Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
This commit is contained in:
commit
21db2a94a4
@ -3216,6 +3216,8 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* The key type or key size is not supported, either by the
|
||||
* implementation in general or in this particular location.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The provided key attributes are not valid for the operation.
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
|
||||
|
@ -335,65 +335,6 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
|
||||
psa_status_t mbedtls_psa_inject_entropy(uint8_t *seed,
|
||||
size_t seed_size);
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
/** Set up a key derivation operation.
|
||||
*
|
||||
* FIMXE This function is no longer part of the official API. Its prototype
|
||||
* is only kept around for the sake of tests that haven't been updated yet.
|
||||
*
|
||||
* A key derivation algorithm takes three inputs: a secret input \p handle and
|
||||
* two non-secret inputs \p label and p salt.
|
||||
* The result of this function is a byte generator which can
|
||||
* be used to produce keys and other cryptographic material.
|
||||
*
|
||||
* The role of \p label and \p salt is as follows:
|
||||
* - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
|
||||
* and \p label is the info string used in the "expand" step.
|
||||
*
|
||||
* \param[in,out] operation The key derivation object to set up. It must
|
||||
* have been initialized as per the documentation
|
||||
* for #psa_key_derivation_operation_t and not
|
||||
* yet be in use.
|
||||
* \param handle Handle to the secret key.
|
||||
* \param alg The key derivation algorithm to compute
|
||||
* (\c PSA_ALG_XXX value such that
|
||||
* #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
|
||||
* \param[in] salt Salt to use.
|
||||
* \param salt_length Size of the \p salt buffer in bytes.
|
||||
* \param[in] label Label to use.
|
||||
* \param label_length Size of the \p label buffer in bytes.
|
||||
* \param capacity The maximum number of bytes that the
|
||||
* operation will be able to provide.
|
||||
*
|
||||
* \retval #PSA_SUCCESS
|
||||
* Success.
|
||||
* \retval #PSA_ERROR_INVALID_HANDLE
|
||||
* \retval #PSA_ERROR_EMPTY_SLOT
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c key is not compatible with \c alg,
|
||||
* or \p capacity is too large for the specified algorithm and key.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \c alg is not supported or is not a key derivation algorithm.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The library has not been previously initialized by psa_crypto_init().
|
||||
* It is implementation-dependent whether a failure to initialize
|
||||
* results in this error code.
|
||||
*/
|
||||
psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation,
|
||||
psa_key_handle_t handle,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length,
|
||||
size_t capacity);
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
|
||||
/** \addtogroup crypto_types
|
||||
* @{
|
||||
*/
|
||||
|
@ -211,49 +211,7 @@ typedef struct
|
||||
} psa_hkdf_key_derivation_t;
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
/*
|
||||
* If this option is not turned on, then the function `psa_key_derivation()`
|
||||
* is removed. And the new psa_tls12_prf_key_derivation_t context is used along
|
||||
* with the corresponding new API.
|
||||
*
|
||||
* The sole purpose of this option is to make the transition to the new API
|
||||
* smoother. Once the transition is complete it can and should be removed
|
||||
* along with the old API and its implementation.
|
||||
*/
|
||||
#define PSA_PRE_1_0_KEY_DERIVATION
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
typedef struct psa_tls12_prf_key_derivation_s
|
||||
{
|
||||
/* The TLS 1.2 PRF uses the key for each HMAC iteration,
|
||||
* hence we must store it for the lifetime of the operation.
|
||||
* This is different from HKDF, where the key is only used
|
||||
* in the extraction phase, but not during expansion. */
|
||||
uint8_t *key;
|
||||
size_t key_len;
|
||||
|
||||
/* `A(i) + seed` in the notation of RFC 5246, Sect. 5 */
|
||||
uint8_t *Ai_with_seed;
|
||||
size_t Ai_with_seed_len;
|
||||
|
||||
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
|
||||
uint8_t output_block[PSA_HASH_MAX_SIZE];
|
||||
|
||||
#if PSA_HASH_MAX_SIZE > 0xff
|
||||
#error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
|
||||
#endif
|
||||
|
||||
/* Indicates how many bytes in the current HMAC block have
|
||||
* already been read by the user. */
|
||||
uint8_t offset_in_block;
|
||||
|
||||
/* The 1-based number of the block. */
|
||||
uint8_t block_number;
|
||||
|
||||
} psa_tls12_prf_key_derivation_t;
|
||||
#else
|
||||
|
||||
typedef enum
|
||||
{
|
||||
TLS12_PRF_STATE_INIT, /* no input provided */
|
||||
@ -288,7 +246,6 @@ typedef struct psa_tls12_prf_key_derivation_s
|
||||
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
|
||||
uint8_t output_block[PSA_HASH_MAX_SIZE];
|
||||
} psa_tls12_prf_key_derivation_t;
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
struct psa_key_derivation_s
|
||||
|
@ -2600,14 +2600,6 @@ static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac )
|
||||
mbedtls_platform_zeroize( hmac->opad, sizeof( hmac->opad ) );
|
||||
return( psa_hash_abort( &hmac->hash_ctx ) );
|
||||
}
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
static void psa_hmac_init_internal( psa_hmac_internal_data *hmac )
|
||||
{
|
||||
/* Instances of psa_hash_operation_s can be initialized by zeroization. */
|
||||
memset( hmac, 0, sizeof( *hmac ) );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
psa_status_t psa_mac_abort( psa_mac_operation_t *operation )
|
||||
@ -4394,21 +4386,6 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation
|
||||
/* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
|
||||
{
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
if( operation->ctx.tls12_prf.key != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( operation->ctx.tls12_prf.key,
|
||||
operation->ctx.tls12_prf.key_len );
|
||||
mbedtls_free( operation->ctx.tls12_prf.key );
|
||||
}
|
||||
|
||||
if( operation->ctx.tls12_prf.Ai_with_seed != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed,
|
||||
operation->ctx.tls12_prf.Ai_with_seed_len );
|
||||
mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed );
|
||||
}
|
||||
#else
|
||||
if( operation->ctx.tls12_prf.seed != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( operation->ctx.tls12_prf.seed,
|
||||
@ -4427,7 +4404,6 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation
|
||||
|
||||
/* We leave the fields Ai and output_block to be erased safely by the
|
||||
* mbedtls_platform_zeroize() in the end of this function. */
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
@ -4532,119 +4508,6 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
|
||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||
psa_algorithm_t alg )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
psa_hmac_internal_data hmac;
|
||||
psa_status_t status, cleanup_status;
|
||||
|
||||
uint8_t *Ai;
|
||||
size_t Ai_len;
|
||||
|
||||
/* We can't be wanting more output after block 0xff, otherwise
|
||||
* the capacity check in psa_key_derivation_output_bytes() would have
|
||||
* prevented this call. It could happen only if the operation
|
||||
* object was corrupted or if this function is called directly
|
||||
* inside the library. */
|
||||
if( tls12_prf->block_number == 0xff )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
/* We need a new block */
|
||||
++tls12_prf->block_number;
|
||||
tls12_prf->offset_in_block = 0;
|
||||
|
||||
/* Recall the definition of the TLS-1.2-PRF from RFC 5246:
|
||||
*
|
||||
* PRF(secret, label, seed) = P_<hash>(secret, label + seed)
|
||||
*
|
||||
* P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +
|
||||
* HMAC_hash(secret, A(2) + seed) +
|
||||
* HMAC_hash(secret, A(3) + seed) + ...
|
||||
*
|
||||
* A(0) = seed
|
||||
* A(i) = HMAC_hash( secret, A(i-1) )
|
||||
*
|
||||
* The `psa_tls12_prf_key_derivation` structures saves the block
|
||||
* `HMAC_hash(secret, A(i) + seed)` from which the output
|
||||
* is currently extracted as `output_block`, while
|
||||
* `A(i) + seed` is stored in `Ai_with_seed`.
|
||||
*
|
||||
* Generating a new block means recalculating `Ai_with_seed`
|
||||
* from the A(i)-part of it, and afterwards recalculating
|
||||
* `output_block`.
|
||||
*
|
||||
* A(0) is computed at setup time.
|
||||
*
|
||||
*/
|
||||
|
||||
psa_hmac_init_internal( &hmac );
|
||||
|
||||
/* We must distinguish the calculation of A(1) from those
|
||||
* of A(2) and higher, because A(0)=seed has a different
|
||||
* length than the other A(i). */
|
||||
if( tls12_prf->block_number == 1 )
|
||||
{
|
||||
Ai = tls12_prf->Ai_with_seed + hash_length;
|
||||
Ai_len = tls12_prf->Ai_with_seed_len - hash_length;
|
||||
}
|
||||
else
|
||||
{
|
||||
Ai = tls12_prf->Ai_with_seed;
|
||||
Ai_len = hash_length;
|
||||
}
|
||||
|
||||
/* Compute A(i+1) = HMAC_hash(secret, A(i)) */
|
||||
status = psa_hmac_setup_internal( &hmac,
|
||||
tls12_prf->key,
|
||||
tls12_prf->key_len,
|
||||
hash_alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hash_update( &hmac.hash_ctx,
|
||||
Ai, Ai_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hmac_finish_internal( &hmac,
|
||||
tls12_prf->Ai_with_seed,
|
||||
hash_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
/* Compute the next block `HMAC_hash(secret, A(i+1) + seed)`. */
|
||||
status = psa_hmac_setup_internal( &hmac,
|
||||
tls12_prf->key,
|
||||
tls12_prf->key_len,
|
||||
hash_alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hash_update( &hmac.hash_ctx,
|
||||
tls12_prf->Ai_with_seed,
|
||||
tls12_prf->Ai_with_seed_len );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
status = psa_hmac_finish_internal( &hmac,
|
||||
tls12_prf->output_block,
|
||||
hash_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto cleanup;
|
||||
|
||||
cleanup:
|
||||
|
||||
cleanup_status = psa_hmac_abort_internal( &hmac );
|
||||
if( status == PSA_SUCCESS && cleanup_status != PSA_SUCCESS )
|
||||
status = cleanup_status;
|
||||
|
||||
return( status );
|
||||
}
|
||||
#else
|
||||
static psa_status_t psa_key_derivation_tls12_prf_generate_next_block(
|
||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||
psa_algorithm_t alg )
|
||||
@ -4752,49 +4615,7 @@ cleanup:
|
||||
|
||||
return( status );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
/* Read some bytes from an TLS-1.2-PRF-based operation.
|
||||
* See Section 5 of RFC 5246. */
|
||||
static psa_status_t psa_key_derivation_tls12_prf_read(
|
||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||
psa_algorithm_t alg,
|
||||
uint8_t *output,
|
||||
size_t output_length )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
psa_status_t status;
|
||||
|
||||
while( output_length != 0 )
|
||||
{
|
||||
/* Copy what remains of the current block */
|
||||
uint8_t n = hash_length - tls12_prf->offset_in_block;
|
||||
|
||||
/* Check if we have fully processed the current block. */
|
||||
if( n == 0 )
|
||||
{
|
||||
status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf,
|
||||
alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if( n > output_length )
|
||||
n = (uint8_t) output_length;
|
||||
memcpy( output, tls12_prf->output_block + tls12_prf->offset_in_block,
|
||||
n );
|
||||
output += n;
|
||||
output_length -= n;
|
||||
tls12_prf->offset_in_block += n;
|
||||
}
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#else
|
||||
static psa_status_t psa_key_derivation_tls12_prf_read(
|
||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||
psa_algorithm_t alg,
|
||||
@ -4833,7 +4654,6 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
psa_status_t psa_key_derivation_output_bytes(
|
||||
@ -4987,284 +4807,6 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
||||
/* Key derivation */
|
||||
/****************************************************************/
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
/* Set up an HKDF-based operation. This is exactly the extract phase
|
||||
* of the HKDF algorithm.
|
||||
*
|
||||
* Note that if this function fails, you must call psa_key_derivation_abort()
|
||||
* to potentially free embedded data structures and wipe confidential data.
|
||||
*/
|
||||
static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf,
|
||||
const uint8_t *secret,
|
||||
size_t secret_length,
|
||||
psa_algorithm_t hash_alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
status = psa_hmac_setup_internal( &hkdf->hmac,
|
||||
salt, salt_length,
|
||||
hash_alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_hash_update( &hkdf->hmac.hash_ctx, secret, secret_length );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
status = psa_hmac_finish_internal( &hkdf->hmac,
|
||||
hkdf->prk,
|
||||
sizeof( hkdf->prk ) );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
hkdf->offset_in_block = PSA_HASH_SIZE( hash_alg );
|
||||
hkdf->block_number = 0;
|
||||
hkdf->info_length = label_length;
|
||||
if( label_length != 0 )
|
||||
{
|
||||
hkdf->info = mbedtls_calloc( 1, label_length );
|
||||
if( hkdf->info == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
memcpy( hkdf->info, label, label_length );
|
||||
}
|
||||
hkdf->state = HKDF_STATE_KEYED;
|
||||
hkdf->info_set = 1;
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
|
||||
*
|
||||
* Note that if this function fails, you must call psa_key_derivation_abort()
|
||||
* to potentially free embedded data structures and wipe confidential data.
|
||||
*/
|
||||
static psa_status_t psa_key_derivation_tls12_prf_setup(
|
||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||
const uint8_t *key,
|
||||
size_t key_len,
|
||||
psa_algorithm_t hash_alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length )
|
||||
{
|
||||
uint8_t hash_length = PSA_HASH_SIZE( hash_alg );
|
||||
size_t Ai_with_seed_len = hash_length + salt_length + label_length;
|
||||
int overflow;
|
||||
|
||||
tls12_prf->key = mbedtls_calloc( 1, key_len );
|
||||
if( tls12_prf->key == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
tls12_prf->key_len = key_len;
|
||||
memcpy( tls12_prf->key, key, key_len );
|
||||
|
||||
overflow = ( salt_length + label_length < salt_length ) ||
|
||||
( salt_length + label_length + hash_length < hash_length );
|
||||
if( overflow )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
tls12_prf->Ai_with_seed = mbedtls_calloc( 1, Ai_with_seed_len );
|
||||
if( tls12_prf->Ai_with_seed == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
tls12_prf->Ai_with_seed_len = Ai_with_seed_len;
|
||||
|
||||
/* Write `label + seed' at the end of the `A(i) + seed` buffer,
|
||||
* leaving the initial `hash_length` bytes unspecified for now. */
|
||||
if( label_length != 0 )
|
||||
{
|
||||
memcpy( tls12_prf->Ai_with_seed + hash_length,
|
||||
label, label_length );
|
||||
}
|
||||
|
||||
if( salt_length != 0 )
|
||||
{
|
||||
memcpy( tls12_prf->Ai_with_seed + hash_length + label_length,
|
||||
salt, salt_length );
|
||||
}
|
||||
|
||||
/* The first block gets generated when
|
||||
* psa_key_derivation_output_bytes() is called. */
|
||||
tls12_prf->block_number = 0;
|
||||
tls12_prf->offset_in_block = hash_length;
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
/* Set up a TLS-1.2-PSK-to-MS-based operation. */
|
||||
static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
|
||||
psa_tls12_prf_key_derivation_t *tls12_prf,
|
||||
const uint8_t *psk,
|
||||
size_t psk_len,
|
||||
psa_algorithm_t hash_alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t pms[ 4 + 2 * PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN ];
|
||||
|
||||
if( psk_len > PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
/* Quoting RFC 4279, Section 2:
|
||||
*
|
||||
* The premaster secret is formed as follows: if the PSK is N octets
|
||||
* long, concatenate a uint16 with the value N, N zero octets, a second
|
||||
* uint16 with the value N, and the PSK itself.
|
||||
*/
|
||||
|
||||
pms[0] = ( psk_len >> 8 ) & 0xff;
|
||||
pms[1] = ( psk_len >> 0 ) & 0xff;
|
||||
memset( pms + 2, 0, psk_len );
|
||||
pms[2 + psk_len + 0] = pms[0];
|
||||
pms[2 + psk_len + 1] = pms[1];
|
||||
memcpy( pms + 4 + psk_len, psk, psk_len );
|
||||
|
||||
status = psa_key_derivation_tls12_prf_setup( tls12_prf,
|
||||
pms, 4 + 2 * psk_len,
|
||||
hash_alg,
|
||||
salt, salt_length,
|
||||
label, label_length );
|
||||
|
||||
mbedtls_platform_zeroize( pms, sizeof( pms ) );
|
||||
return( status );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
/* Note that if this function fails, you must call psa_key_derivation_abort()
|
||||
* to potentially free embedded data structures and wipe confidential data.
|
||||
*/
|
||||
static psa_status_t psa_key_derivation_internal(
|
||||
psa_key_derivation_operation_t *operation,
|
||||
const uint8_t *secret, size_t secret_length,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *salt, size_t salt_length,
|
||||
const uint8_t *label, size_t label_length,
|
||||
size_t capacity )
|
||||
{
|
||||
psa_status_t status;
|
||||
size_t max_capacity;
|
||||
|
||||
/* Set operation->alg even on failure so that abort knows what to do. */
|
||||
operation->alg = alg;
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_HKDF( alg ) )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg );
|
||||
size_t hash_size = PSA_HASH_SIZE( hash_alg );
|
||||
if( hash_size == 0 )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
max_capacity = 255 * hash_size;
|
||||
status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf,
|
||||
secret, secret_length,
|
||||
hash_alg,
|
||||
salt, salt_length,
|
||||
label, label_length );
|
||||
}
|
||||
/* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
|
||||
else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
|
||||
PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
|
||||
{
|
||||
psa_algorithm_t hash_alg = PSA_ALG_TLS12_PRF_GET_HASH( alg );
|
||||
size_t hash_size = PSA_HASH_SIZE( hash_alg );
|
||||
|
||||
/* TLS-1.2 PRF supports only SHA-256 and SHA-384. */
|
||||
if( hash_alg != PSA_ALG_SHA_256 &&
|
||||
hash_alg != PSA_ALG_SHA_384 )
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
max_capacity = 255 * hash_size;
|
||||
|
||||
if( PSA_ALG_IS_TLS12_PRF( alg ) )
|
||||
{
|
||||
status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf,
|
||||
secret, secret_length,
|
||||
hash_alg, salt, salt_length,
|
||||
label, label_length );
|
||||
}
|
||||
else
|
||||
{
|
||||
status = psa_key_derivation_tls12_psk_to_ms_setup(
|
||||
&operation->ctx.tls12_prf,
|
||||
secret, secret_length,
|
||||
hash_alg, salt, salt_length,
|
||||
label, label_length );
|
||||
}
|
||||
}
|
||||
else
|
||||
#endif
|
||||
{
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
}
|
||||
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( capacity <= max_capacity )
|
||||
operation->capacity = capacity;
|
||||
else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY )
|
||||
operation->capacity = max_capacity;
|
||||
else
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
return( PSA_SUCCESS );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
|
||||
psa_key_handle_t handle,
|
||||
psa_algorithm_t alg,
|
||||
const uint8_t *salt,
|
||||
size_t salt_length,
|
||||
const uint8_t *label,
|
||||
size_t label_length,
|
||||
size_t capacity )
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
if( operation->alg != 0 )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
/* Make sure that alg is a key derivation algorithm. This prevents
|
||||
* key selection algorithms, which psa_key_derivation_internal
|
||||
* accepts for the sake of key agreement. */
|
||||
if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_get_transparent_key( handle, &slot, PSA_KEY_USAGE_DERIVE, alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
||||
if( slot->attr.type != PSA_KEY_TYPE_DERIVE )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
status = psa_key_derivation_internal( operation,
|
||||
slot->data.raw.data,
|
||||
slot->data.raw.bytes,
|
||||
alg,
|
||||
salt, salt_length,
|
||||
label, label_length,
|
||||
capacity );
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_key_derivation_abort( operation );
|
||||
return( status );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
|
||||
static psa_status_t psa_key_derivation_setup_kdf(
|
||||
psa_key_derivation_operation_t *operation,
|
||||
psa_algorithm_t kdf_alg )
|
||||
@ -5390,38 +4932,6 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
static psa_status_t psa_tls12_prf_input( psa_tls12_prf_key_derivation_t *prf,
|
||||
psa_algorithm_t hash_alg,
|
||||
psa_key_derivation_step_t step,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
(void) prf;
|
||||
(void) hash_alg;
|
||||
(void) step;
|
||||
(void) data;
|
||||
(void) data_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
static psa_status_t psa_tls12_prf_psk_to_ms_input(
|
||||
psa_tls12_prf_key_derivation_t *prf,
|
||||
psa_algorithm_t hash_alg,
|
||||
psa_key_derivation_step_t step,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
(void) prf;
|
||||
(void) hash_alg;
|
||||
(void) step;
|
||||
(void) data;
|
||||
(void) data_length;
|
||||
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
#else
|
||||
static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
@ -5553,7 +5063,6 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input(
|
||||
|
||||
return( psa_tls12_prf_input( prf, hash_alg, step, data, data_length ) );
|
||||
}
|
||||
#endif /* PSA_PRE_1_0_KEY_DERIVATION */
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
static psa_status_t psa_key_derivation_input_internal(
|
||||
@ -5572,10 +5081,7 @@ static psa_status_t psa_key_derivation_input_internal(
|
||||
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
|
||||
step, data, data_length );
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
|
||||
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
|
||||
{
|
||||
status = psa_tls12_prf_input( &operation->ctx.tls12_prf,
|
||||
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
|
||||
|
@ -68,14 +68,13 @@
|
||||
/* If the build options we need are not enabled, compile a placeholder. */
|
||||
#if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \
|
||||
!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \
|
||||
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) ||\
|
||||
defined(PSA_PRE_1_0_KEY_DERIVATION)
|
||||
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
|
||||
int main( void )
|
||||
{
|
||||
printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
|
||||
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
|
||||
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO and/or "
|
||||
"not defined and/or PSA_PRE_1_0_KEY_DERIVATION defined.\n");
|
||||
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO "
|
||||
"not defined.\n");
|
||||
return( 0 );
|
||||
}
|
||||
#else
|
||||
|
@ -505,7 +505,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive via TLS 1.2 PRF, permitted
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive via HKDF, not permitted
|
||||
@ -513,7 +513,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:0:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive via TLS 1.2 PRF, not permitted
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:0:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key policy: derive via HKDF, wrong algorithm
|
||||
@ -521,7 +521,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
|
||||
|
||||
PSA key policy: derive via TLS 1.2 PRF, wrong algorithm
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224)
|
||||
|
||||
PSA key policy: agreement + KDF, permitted
|
||||
@ -1515,7 +1515,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA import/exercise: TLS 1.2 PRF SHA-256
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA sign: RSA PKCS#1 v1.5, raw
|
||||
@ -1844,39 +1844,39 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, key first
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, label first
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, early label
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, double seed
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, double key
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, bad key type
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: HKDF invalid state (double generate + read past capacity)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF invalid state (double generate + read past capacity)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
test_derive_invalid_key_derivation_state:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key derivation: invalid state (call read/get_capacity after init and abort)
|
||||
@ -1933,70 +1933,70 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_K
|
||||
|
||||
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":""
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"a0ba9f936cda311827a6f796ffd5198c":PSA_KEY_DERIVATION_INPUT_SECRET:"9bbe436ba940f017b17652849a71db35":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":""
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f"
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"cd665cf6a8447dd6ff8b27555edb7465":PSA_KEY_DERIVATION_INPUT_SECRET:"b80b733d6ceefcdc71566ea48e5567df":PSA_KEY_DERIVATION_INPUT_LABEL:"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5"
|
||||
|
||||
# Test case manually extracted from debug output of TLS-PSK run
|
||||
# Label: "master secret"
|
||||
# Salt: Concatenation of ClientHello.Random and ServerHello.Random
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":""
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710"
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":""
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18"
|
||||
|
||||
PSA key derivation: HKDF SHA-256, request maximum capacity
|
||||
@ -2016,7 +2016,7 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
|
||||
derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: over capacity 42: output 42+1
|
||||
@ -2044,98 +2044,98 @@ depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
|
||||
|
||||
PSA key derivation: HKDF SHA-256, exercise AES128-CTR
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
PSA key derivation: HKDF SHA-256, exercise AES256-CTR
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
PSA key derivation: HKDF SHA-256, exercise DES-CBC
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
|
||||
|
||||
PSA key derivation: HKDF SHA-256, exercise 2-key 3DES-CBC
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
|
||||
|
||||
PSA key derivation: HKDF SHA-256, exercise 3-key 3DES-CBC
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
|
||||
|
||||
PSA key derivation: HKDF SHA-256, exercise HMAC-SHA-256
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES128-CTR
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise AES256-CTR
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise DES-CBC
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise 2-key 3DES-CBC
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise 3-key 3DES-CBC
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise HMAC-SHA-256
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN:PSA_ALG_HMAC(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, exercise HKDF-SHA-256
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256)
|
||||
|
||||
PSA key derivation: HKDF SHA-256, derive key export, 16+32
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32
|
||||
|
||||
PSA key derivation: HKDF SHA-256, derive key export, 1+41
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_export:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 16+32
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":16:32
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 1+41
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41
|
||||
|
||||
PSA key derivation: invalid type (0)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: invalid type (PSA_KEY_TYPE_CATEGORY_MASK)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
# This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes
|
||||
# and not expected to be raised any time soon) is less than the maximum
|
||||
# output from HKDF-SHA512 (255*64 = 16320 bytes).
|
||||
PSA key derivation: largest possible key
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: key too large
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!PSA_PRE_1_0_KEY_DERIVATION
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA key agreement setup: ECDH + HKDF-SHA-256: good
|
||||
|
Loading…
Reference in New Issue
Block a user