From 999f648437ebec0f93021ae7b638f96cc69ca14b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 Jun 2019 12:04:10 +0100 Subject: [PATCH] Add new psa_tls12_prf_key_derivation_t As part of adapting TLS 1.2 key derivation to the PSA 1.0 API we need to change the context structure. --- include/psa/crypto_struct.h | 38 +++++++++++++++++++++++++++++++++++++ library/psa_crypto.c | 10 ++++++++++ 2 files changed, 48 insertions(+) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 0e0ecb22d..e6197cb9b 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -203,6 +203,7 @@ typedef struct #define PSA_PRE_1_0_KEY_DERIVATION #if defined(MBEDTLS_MD_C) +#if defined(PSA_PRE_1_0_KEY_DERIVATION) typedef struct psa_tls12_prf_key_derivation_s { /* The TLS 1.2 PRF uses the key for each HMAC iteration, @@ -231,6 +232,43 @@ typedef struct psa_tls12_prf_key_derivation_s uint8_t block_number; } psa_tls12_prf_key_derivation_t; +#else + +typedef enum +{ + TLS12_PRF_STATE_INIT, /* no input provided */ + TLS12_PRF_STATE_SEED_SET, /* seed has been set */ + TLS12_PRF_STATE_KEY_SET, /* key has been set */ + TLS12_PRF_STATE_LABEL_SET, /* label has been set */ + TLS12_PRF_STATE_OUTPUT /* output has been started */ +} psa_tls12_prf_key_derivation_state_t; + +typedef struct psa_tls12_prf_key_derivation_s +{ +#if PSA_HASH_MAX_SIZE > 0xff +#error "PSA_HASH_MAX_SIZE does not fit in uint8_t" +#endif + + /* Indicates how many bytes in the current HMAC block have + * already been read by the user. */ + uint8_t offset_in_block; + + /* The 1-based number of the block. */ + uint8_t block_number; + + psa_tls12_prf_key_derivation_state_t state; + + uint8_t *seed; + size_t seed_length; + uint8_t *label; + size_t label_length; + psa_hmac_internal_data hmac; + uint8_t Ai[PSA_HASH_MAX_SIZE]; + + /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ + uint8_t output_block[PSA_HASH_MAX_SIZE]; +} psa_tls12_prf_key_derivation_t; +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ struct psa_key_derivation_s diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 924b291f4..f4e94bf2f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2122,11 +2122,13 @@ static psa_status_t psa_hmac_abort_internal( psa_hmac_internal_data *hmac ) return( psa_hash_abort( &hmac->hash_ctx ) ); } +#if defined(PSA_PRE_1_0_KEY_DERIVATION) static void psa_hmac_init_internal( psa_hmac_internal_data *hmac ) { /* Instances of psa_hash_operation_s can be initialized by zeroization. */ memset( hmac, 0, sizeof( *hmac ) ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ psa_status_t psa_mac_abort( psa_mac_operation_t *operation ) @@ -3879,6 +3881,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation mbedtls_free( operation->ctx.hkdf.info ); status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac ); } +#if defined(PSA_PRE_1_0_KEY_DERIVATION) else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */ PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) @@ -3897,6 +3900,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed ); } } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ else #endif /* MBEDTLS_MD_C */ { @@ -4000,6 +4004,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } +#if defined(PSA_PRE_1_0_KEY_DERIVATION) static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg ) @@ -4111,7 +4116,9 @@ cleanup: return( status ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ +#if defined(PSA_PRE_1_0_KEY_DERIVATION) /* Read some bytes from an TLS-1.2-PRF-based operation. * See Section 5 of RFC 5246. */ static psa_status_t psa_key_derivation_tls12_prf_read( @@ -4151,6 +4158,7 @@ static psa_status_t psa_key_derivation_tls12_prf_read( return( PSA_SUCCESS ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -4210,6 +4218,7 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *op status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg, output, output_length ); } +#if defined(PSA_PRE_1_0_KEY_DERIVATION) else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { @@ -4217,6 +4226,7 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *op kdf_alg, output, output_length ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ else #endif /* MBEDTLS_MD_C */ {