From 6b6ce3278e64e024499235cc25618907153bd5eb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 10 May 2022 12:38:27 +0200 Subject: [PATCH 01/30] Add definitions for HKDF-Extract and HKDF-Expand algs Signed-off-by: Przemek Stekiel --- include/psa/crypto_values.h | 91 +++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2f9a15a82..2b315c118 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1762,6 +1762,97 @@ #define PSA_ALG_HKDF_GET_HASH(hkdf_alg) \ (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_HKDF_EXTRACT_BASE ((psa_algorithm_t)0x08000400) +/** Macro to build an HKDF-Extract algorithm. + * + * For example, `PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA256)` is + * HKDF-Extract using HMAC-SHA-256. + * + * This key derivation algorithm uses the following inputs: + * - PSA_KEY_DERIVATION_INPUT_SALT is the salt. Note that if the salt is + * shorter than the hash function's block size, it is padded to the block + * size with null bytes (and in particular an empty salt is equivalent to + * a string of zeros of the length of the hash, or of the block size which + * is larger than the hash). + * - PSA_KEY_DERIVATION_INPUT_SECRET is the input keying material used in the + * "extract" step. + * You must pass #PSA_KEY_DERIVATION_INPUT_SALT + * before #PSA_KEY_DERIVATION_INPUT_SECRET. + * starting to generate output. + * + * \warning HKDF-Extract is not meant to be used on its own. PSA_ALG_HKDF + * should be used instead if possible. PSA_ALG_HKDF_EXTRACT is provided + * as a separate algorithm for the sake of protocols that use it as a + * building block. It may also be a slight performance optimization + * in applications that use HKDF with the same salt and key but many + * different info strings. + * + * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_HASH(\p hash_alg) is true). + * + * \return The corresponding HKDF-Extract algorithm. + * \return Unspecified if \p hash_alg is not a supported + * hash algorithm. + */ + +#define PSA_ALG_HKDF_EXTRACT(hash_alg) \ + (PSA_ALG_HKDF_EXTRACT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +/** Whether the specified algorithm is an HKDF-Extract algorithm. + * + * HKDF-Extract is a family of key derivation algorithms that are based + * on a hash function and the HMAC construction. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is an HKDF-Extract algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_HKDF_EXTRACT(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE) + +#define PSA_ALG_HKDF_EXPAND_BASE ((psa_algorithm_t)0x08000500) +/** Macro to build an HKDF-Expand algorithm. + * + * For example, `PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA256)` is + * HKDF-Expand using HMAC-SHA-256. + * + * This key derivation algorithm uses the following inputs: + * - PSA_KEY_DERIVATION_INPUT_SECRET is the pseudoramdom key (PRK). + * - PSA_KEY_DERIVATION_INPUT_INFO is the info string. + * + * The inputs are mandatory and must be passed in the order above. + * Each input may only be passed once. + * + * \warning HKDF-Expand is not meant to be used on its own. `PSA_ALG_HKDF` + * should be used instead if possible. `PSA_ALG_HKDF_EXPAND` is provided as + * a separate algorithm for the sake of protocols that use it as a building + * block. It may also be a slight performance optimization in applications + * that use HKDF with the same salt and key but many different info strings. + * + * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_HASH(\p hash_alg) is true). + * + * \return The corresponding HKDF-Expand algorithm. + * \return Unspecified if \p hash_alg is not a supported + * hash algorithm. + */ +#define PSA_ALG_HKDF_EXPAND(hash_alg) \ + (PSA_ALG_HKDF_EXPAND_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +/** Whether the specified algorithm is an HKDF-Extract algorithm. + * + * HKDF-Expand is a family of key derivation algorithms that are based + * on a hash function and the HMAC construction. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is an HKDF-Expand algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_HKDF_EXPAND(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE) + #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200) /** Macro to build a TLS-1.2 PRF algorithm. * From 17520fe2c58ea5aa1ba822fbe7f9580a0add541e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 10 May 2022 13:53:33 +0200 Subject: [PATCH 02/30] PSA: Add support for HKDF-Extend and HKDF-Expand algs Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 144 ++++++++++++++++++++++++++----------------- 1 file changed, 89 insertions(+), 55 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d58923dbd..0783697ad 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4295,7 +4295,8 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation } else #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || + PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_mac_abort( &operation->ctx.hkdf.hmac ); @@ -4379,15 +4380,17 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op /* Read some bytes from an HKDF-based operation. This performs a chunk * of the expand phase of the HKDF algorithm. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, + psa_algorithm_t kdf_alg, uint8_t *output, size_t output_length ) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); size_t hmac_output_length; psa_status_t status; - if( hkdf->state < HKDF_STATE_KEYED || ! hkdf->info_set ) + if( hkdf->state < HKDF_STATE_KEYED || + ( ! hkdf->info_set && ! PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) ) return( PSA_ERROR_BAD_STATE ); hkdf->state = HKDF_STATE_OUTPUT; @@ -4411,40 +4414,49 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd if( hkdf->block_number == 0xff ) return( PSA_ERROR_BAD_STATE ); + + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) && hkdf->block_number == 0 ) + { + memcpy( hkdf->output_block, hkdf->prk, hash_length ); + } + /* We need a new block */ ++hkdf->block_number; hkdf->offset_in_block = 0; - status = psa_key_derivation_start_hmac( &hkdf->hmac, - hash_alg, - hkdf->prk, - hash_length ); - if( status != PSA_SUCCESS ) - return( status ); - - if( hkdf->block_number != 1 ) + if( ! PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) { + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + hkdf->prk, + hash_length ); + if( status != PSA_SUCCESS ) + return( status ); + + if( hkdf->block_number != 1 ) + { + status = psa_mac_update( &hkdf->hmac, + hkdf->output_block, + hash_length ); + if( status != PSA_SUCCESS ) + return( status ); + } status = psa_mac_update( &hkdf->hmac, - hkdf->output_block, - hash_length ); + hkdf->info, + hkdf->info_length ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_mac_update( &hkdf->hmac, + &hkdf->block_number, 1 ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_mac_sign_finish( &hkdf->hmac, + hkdf->output_block, + sizeof( hkdf->output_block ), + &hmac_output_length ); if( status != PSA_SUCCESS ) return( status ); } - status = psa_mac_update( &hkdf->hmac, - hkdf->info, - hkdf->info_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_mac_update( &hkdf->hmac, - &hkdf->block_number, 1 ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_mac_sign_finish( &hkdf->hmac, - hkdf->output_block, - sizeof( hkdf->output_block ), - &hmac_output_length ); - if( status != PSA_SUCCESS ) - return( status ); } return( PSA_SUCCESS ); @@ -4650,10 +4662,10 @@ psa_status_t psa_key_derivation_output_bytes( operation->capacity -= output_length; #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) || + PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) { - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg, + status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg, output, output_length ); } else @@ -5043,7 +5055,8 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || + PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) return( 1 ); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) @@ -5097,8 +5110,10 @@ static psa_status_t psa_key_derivation_setup_kdf( { return( PSA_ERROR_NOT_SUPPORTED ); } - - operation->capacity = 255 * hash_size; + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + operation->capacity = hash_size; + else + operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } @@ -5154,15 +5169,18 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, - psa_algorithm_t hash_alg, + psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length ) { + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); psa_status_t status; switch( step ) { case PSA_KEY_DERIVATION_INPUT_SALT: + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); if( hkdf->state != HKDF_STATE_INIT ) return( PSA_ERROR_BAD_STATE ); else @@ -5177,32 +5195,48 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, } case PSA_KEY_DERIVATION_INPUT_SECRET: /* If no salt was provided, use an empty salt. */ - if( hkdf->state == HKDF_STATE_INIT ) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { - status = psa_key_derivation_start_hmac( &hkdf->hmac, - hash_alg, - NULL, 0 ); + if( hkdf->state != HKDF_STATE_INIT ) + return( PSA_ERROR_BAD_STATE ); + + if( data_length > sizeof( hkdf->prk ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); + + memcpy( hkdf->prk, data, data_length ); + } + else + { + if( hkdf->state == HKDF_STATE_INIT ) + { + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + NULL, 0 ); + if( status != PSA_SUCCESS ) + return( status ); + hkdf->state = HKDF_STATE_STARTED; + } + if( hkdf->state != HKDF_STATE_STARTED ) + return( PSA_ERROR_BAD_STATE ); + status = psa_mac_update( &hkdf->hmac, + data, data_length ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_mac_sign_finish( &hkdf->hmac, + hkdf->prk, + sizeof( hkdf->prk ), + &data_length ); if( status != PSA_SUCCESS ) return( status ); - hkdf->state = HKDF_STATE_STARTED; } - if( hkdf->state != HKDF_STATE_STARTED ) - return( PSA_ERROR_BAD_STATE ); - status = psa_mac_update( &hkdf->hmac, - data, data_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_mac_sign_finish( &hkdf->hmac, - hkdf->prk, - sizeof( hkdf->prk ), - &data_length ); - if( status != PSA_SUCCESS ) - return( status ); + hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); hkdf->block_number = 0; hkdf->state = HKDF_STATE_KEYED; return( PSA_SUCCESS ); case PSA_KEY_DERIVATION_INPUT_INFO: + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); if( hkdf->state == HKDF_STATE_OUTPUT ) return( PSA_ERROR_BAD_STATE ); if( hkdf->info_set ) @@ -5488,10 +5522,10 @@ static psa_status_t psa_key_derivation_input_internal( goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) ) + if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || + PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { - status = psa_hkdf_input( &operation->ctx.hkdf, - PSA_ALG_HKDF_GET_HASH( kdf_alg ), + status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg, step, data, data_length ); } else From ead1bb9987b203fecc6eeb2595070520af18163f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 May 2022 12:22:57 +0200 Subject: [PATCH 03/30] derive_output test: Adapt for HKDF-Extract/Expand algs Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.function | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 6cd6bee9e..7b9bbfe54 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7087,9 +7087,12 @@ void derive_output( int alg_arg, goto exit; break; default: - PSA_ASSERT( psa_key_derivation_input_bytes( + TEST_EQUAL( psa_key_derivation_input_bytes( &operation, steps[i], - inputs[i]->x, inputs[i]->len ) ); + inputs[i]->x, inputs[i]->len ), statuses[i] ); + + if( statuses[i] != PSA_SUCCESS ) + goto exit; break; } } @@ -7102,6 +7105,10 @@ void derive_output( int alg_arg, if( derive_type == 1 ) // output key { psa_status_t expected_status = PSA_ERROR_NOT_PERMITTED; + size_t bits = 48; // default for Mix-PSK-to-MS + + if( PSA_ALG_IS_HKDF_EXTRACT( alg ) || PSA_ALG_IS_HKDF_EXPAND( alg )) + bits = PSA_HASH_LENGTH( alg ); /* For output key derivation secret must be provided using input key, otherwise operation is not permitted. */ @@ -7111,7 +7118,7 @@ void derive_output( int alg_arg, psa_set_key_usage_flags( &attributes4, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes4, alg ); psa_set_key_type( &attributes4, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes4, 48 ); + psa_set_key_bits( &attributes4, bits ); TEST_EQUAL( psa_key_derivation_output_key( &attributes4, &operation, &derived_key ), expected_status ); From e1036fbe900a58068984d1bbff7da9b7b2b5a24e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 May 2022 12:34:53 +0200 Subject: [PATCH 04/30] derive_output tests: add positive HKDF-Extract/Expand tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 214 ++++++++++++++++++++++++ 1 file changed, 214 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 14343aacc..615ee7944 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5117,6 +5117,220 @@ PSA key derivation: HKDF SHA-1, RFC5869 #7, output 42+0 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 +# HKDF-Extract tests: out - output, k - secret provided as key, b - secret provided as bytes +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, k, no salt +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, k derive key +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:1 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:0:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, b no salt +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 + +# HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 k +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 k info before secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 b +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:0:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 b info before secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 + # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF From 2849e0e4d5fe165cee59f443237169a1943607ae Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 May 2022 12:38:01 +0200 Subject: [PATCH 05/30] derive_output tests: add negative HKDF-Extract/Expand tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 70 +++++++++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 615ee7944..100775499 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5226,6 +5226,47 @@ PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, b no salt depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 +# HKDF-Extract tests: Invalid test cases +PSA key derivation: HKDF-Extract salt after secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract info before secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract info after secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input other secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input label +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input password +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input seed +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract input cost +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, b derive key +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:1 + +PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+1 (over capacity) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"00":0:1:0 + # HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 @@ -5331,6 +5372,35 @@ PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 b info before secret depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 +# HKDF-Expand tests: Invalid test cases +PSA key derivation: HKDF-Expand input other secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input salt +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input label +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input password +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input seed +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand input cost +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+1 (over capacity) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"00":0:1:0 + # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF From 6786a87ccdcfb8cb479a2392c2ca606ab09fdb1c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 May 2022 12:40:21 +0200 Subject: [PATCH 06/30] derive_output tests: add capacity HKDF-Extract/Expand tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 100775499..97e2cc614 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5736,6 +5736,14 @@ PSA key derivation: HKDF SHA-1, request maximum capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 +PSA key derivation: HKDF-Expand SHA-256, request maximum capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 + +PSA key derivation: HKDF-Expand SHA-1, request maximum capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0 + PSA key derivation: HKDF SHA-256, request too much capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT @@ -5744,6 +5752,22 @@ PSA key derivation: HKDF SHA-1, request too much capacity depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT +PSA key derivation: HKDF-Extract SHA-256, request too much capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: HKDF-Extract SHA-1, request too much capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: HKDF-Expand SHA-256, request too much capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT + +PSA key derivation: HKDF-Expand SHA-1, request too much capacity +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT + PSA key derivation: over capacity 42: output 42+1 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0 From 398c503f6ff6b46f56d323d4e603285447d9d813 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 May 2022 14:05:40 +0200 Subject: [PATCH 07/30] generate_psa_tests.py: adapt OpFail test generator for HKDF-Exract/Expand algs Signed-off-by: Przemek Stekiel --- tests/scripts/generate_psa_tests.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 492810bf0..d34663188 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -78,6 +78,11 @@ def automatic_dependencies(*expressions: str) -> List[str]: """ used = set() for expr in expressions: + # HKDF_EXTRACT and HKDF_EXPAND algs depend on HKDF + if "HKDF_EXTRACT" in expr: + expr = expr.replace("HKDF_EXTRACT", "HKDF") + if "HKDF_EXPAND" in expr: + expr = expr.replace("HKDF_EXPAND", "HKDF") used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr)) used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY) return sorted(psa_want_symbol(name) for name in used) From ebf6281ce66351417e2d0772534197d8dd6e6f57 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 May 2022 14:16:05 +0200 Subject: [PATCH 08/30] crypto_values.h: fix description Signed-off-by: Przemek Stekiel --- include/psa/crypto_values.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2b315c118..46680253d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1778,7 +1778,6 @@ * "extract" step. * You must pass #PSA_KEY_DERIVATION_INPUT_SALT * before #PSA_KEY_DERIVATION_INPUT_SECRET. - * starting to generate output. * * \warning HKDF-Extract is not meant to be used on its own. PSA_ALG_HKDF * should be used instead if possible. PSA_ALG_HKDF_EXTRACT is provided @@ -1839,7 +1838,7 @@ */ #define PSA_ALG_HKDF_EXPAND(hash_alg) \ (PSA_ALG_HKDF_EXPAND_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) -/** Whether the specified algorithm is an HKDF-Extract algorithm. +/** Whether the specified algorithm is an HKDF-Expand algorithm. * * HKDF-Expand is a family of key derivation algorithms that are based * on a hash function and the HMAC construction. From b398d8693f2bdb1caedfec53d7e51079a03e7a53 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 18 May 2022 15:43:54 +0200 Subject: [PATCH 09/30] Update descryption of HKDF-Extract/Expand algs and fix comment Signed-off-by: Przemek Stekiel --- include/psa/crypto_values.h | 17 +++++++++-------- library/psa_crypto.c | 2 +- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 46680253d..242ba90d2 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1769,15 +1769,11 @@ * HKDF-Extract using HMAC-SHA-256. * * This key derivation algorithm uses the following inputs: - * - PSA_KEY_DERIVATION_INPUT_SALT is the salt. Note that if the salt is - * shorter than the hash function's block size, it is padded to the block - * size with null bytes (and in particular an empty salt is equivalent to - * a string of zeros of the length of the hash, or of the block size which - * is larger than the hash). + * - PSA_KEY_DERIVATION_INPUT_SALT is the salt. * - PSA_KEY_DERIVATION_INPUT_SECRET is the input keying material used in the * "extract" step. - * You must pass #PSA_KEY_DERIVATION_INPUT_SALT - * before #PSA_KEY_DERIVATION_INPUT_SECRET. + * The inputs are mandatory and must be passed in the order above. + * Each input may only be passed once. * * \warning HKDF-Extract is not meant to be used on its own. PSA_ALG_HKDF * should be used instead if possible. PSA_ALG_HKDF_EXTRACT is provided @@ -1786,6 +1782,12 @@ * in applications that use HKDF with the same salt and key but many * different info strings. * + * \warning HKDF processes the salt as follows: first hash it with hash_alg + * if the salt is longer than the block size of the hash algorithm; then + * pad with null bytes up to the block size. As a result, it is possible + * for distinct salt inputs to result in the same outputs. To ensure + * unique outputs, it is recommended to use a fixed length for salt values. + * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). * @@ -1793,7 +1795,6 @@ * \return Unspecified if \p hash_alg is not a supported * hash algorithm. */ - #define PSA_ALG_HKDF_EXTRACT(hash_alg) \ (PSA_ALG_HKDF_EXTRACT_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) /** Whether the specified algorithm is an HKDF-Extract algorithm. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0783697ad..4462a328f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5194,7 +5194,6 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_SUCCESS ); } case PSA_KEY_DERIVATION_INPUT_SECRET: - /* If no salt was provided, use an empty salt. */ if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { if( hkdf->state != HKDF_STATE_INIT ) @@ -5207,6 +5206,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, } else { + /* If no salt was provided, use an empty salt. */ if( hkdf->state == HKDF_STATE_INIT ) { status = psa_key_derivation_start_hmac( &hkdf->hmac, From fcdd023ba62f90ef6c2f34feba93807a89d3ea82 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 19 May 2022 10:28:58 +0200 Subject: [PATCH 10/30] derive_output tests: add invalid input secret test for HKDF-Expand Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 4 ++++ tests/suites/test_suite_psa_crypto.function | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 97e2cc614..8d3550d56 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5401,6 +5401,10 @@ PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+1 (over capacity) depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"00":0:1:0 +PSA key derivation: HKDF-Expand Invalid secret length +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e500":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:0:0 + # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7b9bbfe54..f4d80eea6 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7005,9 +7005,13 @@ void derive_output( int alg_arg, switch( key_input_type ) { case 0: // input bytes - PSA_ASSERT( psa_key_derivation_input_bytes( + TEST_EQUAL( psa_key_derivation_input_bytes( &operation, steps[i], - inputs[i]->x, inputs[i]->len ) ); + inputs[i]->x, inputs[i]->len ), + statuses[i] ); + + if( statuses[i] != PSA_SUCCESS ) + goto exit; break; case 1: // input key psa_set_key_usage_flags( &attributes1, PSA_KEY_USAGE_DERIVE ); From 2fb0dcd403c2f7871acf9fc4447565d2769e1f45 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 19 May 2022 10:34:37 +0200 Subject: [PATCH 11/30] psa_hkdf_input: use more suitable condition and add comments Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4462a328f..691c27406 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5196,10 +5196,15 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, case PSA_KEY_DERIVATION_INPUT_SECRET: if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { + /* We shouldn't be in different state as HKDF_EXPAND only allows + * two inputs: SECRET (this case) and INFO which does not modify + * the state. It could happen only if the hkdf + * object was corrupted. */ if( hkdf->state != HKDF_STATE_INIT ) return( PSA_ERROR_BAD_STATE ); - if( data_length > sizeof( hkdf->prk ) ) + /* Allow only input that fits expected prk size */ + if( data_length != PSA_HASH_LENGTH( hash_alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); memcpy( hkdf->prk, data, data_length ); From 03d948c47f1abb43794272711af3812dc1a144dd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 19 May 2022 11:45:20 +0200 Subject: [PATCH 12/30] Refacor code for HKDF-Extract algorithm Solution provided by @mpg. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 82 +++++++++++++++++++++++--------------------- 1 file changed, 43 insertions(+), 39 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 691c27406..9a73bc945 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4377,8 +4377,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op } #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) -/* Read some bytes from an HKDF-based operation. This performs a chunk - * of the expand phase of the HKDF algorithm. */ +/* Read some bytes from an HKDF-based operation. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, uint8_t *output, @@ -4388,6 +4387,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); size_t hmac_output_length; psa_status_t status; + const uint8_t last_block = PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ? 0 : 0xff; if( hkdf->state < HKDF_STATE_KEYED || ( ! hkdf->info_set && ! PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) ) @@ -4406,57 +4406,49 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd hkdf->offset_in_block += n; if( output_length == 0 ) break; - /* We can't be wanting more output after block 0xff, otherwise + /* We can't be wanting more output after the last block, otherwise * the capacity check in psa_key_derivation_output_bytes() would have * prevented this call. It could happen only if the operation * object was corrupted or if this function is called directly * inside the library. */ - if( hkdf->block_number == 0xff ) + if( hkdf->block_number == last_block ) return( PSA_ERROR_BAD_STATE ); - if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) && hkdf->block_number == 0 ) - { - memcpy( hkdf->output_block, hkdf->prk, hash_length ); - } - /* We need a new block */ ++hkdf->block_number; hkdf->offset_in_block = 0; - if( ! PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) - { - status = psa_key_derivation_start_hmac( &hkdf->hmac, - hash_alg, - hkdf->prk, - hash_length ); - if( status != PSA_SUCCESS ) - return( status ); + status = psa_key_derivation_start_hmac( &hkdf->hmac, + hash_alg, + hkdf->prk, + hash_length ); + if( status != PSA_SUCCESS ) + return( status ); - if( hkdf->block_number != 1 ) - { - status = psa_mac_update( &hkdf->hmac, - hkdf->output_block, - hash_length ); - if( status != PSA_SUCCESS ) - return( status ); - } + if( hkdf->block_number != 1 ) + { status = psa_mac_update( &hkdf->hmac, - hkdf->info, - hkdf->info_length ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_mac_update( &hkdf->hmac, - &hkdf->block_number, 1 ); - if( status != PSA_SUCCESS ) - return( status ); - status = psa_mac_sign_finish( &hkdf->hmac, - hkdf->output_block, - sizeof( hkdf->output_block ), - &hmac_output_length ); + hkdf->output_block, + hash_length ); if( status != PSA_SUCCESS ) return( status ); } + status = psa_mac_update( &hkdf->hmac, + hkdf->info, + hkdf->info_length ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_mac_update( &hkdf->hmac, + &hkdf->block_number, 1 ); + if( status != PSA_SUCCESS ) + return( status ); + status = psa_mac_sign_finish( &hkdf->hmac, + hkdf->output_block, + sizeof( hkdf->output_block ), + &hmac_output_length ); + if( status != PSA_SUCCESS ) + return( status ); } return( PSA_SUCCESS ); @@ -5235,9 +5227,21 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( status ); } - hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); - hkdf->block_number = 0; hkdf->state = HKDF_STATE_KEYED; + hkdf->block_number = 0; + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + { + /* The only block of output is the PRK. */ + memcpy( hkdf->output_block, hkdf->prk, PSA_HASH_LENGTH( hash_alg ) ); + hkdf->offset_in_block = 0; + } + else + { + /* Block 0 is empty, and the next block will be + * generated by psa_key_derivation_hkdf_read(). */ + hkdf->offset_in_block = PSA_HASH_LENGTH( hash_alg ); + } + return( PSA_SUCCESS ); case PSA_KEY_DERIVATION_INPUT_INFO: if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) From 459ee3506260bc1f6ff66898d04038edf23ca1dd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 2 Jun 2022 11:16:52 +0200 Subject: [PATCH 13/30] Fix typo and style Signed-off-by: Przemek Stekiel --- include/psa/crypto_values.h | 2 +- library/psa_crypto.c | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 242ba90d2..06e978e49 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1818,7 +1818,7 @@ * HKDF-Expand using HMAC-SHA-256. * * This key derivation algorithm uses the following inputs: - * - PSA_KEY_DERIVATION_INPUT_SECRET is the pseudoramdom key (PRK). + * - PSA_KEY_DERIVATION_INPUT_SECRET is the pseudorandom key (PRK). * - PSA_KEY_DERIVATION_INPUT_INFO is the info string. * * The inputs are mandatory and must be passed in the order above. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9a73bc945..fb04fe95f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4414,7 +4414,6 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd if( hkdf->block_number == last_block ) return( PSA_ERROR_BAD_STATE ); - /* We need a new block */ ++hkdf->block_number; hkdf->offset_in_block = 0; @@ -4429,24 +4428,24 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd if( hkdf->block_number != 1 ) { status = psa_mac_update( &hkdf->hmac, - hkdf->output_block, - hash_length ); + hkdf->output_block, + hash_length ); if( status != PSA_SUCCESS ) return( status ); } status = psa_mac_update( &hkdf->hmac, - hkdf->info, - hkdf->info_length ); + hkdf->info, + hkdf->info_length ); if( status != PSA_SUCCESS ) return( status ); status = psa_mac_update( &hkdf->hmac, - &hkdf->block_number, 1 ); + &hkdf->block_number, 1 ); if( status != PSA_SUCCESS ) return( status ); status = psa_mac_sign_finish( &hkdf->hmac, - hkdf->output_block, - sizeof( hkdf->output_block ), - &hmac_output_length ); + hkdf->output_block, + sizeof( hkdf->output_block ), + &hmac_output_length ); if( status != PSA_SUCCESS ) return( status ); } From a29b48829683f6d1de5c069b2e34456a6ae52e41 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 2 Jun 2022 11:37:03 +0200 Subject: [PATCH 14/30] Optimize code by adding PSA_ALG_IS_ANY_HKDF macro Signed-off-by: Przemek Stekiel --- include/psa/crypto_values.h | 15 +++++++++++++++ library/psa_crypto.c | 12 ++++-------- 2 files changed, 19 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 06e978e49..764feb8d5 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1853,6 +1853,21 @@ #define PSA_ALG_IS_HKDF_EXPAND(alg) \ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE) +/** Whether the specified algorithm is an HKDF or HKDF-Extract or + * HKDF-Expand algorithm. + * + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \c alg is any HKDF type algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_ANY_HKDF(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_BASE || \ + ((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXTRACT_BASE || \ + ((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_HKDF_EXPAND_BASE) + #define PSA_ALG_TLS12_PRF_BASE ((psa_algorithm_t)0x08000200) /** Macro to build a TLS-1.2 PRF algorithm. * diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fb04fe95f..2194f5080 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4295,8 +4295,7 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation } else #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || - PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_mac_abort( &operation->ctx.hkdf.hmac ); @@ -4653,8 +4652,7 @@ psa_status_t psa_key_derivation_output_bytes( operation->capacity -= output_length; #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) || - PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg, output, output_length ); @@ -5046,8 +5044,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || - PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) return( 1 ); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) @@ -5530,8 +5527,7 @@ static psa_status_t psa_key_derivation_input_internal( goto exit; #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) || - PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg, step, data, data_length ); From f0f0bd068b25ca754078c3655229279fd8c58cc4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 08:43:32 +0200 Subject: [PATCH 15/30] test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms Signed-off-by: Przemek Stekiel --- .../test_suite_psa_crypto_metadata.data | 16 +++++++++++++++ .../test_suite_psa_crypto_metadata.function | 20 +++++++++++-------- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 83763c55d..2c4930614 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -270,6 +270,22 @@ Key derivation: HKDF using SHA-384 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 key_derivation_algorithm:PSA_ALG_HKDF( PSA_ALG_SHA_384 ):ALG_IS_HKDF +Key derivation: HKDF-Extract using SHA-256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXTRACT + +Key derivation: HKDF-Extract using SHA-384 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXTRACT + +Key derivation: HKDF-Expand using SHA-256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXPAND + +Key derivation: HKDF-Expand using SHA-384 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXPAND + Key derivation: TLS 1.2 PRF using SHA-256 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 092780c4d..643a92f5e 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -37,14 +37,16 @@ #define ALG_IS_HASH_AND_SIGN ( 1u << 18 ) #define ALG_IS_RSA_OAEP ( 1u << 19 ) #define ALG_IS_HKDF ( 1u << 20 ) -#define ALG_IS_FFDH ( 1u << 21 ) -#define ALG_IS_ECDH ( 1u << 22 ) -#define ALG_IS_WILDCARD ( 1u << 23 ) -#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 24 ) -#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 25 ) -#define ALG_IS_TLS12_PRF ( 1u << 26 ) -#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 27 ) -#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 28 ) /* must be last! */ +#define ALG_IS_HKDF_EXTRACT ( 1u << 21 ) +#define ALG_IS_HKDF_EXPAND ( 1u << 22 ) +#define ALG_IS_FFDH ( 1u << 23 ) +#define ALG_IS_ECDH ( 1u << 24 ) +#define ALG_IS_WILDCARD ( 1u << 25 ) +#define ALG_IS_RAW_KEY_AGREEMENT ( 1u << 26 ) +#define ALG_IS_AEAD_ON_BLOCK_CIPHER ( 1u << 27 ) +#define ALG_IS_TLS12_PRF ( 1u << 28 ) +#define ALG_IS_TLS12_PSK_TO_MS ( 1u << 29 ) +#define ALG_FLAG_MASK_PLUS_ONE ( 1u << 30 ) /* must be last! */ /* Flags for key type classification macros. There is a flag for every * key type classification macro PSA_KEY_TYPE_IS_xxx except for some that @@ -140,6 +142,8 @@ void algorithm_classification( psa_algorithm_t alg, unsigned flags ) TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HASH_AND_SIGN, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_RSA_OAEP, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXTRACT, alg, flags ); + TEST_CLASSIFICATION_MACRO( 1, ALG_IS_HKDF_EXPAND, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_WILDCARD, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_ECDH, alg, flags ); TEST_CLASSIFICATION_MACRO( 1, ALG_IS_FFDH, alg, flags ); From 73f97d484101aee030891cd4ecc44732bd1cee88 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 09:05:08 +0200 Subject: [PATCH 16/30] PSA_ALG_HKDF: add salt processing warning Signed-off-by: Przemek Stekiel --- include/psa/crypto_values.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 764feb8d5..85878a74b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1737,6 +1737,12 @@ * You may pass #PSA_KEY_DERIVATION_INPUT_INFO at any time after steup and before * starting to generate output. * + * \warning HKDF processes the salt as follows: first hash it with hash_alg + * if the salt is longer than the block size of the hash algorithm; then + * pad with null bytes up to the block size. As a result, it is possible + * for distinct salt inputs to result in the same outputs. To ensure + * unique outputs, it is recommended to use a fixed length for salt values. + * * \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_HASH(\p hash_alg) is true). * From 452a415476886b5f0d7c2c51481212422db92a16 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 09:10:02 +0200 Subject: [PATCH 17/30] Changelog: HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API Signed-off-by: Przemek Stekiel --- ChangeLog.d/hkdf_extract_expand.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/hkdf_extract_expand.txt diff --git a/ChangeLog.d/hkdf_extract_expand.txt b/ChangeLog.d/hkdf_extract_expand.txt new file mode 100644 index 000000000..c394bbd2c --- /dev/null +++ b/ChangeLog.d/hkdf_extract_expand.txt @@ -0,0 +1,2 @@ +Features + * Add HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API. From 3e8249cde0be2800d911016a5bef292588f4183b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 14:05:07 +0200 Subject: [PATCH 18/30] Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 14 ++ include/psa/crypto_config.h | 2 + include/psa/crypto_struct.h | 12 +- library/psa_crypto.c | 68 ++++++-- tests/suites/test_suite_psa_crypto.data | 154 +++++++++--------- .../test_suite_psa_crypto_metadata.data | 4 +- 6 files changed, 160 insertions(+), 94 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 7718f8547..ac7b7e8c4 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -121,6 +121,20 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ #endif /* PSA_WANT_ALG_HKDF */ +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ +#endif /* PSA_WANT_ALG_HKDF_EXTRACT */ + +#if defined(PSA_WANT_ALG_HKDF_EXPAND) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ +#endif /* PSA_WANT_ALG_HKDF_EXPAND */ + #if defined(PSA_WANT_ALG_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 46cf1265f..a95c6fb47 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -68,6 +68,8 @@ #define PSA_WANT_ALG_ECDSA 1 #define PSA_WANT_ALG_GCM 1 #define PSA_WANT_ALG_HKDF 1 +#define PSA_WANT_ALG_HKDF_EXTRACT 1 +#define PSA_WANT_ALG_HKDF_EXPAND 1 #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index f333db158..0a1732b72 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -181,7 +181,9 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void ) return( v ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) typedef struct { uint8_t *MBEDTLS_PRIVATE(info); @@ -197,7 +199,9 @@ typedef struct uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE]; struct psa_mac_operation_s MBEDTLS_PRIVATE(hmac); } psa_hkdf_key_derivation_t; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -254,7 +258,9 @@ struct psa_key_derivation_s { /* Make the union non-empty even with no supported algorithms. */ uint8_t MBEDTLS_PRIVATE(dummy); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2194f5080..06b549b7c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4236,12 +4236,16 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) /****************************************************************/ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_start_hmac( @@ -4294,14 +4298,18 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * nothing to do. */ } else -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_mac_abort( &operation->ctx.hkdf.hmac ); } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -4375,7 +4383,9 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) /* Read some bytes from an HKDF-based operation. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, @@ -4386,10 +4396,18 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd uint8_t hash_length = PSA_HASH_LENGTH( hash_alg ); size_t hmac_output_length; psa_status_t status; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) const uint8_t last_block = PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ? 0 : 0xff; +#else + const uint8_t last_block = 0xff; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ if( hkdf->state < HKDF_STATE_KEYED || - ( ! hkdf->info_set && ! PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) ) + ( !hkdf->info_set +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + && !PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ + ) ) return( PSA_ERROR_BAD_STATE ); hkdf->state = HKDF_STATE_OUTPUT; @@ -4451,7 +4469,9 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -4651,14 +4671,18 @@ psa_status_t psa_key_derivation_output_bytes( } operation->capacity -= output_length; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg, output, output_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -5043,7 +5067,9 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut #if defined(AT_LEAST_ONE_BUILTIN_KDF) static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) return( 1 ); #endif @@ -5098,9 +5124,11 @@ static psa_status_t psa_key_derivation_setup_kdf( { return( PSA_ERROR_NOT_SUPPORTED ); } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) operation->capacity = hash_size; else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); } @@ -5155,7 +5183,9 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, @@ -5167,8 +5197,10 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, switch( step ) { case PSA_KEY_DERIVATION_INPUT_SALT: +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ if( hkdf->state != HKDF_STATE_INIT ) return( PSA_ERROR_BAD_STATE ); else @@ -5182,6 +5214,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_SUCCESS ); } case PSA_KEY_DERIVATION_INPUT_SECRET: +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { /* We shouldn't be in different state as HKDF_EXPAND only allows @@ -5198,6 +5231,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, memcpy( hkdf->prk, data, data_length ); } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ { /* If no salt was provided, use an empty salt. */ if( hkdf->state == HKDF_STATE_INIT ) @@ -5225,6 +5259,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, hkdf->state = HKDF_STATE_KEYED; hkdf->block_number = 0; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) { /* The only block of output is the PRK. */ @@ -5232,6 +5267,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, hkdf->offset_in_block = 0; } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ { /* Block 0 is empty, and the next block will be * generated by psa_key_derivation_hkdf_read(). */ @@ -5240,8 +5276,10 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_SUCCESS ); case PSA_KEY_DERIVATION_INPUT_INFO: +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ if( hkdf->state == HKDF_STATE_OUTPUT ) return( PSA_ERROR_BAD_STATE ); if( hkdf->info_set ) @@ -5260,7 +5298,9 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_INVALID_ARGUMENT ); } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -5526,14 +5566,18 @@ static psa_status_t psa_key_derivation_input_internal( if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg, step, data, data_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || + MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8d3550d56..d59fdb3a5 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5119,290 +5119,290 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_S # HKDF-Extract tests: out - output, k - secret provided as key, b - secret provided as bytes PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:1:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:1:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:1:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, k, no salt -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, k derive key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:1 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 22+10 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f":"9c3122ec844ad7c2b3e5":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 0+32 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+31 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 31+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":"":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, out 32+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #4, out 20+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"":0:0:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #5, out 20+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"8adae09a2a307059478d309b26c4115a224cfaf6":"":0:0:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #6, out 20+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"":0:0:0 PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, b no salt -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 # HKDF-Extract tests: Invalid test cases PSA key derivation: HKDF-Extract salt after secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract info before secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract info after secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract input other secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract input label -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract input password -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract input seed -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract input cost -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, b derive key -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:0:1 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+1 (over capacity) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"00":0:1:0 # HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:1:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:1:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:1:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 k -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 k info before secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 32+10 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf":"34007208d5b887185865":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 0+42 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+41 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 41+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":"":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 1+40 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3c":"b25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b8871858":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #2, out 82+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87":"":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #3, out 42+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8":"":0:0:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #4, out 42+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:0:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #5, out 82+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"8adae09a2a307059478d309b26c4115a224cfaf6":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":82:"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4":"":0:0:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #6, out 42+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918":"":0:0:0 PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 b -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:0:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 b info before secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 # HKDF-Expand tests: Invalid test cases PSA key derivation: HKDF-Expand input other secret -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 PSA key derivation: HKDF-Expand input salt -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 PSA key derivation: HKDF-Expand input label -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 PSA key derivation: HKDF-Expand input password -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:"abcd":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 PSA key derivation: HKDF-Expand input seed -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 PSA key derivation: HKDF-Expand input cost -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"0123456789":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+1 (over capacity) -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"00":0:1:0 PSA key derivation: HKDF-Expand Invalid secret length -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e500":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:0:0 # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html @@ -5741,11 +5741,11 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 PSA key derivation: HKDF-Expand SHA-256, request maximum capacity -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 PSA key derivation: HKDF-Expand SHA-1, request maximum capacity -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896":"":0:1:0 PSA key derivation: HKDF SHA-256, request too much capacity @@ -5757,19 +5757,19 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: HKDF-Extract SHA-256, request too much capacity -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: HKDF-Extract SHA-1, request too much capacity -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_set_capacity:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: HKDF-Expand SHA-256, request too much capacity -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: HKDF-Expand SHA-1, request too much capacity -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT PSA key derivation: over capacity 42: output 42+1 diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 2c4930614..bf5f04e4f 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -275,7 +275,7 @@ depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXTRACT Key derivation: HKDF-Extract using SHA-384 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_384 key_derivation_algorithm:PSA_ALG_HKDF_EXTRACT( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXTRACT Key derivation: HKDF-Expand using SHA-256 @@ -283,7 +283,7 @@ depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_256 ):ALG_IS_HKDF_EXPAND Key derivation: HKDF-Expand using SHA-384 -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_384 key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXPAND Key derivation: TLS 1.2 PRF using SHA-256 From 0e99391afe5f315dbbdf2ac94e3bcc98bc0ce259 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 15:01:14 +0200 Subject: [PATCH 19/30] derive_output test: fix output key bit length Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.function | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f4d80eea6..b47980f24 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7109,10 +7109,6 @@ void derive_output( int alg_arg, if( derive_type == 1 ) // output key { psa_status_t expected_status = PSA_ERROR_NOT_PERMITTED; - size_t bits = 48; // default for Mix-PSK-to-MS - - if( PSA_ALG_IS_HKDF_EXTRACT( alg ) || PSA_ALG_IS_HKDF_EXPAND( alg )) - bits = PSA_HASH_LENGTH( alg ); /* For output key derivation secret must be provided using input key, otherwise operation is not permitted. */ @@ -7122,7 +7118,7 @@ void derive_output( int alg_arg, psa_set_key_usage_flags( &attributes4, PSA_KEY_USAGE_EXPORT ); psa_set_key_algorithm( &attributes4, alg ); psa_set_key_type( &attributes4, PSA_KEY_TYPE_DERIVE ); - psa_set_key_bits( &attributes4, bits ); + psa_set_key_bits( &attributes4, PSA_BYTES_TO_BITS( requested_capacity ) ); TEST_EQUAL( psa_key_derivation_output_key( &attributes4, &operation, &derived_key ), expected_status ); From 0586f4c4ea2cd36179ca80ae21c65c7bb32e5d09 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 16:00:25 +0200 Subject: [PATCH 20/30] Make salt mandatory for HKDF-EXTRACT + adapt tests Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 7 ++++++- tests/suites/test_suite_psa_crypto.data | 19 +++++-------------- 2 files changed, 11 insertions(+), 15 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 06b549b7c..3ecaebb7f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5233,9 +5233,14 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, else #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ { - /* If no salt was provided, use an empty salt. */ + /* HKDF: If no salt was provided, use an empty salt. + * HKDF-EXTRACT: salt is mandatory. */ if( hkdf->state == HKDF_STATE_INIT ) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + return( PSA_ERROR_BAD_STATE ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ status = psa_key_derivation_start_hmac( &hkdf->hmac, hash_alg, NULL, 0 ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d59fdb3a5..ed4fd2658 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5166,10 +5166,6 @@ PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 k depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:1:0 -PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, k, no salt -depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0 - PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, k derive key depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:1 @@ -5222,22 +5218,13 @@ PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 b depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:0:0 -PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, b no salt -depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0 - -# HKDF-Extract tests: Invalid test cases -PSA key derivation: HKDF-Extract salt after secret -depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 - PSA key derivation: HKDF-Extract info before secret depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract info after secret depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:"":32:"":"":0:1:0 PSA key derivation: HKDF-Extract input other secret depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 @@ -5267,6 +5254,10 @@ PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+1 (over capacity) depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"00":0:1:0 +PSA key derivation: HKDF-Extract SHA-256, no salt +depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:0:0 + # HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 From cde3f783f5cb213ca30b40d599385bf5a13b4072 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 16:12:27 +0200 Subject: [PATCH 21/30] Make info valid only after secret for HKDF-EXPAND + adapt tests Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 5 +++++ tests/suites/test_suite_psa_crypto.data | 12 ++++-------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ecaebb7f..8c680778e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5284,6 +5284,11 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) return( PSA_ERROR_INVALID_ARGUMENT ); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) && + hkdf->state == HKDF_STATE_INIT ) + return( PSA_ERROR_BAD_STATE ); #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ if( hkdf->state == HKDF_STATE_OUTPUT ) return( PSA_ERROR_BAD_STATE ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ed4fd2658..6f319938d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5307,10 +5307,6 @@ PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 k depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:1:0 -PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 k info before secret -depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:1:0 - PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 b depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 @@ -5359,10 +5355,6 @@ PSA key derivation: HKDF-Expand SHA-1, RFC5869 #7, out 42+0 b depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SECRET:"2adccada18779e7c2077ad2eb19d3f3e731385dd":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":"":0:0:0 -PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1 b info before secret -depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 - # HKDF-Expand tests: Invalid test cases PSA key derivation: HKDF-Expand input other secret depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 @@ -5396,6 +5388,10 @@ PSA key derivation: HKDF-Expand Invalid secret length depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e500":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"":"":0:0:0 +PSA key derivation: HKDF-Expand, Info before secret +depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"":0:0:0 + # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF From 66867731aabb0b3cbf36dc3526f5d6deadf3e90a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 3 Jun 2022 16:14:55 +0200 Subject: [PATCH 22/30] derive_output tests: fix output key length to be consistent with teh description Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6f319938d..9b5362263 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5140,7 +5140,7 @@ derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SAL PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 k depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:1:0 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":0:1:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 k depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 @@ -5192,7 +5192,7 @@ derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SAL PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 1+30 b depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":0:0:0 +derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"07":"7709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3":0:0:0 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #2, out 32+0 b depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256 From 221391b3d26cbbf2db2c9589d2e67d1170404b7e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Jun 2022 07:56:41 +0200 Subject: [PATCH 23/30] generate_psa_tests.py: REVERT adapt OpFail test generator for HKDF-Exract/Expand algs Signed-off-by: Przemek Stekiel --- tests/scripts/generate_psa_tests.py | 5 ----- 1 file changed, 5 deletions(-) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index d34663188..492810bf0 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -78,11 +78,6 @@ def automatic_dependencies(*expressions: str) -> List[str]: """ used = set() for expr in expressions: - # HKDF_EXTRACT and HKDF_EXPAND algs depend on HKDF - if "HKDF_EXTRACT" in expr: - expr = expr.replace("HKDF_EXTRACT", "HKDF") - if "HKDF_EXPAND" in expr: - expr = expr.replace("HKDF_EXPAND", "HKDF") used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr)) used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY) return sorted(psa_want_symbol(name) for name in used) From b57a44bf9b6e99c4ecc5a6b8e9fa06a31189531e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 6 Jun 2022 08:33:45 +0200 Subject: [PATCH 24/30] is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8c680778e..f1c6fa423 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5067,10 +5067,16 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut #if defined(AT_LEAST_ONE_BUILTIN_KDF) static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) - if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) + if( PSA_ALG_IS_HKDF( kdf_alg ) ) + return( 1 ); +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + return( 1 ); +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) return( 1 ); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) From d9e1287e64bf3a57f720ff277e5a2ede732e06c5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 7 Jun 2022 14:19:39 +0200 Subject: [PATCH 25/30] crypto_config_test_driver_extension.h add HKDF_EXTRACT/EXPAND algs Signed-off-by: Przemek Stekiel --- .../include/test/drivers/crypto_config_test_driver_extension.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 927009ad9..8052a85fb 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -190,6 +190,8 @@ #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1 +#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1 #define MBEDTLS_PSA_ACCEL_ALG_HMAC 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 From b088a900f421317eff6b1a3e6e2cc04568e702a9 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 7 Jun 2022 15:34:18 +0200 Subject: [PATCH 26/30] test_suite_psa_crypto_storage_format: disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto_storage_format.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index c52dae188..14d7d80f1 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -151,6 +151,11 @@ static int can_exercise( const psa_key_attributes_t *attributes ) PSA_ALG_NONE; psa_key_usage_t usage = psa_get_key_usage_flags( attributes ); + /* Disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases. */ + if( PSA_ALG_IS_KEY_AGREEMENT( alg ) && + ( PSA_ALG_HKDF_EXTRACT( alg ) || PSA_ALG_HKDF_EXPAND( alg ) ) ) + return 0; + #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) /* We test some configurations using drivers where the driver doesn't * support certain hash algorithms, but declares that it supports From 75fe3fb1d7a33cd813fafbe9daa26cb63083588e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 9 Jun 2022 14:44:55 +0200 Subject: [PATCH 27/30] psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 54 +++++++++++++++----------------------------- 1 file changed, 18 insertions(+), 36 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f1c6fa423..bd5ef5e27 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -88,6 +88,12 @@ #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#define MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF 1 +#endif + /****************************************************************/ /* Global data, support functions and library management */ /****************************************************************/ @@ -4235,17 +4241,13 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) /* Generators */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_start_hmac( @@ -4298,18 +4300,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * nothing to do. */ } else -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_mac_abort( &operation->ctx.hkdf.hmac ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -4383,9 +4381,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) /* Read some bytes from an HKDF-based operation. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, @@ -4469,9 +4465,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -4671,18 +4665,14 @@ psa_status_t psa_key_derivation_output_bytes( } operation->capacity -= output_length; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg, output, output_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -5189,9 +5179,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, @@ -5314,9 +5302,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_INVALID_ARGUMENT ); } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -5582,18 +5568,14 @@ static psa_status_t psa_key_derivation_input_internal( if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg, step, data, data_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT || - MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { From 69c4679b227128429dc84d0af1782cdacde0e26f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 10 Jun 2022 12:59:51 +0200 Subject: [PATCH 28/30] Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bd5ef5e27..b6efedbe5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -91,7 +91,7 @@ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) -#define MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF 1 +#define BUILTIN_ALG_ANY_HKDF 1 #endif /****************************************************************/ @@ -4241,13 +4241,13 @@ psa_status_t psa_aead_abort( psa_aead_operation_t *operation ) /* Generators */ /****************************************************************/ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) || \ +#if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) || \ +#if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) static psa_status_t psa_key_derivation_start_hmac( @@ -4300,14 +4300,14 @@ psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation * nothing to do. */ } else -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) +#if defined(BUILTIN_ALG_ANY_HKDF) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { mbedtls_free( operation->ctx.hkdf.info ); status = psa_mac_abort( &operation->ctx.hkdf.hmac ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -4381,7 +4381,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *op return( PSA_SUCCESS ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) +#if defined(BUILTIN_ALG_ANY_HKDF) /* Read some bytes from an HKDF-based operation. */ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, @@ -4465,7 +4465,7 @@ static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkd return( PSA_SUCCESS ); } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -4665,14 +4665,14 @@ psa_status_t psa_key_derivation_output_bytes( } operation->capacity -= output_length; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) +#if defined(BUILTIN_ALG_ANY_HKDF) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, kdf_alg, output, output_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || @@ -5179,7 +5179,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation return( status ); } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) +#if defined(BUILTIN_ALG_ANY_HKDF) static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, @@ -5302,7 +5302,7 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, return( PSA_ERROR_INVALID_ARGUMENT ); } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) @@ -5568,14 +5568,14 @@ static psa_status_t psa_key_derivation_input_internal( if( status != PSA_SUCCESS ) goto exit; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF) +#if defined(BUILTIN_ALG_ANY_HKDF) if( PSA_ALG_IS_ANY_HKDF( kdf_alg ) ) { status = psa_hkdf_input( &operation->ctx.hkdf, kdf_alg, step, data, data_length ); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF */ +#endif /* BUILTIN_ALG_ANY_HKDF */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ) { From d898745f706f5bb9e8f9cc6cd0cc9e65caf5864b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Jun 2022 11:41:52 +0200 Subject: [PATCH 29/30] exercise_key_agreement_key: provide SALT for HKDF_EXTRACT Signed-off-by: Przemek Stekiel --- tests/src/psa_exercise_key.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 9576afd0c..20d3102e6 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -641,6 +641,13 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, input, sizeof( input ) ) ); } + if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) ) + { + PSA_ASSERT( psa_key_derivation_input_bytes( + &operation, PSA_KEY_DERIVATION_INPUT_SALT, + input, sizeof( input ) ) ); + } + PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || From 6c9fd61565af03bef5c347fa013c22cf1bf95174 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Jun 2022 14:41:42 +0200 Subject: [PATCH 30/30] exercise_key_agreement_key: add special handling for HKDF_EXPAND Signed-off-by: Przemek Stekiel --- tests/src/psa_exercise_key.c | 23 +++++++++++++++++-- ...t_suite_psa_crypto_storage_format.function | 5 ---- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 20d3102e6..84e52315a 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -627,6 +627,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, unsigned char output[1]; int ok = 0; psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); + psa_status_t expected_key_agreement_status = PSA_SUCCESS; if( usage & PSA_KEY_USAGE_DERIVE ) { @@ -648,7 +649,25 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, input, sizeof( input ) ) ); } - PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); + /* For HKDF_EXPAND input secret may fail as secret size may not match + to expected PRK size. In practice it means that key bits must match + hash length. Otherwise test should fail with INVALID_ARGUMENT. */ + if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) + { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); + size_t key_bits = psa_get_key_bits( &attributes ); + psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); + + if( PSA_BITS_TO_BYTES( key_bits ) != PSA_HASH_LENGTH( hash_alg ) ) + expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT; + } + + TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( &operation, key ), + expected_key_agreement_status ); + + if( expected_key_agreement_status != PSA_SUCCESS ) + return( 1 ); if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) @@ -657,7 +676,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key, &operation, PSA_KEY_DERIVATION_INPUT_LABEL, input, sizeof( input ) ) ); } - else if( PSA_ALG_IS_HKDF( kdf_alg ) ) + else if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) ) { PSA_ASSERT( psa_key_derivation_input_bytes( &operation, PSA_KEY_DERIVATION_INPUT_INFO, diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function index 14d7d80f1..c52dae188 100644 --- a/tests/suites/test_suite_psa_crypto_storage_format.function +++ b/tests/suites/test_suite_psa_crypto_storage_format.function @@ -151,11 +151,6 @@ static int can_exercise( const psa_key_attributes_t *attributes ) PSA_ALG_NONE; psa_key_usage_t usage = psa_get_key_usage_flags( attributes ); - /* Disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases. */ - if( PSA_ALG_IS_KEY_AGREEMENT( alg ) && - ( PSA_ALG_HKDF_EXTRACT( alg ) || PSA_ALG_HKDF_EXPAND( alg ) ) ) - return 0; - #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) /* We test some configurations using drivers where the driver doesn't * support certain hash algorithms, but declares that it supports