diff --git a/ChangeLog.d/hkdf_extract_expand.txt b/ChangeLog.d/hkdf_extract_expand.txt new file mode 100644 index 000000000..c394bbd2c --- /dev/null +++ b/ChangeLog.d/hkdf_extract_expand.txt @@ -0,0 +1,2 @@ +Features + * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API. diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 7718f8547..ac7b7e8c4 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -121,6 +121,20 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ +#endif /* PSA_WANT_ALG_HKDF_EXTRACT */ + +#if defined(PSA_WANT_ALG_HKDF_EXPAND) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ +#endif /* PSA_WANT_ALG_HKDF_EXPAND */ + #if defined(PSA_WANT_ALG_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index e4377504a..991be96ef 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -67,6 +67,8 @@ #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_GCM 1 #define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_HKDF_EXTRACT 1 +#define PSA_WANT_ALG_HKDF_EXPAND 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 434554dfe..957b4c611 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -181,7 +181,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void ) return( v ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) typedef struct { uint8_t *MBEDTLS_PRIVATE(info); @@ -197,7 +199,9 @@ typedef struct uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE]; struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac); } psa_hkdf_key_derivation_t; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -254,7 +258,9 @@ struct psa_key_derivation_s { /* Make the union non-empty even with no supported algorithms. */ uint8_t MBEDTLS_PRIVATE(dummy); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 17d7a9bcd..17cc1a976 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1741,6 +1741,12 @@ * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before * starting to generate output. * + * \warning HKDF processes the salt as follows: first hash it with hash_alg + * if the salt is longer than the block size of the hash algorithm; then + * pad with null bytes up to the block size. As a result, it is possible + * for distinct salt inputs to result in the same outputs. To ensure + * unique outputs, it is recommended to use a fixed length for salt values. + * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). * @@ -1766,6 +1772,112 @@ #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t)0x08000400) +/** Macro to build an HKDF-Extract algorithm. + * + * For example, `PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA256)` is + * HKDF-Extract using HMAC-SHA-256. + * + * This key derivation algorithm uses the following inputs: + * - PSA_KEY_DERIVATION_INPUT_SALT is the salt. + * - PSA_KEY_DERIVATION_INPUT_SECRET is the input keying material used in the + * "extract" step. + * The inputs are mandatory and must be passed in the order above. + * Each input may only be passed once. + * + * \warning HKDF-Extract is not meant to be used on its own. PSA_ALG_HKDF + * should be used instead if possible. PSA_ALG_HKDF_EXTRACT is provided + * as a separate algorithm for the sake of protocols that use it as a + * building block. It may also be a slight performance optimization + * in applications that use HKDF with the same salt and key but many + * different info strings. + * + * \warning HKDF processes the salt as follows: first hash it with hash_alg + * if the salt is longer than the block size of the hash algorithm; then + * pad with null bytes up to the block size. As a result, it is possible + * for distinct salt inputs to result in the same outputs. To ensure + * unique outputs, it is recommended to use a fixed length for salt values. + * + * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_HASH(\p hash_alg) is true). + * + * \return The corresponding HKDF-Extract algorithm. + * \return Unspecified if \p hash_alg is not a supported + * hash algorithm. + */ +#define PSA_ALG_HKDF_EXTRACT(hash_alg) \ + (PSA_ALG_HKDF_EXTRACT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +/** Whether the specified algorithm is an HKDF-Extract algorithm. + * + * HKDF-Extract is a family of key derivation algorithms that are based + * on a hash function and the HMAC construction. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is an HKDF-Extract algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_HKDF_EXTRACT(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE) + +#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t)0x08000500) +/** Macro to build an HKDF-Expand algorithm. + * + * For example, `PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA256)` is + * HKDF-Expand using HMAC-SHA-256. + * + * This key derivation algorithm uses the following inputs: + * - PSA_KEY_DERIVATION_INPUT_SECRET is the pseudorandom key (PRK). + * - PSA_KEY_DERIVATION_INPUT_INFO is the info string. + * + * The inputs are mandatory and must be passed in the order above. + * Each input may only be passed once. + * + * \warning HKDF-Expand is not meant to be used on its own. `PSA_ALG_HKDF` + * should be used instead if possible. `PSA_ALG_HKDF_EXPAND` is provided as + * a separate algorithm for the sake of protocols that use it as a building + * block. It may also be a slight performance optimization in applications + * that use HKDF with the same salt and key but many different info strings. + * + * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_HASH(\p hash_alg) is true). + * + * \return The corresponding HKDF-Expand algorithm. + * \return Unspecified if \p hash_alg is not a supported + * hash algorithm. + */ +#define PSA_ALG_HKDF_EXPAND(hash_alg) \ + (PSA_ALG_HKDF_EXPAND_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +/** Whether the specified algorithm is an HKDF-Expand algorithm. + * + * HKDF-Expand is a family of key derivation algorithms that are based + * on a hash function and the HMAC construction. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is an HKDF-Expand algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_HKDF_EXPAND(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE) + +/** Whether the specified algorithm is an HKDF or HKDF-Extract or + * HKDF-Expand algorithm. + * + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is any HKDF type algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_ANY_HKDF(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE || \ + ((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE || \ + ((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE) + #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200) /** Macro to build a TLS-1.2 PRF algorithm. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3af7aab7..b0116ddfb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -88,6 +88,12 @@ #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#define BUILTIN_ALG_ANY_HKDF 1 +#endif + /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -4235,13 +4241,13 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) /* Generators */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ +#if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ +#if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_start_hmac( @@ -4294,14 +4300,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * nothing to do. */ } else -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) +#if defined(BUILTIN_ALG_ANY_HKDF) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_mac_abort( &operation->ctx.hkdf.hmac ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -4375,19 +4381,29 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) -/* Read some bytes from an HKDF-based operation. This performs a chunk - * of the expand phase of the HKDF algorithm. */ +#if defined(BUILTIN_ALG_ANY_HKDF) +/* Read some bytes from an HKDF-based operation. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, + psa_algorithm_t kdf_alg, uint8_t *output, size_t output_length ) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); size_t hmac_output_length; psa_status_t status; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + const uint8_t last_block = PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ? 0 : 0xff; +#else + const uint8_t last_block = 0xff; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ - if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set ) + if( hkdf->state < HKDF_STATE_KEYED || + ( !hkdf->info_set +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + && !PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ + ) ) return( PSA_ERROR_BAD_STATE ); hkdf->state = HKDF_STATE_OUTPUT; @@ -4403,12 +4419,12 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd hkdf->offset_in_block += n; if( output_length == 0 ) break; - /* We can't be wanting more output after block 0xff, otherwise + /* We can't be wanting more output after the last block, otherwise * the capacity check in psa_key_derivation_output_bytes() would have * prevented this call. It could happen only if the operation * object was corrupted or if this function is called directly * inside the library. */ - if( hkdf->block_number == 0xff ) + if( hkdf->block_number == last_block ) return( PSA_ERROR_BAD_STATE ); /* We need a new block */ @@ -4449,7 +4465,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -4649,15 +4665,14 @@ psa_status_t psa_key_derivation_output_bytes( } operation->capacity -= output_length; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) +#if defined(BUILTIN_ALG_ANY_HKDF) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg, + status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg, output, output_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -5046,6 +5061,14 @@ static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) if( PSA_ALG_IS_HKDF( kdf_alg ) ) return( 1 ); #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + return( 1 ); +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + return( 1 ); +#endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) return( 1 ); @@ -5097,8 +5120,12 @@ static psa_status_t psa_key_derivation_setup_kdf( { return( PSA_ERROR_NOT_SUPPORTED ); } - - operation->capacity = 255 * hash_size; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + operation->capacity = hash_size; + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ + operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } @@ -5152,17 +5179,22 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(BUILTIN_ALG_ANY_HKDF) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, + psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); psa_status_t status; switch( step ) { case PSA_KEY_DERIVATION_INPUT_SALT: +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ if( hkdf->state != HKDF_STATE_INIT ) return( PSA_ERROR_BAD_STATE ); else @@ -5176,33 +5208,82 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_SUCCESS ); } case PSA_KEY_DERIVATION_INPUT_SECRET: - /* If no salt was provided, use an empty salt. */ - if( hkdf->state == HKDF_STATE_INIT ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { - status = psa_key_derivation_start_hmac( &hkdf->hmac, - hash_alg, - NULL, 0 ); + /* We shouldn't be in different state as HKDF_EXPAND only allows + * two inputs: SECRET (this case) and INFO which does not modify + * the state. It could happen only if the hkdf + * object was corrupted. */ + if( hkdf->state != HKDF_STATE_INIT ) + return( PSA_ERROR_BAD_STATE ); + + /* Allow only input that fits expected prk size */ + if( data_length != PSA_HASH_LENGTH( hash_alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + memcpy( hkdf->prk, data, data_length ); + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ + { + /* HKDF: If no salt was provided, use an empty salt. + * HKDF-EXTRACT: salt is mandatory. */ + if( hkdf->state == HKDF_STATE_INIT ) + { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + return( PSA_ERROR_BAD_STATE ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + NULL, 0 ); + if( status != PSA_SUCCESS ) + return( status ); + hkdf->state = HKDF_STATE_STARTED; + } + if( hkdf->state != HKDF_STATE_STARTED ) + return( PSA_ERROR_BAD_STATE ); + status = psa_mac_update( &hkdf->hmac, + data, data_length ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_mac_sign_finish( &hkdf->hmac, + hkdf->prk, + sizeof( hkdf->prk ), + &data_length ); if( status != PSA_SUCCESS ) return( status ); - hkdf->state = HKDF_STATE_STARTED; } - if( hkdf->state != HKDF_STATE_STARTED ) - return( PSA_ERROR_BAD_STATE ); - status = psa_mac_update( &hkdf->hmac, - data, data_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_mac_sign_finish( &hkdf->hmac, - hkdf->prk, - sizeof( hkdf->prk ), - &data_length ); - if( status != PSA_SUCCESS ) - return( status ); - hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); - hkdf->block_number = 0; + hkdf->state = HKDF_STATE_KEYED; + hkdf->block_number = 0; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + { + /* The only block of output is the PRK. */ + memcpy( hkdf->output_block, hkdf->prk, PSA_HASH_LENGTH( hash_alg ) ); + hkdf->offset_in_block = 0; + } + else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ + { + /* Block 0 is empty, and the next block will be + * generated by psa_key_derivation_hkdf_read(). */ + hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); + } + return( PSA_SUCCESS ); case PSA_KEY_DERIVATION_INPUT_INFO: +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) && + hkdf->state == HKDF_STATE_INIT ) + return( PSA_ERROR_BAD_STATE ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ if( hkdf->state == HKDF_STATE_OUTPUT ) return( PSA_ERROR_BAD_STATE ); if( hkdf->info_set ) @@ -5221,7 +5302,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_INVALID_ARGUMENT ); } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -5486,15 +5567,14 @@ static psa_status_t psa_key_derivation_input_internal( if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) +#if defined(BUILTIN_ALG_ANY_HKDF) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { - status = psa_hkdf_input( &operation->ctx.hkdf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), + status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg, step, data, data_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 927009ad9..8052a85fb 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -190,6 +190,8 @@ #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 #define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index d1650f182..4f08835b9 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -627,6 +627,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, unsigned char output[1]; int ok = 0; psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_status_t expected_key_agreement_status = PSA_SUCCESS; if( usage & PSA_KEY_USAGE_DERIVE ) { @@ -641,7 +642,32 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, input, sizeof( input ) ) ); } - PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_SALT, + input, sizeof( input ) ) ); + } + + /* For HKDF_EXPAND input secret may fail as secret size may not match + to expected PRK size. In practice it means that key bits must match + hash length. Otherwise test should fail with INVALID_ARGUMENT. */ + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + size_t key_bits = psa_get_key_bits( &attributes ); + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); + + if( PSA_BITS_TO_BYTES( key_bits ) != PSA_HASH_LENGTH( hash_alg ) ) + expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT; + } + + TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( &operation, key ), + expected_key_agreement_status ); + + if( expected_key_agreement_status != PSA_SUCCESS ) + return( 1 ); if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) @@ -650,7 +676,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, &operation, PSA_KEY_DERIVATION_INPUT_LABEL, input, sizeof( input ) ) ); } - else if( PSA_ALG_IS_HKDF( kdf_alg ) ) + else if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7250753f2..1182c0069 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5135,6 +5135,281 @@ PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 +# HKDF-Extract tests: out - output, k - secret provided as key, b - secret provided as bytes +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, k derive key +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:1 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:0:0 + +PSA key derivation: HKDF-Extract info before secret +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract info after secret +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input other secret +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input label +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input password +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input seed +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input cost +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, b derive key +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:1 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+1 (over capacity) +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"00":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, no salt +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:0:0 + +# HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:0:0 + +# HKDF-Expand tests: Invalid test cases +PSA key derivation: HKDF-Expand input other secret +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input salt +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input label +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input password +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input seed +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input cost +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+1 (over capacity) +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"00":0:1:0 + +PSA key derivation: HKDF-Expand Invalid secret length +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e500":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:0:0 + +PSA key derivation: HKDF-Expand, Info before secret +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 + # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF @@ -5470,6 +5745,14 @@ PSA key derivation: HKDF SHA-1, request maximum capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 +PSA key derivation: HKDF-Expand SHA-256, request maximum capacity +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, request maximum capacity +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0 + PSA key derivation: HKDF SHA-256, request too much capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT @@ -5478,6 +5761,22 @@ PSA key derivation: HKDF SHA-1, request too much capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT +PSA key derivation: HKDF-Extract SHA-256, request too much capacity +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: HKDF-Extract SHA-1, request too much capacity +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 +derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: HKDF-Expand SHA-256, request too much capacity +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: HKDF-Expand SHA-1, request too much capacity +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 +derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT + PSA key derivation: over capacity 42: output 42+1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 0bfabb14e..7d368cf16 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7005,9 +7005,13 @@ void derive_output( int alg_arg, switch( key_input_type ) { case 0: // input bytes - PSA_ASSERT( psa_key_derivation_input_bytes( + TEST_EQUAL( psa_key_derivation_input_bytes( &operation, steps[i], - inputs[i]->x, inputs[i]->len ) ); + inputs[i]->x, inputs[i]->len ), + statuses[i] ); + + if( statuses[i] != PSA_SUCCESS ) + goto exit; break; case 1: // input key psa_set_key_usage_flags( &attributes1, PSA_KEY_USAGE_DERIVE ); @@ -7087,9 +7091,12 @@ void derive_output( int alg_arg, goto exit; break; default: - PSA_ASSERT( psa_key_derivation_input_bytes( + TEST_EQUAL( psa_key_derivation_input_bytes( &operation, steps[i], - inputs[i]->x, inputs[i]->len ) ); + inputs[i]->x, inputs[i]->len ), statuses[i] ); + + if( statuses[i] != PSA_SUCCESS ) + goto exit; break; } } @@ -7111,7 +7118,7 @@ void derive_output( int alg_arg, psa_set_key_usage_flags( &attributes4, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes4, alg ); psa_set_key_type( &attributes4, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes4, 48 ); + psa_set_key_bits( &attributes4, PSA_BYTES_TO_BITS( requested_capacity ) ); TEST_EQUAL( psa_key_derivation_output_key( &attributes4, &operation, &derived_key ), expected_status ); diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 83763c55d..bf5f04e4f 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -270,6 +270,22 @@ Key derivation: HKDF using SHA-384 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_384 ):ALG_IS_HKDF +Key derivation: HKDF-Extract using SHA-256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXTRACT + +Key derivation: HKDF-Extract using SHA-384 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_384 +key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXTRACT + +Key derivation: HKDF-Expand using SHA-256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXPAND + +Key derivation: HKDF-Expand using SHA-384 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_384 +key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXPAND + Key derivation: TLS 1.2 PRF using SHA-256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 092780c4d..643a92f5e 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -37,14 +37,16 @@ #define ALG_IS_HASH_AND_SIGN ( 1u << 18 ) #define ALG_IS_RSA_OAEP ( 1u << 19 ) #define ALG_IS_HKDF ( 1u << 20 ) -#define ALG_IS_FFDH ( 1u << 21 ) -#define ALG_IS_ECDH ( 1u << 22 ) -#define ALG_IS_WILDCARD ( 1u << 23 ) -#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 ) -#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 ) -#define ALG_IS_TLS12_PRF ( 1u << 26 ) -#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 ) -#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */ +#define ALG_IS_HKDF_EXTRACT ( 1u << 21 ) +#define ALG_IS_HKDF_EXPAND ( 1u << 22 ) +#define ALG_IS_FFDH ( 1u << 23 ) +#define ALG_IS_ECDH ( 1u << 24 ) +#define ALG_IS_WILDCARD ( 1u << 25 ) +#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 26 ) +#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 27 ) +#define ALG_IS_TLS12_PRF ( 1u << 28 ) +#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 29 ) +#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 30 ) /* must be last! */ /* Flags for key type classification macros. There is a flag for every * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that @@ -140,6 +142,8 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags ) TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXTRACT, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXPAND, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags );