive_full( int alg_arg,
size_t read_size = sizeof( output_buffer );
if( read_size > current_capacity )
read_size = current_capacity;
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
output_buffer,
read_size ) );
expected_capacity -= read_size;
PSA_ASSERT( psa_get_generator_capacity( &generator,
PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
}
/* Check that the generator refuses to go over capacity. */
TEST_EQUAL( psa_generator_read( &generator, output_buffer, 1 ),
TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output_buffer, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@ -4351,7 +4351,7 @@ void derive_key_exercise( int alg_arg,
psa_key_usage_t derived_usage = derived_usage_arg;
psa_algorithm_t derived_alg = derived_alg_arg;
size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -4372,7 +4372,7 @@ void derive_key_exercise( int alg_arg,
psa_set_key_algorithm( &attributes, derived_alg );
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
PSA_ASSERT( psa_generate_derived_key( &attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
&derived_handle ) );
/* Test the key information */
@ -4385,7 +4385,7 @@ void derive_key_exercise( int alg_arg,
goto exit;
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_reset_key_attributes( &got_attributes );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
@ -4407,7 +4407,7 @@ void derive_key_export( int alg_arg,
size_t bytes1 = bytes1_arg;
size_t bytes2 = bytes2_arg;
size_t capacity = bytes1 + bytes2;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *output_buffer = NULL;
uint8_t *export_buffer = NULL;
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -4429,10 +4429,10 @@ void derive_key_export( int alg_arg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
output_buffer,
capacity ) );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
/* Derive the same output again, but this time store it in key objects. */
PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
@ -4443,7 +4443,7 @@ void derive_key_export( int alg_arg,
psa_set_key_algorithm( &derived_attributes, 0 );
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer, bytes1,
@ -4451,7 +4451,7 @@ void derive_key_export( int alg_arg,
TEST_EQUAL( length, bytes1 );
PSA_ASSERT( psa_destroy_key( derived_handle ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
PSA_ASSERT( psa_generate_derived_key( &derived_attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer + bytes1, bytes2,
@ -4465,7 +4465,7 @@ void derive_key_export( int alg_arg,
exit:
mbedtls_free( output_buffer );
mbedtls_free( export_buffer );
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
mbedtls_psa_crypto_free( );
@ -4481,7 +4481,7 @@ void key_agreement_setup( int alg_arg,
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@ -4502,7 +4502,7 @@ void key_agreement_setup( int alg_arg,
status = psa_key_derivation_setup( &generator, alg );
if( status == PSA_SUCCESS )
{
TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ),
expected_status );
@ -4513,7 +4513,7 @@ void key_agreement_setup( int alg_arg,
}
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
}
@ -4565,7 +4565,7 @@ void key_agreement_capacity( int alg_arg,
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t actual_capacity;
unsigned char output[16];
@ -4580,7 +4580,7 @@ void key_agreement_capacity( int alg_arg,
&our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
@ -4592,24 +4592,24 @@ void key_agreement_capacity( int alg_arg,
}
/* Test the advertized capacity. */
PSA_ASSERT( psa_get_generator_capacity(
PSA_ASSERT( psa_key_derivation_get_capacity(
&generator, &actual_capacity ) );
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
/* Test the actual capacity by reading the output. */
while( actual_capacity > sizeof( output ) )
{
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
output, sizeof( output ) ) );
actual_capacity -= sizeof( output );
}
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
output, actual_capacity ) );
TEST_EQUAL( psa_generator_read( &generator, output, 1 ),
TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
}
@ -4624,7 +4624,7 @@ void key_agreement_output( int alg_arg,
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
@ -4641,7 +4641,7 @@ void key_agreement_output( int alg_arg,
&our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
@ -4652,14 +4652,14 @@ void key_agreement_output( int alg_arg,
NULL, 0 ) );
}
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
actual_output,
expected_output1->len ) );
ASSERT_COMPARE( actual_output, expected_output1->len,
expected_output1->x, expected_output1->len );
if( expected_output2->len != 0 )
{
PSA_ASSERT( psa_generator_read( &generator,
PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
actual_output,
expected_output2->len ) );
ASSERT_COMPARE( actual_output, expected_output2->len,
@ -4667,7 +4667,7 @@ void key_agreement_output( int alg_arg,
}
exit:
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
mbedtls_free( actual_output );
@ -4886,7 +4886,7 @@ void persistent_key_load_key_from_storage( data_t *data,
size_t bits = bits_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
@ -4940,9 +4940,9 @@ void persistent_key_load_key_from_storage( data_t *data,
PSA_ASSERT( psa_key_derivation_input_bytes(
&generator, PSA_KDF_STEP_INFO,
NULL, 0 ) );
PSA_ASSERT( psa_generate_derived_key( &attributes, &generator,
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
&handle ) );
PSA_ASSERT( psa_generator_abort( &generator ) );
PSA_ASSERT( psa_key_derivation_abort( &generator ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = 0;
}
@ -4994,7 +4994,7 @@ exit:
psa_reset_key_attributes( &attributes );
mbedtls_free( first_export );
mbedtls_free( second_export );
psa_generator_abort( &generator );
psa_key_derivation_abort( &generator );
psa_destroy_key( base_key );
if( handle == 0 )
{