AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5834 from mprse/HKDF_1

Browse Source 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
This commit is contained in:
Gilles Peskine 2022-06-20 15:27:46 +02:00 committed by GitHub
commit 36aeb7f163
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 636 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog.d/hkdf_extract_expand.txt Normal file
View File

@ -0,0 +1,2 @@
Features
* Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API.

14
include/mbedtls/config_psa.h
View File

@ -121,6 +121,20 @@ extern "C" {
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
#endif /* PSA_WANT_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */
#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */
#endif /* PSA_WANT_ALG_HKDF_EXTRACT */
#if defined(PSA_WANT_ALG_HKDF_EXPAND)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */
#endif /* PSA_WANT_ALG_HKDF_EXPAND */
#if defined(PSA_WANT_ALG_HMAC) #if defined(PSA_WANT_ALG_HMAC)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1

2
include/psa/crypto_config.h
View File

@ -67,6 +67,8 @@
#define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_ECDSA 1
#define PSA_WANT_ALG_GCM 1 #define PSA_WANT_ALG_GCM 1
#define PSA_WANT_ALG_HKDF 1 #define PSA_WANT_ALG_HKDF 1
#define PSA_WANT_ALG_HKDF_EXTRACT 1
#define PSA_WANT_ALG_HKDF_EXPAND 1
#define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_HMAC 1
#define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_MD5 1
#define PSA_WANT_ALG_OFB 1 #define PSA_WANT_ALG_OFB 1

12
include/psa/crypto_struct.h
View File

@ -181,7 +181,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void )
return( v ); return( v );
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
typedef struct typedef struct
{ {
uint8_t *MBEDTLS_PRIVATE(info); uint8_t *MBEDTLS_PRIVATE(info);
@ -197,7 +199,9 @@ typedef struct
uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE]; uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE];
struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac); struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac);
} psa_hkdf_key_derivation_t; } psa_hkdf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF ||
MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
@ -254,7 +258,9 @@ struct psa_key_derivation_s
{ {
/* Make the union non-empty even with no supported algorithms. */ /* Make the union non-empty even with no supported algorithms. */
uint8_t MBEDTLS_PRIVATE(dummy); uint8_t MBEDTLS_PRIVATE(dummy);
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf); psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf);
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \

112
include/psa/crypto_values.h
View File

@ -1741,6 +1741,12 @@
* You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before
* starting to generate output. * starting to generate output.
* *
* \warning HKDF processes the salt as follows: first hash it with hash_alg
* if the salt is longer than the block size of the hash algorithm; then
* pad with null bytes up to the block size. As a result, it is possible
* for distinct salt inputs to result in the same outputs. To ensure
* unique outputs, it is recommended to use a fixed length for salt values.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true). * #PSA_ALG_IS_HASH(\p hash_alg) is true).
* *
@ -1766,6 +1772,112 @@
#define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \ #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \
(PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t)0x08000400)
/** Macro to build an HKDF-Extract algorithm.
*
* For example, `PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA256)` is
* HKDF-Extract using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
* - PSA_KEY_DERIVATION_INPUT_SALT is the salt.
* - PSA_KEY_DERIVATION_INPUT_SECRET is the input keying material used in the
* "extract" step.
* The inputs are mandatory and must be passed in the order above.
* Each input may only be passed once.
*
* \warning HKDF-Extract is not meant to be used on its own. PSA_ALG_HKDF
* should be used instead if possible. PSA_ALG_HKDF_EXTRACT is provided
* as a separate algorithm for the sake of protocols that use it as a
* building block. It may also be a slight performance optimization
* in applications that use HKDF with the same salt and key but many
* different info strings.
*
* \warning HKDF processes the salt as follows: first hash it with hash_alg
* if the salt is longer than the block size of the hash algorithm; then
* pad with null bytes up to the block size. As a result, it is possible
* for distinct salt inputs to result in the same outputs. To ensure
* unique outputs, it is recommended to use a fixed length for salt values.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
* \return The corresponding HKDF-Extract algorithm.
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_HKDF_EXTRACT(hash_alg) \
(PSA_ALG_HKDF_EXTRACT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
/** Whether the specified algorithm is an HKDF-Extract algorithm.
*
* HKDF-Extract is a family of key derivation algorithms that are based
* on a hash function and the HMAC construction.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
* \return 1 if \c alg is an HKDF-Extract algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \c alg is not a supported
* key derivation algorithm identifier.
*/
#define PSA_ALG_IS_HKDF_EXTRACT(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE)
#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t)0x08000500)
/** Macro to build an HKDF-Expand algorithm.
*
* For example, `PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA256)` is
* HKDF-Expand using HMAC-SHA-256.
*
* This key derivation algorithm uses the following inputs:
* - PSA_KEY_DERIVATION_INPUT_SECRET is the pseudorandom key (PRK).
* - PSA_KEY_DERIVATION_INPUT_INFO is the info string.
*
* The inputs are mandatory and must be passed in the order above.
* Each input may only be passed once.
*
* \warning HKDF-Expand is not meant to be used on its own. `PSA_ALG_HKDF`
* should be used instead if possible. `PSA_ALG_HKDF_EXPAND` is provided as
* a separate algorithm for the sake of protocols that use it as a building
* block. It may also be a slight performance optimization in applications
* that use HKDF with the same salt and key but many different info strings.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
*
* \return The corresponding HKDF-Expand algorithm.
* \return Unspecified if \p hash_alg is not a supported
* hash algorithm.
*/
#define PSA_ALG_HKDF_EXPAND(hash_alg) \
(PSA_ALG_HKDF_EXPAND_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
/** Whether the specified algorithm is an HKDF-Expand algorithm.
*
* HKDF-Expand is a family of key derivation algorithms that are based
* on a hash function and the HMAC construction.
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
* \return 1 if \c alg is an HKDF-Expand algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \c alg is not a supported
* key derivation algorithm identifier.
*/
#define PSA_ALG_IS_HKDF_EXPAND(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
/** Whether the specified algorithm is an HKDF or HKDF-Extract or
* HKDF-Expand algorithm.
*
*
* \param alg An algorithm identifier (value of type #psa_algorithm_t).
*
* \return 1 if \c alg is any HKDF type algorithm, 0 otherwise.
* This macro may return either 0 or 1 if \c alg is not a supported
* key derivation algorithm identifier.
*/
#define PSA_ALG_IS_ANY_HKDF(alg) \
(((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE || \
((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE || \
((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE)
#define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200) #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200)
/** Macro to build a TLS-1.2 PRF algorithm. /** Macro to build a TLS-1.2 PRF algorithm.
* *

176
library/psa_crypto.c
View File

@ -88,6 +88,12 @@
#define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) )
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
#define BUILTIN_ALG_ANY_HKDF 1
#endif
/****************************************************************/ /****************************************************************/
/* Global data, support functions and library management */ /* Global data, support functions and library management */
/****************************************************************/ /****************************************************************/
@ -4235,13 +4241,13 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation )
/* Generators */ /* Generators */
/****************************************************************/ /****************************************************************/
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ #if defined(BUILTIN_ALG_ANY_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
#define AT_LEAST_ONE_BUILTIN_KDF #define AT_LEAST_ONE_BUILTIN_KDF
#endif /* At least one builtin KDF */ #endif /* At least one builtin KDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ #if defined(BUILTIN_ALG_ANY_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
static psa_status_t psa_key_derivation_start_hmac( static psa_status_t psa_key_derivation_start_hmac(
@ -4294,14 +4300,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation
* nothing to do. */ * nothing to do. */
} }
else else
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(BUILTIN_ALG_ANY_HKDF)
if( PSA_ALG_IS_HKDF( kdf_alg ) ) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) )
{ {
mbedtls_free( operation->ctx.hkdf.info ); mbedtls_free( operation->ctx.hkdf.info );
status = psa_mac_abort( &operation->ctx.hkdf.hmac ); status = psa_mac_abort( &operation->ctx.hkdf.hmac );
} }
else else
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* BUILTIN_ALG_ANY_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
@ -4375,19 +4381,29 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(BUILTIN_ALG_ANY_HKDF)
/* Read some bytes from an HKDF-based operation. This performs a chunk /* Read some bytes from an HKDF-based operation. */
* of the expand phase of the HKDF algorithm. */
static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
psa_algorithm_t hash_alg, psa_algorithm_t kdf_alg,
uint8_t *output, uint8_t *output,
size_t output_length ) size_t output_length )
{ {
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg );
size_t hmac_output_length; size_t hmac_output_length;
psa_status_t status; psa_status_t status;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
const uint8_t last_block = PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ? 0 : 0xff;
#else
const uint8_t last_block = 0xff;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set ) if( hkdf->state < HKDF_STATE_KEYED ||
( !hkdf->info_set
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
&& !PSA_ALG_IS_HKDF_EXTRACT( kdf_alg )
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
) )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
hkdf->state = HKDF_STATE_OUTPUT; hkdf->state = HKDF_STATE_OUTPUT;
@ -4403,12 +4419,12 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd
hkdf->offset_in_block += n; hkdf->offset_in_block += n;
if( output_length == 0 ) if( output_length == 0 )
break; break;
/* We can't be wanting more output after block 0xff, otherwise /* We can't be wanting more output after the last block, otherwise
* the capacity check in psa_key_derivation_output_bytes() would have * the capacity check in psa_key_derivation_output_bytes() would have
* prevented this call. It could happen only if the operation * prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly * object was corrupted or if this function is called directly
* inside the library. */ * inside the library. */
if( hkdf->block_number == 0xff ) if( hkdf->block_number == last_block )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
/* We need a new block */ /* We need a new block */
@ -4449,7 +4465,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* BUILTIN_ALG_ANY_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
@ -4649,15 +4665,14 @@ psa_status_t psa_key_derivation_output_bytes(
} }
operation->capacity -= output_length; operation->capacity -= output_length;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(BUILTIN_ALG_ANY_HKDF)
if( PSA_ALG_IS_HKDF( kdf_alg ) ) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) )
{ {
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg,
status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
output, output_length ); output, output_length );
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* BUILTIN_ALG_ANY_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
@ -5046,6 +5061,14 @@ static int is_kdf_alg_supported( psa_algorithm_t kdf_alg )
if( PSA_ALG_IS_HKDF( kdf_alg ) ) if( PSA_ALG_IS_HKDF( kdf_alg ) )
return( 1 ); return( 1 );
#endif #endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
return( 1 );
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
return( 1 );
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
return( 1 ); return( 1 );
@ -5097,8 +5120,12 @@ static psa_status_t psa_key_derivation_setup_kdf(
{ {
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
operation->capacity = 255 * hash_size; if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
operation->capacity = hash_size;
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
operation->capacity = 255 * hash_size;
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
@ -5152,17 +5179,22 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation
return( status ); return( status );
} }
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(BUILTIN_ALG_ANY_HKDF)
static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
psa_algorithm_t hash_alg, psa_algorithm_t kdf_alg,
psa_key_derivation_step_t step, psa_key_derivation_step_t step,
const uint8_t *data, const uint8_t *data,
size_t data_length ) size_t data_length )
{ {
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
psa_status_t status; psa_status_t status;
switch( step ) switch( step )
{ {
case PSA_KEY_DERIVATION_INPUT_SALT: case PSA_KEY_DERIVATION_INPUT_SALT:
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
if( hkdf->state != HKDF_STATE_INIT ) if( hkdf->state != HKDF_STATE_INIT )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
else else
@ -5176,33 +5208,82 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
return( PSA_SUCCESS ); return( PSA_SUCCESS );
} }
case PSA_KEY_DERIVATION_INPUT_SECRET: case PSA_KEY_DERIVATION_INPUT_SECRET:
/* If no salt was provided, use an empty salt. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
if( hkdf->state == HKDF_STATE_INIT ) if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
{ {
status = psa_key_derivation_start_hmac( &hkdf->hmac, /* We shouldn't be in different state as HKDF_EXPAND only allows
hash_alg, * two inputs: SECRET (this case) and INFO which does not modify
NULL, 0 ); * the state. It could happen only if the hkdf
* object was corrupted. */
if( hkdf->state != HKDF_STATE_INIT )
return( PSA_ERROR_BAD_STATE );
/* Allow only input that fits expected prk size */
if( data_length != PSA_HASH_LENGTH( hash_alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
memcpy( hkdf->prk, data, data_length );
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
{
/* HKDF: If no salt was provided, use an empty salt.
* HKDF-EXTRACT: salt is mandatory. */
if( hkdf->state == HKDF_STATE_INIT )
{
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
return( PSA_ERROR_BAD_STATE );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
status = psa_key_derivation_start_hmac( &hkdf->hmac,
hash_alg,
NULL, 0 );
if( status != PSA_SUCCESS )
return( status );
hkdf->state = HKDF_STATE_STARTED;
}
if( hkdf->state != HKDF_STATE_STARTED )
return( PSA_ERROR_BAD_STATE );
status = psa_mac_update( &hkdf->hmac,
data, data_length );
if( status != PSA_SUCCESS )
return( status );
status = psa_mac_sign_finish( &hkdf->hmac,
hkdf->prk,
sizeof( hkdf->prk ),
&data_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
return( status ); return( status );
hkdf->state = HKDF_STATE_STARTED;
} }
if( hkdf->state != HKDF_STATE_STARTED )
return( PSA_ERROR_BAD_STATE );
status = psa_mac_update( &hkdf->hmac,
data, data_length );
if( status != PSA_SUCCESS )
return( status );
status = psa_mac_sign_finish( &hkdf->hmac,
hkdf->prk,
sizeof( hkdf->prk ),
&data_length );
if( status != PSA_SUCCESS )
return( status );
hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg );
hkdf->block_number = 0;
hkdf->state = HKDF_STATE_KEYED; hkdf->state = HKDF_STATE_KEYED;
hkdf->block_number = 0;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
{
/* The only block of output is the PRK. */
memcpy( hkdf->output_block, hkdf->prk, PSA_HASH_LENGTH( hash_alg ) );
hkdf->offset_in_block = 0;
}
else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
{
/* Block 0 is empty, and the next block will be
* generated by psa_key_derivation_hkdf_read(). */
hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg );
}
return( PSA_SUCCESS ); return( PSA_SUCCESS );
case PSA_KEY_DERIVATION_INPUT_INFO: case PSA_KEY_DERIVATION_INPUT_INFO:
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) &&
hkdf->state == HKDF_STATE_INIT )
return( PSA_ERROR_BAD_STATE );
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
if( hkdf->state == HKDF_STATE_OUTPUT ) if( hkdf->state == HKDF_STATE_OUTPUT )
return( PSA_ERROR_BAD_STATE ); return( PSA_ERROR_BAD_STATE );
if( hkdf->info_set ) if( hkdf->info_set )
@ -5221,7 +5302,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
} }
} }
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* BUILTIN_ALG_ANY_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
@ -5486,15 +5567,14 @@ static psa_status_t psa_key_derivation_input_internal(
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
goto exit; goto exit;
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) #if defined(BUILTIN_ALG_ANY_HKDF)
if( PSA_ALG_IS_HKDF( kdf_alg ) ) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) )
{ {
status = psa_hkdf_input( &operation->ctx.hkdf, status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg,
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
step, data, data_length ); step, data, data_length );
} }
else else
#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ #endif /* BUILTIN_ALG_ANY_HKDF */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF)
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) )
{ {

2
tests/include/test/drivers/crypto_config_test_driver_extension.h
View File

@ -190,6 +190,8 @@
#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
#define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1
#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1
#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1

30
tests/src/psa_exercise_key.c
View File

@ -627,6 +627,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
unsigned char output[1]; unsigned char output[1];
int ok = 0; int ok = 0;
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
psa_status_t expected_key_agreement_status = PSA_SUCCESS;
if( usage & PSA_KEY_USAGE_DERIVE ) if( usage & PSA_KEY_USAGE_DERIVE )
{ {
@ -641,7 +642,32 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
input, sizeof( input ) ) ); input, sizeof( input ) ) );
} }
PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
{
PSA_ASSERT( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_SALT,
input, sizeof( input ) ) );
}
/* For HKDF_EXPAND input secret may fail as secret size may not match
to expected PRK size. In practice it means that key bits must match
hash length. Otherwise test should fail with INVALID_ARGUMENT. */
if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
size_t key_bits = psa_get_key_bits( &attributes );
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
if( PSA_BITS_TO_BYTES( key_bits ) != PSA_HASH_LENGTH( hash_alg ) )
expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT;
}
TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( &operation, key ),
expected_key_agreement_status );
if( expected_key_agreement_status != PSA_SUCCESS )
return( 1 );
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
@ -650,7 +676,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
&operation, PSA_KEY_DERIVATION_INPUT_LABEL, &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
input, sizeof( input ) ) ); input, sizeof( input ) ) );
} }
else if( PSA_ALG_IS_HKDF( kdf_alg ) ) else if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
{ {
PSA_ASSERT( psa_key_derivation_input_bytes( PSA_ASSERT( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO, &operation, PSA_KEY_DERIVATION_INPUT_INFO,

299
tests/suites/test_suite_psa_crypto.data
View File

@ -5135,6 +5135,281 @@ PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0
# HKDF-Extract tests: out - output, k - secret provided as key, b - secret provided as bytes
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:1:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:1:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:1:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 k
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, k derive key
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:1
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:0:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:0:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:0:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:0:0
PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 b
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:0:0
PSA key derivation: HKDF-Extract info before secret
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract info after secret
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract input other secret
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract input label
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract input password
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract input seed
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract input cost
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, b derive key
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:1
PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+1 (over capacity)
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"00":0:1:0
PSA key derivation: HKDF-Extract SHA-256, no salt
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:0:0
# HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:1:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:1:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:1:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 k
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:0:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:0:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:0:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:0:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:0:0
PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 b
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:0:0
# HKDF-Expand tests: Invalid test cases
PSA key derivation: HKDF-Expand input other secret
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0
PSA key derivation: HKDF-Expand input salt
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0
PSA key derivation: HKDF-Expand input label
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0
PSA key derivation: HKDF-Expand input password
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0
PSA key derivation: HKDF-Expand input seed
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0
PSA key derivation: HKDF-Expand input cost
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0
PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+1 (over capacity)
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"00":0:1:0
PSA key derivation: HKDF-Expand Invalid secret length
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e500":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:0:0
PSA key derivation: HKDF-Expand, Info before secret
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0
# Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html
PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
@ -5470,6 +5745,14 @@ PSA key derivation: HKDF SHA-1, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0
PSA key derivation: HKDF-Expand SHA-256, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0
PSA key derivation: HKDF-Expand SHA-1, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0
PSA key derivation: HKDF SHA-256, request too much capacity PSA key derivation: HKDF SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
@ -5478,6 +5761,22 @@ PSA key derivation: HKDF SHA-1, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: HKDF-Extract SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: HKDF-Extract SHA-1, request too much capacity
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: HKDF-Expand SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: HKDF-Expand SHA-1, request too much capacity
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: over capacity 42: output 42+1 PSA key derivation: over capacity 42: output 42+1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0

17
tests/suites/test_suite_psa_crypto.function
View File

@ -7005,9 +7005,13 @@ void derive_output( int alg_arg,
switch( key_input_type ) switch( key_input_type )
{ {
case 0: // input bytes case 0: // input bytes
PSA_ASSERT( psa_key_derivation_input_bytes( TEST_EQUAL( psa_key_derivation_input_bytes(
&operation, steps[i], &operation, steps[i],
inputs[i]->x, inputs[i]->len ) ); inputs[i]->x, inputs[i]->len ),
statuses[i] );
if( statuses[i] != PSA_SUCCESS )
goto exit;
break; break;
case 1: // input key case 1: // input key
psa_set_key_usage_flags( &attributes1, PSA_KEY_USAGE_DERIVE ); psa_set_key_usage_flags( &attributes1, PSA_KEY_USAGE_DERIVE );
@ -7087,9 +7091,12 @@ void derive_output( int alg_arg,
goto exit; goto exit;
break; break;
default: default:
PSA_ASSERT( psa_key_derivation_input_bytes( TEST_EQUAL( psa_key_derivation_input_bytes(
&operation, steps[i], &operation, steps[i],
inputs[i]->x, inputs[i]->len ) ); inputs[i]->x, inputs[i]->len ), statuses[i] );
if( statuses[i] != PSA_SUCCESS )
goto exit;
break; break;
} }
} }
@ -7111,7 +7118,7 @@ void derive_output( int alg_arg,
psa_set_key_usage_flags( &attributes4, PSA_KEY_USAGE_EXPORT ); psa_set_key_usage_flags( &attributes4, PSA_KEY_USAGE_EXPORT );
psa_set_key_algorithm( &attributes4, alg ); psa_set_key_algorithm( &attributes4, alg );
psa_set_key_type( &attributes4, PSA_KEY_TYPE_DERIVE ); psa_set_key_type( &attributes4, PSA_KEY_TYPE_DERIVE );
psa_set_key_bits( &attributes4, 48 ); psa_set_key_bits( &attributes4, PSA_BYTES_TO_BITS( requested_capacity ) );
TEST_EQUAL( psa_key_derivation_output_key( &attributes4, &operation, TEST_EQUAL( psa_key_derivation_output_key( &attributes4, &operation,
&derived_key ), expected_status ); &derived_key ), expected_status );

16
tests/suites/test_suite_psa_crypto_metadata.data
View File

@ -270,6 +270,22 @@ Key derivation: HKDF using SHA-384
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384
key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_384 ):ALG_IS_HKDF key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_384 ):ALG_IS_HKDF
Key derivation: HKDF-Extract using SHA-256
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXTRACT
Key derivation: HKDF-Extract using SHA-384
depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_384
key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXTRACT
Key derivation: HKDF-Expand using SHA-256
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXPAND
Key derivation: HKDF-Expand using SHA-384
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_384
key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXPAND
Key derivation: TLS 1.2 PRF using SHA-256 Key derivation: TLS 1.2 PRF using SHA-256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF

20
tests/suites/test_suite_psa_crypto_metadata.function
View File

@ -37,14 +37,16 @@
#define ALG_IS_HASH_AND_SIGN ( 1u << 18 ) #define ALG_IS_HASH_AND_SIGN ( 1u << 18 )
#define ALG_IS_RSA_OAEP ( 1u << 19 ) #define ALG_IS_RSA_OAEP ( 1u << 19 )
#define ALG_IS_HKDF ( 1u << 20 ) #define ALG_IS_HKDF ( 1u << 20 )
#define ALG_IS_FFDH ( 1u << 21 ) #define ALG_IS_HKDF_EXTRACT ( 1u << 21 )
#define ALG_IS_ECDH ( 1u << 22 ) #define ALG_IS_HKDF_EXPAND ( 1u << 22 )
#define ALG_IS_WILDCARD ( 1u << 23 ) #define ALG_IS_FFDH ( 1u << 23 )
#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 ) #define ALG_IS_ECDH ( 1u << 24 )
#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 ) #define ALG_IS_WILDCARD ( 1u << 25 )
#define ALG_IS_TLS12_PRF ( 1u << 26 ) #define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 26 )
#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 ) #define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 27 )
#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */ #define ALG_IS_TLS12_PRF ( 1u << 28 )
#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 29 )
#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 30 ) /* must be last! */
/* Flags for key type classification macros. There is a flag for every /* Flags for key type classification macros. There is a flag for every
* key type classification macro PSA_KEY_TYPE_IS_xxx except for some that * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that
@ -140,6 +142,8 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags )
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXTRACT, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXPAND, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags );
TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );