Merge pull request #276 from gilles-peskine-arm/psa-key_derivation-relax_inputs
Relax input restrictions for key derivation
This commit is contained in:
Gilles Peskine
GitHub
commit
37b5c831b4
@ -3229,9 +3229,12 @@ psa_status_t psa_key_derivation_set_capacity(
|
||||
* Refer to the documentation of each key derivation or key agreement
|
||||
* algorithm for information.
|
||||
*
|
||||
* This function passes direct inputs. Some inputs must be passed as keys
|
||||
* using psa_key_derivation_input_key() instead of this function. Refer to
|
||||
* the documentation of individual step types for information.
|
||||
* This function passes direct inputs, which is usually correct for
|
||||
* non-secret inputs. To pass a secret input, which should be in a key
|
||||
* object, call psa_key_derivation_input_key() instead of this function.
|
||||
* Refer to the documentation of individual step types
|
||||
* (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
|
||||
* for more information.
|
||||
*
|
||||
* If this function returns an error status, the operation enters an error
|
||||
* state and must be aborted by calling psa_key_derivation_abort().
|
||||
@ -3274,10 +3277,13 @@ psa_status_t psa_key_derivation_input_bytes(
|
||||
* Refer to the documentation of each key derivation or key agreement
|
||||
* algorithm for information.
|
||||
*
|
||||
* This function passes key inputs. Some inputs must be passed as keys
|
||||
* of the appropriate type using this function, while others must be
|
||||
* passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
|
||||
* the documentation of individual step types for information.
|
||||
* This function obtains input from a key object, which is usually correct for
|
||||
* secret inputs or for non-secret personalization strings kept in the key
|
||||
* store. To pass a non-secret parameter which is not in the key store,
|
||||
* call psa_key_derivation_input_bytes() instead of this function.
|
||||
* Refer to the documentation of individual step types
|
||||
* (`PSA_KEY_DERIVATION_INPUT_xxx` values of type ::psa_key_derivation_step_t)
|
||||
* for more information.
|
||||
*
|
||||
* If this function returns an error status, the operation enters an error
|
||||
* state and must be aborted by calling psa_key_derivation_abort().
|
||||
@ -3298,7 +3304,8 @@ psa_status_t psa_key_derivation_input_bytes(
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step is not compatible with the operation's algorithm.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step does not allow key inputs.
|
||||
* \c step does not allow key inputs of the given type
|
||||
* or does not allow key inputs at all.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
@ -3368,6 +3375,8 @@ psa_status_t psa_key_derivation_input_key(
|
||||
* \c private_key.
|
||||
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||
* \c alg is not supported or is not a key derivation algorithm.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* \c step does not allow an input resulting from a key agreement.
|
||||
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
|
||||
* \retval #PSA_ERROR_HARDWARE_FAILURE
|
||||
@ -3518,6 +3527,11 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* In all cases, the data that is read is discarded from the operation.
|
||||
* The operation's capacity is decreased by the number of bytes read.
|
||||
*
|
||||
* For algorithms that take an input step #PSA_KEY_DERIVATION_INPUT_SECRET,
|
||||
* the input to that step must be provided with psa_key_derivation_input_key().
|
||||
* Future versions of this specification may include additional restrictions
|
||||
* on the derived key based on the attributes and strength of the secret key.
|
||||
*
|
||||
* \param[in] attributes The attributes for the new key.
|
||||
* \param[in,out] operation The key derivation operation object to read from.
|
||||
* \param[out] handle On success, a handle to the newly created key.
|
||||
@ -3540,6 +3554,9 @@ psa_status_t psa_key_derivation_output_bytes(
|
||||
* implementation in general or in this particular location.
|
||||
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||
* The provided key attributes are not valid for the operation.
|
||||
* \retval #PSA_ERROR_NOT_PERMITTED
|
||||
* The #PSA_KEY_DERIVATION_INPUT_SECRET input was not provided through
|
||||
* a key.
|
||||
* \retval #PSA_ERROR_BAD_STATE
|
||||
* The operation state is not valid (it must be active and completed
|
||||
* all required input steps).
|
||||
|
||||
@ -255,6 +255,7 @@ typedef struct psa_tls12_prf_key_derivation_s
|
||||
struct psa_key_derivation_s
|
||||
{
|
||||
psa_algorithm_t alg;
|
||||
unsigned int can_output_key : 1;
|
||||
size_t capacity;
|
||||
union
|
||||
{
|
||||
@ -268,7 +269,7 @@ struct psa_key_derivation_s
|
||||
};
|
||||
|
||||
/* This only zeroes out the first byte in the union, the rest is unspecified. */
|
||||
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {0}}
|
||||
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
|
||||
static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
|
||||
{
|
||||
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||
|
||||
@ -1618,31 +1618,43 @@
|
||||
|
||||
/** A secret input for key derivation.
|
||||
*
|
||||
* This must be a key of type #PSA_KEY_TYPE_DERIVE.
|
||||
* This should be a key of type #PSA_KEY_TYPE_DERIVE
|
||||
* (passed to psa_key_derivation_input_key())
|
||||
* or the shared secret resulting from a key agreement
|
||||
* (obtained via psa_key_derivation_key_agreement()).
|
||||
*
|
||||
* The secret can also be a direct input (passed to
|
||||
* key_derivation_input_bytes()). In this case, the derivation operation
|
||||
* may not be used to derive keys: the operation will only allow
|
||||
* psa_key_derivation_output_bytes(), not psa_key_derivation_output_key().
|
||||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
|
||||
|
||||
/** A label for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
* This should be a direct input.
|
||||
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
|
||||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
|
||||
|
||||
/** A salt for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
* This should be a direct input.
|
||||
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
|
||||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
|
||||
|
||||
/** An information string for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
* This should be a direct input.
|
||||
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
|
||||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
|
||||
|
||||
/** A seed for key derivation.
|
||||
*
|
||||
* This must be a direct input.
|
||||
* This should be a direct input.
|
||||
* It can also be a key of type #PSA_KEY_TYPE_RAW_DATA.
|
||||
*/
|
||||
#define PSA_KEY_DERIVATION_INPUT_SEED ((psa_key_derivation_step_t)0x0204)
|
||||
|
||||
|
||||
@ -4787,6 +4787,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut
|
||||
if( psa_get_key_bits( attributes ) == 0 )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
if( ! operation->can_output_key )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
|
||||
status = psa_start_key_creation( PSA_KEY_CREATION_DERIVE,
|
||||
attributes, handle, &slot, &driver );
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
@ -5076,15 +5079,54 @@ static psa_status_t psa_tls12_prf_psk_to_ms_input(
|
||||
}
|
||||
#endif /* MBEDTLS_MD_C */
|
||||
|
||||
/** Check whether the given key type is acceptable for the given
|
||||
* input step of a key derivation.
|
||||
*
|
||||
* Secret inputs must have the type #PSA_KEY_TYPE_DERIVE.
|
||||
* Non-secret inputs must have the type #PSA_KEY_TYPE_RAW_DATA.
|
||||
* Both secret and non-secret inputs can alternatively have the type
|
||||
* #PSA_KEY_TYPE_NONE, which is never the type of a key object, meaning
|
||||
* that the input was passed as a buffer rather than via a key object.
|
||||
*/
|
||||
static int psa_key_derivation_check_input_type(
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_type_t key_type )
|
||||
{
|
||||
switch( step )
|
||||
{
|
||||
case PSA_KEY_DERIVATION_INPUT_SECRET:
|
||||
if( key_type == PSA_KEY_TYPE_DERIVE )
|
||||
return( PSA_SUCCESS );
|
||||
if( key_type == PSA_KEY_TYPE_NONE )
|
||||
return( PSA_SUCCESS );
|
||||
break;
|
||||
case PSA_KEY_DERIVATION_INPUT_LABEL:
|
||||
case PSA_KEY_DERIVATION_INPUT_SALT:
|
||||
case PSA_KEY_DERIVATION_INPUT_INFO:
|
||||
case PSA_KEY_DERIVATION_INPUT_SEED:
|
||||
if( key_type == PSA_KEY_TYPE_RAW_DATA )
|
||||
return( PSA_SUCCESS );
|
||||
if( key_type == PSA_KEY_TYPE_NONE )
|
||||
return( PSA_SUCCESS );
|
||||
break;
|
||||
}
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
static psa_status_t psa_key_derivation_input_internal(
|
||||
psa_key_derivation_operation_t *operation,
|
||||
psa_key_derivation_step_t step,
|
||||
psa_key_type_t key_type,
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
|
||||
|
||||
status = psa_key_derivation_check_input_type( step, key_type );
|
||||
if( status != PSA_SUCCESS )
|
||||
goto exit;
|
||||
|
||||
#if defined(MBEDTLS_MD_C)
|
||||
if( PSA_ALG_IS_HKDF( kdf_alg ) )
|
||||
{
|
||||
@ -5111,6 +5153,7 @@ static psa_status_t psa_key_derivation_input_internal(
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
}
|
||||
|
||||
exit:
|
||||
if( status != PSA_SUCCESS )
|
||||
psa_key_derivation_abort( operation );
|
||||
return( status );
|
||||
@ -5122,10 +5165,8 @@ psa_status_t psa_key_derivation_input_bytes(
|
||||
const uint8_t *data,
|
||||
size_t data_length )
|
||||
{
|
||||
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
|
||||
return( psa_key_derivation_input_internal( operation, step,
|
||||
PSA_KEY_TYPE_NONE,
|
||||
data, data_length ) );
|
||||
}
|
||||
|
||||
@ -5136,23 +5177,23 @@ psa_status_t psa_key_derivation_input_key(
|
||||
{
|
||||
psa_key_slot_t *slot;
|
||||
psa_status_t status;
|
||||
|
||||
status = psa_get_transparent_key( handle, &slot,
|
||||
PSA_KEY_USAGE_DERIVE,
|
||||
operation->alg );
|
||||
if( status != PSA_SUCCESS )
|
||||
{
|
||||
psa_key_derivation_abort( operation );
|
||||
return( status );
|
||||
if( slot->attr.type != PSA_KEY_TYPE_DERIVE )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
/* Don't allow a key to be used as an input that is usually public.
|
||||
* This is debatable. It's ok from a cryptographic perspective to
|
||||
* use secret material as an input that is usually public. However
|
||||
* the material should be dedicated to a particular input step,
|
||||
* otherwise this may allow the key to be used in an unintended way
|
||||
* and leak values derived from the key. So be conservative. */
|
||||
if( step != PSA_KEY_DERIVATION_INPUT_SECRET )
|
||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||
}
|
||||
|
||||
/* Passing a key object as a SECRET input unlocks the permission
|
||||
* to output to a key object. */
|
||||
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
|
||||
operation->can_output_key = 1;
|
||||
|
||||
return( psa_key_derivation_input_internal( operation,
|
||||
step,
|
||||
step, slot->attr.type,
|
||||
slot->data.raw.data,
|
||||
slot->data.raw.bytes ) );
|
||||
}
|
||||
@ -5265,8 +5306,10 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
|
||||
goto exit;
|
||||
|
||||
/* Step 2: set up the key derivation to generate key material from
|
||||
* the shared secret. */
|
||||
* the shared secret. A shared secret is permitted wherever a key
|
||||
* of type DERIVE is permitted. */
|
||||
status = psa_key_derivation_input_internal( operation, step,
|
||||
PSA_KEY_TYPE_DERIVE,
|
||||
shared_secret,
|
||||
shared_secret_length );
|
||||
|
||||
|
||||
@ -1864,69 +1864,145 @@ asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d3
|
||||
Crypto derivation operation object initializers zero properly
|
||||
key_derivation_init:
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, good case [#1]
|
||||
PSA key derivation setup: HKDF-SHA-256, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-512, good case [#1]
|
||||
PSA key derivation setup: HKDF-SHA-512, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_setup:PSA_ALG_HKDF(PSA_ALG_SHA_512):PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, good case [#1]
|
||||
PSA key derivation setup: TLS 1.2 PRF SHA-256, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_SUCCESS
|
||||
|
||||
PSA key derivation: not a key derivation algorithm (HMAC)
|
||||
PSA key derivation setup: not a key derivation algorithm (HMAC)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: unsupported key derivation algorithm [#1]
|
||||
PSA key derivation setup: algorithm from bad hash
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_ALG_HKDF(PSA_ALG_CATEGORY_HASH):PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA key derivation: unsupported key derivation algorithm [#2]
|
||||
PSA key derivation setup: bad algorithm
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_setup:PSA_ALG_CATEGORY_KEY_DERIVATION:PSA_ERROR_NOT_SUPPORTED
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, good case [#2]
|
||||
PSA key derivation: HKDF-SHA-256, good case, direct output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-512, good case [#2]
|
||||
PSA key derivation: HKDF-SHA-256, good case, key output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-512, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_512):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_512):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, bad key type
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_SUCCESS
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, good case [#2]
|
||||
PSA key derivation: HKDF-SHA-256, bad key type, key output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS
|
||||
# Whether we get NOT_PERMITTED or BAD_STATE for the output is an implementation
|
||||
# detail.
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, direct secret, direct output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, direct empty secret, direct output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, direct secret, key output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, direct empty secret, key output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, RAW_DATA key as salt
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_RAW_DATA:"412073616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, RAW_DATA key as info
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_RAW_DATA:"4120696e666f":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, DERIVE key as salt, direct output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"412073616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, DERIVE key as salt, key output
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
# Whether we get NOT_PERMITTED or BAD_STATE for the output is an implementation
|
||||
# detail.
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"412073616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: HKDF-SHA-256, DERIVE key as info
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_DERIVE:"4120696e666f":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, good case
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, key first
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, label first
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, early label
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, double seed
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, double key
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, bad key type
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_RAW_DATA:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_RAW_DATA:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, direct secret
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, direct empty secret
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, RAW_DATA key as seed
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_RAW_DATA:"612073656564":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, RAW_DATA key as label
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_RAW_DATA:"61206c6162656c":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, DERIVE key as seed
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_DERIVE:"612073656564":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PRF SHA-256, DERIVE key as label
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_DERIVE:"61206c6162656c":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: HKDF invalid state (double generate + read past capacity)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
@ -2072,10 +2148,6 @@ PSA key derivation: HKDF SHA-1, request too much capacity
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA1_C
|
||||
derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, PSK too long (160 Bytes)
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:PSA_KEY_DERIVATION_INPUT_SEED:"":PSA_KEY_DERIVATION_INPUT_SECRET:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_KEY_DERIVATION_INPUT_LABEL:"":PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE
|
||||
|
||||
PSA key derivation: over capacity 42: output 42+1
|
||||
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
|
||||
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
|
||||
|
||||
@ -4273,17 +4273,17 @@ exit:
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void derive_input( int alg_arg,
|
||||
int key_type_arg,
|
||||
int step1_arg, data_t *input1,
|
||||
int step2_arg, data_t *input2,
|
||||
int step3_arg, data_t *input3,
|
||||
int step_arg1, int key_type_arg1, data_t *input1,
|
||||
int expected_status_arg1,
|
||||
int step_arg2, int key_type_arg2, data_t *input2,
|
||||
int expected_status_arg2,
|
||||
int expected_status_arg3 )
|
||||
int step_arg3, int key_type_arg3, data_t *input3,
|
||||
int expected_status_arg3,
|
||||
int output_key_type_arg, int expected_output_status_arg )
|
||||
{
|
||||
psa_algorithm_t alg = alg_arg;
|
||||
size_t key_type = key_type_arg;
|
||||
psa_key_derivation_step_t steps[] = {step1_arg, step2_arg, step3_arg};
|
||||
psa_key_derivation_step_t steps[] = {step_arg1, step_arg2, step_arg3};
|
||||
psa_key_type_t key_types[] = {key_type_arg1, key_type_arg2, key_type_arg3};
|
||||
psa_status_t expected_statuses[] = {expected_status_arg1,
|
||||
expected_status_arg2,
|
||||
expected_status_arg3};
|
||||
@ -4292,40 +4292,62 @@ void derive_input( int alg_arg,
|
||||
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
size_t i;
|
||||
psa_key_type_t output_key_type = output_key_type_arg;
|
||||
psa_key_handle_t output_handle = 0;
|
||||
psa_status_t expected_output_status = expected_output_status_arg;
|
||||
psa_status_t actual_output_status;
|
||||
|
||||
PSA_ASSERT( psa_crypto_init( ) );
|
||||
|
||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
|
||||
psa_set_key_algorithm( &attributes, alg );
|
||||
psa_set_key_type( &attributes, key_type );
|
||||
|
||||
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
|
||||
|
||||
for( i = 0; i < ARRAY_LENGTH( steps ); i++ )
|
||||
{
|
||||
switch( steps[i] )
|
||||
if( key_types[i] != PSA_KEY_TYPE_NONE )
|
||||
{
|
||||
case PSA_KEY_DERIVATION_INPUT_SECRET:
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
inputs[i]->x, inputs[i]->len,
|
||||
&handles[i] ) );
|
||||
TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
|
||||
handles[i] ),
|
||||
expected_statuses[i] );
|
||||
break;
|
||||
default:
|
||||
TEST_EQUAL( psa_key_derivation_input_bytes(
|
||||
&operation, steps[i],
|
||||
inputs[i]->x, inputs[i]->len ),
|
||||
expected_statuses[i] );
|
||||
break;
|
||||
psa_set_key_type( &attributes, key_types[i] );
|
||||
PSA_ASSERT( psa_import_key( &attributes,
|
||||
inputs[i]->x, inputs[i]->len,
|
||||
&handles[i] ) );
|
||||
TEST_EQUAL( psa_key_derivation_input_key( &operation, steps[i],
|
||||
handles[i] ),
|
||||
expected_statuses[i] );
|
||||
}
|
||||
else
|
||||
{
|
||||
TEST_EQUAL( psa_key_derivation_input_bytes(
|
||||
&operation, steps[i],
|
||||
inputs[i]->x, inputs[i]->len ),
|
||||
expected_statuses[i] );
|
||||
}
|
||||
}
|
||||
|
||||
if( output_key_type != PSA_KEY_TYPE_NONE )
|
||||
{
|
||||
psa_reset_key_attributes( &attributes );
|
||||
psa_set_key_type( &attributes, PSA_KEY_TYPE_RAW_DATA );
|
||||
psa_set_key_bits( &attributes, 8 );
|
||||
actual_output_status =
|
||||
psa_key_derivation_output_key( &attributes, &operation,
|
||||
&output_handle );
|
||||
}
|
||||
else
|
||||
{
|
||||
uint8_t buffer[1];
|
||||
actual_output_status =
|
||||
psa_key_derivation_output_bytes( &operation,
|
||||
buffer, sizeof( buffer ) );
|
||||
}
|
||||
TEST_EQUAL( actual_output_status, expected_output_status );
|
||||
|
||||
exit:
|
||||
psa_key_derivation_abort( &operation );
|
||||
for( i = 0; i < ARRAY_LENGTH( handles ); i++ )
|
||||
psa_destroy_key( handles[i] );
|
||||
psa_destroy_key( output_handle );
|
||||
PSA_DONE( );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
Loading…
Reference in New Issue
Block a user