AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Wrap and reindent some lines

Browse Source 
After renaming several identifiers, re-wrap and re-indent some lines
to make the code prettier.
This commit is contained in:
Gilles Peskine 2019-05-16 17:53:40 +02:00
parent 51ae0e4b79
commit cf7292e257
5 changed files with 140 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
include/psa/crypto.h
View File

@ -3033,8 +3033,9 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void);
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
*/
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
size_t *capacity);
psa_status_t psa_key_derivation_get_capacity(
const psa_key_derivation_operation_t *operation,
size_t *capacity);
/** Set the maximum capacity of a key derivation operation.
*
@ -3054,8 +3055,9 @@ psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
*/
psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation,
size_t capacity);
psa_status_t psa_key_derivation_set_capacity(
psa_key_derivation_operation_t *operation,
size_t capacity);
/** Read some data from a key derivation operation.
*
@ -3084,9 +3086,10 @@ psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *ope
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation,
uint8_t *output,
size_t output_length);
psa_status_t psa_key_derivation_output_bytes(
psa_key_derivation_operation_t *operation,
uint8_t *output,
size_t output_length);
/** Derive a key from an ongoing key derivation operation.
*
@ -3101,8 +3104,8 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *ope
* the key is derived, depends on the key type:
*
* - For key types for which the key is an arbitrary sequence of bytes
* of a given size,
* this function is functionally equivalent to calling #psa_key_derivation_output_bytes
* of a given size, this function is functionally equivalent to
* calling #psa_key_derivation_output_bytes
* and passing the resulting output to #psa_import_key.
* However, this function has a security benefit:
* if the implementation provides an isolation boundary then
@ -3202,9 +3205,10 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *ope
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
psa_key_handle_t *handle);
psa_status_t psa_key_derivation_output_key(
const psa_key_attributes_t *attributes,
psa_key_derivation_operation_t *operation,
psa_key_handle_t *handle);
/** Abort a key derivation operation.
*
@ -3214,9 +3218,9 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute
*
* This function may be called at any time as long as the operation
* object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to
* psa_key_derivation_operation_init() or a zero value. In particular, it is valid
* to call psa_key_derivation_abort() twice, or to call psa_key_derivation_abort()
* on an operation that has not been set up.
* psa_key_derivation_operation_init() or a zero value. In particular,
* it is valid to call psa_key_derivation_abort() twice, or to call
* psa_key_derivation_abort() on an operation that has not been set up.
*
* Once aborted, the key derivation operation object may be called.
*
@ -3228,7 +3232,8 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation);
psa_status_t psa_key_derivation_abort(
psa_key_derivation_operation_t *operation);
/** Use the maximum possible capacity for a key derivation operation.
*
@ -3254,15 +3259,16 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
* as appropriate. Which inputs are needed, in what order, and whether
* they may be keys and if so of what type depends on the algorithm.
* - Optionally set the operation's maximum capacity with
* psa_key_derivation_set_capacity(). You may do this before, in the middle of
* or after providing inputs. For some algorithms, this step is mandatory
* psa_key_derivation_set_capacity(). You may do this before, in the middle
* of or after providing inputs. For some algorithms, this step is mandatory
* because the output depends on the maximum capacity.
* - To derive a key, call psa_key_derivation_output_key().
* To derive a byte string for a different purpose, call
* - psa_key_derivation_output_bytes().
* Successive calls to these functions use successive output bytes
* calculated by the key derivation algorithm.
* - Clean up the key derivation operation object with psa_key_derivation_abort().
* - Clean up the key derivation operation object with
* psa_key_derivation_abort().
*
* \param[in,out] operation The key derivation operation object
* to set up. It must
@ -3283,8 +3289,9 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation)
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
*/
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
psa_algorithm_t alg);
psa_status_t psa_key_derivation_setup(
psa_key_derivation_operation_t *operation,
psa_algorithm_t alg);
/** Provide an input for key derivation or key agreement.
*
@ -3321,10 +3328,11 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length);
psa_status_t psa_key_derivation_input_bytes(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length);
/** Provide an input for key derivation in the form of a key.
*
@ -3366,9 +3374,10 @@ psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *oper
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t handle);
psa_status_t psa_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t handle);
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
@ -3423,11 +3432,12 @@ psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operat
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length);
psa_status_t psa_key_derivation_key_agreement(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length);
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
@ -3439,8 +3449,8 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *op
* Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
* not be used directly as key material. It should instead be passed as
* input to a key derivation algorithm. To chain a key agreement with
* a key derivation, use psa_key_derivation_key_agreement() and other functions from
* the key derivation interface.
* a key derivation, use psa_key_derivation_key_agreement() and other
* functions from the key derivation interface.
*
* \param alg The key agreement algorithm to compute
* (\c PSA_ALG_XXX value such that

7
include/psa/crypto_extra.h
View File

@ -157,9 +157,10 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed,
* - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step
* and \p label is the info string used in the "expand" step.
*
* \param[in,out] operation The key derivation object to set up. It must have
* been initialized as per the documentation for
* #psa_key_derivation_operation_t and not yet in use.
* \param[in,out] operation The key derivation object to set up. It must
* have been initialized as per the documentation
* for #psa_key_derivation_operation_t and not
* yet be in use.
* \param handle Handle to the secret key.
* \param alg The key derivation algorithm to compute
* (\c PSA_ALG_XXX value such that

8
include/psa/crypto_values.h
View File

@ -1590,25 +1590,25 @@
*
* This must be a key of type #PSA_KEY_TYPE_DERIVE.
*/
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101)
/** A label for key derivation.
*
* This must be a direct input.
*/
#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201)
/** A salt for key derivation.
*
* This must be a direct input.
*/
#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202)
/** An information string for key derivation.
*
* This must be a direct input.
*/
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203)
/**@}*/

50
library/psa_crypto.c
View File

@ -4572,13 +4572,13 @@ exit:
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf,
const uint8_t *secret,
size_t secret_length,
psa_algorithm_t hash_alg,
const uint8_t *salt,
size_t salt_length,
const uint8_t *label,
size_t label_length )
const uint8_t *secret,
size_t secret_length,
psa_algorithm_t hash_alg,
const uint8_t *salt,
size_t salt_length,
const uint8_t *label,
size_t label_length )
{
psa_status_t status;
status = psa_hmac_setup_internal( &hkdf->hmac,
@ -4637,7 +4637,7 @@ static psa_status_t psa_key_derivation_tls12_prf_setup(
memcpy( tls12_prf->key, key, key_len );
overflow = ( salt_length + label_length < salt_length ) ||
( salt_length + label_length + hash_length < hash_length );
( salt_length + label_length + hash_length < hash_length );
if( overflow )
return( PSA_ERROR_INVALID_ARGUMENT );
@ -4700,10 +4700,10 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
memcpy( pms + 4 + psk_len, psk, psk_len );
status = psa_key_derivation_tls12_prf_setup( tls12_prf,
pms, 4 + 2 * psk_len,
hash_alg,
salt, salt_length,
label, label_length );
pms, 4 + 2 * psk_len,
hash_alg,
salt, salt_length,
label, label_length );
mbedtls_platform_zeroize( pms, sizeof( pms ) );
return( status );
@ -4753,10 +4753,10 @@ static psa_status_t psa_key_derivation_internal(
return( PSA_ERROR_NOT_SUPPORTED );
max_capacity = 255 * hash_size;
status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf,
secret, secret_length,
hash_alg,
salt, salt_length,
label, label_length );
secret, secret_length,
hash_alg,
salt, salt_length,
label, label_length );
}
/* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
else if( PSA_ALG_IS_TLS12_PRF( alg ) ||
@ -4777,9 +4777,9 @@ static psa_status_t psa_key_derivation_internal(
if( PSA_ALG_IS_TLS12_PRF( alg ) )
{
status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf,
secret, secret_length,
hash_alg, salt, salt_length,
label, label_length );
secret, secret_length,
hash_alg, salt, salt_length,
label, label_length );
}
else
{
@ -5003,9 +5003,9 @@ static psa_status_t psa_key_derivation_input_raw(
else
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
/* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
/* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
// To do: implement this
status = PSA_ERROR_NOT_SUPPORTED;
@ -5184,10 +5184,10 @@ exit:
}
psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length )
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length )
{
psa_key_slot_t *slot;
psa_status_t status;

116
tests/suites/test_suite_psa_crypto.function
View File

@ -559,8 +559,8 @@ static int exercise_key_derivation_key( psa_key_handle_t handle,
sizeof( output ) ) );
}
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
output,
sizeof( output ) ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
@ -572,8 +572,9 @@ exit:
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation,
psa_key_handle_t handle )
static psa_status_t key_agreement_with_self(
psa_key_derivation_operation_t *operation,
psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@ -581,8 +582,8 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *ope
uint8_t *public_key = NULL;
size_t public_key_length;
/* Return GENERIC_ERROR if something other than the final call to
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
* but it's good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -596,8 +597,9 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *ope
public_key, public_key_length,
&public_key_length ) );
status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
public_key, public_key_length );
status = psa_key_derivation_key_agreement(
operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
psa_reset_key_attributes( &attributes );
@ -617,8 +619,8 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg,
uint8_t output[1024];
size_t output_length;
/* Return GENERIC_ERROR if something other than the final call to
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's
* good enough: callers will report it as a failed test anyway. */
* psa_key_derivation_key_agreement fails. This isn't fully satisfactory,
* but it's good enough: callers will report it as a failed test anyway. */
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -675,8 +677,8 @@ static int exercise_key_agreement_key( psa_key_handle_t handle,
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
output,
sizeof( output ) ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
ok = 1;
@ -2488,7 +2490,7 @@ void mac_bad_order( )
/* Call update after verify finish. */
PSA_ASSERT( psa_mac_verify_setup( &operation,
handle, alg ) );
handle, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@ -2511,7 +2513,7 @@ void mac_bad_order( )
/* Call verify finish twice in a row. */
PSA_ASSERT( psa_mac_verify_setup( &operation,
handle, alg ) );
handle, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
PSA_ASSERT( psa_mac_verify_finish( &operation,
verify_mac, sizeof( verify_mac ) ) );
@ -2531,7 +2533,7 @@ void mac_bad_order( )
/* Setup verify but try sign. */
PSA_ASSERT( psa_mac_verify_setup( &operation,
handle, alg ) );
handle, alg ) );
PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) );
TEST_EQUAL( psa_mac_sign_finish( &operation,
sign_mac, sizeof( sign_mac ),
@ -4120,7 +4122,8 @@ void test_derive_invalid_key_derivation_tests( )
size_t capacity = 0;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
@ -4128,7 +4131,8 @@ void test_derive_invalid_key_derivation_tests( )
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
TEST_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
@ -4186,7 +4190,7 @@ void derive_output( int alg_arg,
{
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
requested_capacity ) );
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
salt->x, salt->len ) );
@ -4206,7 +4210,7 @@ void derive_output( int alg_arg,
requested_capacity ) );
}
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
&current_capacity ) );
TEST_EQUAL( current_capacity, requested_capacity );
expected_capacity = requested_capacity;
@ -4215,7 +4219,7 @@ void derive_output( int alg_arg,
{
/* Read some bytes. */
status = psa_key_derivation_output_bytes( &operation,
output_buffer, output_sizes[i] );
output_buffer, output_sizes[i] );
if( expected_capacity == 0 && output_sizes[i] == 0 )
{
/* Reading 0 bytes when 0 bytes are available can go either way. */
@ -4239,7 +4243,7 @@ void derive_output( int alg_arg,
/* Check the operation status. */
expected_capacity -= output_sizes[i];
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
&current_capacity ) );
TEST_EQUAL( expected_capacity, current_capacity );
}
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
@ -4282,7 +4286,7 @@ void derive_full( int alg_arg,
{
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
requested_capacity ) );
requested_capacity ) );
PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
salt->x, salt->len ) );
@ -4302,7 +4306,7 @@ void derive_full( int alg_arg,
requested_capacity ) );
}
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
/* Expansion phase. */
@ -4312,11 +4316,11 @@ void derive_full( int alg_arg,
if( read_size > current_capacity )
read_size = current_capacity;
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer,
read_size ) );
output_buffer,
read_size ) );
expected_capacity -= read_size;
PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
&current_capacity ) );
&current_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
}
@ -4373,7 +4377,7 @@ void derive_key_exercise( int alg_arg,
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
&derived_handle ) );
&derived_handle ) );
/* Test the key information */
PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) );
@ -4430,8 +4434,8 @@ void derive_key_export( int alg_arg,
label->x, label->len,
capacity ) );
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer,
capacity ) );
output_buffer,
capacity ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
/* Derive the same output again, but this time store it in key objects. */
@ -4444,7 +4448,7 @@ void derive_key_export( int alg_arg,
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
&derived_handle ) );
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer, bytes1,
&length ) );
@ -4452,7 +4456,7 @@ void derive_key_export( int alg_arg,
PSA_ASSERT( psa_destroy_key( derived_handle ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
&derived_handle ) );
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer + bytes1, bytes2,
&length ) );
@ -4502,9 +4506,10 @@ void key_agreement_setup( int alg_arg,
status = psa_key_derivation_setup( &operation, alg );
if( status == PSA_SUCCESS )
{
TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ),
TEST_EQUAL( psa_key_derivation_key_agreement(
&operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ),
expected_status );
}
else
@ -4580,9 +4585,10 @@ void key_agreement_capacity( int alg_arg,
&our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
PSA_ASSERT( psa_key_derivation_key_agreement(
&operation,
PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
{
/* The test data is for info="" */
@ -4600,11 +4606,11 @@ void key_agreement_capacity( int alg_arg,
while( actual_capacity > sizeof( output ) )
{
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output, sizeof( output ) ) );
output, sizeof( output ) ) );
actual_capacity -= sizeof( output );
}
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output, actual_capacity ) );
output, actual_capacity ) );
TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
@ -4641,9 +4647,10 @@ void key_agreement_output( int alg_arg,
&our_key ) );
PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
PSA_ASSERT( psa_key_derivation_key_agreement(
&operation,
PSA_KEY_DERIVATION_INPUT_SECRET, our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
{
/* The test data is for info="" */
@ -4653,15 +4660,15 @@ void key_agreement_output( int alg_arg,
}
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
actual_output,
expected_output1->len ) );
actual_output,
expected_output1->len ) );
ASSERT_COMPARE( actual_output, expected_output1->len,
expected_output1->x, expected_output1->len );
if( expected_output2->len != 0 )
{
PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
actual_output,
expected_output2->len ) );
actual_output,
expected_output2->len ) );
ASSERT_COMPARE( actual_output, expected_output2->len,
expected_output2->x, expected_output2->len );
}
@ -4842,8 +4849,8 @@ void generate_key_rsa( int bits_arg,
* publicExponent INTEGER } -- e
*/
TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_SEQUENCE |
MBEDTLS_ASN1_CONSTRUCTED ) );
MBEDTLS_ASN1_SEQUENCE |
MBEDTLS_ASN1_CONSTRUCTED ) );
TEST_ASSERT( asn1_skip_integer( &p, end, bits, bits, 1 ) );
TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_INTEGER ) );
@ -4934,19 +4941,20 @@ void persistent_key_load_key_from_storage( data_t *data,
&base_key ) );
/* Derive a key. */
PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
base_key ) );
PSA_ASSERT( psa_key_derivation_input_key(
&operation,
PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) );
PSA_ASSERT( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
&handle ) );
PSA_ASSERT( psa_key_derivation_output_key( &attributes,
&operation,
&handle ) );
PSA_ASSERT( psa_key_derivation_abort( &operation ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = 0;
}
break;
break;
}
psa_reset_key_attributes( &attributes );