diff --git a/include/psa/crypto.h b/include/psa/crypto.h index c4aab460f..959af96fb 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3033,8 +3033,9 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation, - size_t *capacity); +psa_status_t psa_key_derivation_get_capacity( + const psa_key_derivation_operation_t *operation, + size_t *capacity); /** Set the maximum capacity of a key derivation operation. * @@ -3054,8 +3055,9 @@ psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_ * \retval #PSA_ERROR_BAD_STATE * \retval #PSA_ERROR_COMMUNICATION_FAILURE */ -psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *operation, - size_t capacity); +psa_status_t psa_key_derivation_set_capacity( + psa_key_derivation_operation_t *operation, + size_t capacity); /** Read some data from a key derivation operation. * @@ -3084,9 +3086,10 @@ psa_status_t psa_key_derivation_set_capacity(psa_key_derivation_operation_t *ope * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *operation, - uint8_t *output, - size_t output_length); +psa_status_t psa_key_derivation_output_bytes( + psa_key_derivation_operation_t *operation, + uint8_t *output, + size_t output_length); /** Derive a key from an ongoing key derivation operation. * @@ -3101,8 +3104,8 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *ope * the key is derived, depends on the key type: * * - For key types for which the key is an arbitrary sequence of bytes - * of a given size, - * this function is functionally equivalent to calling #psa_key_derivation_output_bytes + * of a given size, this function is functionally equivalent to + * calling #psa_key_derivation_output_bytes * and passing the resulting output to #psa_import_key. * However, this function has a security benefit: * if the implementation provides an isolation boundary then @@ -3202,9 +3205,10 @@ psa_status_t psa_key_derivation_output_bytes(psa_key_derivation_operation_t *ope * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attributes, - psa_key_derivation_operation_t *operation, - psa_key_handle_t *handle); +psa_status_t psa_key_derivation_output_key( + const psa_key_attributes_t *attributes, + psa_key_derivation_operation_t *operation, + psa_key_handle_t *handle); /** Abort a key derivation operation. * @@ -3214,9 +3218,9 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute * * This function may be called at any time as long as the operation * object has been initialized to #PSA_KEY_DERIVATION_OPERATION_INIT, to - * psa_key_derivation_operation_init() or a zero value. In particular, it is valid - * to call psa_key_derivation_abort() twice, or to call psa_key_derivation_abort() - * on an operation that has not been set up. + * psa_key_derivation_operation_init() or a zero value. In particular, + * it is valid to call psa_key_derivation_abort() twice, or to call + * psa_key_derivation_abort() on an operation that has not been set up. * * Once aborted, the key derivation operation object may be called. * @@ -3228,7 +3232,8 @@ psa_status_t psa_key_derivation_output_key(const psa_key_attributes_t *attribute * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation); +psa_status_t psa_key_derivation_abort( + psa_key_derivation_operation_t *operation); /** Use the maximum possible capacity for a key derivation operation. * @@ -3254,15 +3259,16 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) * as appropriate. Which inputs are needed, in what order, and whether * they may be keys and if so of what type depends on the algorithm. * - Optionally set the operation's maximum capacity with - * psa_key_derivation_set_capacity(). You may do this before, in the middle of - * or after providing inputs. For some algorithms, this step is mandatory + * psa_key_derivation_set_capacity(). You may do this before, in the middle + * of or after providing inputs. For some algorithms, this step is mandatory * because the output depends on the maximum capacity. * - To derive a key, call psa_key_derivation_output_key(). * To derive a byte string for a different purpose, call * - psa_key_derivation_output_bytes(). * Successive calls to these functions use successive output bytes * calculated by the key derivation algorithm. - * - Clean up the key derivation operation object with psa_key_derivation_abort(). + * - Clean up the key derivation operation object with + * psa_key_derivation_abort(). * * \param[in,out] operation The key derivation operation object * to set up. It must @@ -3283,8 +3289,9 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) * \retval #PSA_ERROR_TAMPERING_DETECTED * \retval #PSA_ERROR_BAD_STATE */ -psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, - psa_algorithm_t alg); +psa_status_t psa_key_derivation_setup( + psa_key_derivation_operation_t *operation, + psa_algorithm_t alg); /** Provide an input for key derivation or key agreement. * @@ -3321,10 +3328,11 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - const uint8_t *data, - size_t data_length); +psa_status_t psa_key_derivation_input_bytes( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length); /** Provide an input for key derivation in the form of a key. * @@ -3366,9 +3374,10 @@ psa_status_t psa_key_derivation_input_bytes(psa_key_derivation_operation_t *oper * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t handle); +psa_status_t psa_key_derivation_input_key( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_handle_t handle); /** Perform a key agreement and use the shared secret as input to a key * derivation. @@ -3423,11 +3432,12 @@ psa_status_t psa_key_derivation_input_key(psa_key_derivation_operation_t *operat * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_TAMPERING_DETECTED */ -psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length); +psa_status_t psa_key_derivation_key_agreement( + psa_key_derivation_operation_t *operation, + psa_key_derivation_step_t step, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length); /** Perform a key agreement and use the shared secret as input to a key * derivation. @@ -3439,8 +3449,8 @@ psa_status_t psa_key_derivation_key_agreement(psa_key_derivation_operation_t *op * Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should * not be used directly as key material. It should instead be passed as * input to a key derivation algorithm. To chain a key agreement with - * a key derivation, use psa_key_derivation_key_agreement() and other functions from - * the key derivation interface. + * a key derivation, use psa_key_derivation_key_agreement() and other + * functions from the key derivation interface. * * \param alg The key agreement algorithm to compute * (\c PSA_ALG_XXX value such that diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 1fb052b27..45655ddfc 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -157,9 +157,10 @@ psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, * - For HKDF (#PSA_ALG_HKDF), \p salt is the salt used in the "extract" step * and \p label is the info string used in the "expand" step. * - * \param[in,out] operation The key derivation object to set up. It must have - * been initialized as per the documentation for - * #psa_key_derivation_operation_t and not yet in use. + * \param[in,out] operation The key derivation object to set up. It must + * have been initialized as per the documentation + * for #psa_key_derivation_operation_t and not + * yet be in use. * \param handle Handle to the secret key. * \param alg The key derivation algorithm to compute * (\c PSA_ALG_XXX value such that diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index c57d06a36..c54fc9a60 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1590,25 +1590,25 @@ * * This must be a key of type #PSA_KEY_TYPE_DERIVE. */ -#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) +#define PSA_KEY_DERIVATION_INPUT_SECRET ((psa_key_derivation_step_t)0x0101) /** A label for key derivation. * * This must be a direct input. */ -#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201) +#define PSA_KEY_DERIVATION_INPUT_LABEL ((psa_key_derivation_step_t)0x0201) /** A salt for key derivation. * * This must be a direct input. */ -#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202) +#define PSA_KEY_DERIVATION_INPUT_SALT ((psa_key_derivation_step_t)0x0202) /** An information string for key derivation. * * This must be a direct input. */ -#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203) +#define PSA_KEY_DERIVATION_INPUT_INFO ((psa_key_derivation_step_t)0x0203) /**@}*/ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3e77dceb0..4b6dcf0a5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4572,13 +4572,13 @@ exit: * to potentially free embedded data structures and wipe confidential data. */ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf, - const uint8_t *secret, - size_t secret_length, - psa_algorithm_t hash_alg, - const uint8_t *salt, - size_t salt_length, - const uint8_t *label, - size_t label_length ) + const uint8_t *secret, + size_t secret_length, + psa_algorithm_t hash_alg, + const uint8_t *salt, + size_t salt_length, + const uint8_t *label, + size_t label_length ) { psa_status_t status; status = psa_hmac_setup_internal( &hkdf->hmac, @@ -4637,7 +4637,7 @@ static psa_status_t psa_key_derivation_tls12_prf_setup( memcpy( tls12_prf->key, key, key_len ); overflow = ( salt_length + label_length < salt_length ) || - ( salt_length + label_length + hash_length < hash_length ); + ( salt_length + label_length + hash_length < hash_length ); if( overflow ) return( PSA_ERROR_INVALID_ARGUMENT ); @@ -4700,10 +4700,10 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( memcpy( pms + 4 + psk_len, psk, psk_len ); status = psa_key_derivation_tls12_prf_setup( tls12_prf, - pms, 4 + 2 * psk_len, - hash_alg, - salt, salt_length, - label, label_length ); + pms, 4 + 2 * psk_len, + hash_alg, + salt, salt_length, + label, label_length ); mbedtls_platform_zeroize( pms, sizeof( pms ) ); return( status ); @@ -4753,10 +4753,10 @@ static psa_status_t psa_key_derivation_internal( return( PSA_ERROR_NOT_SUPPORTED ); max_capacity = 255 * hash_size; status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf, - secret, secret_length, - hash_alg, - salt, salt_length, - label, label_length ); + secret, secret_length, + hash_alg, + salt, salt_length, + label, label_length ); } /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ else if( PSA_ALG_IS_TLS12_PRF( alg ) || @@ -4777,9 +4777,9 @@ static psa_status_t psa_key_derivation_internal( if( PSA_ALG_IS_TLS12_PRF( alg ) ) { status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf, - secret, secret_length, - hash_alg, salt, salt_length, - label, label_length ); + secret, secret_length, + hash_alg, salt, salt_length, + label, label_length ); } else { @@ -5003,9 +5003,9 @@ static psa_status_t psa_key_derivation_input_raw( else #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_MD_C) - /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ + /* TLS-1.2 PRF and TLS-1.2 PSK-to-MS are very similar, so share code. */ if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || - PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) + PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { // To do: implement this status = PSA_ERROR_NOT_SUPPORTED; @@ -5184,10 +5184,10 @@ exit: } psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation, - psa_key_derivation_step_t step, - psa_key_handle_t private_key, - const uint8_t *peer_key, - size_t peer_key_length ) + psa_key_derivation_step_t step, + psa_key_handle_t private_key, + const uint8_t *peer_key, + size_t peer_key_length ) { psa_key_slot_t *slot; psa_status_t status; diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4c28b80a6..e9fd3f612 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -559,8 +559,8 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, sizeof( output ) ) ); } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - sizeof( output ) ) ); + output, + sizeof( output ) ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); } @@ -572,8 +572,9 @@ exit: /* We need two keys to exercise key agreement. Exercise the * private key against its own public key. */ -static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation, - psa_key_handle_t handle ) +static psa_status_t key_agreement_with_self( + psa_key_derivation_operation_t *operation, + psa_key_handle_t handle ) { psa_key_type_t private_key_type; psa_key_type_t public_key_type; @@ -581,8 +582,8 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *ope uint8_t *public_key = NULL; size_t public_key_length; /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's - * good enough: callers will report it as a failed test anyway. */ + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -596,8 +597,9 @@ static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *ope public_key, public_key_length, &public_key_length ) ); - status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, - public_key, public_key_length ); + status = psa_key_derivation_key_agreement( + operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle, + public_key, public_key_length ); exit: mbedtls_free( public_key ); psa_reset_key_attributes( &attributes ); @@ -617,8 +619,8 @@ static psa_status_t raw_key_agreement_with_self( psa_algorithm_t alg, uint8_t output[1024]; size_t output_length; /* Return GENERIC_ERROR if something other than the final call to - * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, but it's - * good enough: callers will report it as a failed test anyway. */ + * psa_key_derivation_key_agreement fails. This isn't fully satisfactory, + * but it's good enough: callers will report it as a failed test anyway. */ psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; @@ -675,8 +677,8 @@ static int exercise_key_agreement_key( psa_key_handle_t handle, PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); PSA_ASSERT( key_agreement_with_self( &operation, handle ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, - sizeof( output ) ) ); + output, + sizeof( output ) ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); } ok = 1; @@ -2488,7 +2490,7 @@ void mac_bad_order( ) /* Call update after verify finish. */ PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2511,7 +2513,7 @@ void mac_bad_order( ) /* Call verify finish twice in a row. */ PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); PSA_ASSERT( psa_mac_verify_finish( &operation, verify_mac, sizeof( verify_mac ) ) ); @@ -2531,7 +2533,7 @@ void mac_bad_order( ) /* Setup verify but try sign. */ PSA_ASSERT( psa_mac_verify_setup( &operation, - handle, alg ) ); + handle, alg ) ); PSA_ASSERT( psa_mac_update( &operation, input, sizeof( input ) ) ); TEST_EQUAL( psa_mac_sign_finish( &operation, sign_mac, sizeof( sign_mac ), @@ -4120,7 +4122,8 @@ void test_derive_invalid_key_derivation_tests( ) size_t capacity = 0; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; - TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &operation, + output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) @@ -4128,7 +4131,8 @@ void test_derive_invalid_key_derivation_tests( ) PSA_ASSERT( psa_key_derivation_abort( &operation ) ); - TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size ) + TEST_ASSERT( psa_key_derivation_output_bytes( &operation, + output_buffer, buffer_size ) == PSA_ERROR_BAD_STATE ); TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity ) @@ -4186,7 +4190,7 @@ void derive_output( int alg_arg, { PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); PSA_ASSERT( psa_key_derivation_set_capacity( &operation, - requested_capacity ) ); + requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); @@ -4206,7 +4210,7 @@ void derive_output( int alg_arg, requested_capacity ) ); } PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( current_capacity, requested_capacity ); expected_capacity = requested_capacity; @@ -4215,7 +4219,7 @@ void derive_output( int alg_arg, { /* Read some bytes. */ status = psa_key_derivation_output_bytes( &operation, - output_buffer, output_sizes[i] ); + output_buffer, output_sizes[i] ); if( expected_capacity == 0 && output_sizes[i] == 0 ) { /* Reading 0 bytes when 0 bytes are available can go either way. */ @@ -4239,7 +4243,7 @@ void derive_output( int alg_arg, /* Check the operation status. */ expected_capacity -= output_sizes[i]; PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( expected_capacity, current_capacity ); } PSA_ASSERT( psa_key_derivation_abort( &operation ) ); @@ -4282,7 +4286,7 @@ void derive_full( int alg_arg, { PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); PSA_ASSERT( psa_key_derivation_set_capacity( &operation, - requested_capacity ) ); + requested_capacity ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_SALT, salt->x, salt->len ) ); @@ -4302,7 +4306,7 @@ void derive_full( int alg_arg, requested_capacity ) ); } PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); /* Expansion phase. */ @@ -4312,11 +4316,11 @@ void derive_full( int alg_arg, if( read_size > current_capacity ) read_size = current_capacity; PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output_buffer, - read_size ) ); + output_buffer, + read_size ) ); expected_capacity -= read_size; PSA_ASSERT( psa_key_derivation_get_capacity( &operation, - ¤t_capacity ) ); + ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); } @@ -4373,7 +4377,7 @@ void derive_key_exercise( int alg_arg, psa_set_key_type( &attributes, derived_type ); psa_set_key_bits( &attributes, derived_bits ); PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &derived_handle ) ); + &derived_handle ) ); /* Test the key information */ PSA_ASSERT( psa_get_key_attributes( derived_handle, &got_attributes ) ); @@ -4430,8 +4434,8 @@ void derive_key_export( int alg_arg, label->x, label->len, capacity ) ); PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output_buffer, - capacity ) ); + output_buffer, + capacity ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); /* Derive the same output again, but this time store it in key objects. */ @@ -4444,7 +4448,7 @@ void derive_key_export( int alg_arg, psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); + &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer, bytes1, &length ) ); @@ -4452,7 +4456,7 @@ void derive_key_export( int alg_arg, PSA_ASSERT( psa_destroy_key( derived_handle ) ); psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) ); PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation, - &derived_handle ) ); + &derived_handle ) ); PSA_ASSERT( psa_export_key( derived_handle, export_buffer + bytes1, bytes2, &length ) ); @@ -4502,9 +4506,10 @@ void key_agreement_setup( int alg_arg, status = psa_key_derivation_setup( &operation, alg ); if( status == PSA_SUCCESS ) { - TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - our_key, - peer_key_data->x, peer_key_data->len ), + TEST_EQUAL( psa_key_derivation_key_agreement( + &operation, PSA_KEY_DERIVATION_INPUT_SECRET, + our_key, + peer_key_data->x, peer_key_data->len ), expected_status ); } else @@ -4580,9 +4585,10 @@ void key_agreement_capacity( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - our_key, - peer_key_data->x, peer_key_data->len ) ); + PSA_ASSERT( psa_key_derivation_key_agreement( + &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, our_key, + peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ @@ -4600,11 +4606,11 @@ void key_agreement_capacity( int alg_arg, while( actual_capacity > sizeof( output ) ) { PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, sizeof( output ) ) ); + output, sizeof( output ) ) ); actual_capacity -= sizeof( output ); } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - output, actual_capacity ) ); + output, actual_capacity ) ); TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ), PSA_ERROR_INSUFFICIENT_DATA ); @@ -4641,9 +4647,10 @@ void key_agreement_output( int alg_arg, &our_key ) ); PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) ); - PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET, - our_key, - peer_key_data->x, peer_key_data->len ) ); + PSA_ASSERT( psa_key_derivation_key_agreement( + &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, our_key, + peer_key_data->x, peer_key_data->len ) ); if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) ) { /* The test data is for info="" */ @@ -4653,15 +4660,15 @@ void key_agreement_output( int alg_arg, } PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - actual_output, - expected_output1->len ) ); + actual_output, + expected_output1->len ) ); ASSERT_COMPARE( actual_output, expected_output1->len, expected_output1->x, expected_output1->len ); if( expected_output2->len != 0 ) { PSA_ASSERT( psa_key_derivation_output_bytes( &operation, - actual_output, - expected_output2->len ) ); + actual_output, + expected_output2->len ) ); ASSERT_COMPARE( actual_output, expected_output2->len, expected_output2->x, expected_output2->len ); } @@ -4842,8 +4849,8 @@ void generate_key_rsa( int bits_arg, * publicExponent INTEGER } -- e */ TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, - MBEDTLS_ASN1_SEQUENCE | - MBEDTLS_ASN1_CONSTRUCTED ) ); + MBEDTLS_ASN1_SEQUENCE | + MBEDTLS_ASN1_CONSTRUCTED ) ); TEST_ASSERT( asn1_skip_integer( &p, end, bits, bits, 1 ) ); TEST_EQUAL( 0, mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_INTEGER ) ); @@ -4934,19 +4941,20 @@ void persistent_key_load_key_from_storage( data_t *data, &base_key ) ); /* Derive a key. */ PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) ); - PSA_ASSERT( psa_key_derivation_input_key( &operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - base_key ) ); + PSA_ASSERT( psa_key_derivation_input_key( + &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, base_key ) ); PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, NULL, 0 ) ); - PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation, - &handle ) ); + PSA_ASSERT( psa_key_derivation_output_key( &attributes, + &operation, + &handle ) ); PSA_ASSERT( psa_key_derivation_abort( &operation ) ); PSA_ASSERT( psa_destroy_key( base_key ) ); base_key = 0; } - break; + break; } psa_reset_key_attributes( &attributes );