From aca31654e6e96c76b073e0ffedb6ae53c9e4f4c7 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:35:50 +0530 Subject: [PATCH 01/31] Enable PSA_WANT_ALG_PBKDF2_HMAC in crypto_config.h Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_config.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index e68fac8b4..7e44427bd 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -74,9 +74,7 @@ #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ -//#define PSA_WANT_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_HMAC 1 #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 @@ -92,8 +90,7 @@ #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -/* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. - * Note: when adding support, also adjust include/mbedtls/config_psa.h */ +/* Note: when adding support, also adjust include/mbedtls/config_psa.h */ //#define PSA_WANT_ALG_XTS 1 #define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 From 83baf8968dfaf312a4deb507f71e647243efc97f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:42:29 +0530 Subject: [PATCH 02/31] Add builtin PBKDF2_HMAC definition in config_psa.h Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 20d4358f9..bbad0c4af 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -261,6 +261,13 @@ extern "C" { #define MBEDTLS_SHA512_C #endif +#if defined(PSA_WANT_ALG_PBKDF2_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ + #if defined(PSA_WANT_ALG_TLS12_PRF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 @@ -675,6 +682,13 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC +#if defined(MBEDTLS_PKCS5_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define PSA_WANT_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_HMAC 1 +#endif /* MBEDTLS_PKCS5_C */ + #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1 From 876e2c242482fbc7b683950fcd52922b0b704db9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:51:25 +0530 Subject: [PATCH 03/31] Add psa_pbkdf2_key_derivation_state_t Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 1913a9b54..18e3fde93 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,5 +105,14 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +typedef enum { + PSA_PBKDF2_STATE_INIT, /* no input provided */ + PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ + PSA_PBKDF2_STATE_SALT_SET, /* salt has been set */ + PSA_PBKDF2_STATE_PASSWORD_SET, /* password has been set */ + PSA_PBKDF2_STATE_OUTPUT /* output has been started */ +} psa_pbkdf2_key_derivation_state_t; +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ From 30ced52497919678600c1f5677ca40832d8747c4 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:56:02 +0530 Subject: [PATCH 04/31] Add pbkdf2 struct to crypto_builtin_key_derivation.h Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 18e3fde93..d2cf4df97 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -114,5 +114,14 @@ typedef enum { PSA_PBKDF2_STATE_OUTPUT /* output has been started */ } psa_pbkdf2_key_derivation_state_t; +typedef struct { + psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); + uint64_t MBEDTLS_PRIVATE(input_cost); + uint8_t *MBEDTLS_PRIVATE(salt); + size_t MBEDTLS_PRIVATE(salt_length); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_length); +} psa_pbkdf2_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ + #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ From dcfa5482933128aec459cd57a276ce02fa3b1c55 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:57:09 +0530 Subject: [PATCH 05/31] Add pbkdf2 to key_derivation context struct Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_driver_contexts_key_derivation.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 39754cc01..5b4e4745d 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,6 +55,9 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); +#endif } psa_driver_key_derivation_context_t; #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_KEY_DERIVATION_H */ From af0b534256a1ee195d48ecd1761ca9b1a29c21d2 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 11:58:46 +0530 Subject: [PATCH 06/31] Add pbkdf2 to ATLEAST_ONE_BUILTIN_KDF definition Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f7e91d606..6c7f2b0ec 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4989,7 +4989,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) #if defined(BUILTIN_ALG_ANY_HKDF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ From d132cacb38a4dc6e05d110887ecbd69c10cd2634 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:00:27 +0530 Subject: [PATCH 07/31] Add pbkdf2_hmac to is_kdf_alg_supported() Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6c7f2b0ec..46b957874 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5890,6 +5890,11 @@ static int is_kdf_alg_supported(psa_algorithm_t kdf_alg) if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { return 1; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + return 1; + } #endif return 0; } From 944bba1e30aec6204cbaa21415d04db51e5e82fb Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:14:03 +0530 Subject: [PATCH 08/31] Add input cost function for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 46b957874..0ed005f32 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6384,6 +6384,35 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +static psa_status_t psa_pbkdf2_set_input_cost( + psa_pbkdf2_key_derivation_t *pbkdf2, + psa_key_derivation_step_t step, + uint64_t data) +{ + if (step != PSA_KEY_DERIVATION_INPUT_COST) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { + return PSA_ERROR_BAD_STATE; + } +#if UINT_MAX > 0xFFFFFFFF + if (data > 0xFFFFFFFF) { + return PSA_ERROR_INVALID_ARGUMENT; + } +#endif + if (data == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + pbkdf2->input_cost = data; + pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; + + return PSA_SUCCESS; +} +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ + /** Check whether the given key type is acceptable for the given * input step of a key derivation. * @@ -6491,6 +6520,12 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + status = psa_pbkdf2_set_input_cost( + &operation->ctx.pbkdf2, step, value); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { (void) step; (void) value; From 547a6c6fd1cc3e13077c3efd1d42d7e585dfec2d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:18:19 +0530 Subject: [PATCH 09/31] add input salt function for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0ed005f32..ba6a64a55 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6411,6 +6411,50 @@ static psa_status_t psa_pbkdf2_set_input_cost( return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, + const uint8_t *data, + size_t data_length) +{ + uint8_t *prev_salt; + size_t prev_salt_length; + + if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && + pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + return PSA_ERROR_BAD_STATE; + } + + if (data_length != 0) { + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->salt = mbedtls_calloc(1, data_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, data, data_length); + pbkdf2->salt_length = data_length; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + prev_salt = pbkdf2->salt; + prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, prev_salt, prev_salt_length); + memcpy(pbkdf2->salt + prev_salt_length, data, + data_length); + pbkdf2->salt_length += data_length; + mbedtls_free(prev_salt); + } + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + + pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given From f4fe3ee9e40df638924c92605415338b6bae8b85 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:21:07 +0530 Subject: [PATCH 10/31] Add input password function for pbkdf2 Also adds PSA_KEY_DERIVATION_INPUT_PASSWORD case handling to psa_key_derivation_check_input_type function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ba6a64a55..82a362ca0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6455,6 +6455,29 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, + const uint8_t *data, + size_t data_length) +{ + if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + return PSA_ERROR_BAD_STATE; + } + + if (data_length != 0) { + pbkdf2->password = mbedtls_calloc(1, data_length); + if (pbkdf2->password == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->password, data, data_length); + pbkdf2->password_length = data_length; + } + + pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; + + return PSA_SUCCESS; +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given @@ -6498,6 +6521,17 @@ static int psa_key_derivation_check_input_type( return PSA_SUCCESS; } break; + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + if (key_type == PSA_KEY_TYPE_PASSWORD) { + return PSA_SUCCESS; + } + if (key_type == PSA_KEY_TYPE_DERIVE) { + return PSA_SUCCESS; + } + if (key_type == PSA_KEY_TYPE_NONE) { + return PSA_SUCCESS; + } + break; } return PSA_ERROR_INVALID_ARGUMENT; } From 24b3895dee1475fc2a41beffbb0227ed6b4792c6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:25:26 +0530 Subject: [PATCH 11/31] Add pbkdf2 input functions to psa_key_derivation_input_internal Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 82a362ca0..bf3f2a004 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6478,6 +6478,21 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } + +static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_key_derivation_step_t step, + const uint8_t *data, + size_t data_length) +{ + switch (step) { + case PSA_KEY_DERIVATION_INPUT_SALT: + return psa_pbkdf2_set_salt(pbkdf2, data, data_length); + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + return psa_pbkdf2_set_password(pbkdf2, data, data_length); + default: + return PSA_ERROR_INVALID_ARGUMENT; + } +} #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ /** Check whether the given key type is acceptable for the given @@ -6575,6 +6590,12 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + status = psa_pbkdf2_input( + &operation->ctx.pbkdf2, step, data, data_length); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { /* This can't happen unless the operation object was not initialized */ (void) data; From 3128c5d9ceaf5cbb9c714a0a1a85a1bf4793d180 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:27:57 +0530 Subject: [PATCH 12/31] Enable can_output_key with PSA_KEY_DERIVATION_INPUT_PASSWORD Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bf3f2a004..849bb95a6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6673,9 +6673,10 @@ psa_status_t psa_key_derivation_input_key( return status; } - /* Passing a key object as a SECRET input unlocks the permission - * to output to a key object. */ - if (step == PSA_KEY_DERIVATION_INPUT_SECRET) { + /* Passing a key object as a SECRET or PASSWORD input unlocks the + * permission to output to a key object. */ + if (step == PSA_KEY_DERIVATION_INPUT_SECRET || + step == PSA_KEY_DERIVATION_INPUT_PASSWORD) { operation->can_output_key = 1; } From f5fedf1e0da991a4818f65205980ced47a86cf74 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:29:48 +0530 Subject: [PATCH 13/31] Add pbkdf2 to psa_key_derivation_abort Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 849bb95a6..a289895c4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5094,6 +5094,25 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + if (operation->ctx.pbkdf2.input_cost != 0U) { + operation->ctx.pbkdf2.input_cost = 0U; + } + if (operation->ctx.pbkdf2.salt != NULL) { + mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, + operation->ctx.pbkdf2.salt_length); + mbedtls_free(operation->ctx.pbkdf2.salt); + } + if (operation->ctx.pbkdf2.password != NULL) { + mbedtls_platform_zeroize(operation->ctx.pbkdf2.password, + operation->ctx.pbkdf2.password_length); + mbedtls_free(operation->ctx.pbkdf2.password); + } + + status = PSA_SUCCESS; + } else +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */ { status = PSA_ERROR_BAD_STATE; } From 7c05c009886ab41cc66d129bab2de7ed95e7290b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 12:54:33 +0530 Subject: [PATCH 14/31] Add test cases for pbkdf2 input functions Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 60 +++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fd35c8796..06b57ad45 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5307,6 +5307,66 @@ PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too long depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, salt missing +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password missing +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password before cost +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED + +PSA key derivation: PBKDF2-HMAC-SHA256, DERIVE key as salt +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, duplicate cost step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject label step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-HMAC-SHA256, reject seed step +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 056f0c5047c139309e3bc736805262f672474e6c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 15:58:34 +0530 Subject: [PATCH 15/31] Make output_byte return not_supported for pbkdf2 As output functionality is not added yet return PSA_SUCCESS for now if inputs are passed correctly. If input validation fails operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 9 +++++++++ tests/suites/test_suite_psa_crypto.data | 14 +++++++------- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a289895c4..2a4ac7b2b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5492,6 +5492,15 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + /* As output functionality is not added yet return + * PSA_ERROR_NOT_SUPPORTED for now if inputs are passed correctly. + * If input validation fails operation is aborted and output_bytes + * will return PSA_ERROR_BAD_STATE */ + status = PSA_ERROR_NOT_SUPPORTED; + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { (void) kdf_alg; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 06b57ad45..d1972995e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5309,7 +5309,7 @@ derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5317,15 +5317,15 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, password missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt and password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, password bad key type depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5333,11 +5333,11 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, direct password, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, direct empty password, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, direct password, key output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 @@ -5353,7 +5353,7 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, duplicate salt step depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, reject secret step depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From b9410e89b4380653836da161b6750e1c5bc3f959 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 3 May 2023 18:36:35 +0530 Subject: [PATCH 16/31] Fix failing CI Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 14 ++++++++------ library/psa_crypto.c | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index bbad0c4af..bb3913197 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -264,7 +264,9 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ #endif /* PSA_WANT_ALG_PBKDF2_HMAC */ @@ -682,12 +684,12 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC -#if defined(MBEDTLS_PKCS5_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -#define PSA_WANT_ALG_PBKDF2_HMAC 1 -#endif /* MBEDTLS_PKCS5_C */ +// #if defined(MBEDTLS_PKCS5_C) +// #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +// #define PSA_WANT_ALG_HMAC 1 +// #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +// #define PSA_WANT_ALG_PBKDF2_HMAC 1 +// #endif /* MBEDTLS_PKCS5_C */ #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2a4ac7b2b..7262d84b4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6471,7 +6471,7 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, prev_salt, prev_salt_length); memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); + data_length); pbkdf2->salt_length += data_length; mbedtls_free(prev_salt); } From 6731a2580c30139683fddb818493ace0be17d7f1 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:54:54 +0530 Subject: [PATCH 17/31] Remove redundant code in key_derivation_abort() Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7262d84b4..0373f3809 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5096,9 +5096,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - if (operation->ctx.pbkdf2.input_cost != 0U) { - operation->ctx.pbkdf2.input_cost = 0U; - } if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); From d0422f30c586bc197be1dce278ec4cceb7de6450 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:56:19 +0530 Subject: [PATCH 18/31] Enable empty salt as input for pbkdf2 Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0373f3809..59169d504 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6449,31 +6449,27 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } - if (data_length != 0) { - if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { - pbkdf2->salt = mbedtls_calloc(1, data_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, data, data_length); - pbkdf2->salt_length = data_length; - } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - prev_salt = pbkdf2->salt; - prev_salt_length = pbkdf2->salt_length; - pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); - pbkdf2->salt_length += data_length; - mbedtls_free(prev_salt); + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->salt = mbedtls_calloc(1, data_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; } - } else { - return PSA_ERROR_INVALID_ARGUMENT; + + memcpy(pbkdf2->salt, data, data_length); + pbkdf2->salt_length = data_length; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + prev_salt = pbkdf2->salt; + prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); + if (pbkdf2->salt == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(pbkdf2->salt, prev_salt, prev_salt_length); + memcpy(pbkdf2->salt + prev_salt_length, data, + data_length); + pbkdf2->salt_length += data_length; + mbedtls_free(prev_salt); } pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; From 3fc4ca727263c070fe629acb94887beafaf3b20b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 15:57:41 +0530 Subject: [PATCH 19/31] Limit max input cost to 32bit Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- library/psa_crypto.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index d2cf4df97..5d01f6c58 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -116,7 +116,7 @@ typedef enum { typedef struct { psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); - uint64_t MBEDTLS_PRIVATE(input_cost); + size_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); uint8_t *MBEDTLS_PRIVATE(password); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 59169d504..af4ab6515 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6423,11 +6423,11 @@ static psa_status_t psa_pbkdf2_set_input_cost( if (pbkdf2->state != PSA_PBKDF2_STATE_INIT) { return PSA_ERROR_BAD_STATE; } -#if UINT_MAX > 0xFFFFFFFF + if (data > 0xFFFFFFFF) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_NOT_SUPPORTED; } -#endif + if (data == 0) { return PSA_ERROR_INVALID_ARGUMENT; } From 9016bc4ed26f54d08c5e22ec0f8514cdc93fe0f9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 8 May 2023 16:04:05 +0530 Subject: [PATCH 20/31] Clean up commented code Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index bb3913197..43a499f4e 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -684,13 +684,6 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define PSA_WANT_KEY_TYPE_HMAC -// #if defined(MBEDTLS_PKCS5_C) -// #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -// #define PSA_WANT_ALG_HMAC 1 -// #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -// #define PSA_WANT_ALG_PBKDF2_HMAC 1 -// #endif /* MBEDTLS_PKCS5_C */ - #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PRF 1 From 52fe517a77090aa3cf361285eb30053c0664871d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:28:46 +0530 Subject: [PATCH 21/31] Change pbkdf2 password to array Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- library/psa_crypto.c | 5 ----- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 5d01f6c58..245f26a15 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -119,7 +119,7 @@ typedef struct { size_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); - uint8_t *MBEDTLS_PRIVATE(password); + uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; size_t MBEDTLS_PRIVATE(password_length); } psa_pbkdf2_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index af4ab6515..461592005 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5101,11 +5101,6 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) operation->ctx.pbkdf2.salt_length); mbedtls_free(operation->ctx.pbkdf2.salt); } - if (operation->ctx.pbkdf2.password != NULL) { - mbedtls_platform_zeroize(operation->ctx.pbkdf2.password, - operation->ctx.pbkdf2.password_length); - mbedtls_free(operation->ctx.pbkdf2.password); - } status = PSA_SUCCESS; } else From e66a8ad8d6b502a74a3c97dbf41ec76a62574506 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:30:43 +0530 Subject: [PATCH 22/31] Define PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 4 ++++ library/psa_crypto.c | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 37f72054f..6b8ccbb9a 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -253,6 +253,10 @@ * curve. */ #define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32 +/* The maximum number of iterations for PBKDF2 on this implementation, in bits. + * This is a vendor-specific macro. This can be configured if necessary */ +#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff + /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 461592005..a8ccde56f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6419,13 +6419,14 @@ static psa_status_t psa_pbkdf2_set_input_cost( return PSA_ERROR_BAD_STATE; } - if (data > 0xFFFFFFFF) { + if (data > PSA_VENDOR_PBKDF2_MAX_ITERATIONS) { return PSA_ERROR_NOT_SUPPORTED; } if (data == 0) { return PSA_ERROR_INVALID_ARGUMENT; } + pbkdf2->input_cost = data; pbkdf2->state = PSA_PBKDF2_STATE_INPUT_COST_SET; From b538bb7a028e6a340cd2d240868513719013e004 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:32:14 +0530 Subject: [PATCH 23/31] Restructure pbkdf2_set_salt function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a8ccde56f..77c51847f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6437,9 +6437,6 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - uint8_t *prev_salt; - size_t prev_salt_length; - if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; @@ -6454,16 +6451,16 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, data, data_length); pbkdf2->salt_length = data_length; } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - prev_salt = pbkdf2->salt; - prev_salt_length = pbkdf2->salt_length; + uint8_t *prev_salt = pbkdf2->salt; + size_t prev_salt_length = pbkdf2->salt_length; + pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); if (pbkdf2->salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, - data_length); + memcpy(pbkdf2->salt + prev_salt_length, data, data_length); pbkdf2->salt_length += data_length; mbedtls_free(prev_salt); } From 10cc6bda1cdb5878ff230c9c60988a77ce45f706 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:35:14 +0530 Subject: [PATCH 24/31] Add PSA_ALG_PBKDF2_HMAC_GET_HASH macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 39acd96c5..580e3ae80 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2102,7 +2102,8 @@ */ #define PSA_ALG_IS_PBKDF2_HMAC(alg) \ (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_PBKDF2_HMAC_BASE) - +#define PSA_ALG_PBKDF2_HMAC_GET_HASH(pbkdf2_alg) \ + (PSA_ALG_CATEGORY_HASH | ((pbkdf2_alg) & PSA_ALG_HASH_MASK)) /** The PBKDF2-AES-CMAC-PRF-128 password hashing / key stretching algorithm. * * PBKDF2 is defined by PKCS#5, republished as RFC 8018 (section 5.2). From bd6cefb3daf459019c6dab53a02828e35150b4ff Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:36:34 +0530 Subject: [PATCH 25/31] Add HMAC specific function for setting password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 39 +++++++++++++++++++++++++++++---------- 1 file changed, 29 insertions(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 77c51847f..02ca4d735 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6470,30 +6470,49 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } +static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, + const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t output_len) +{ + psa_status_t status = PSA_SUCCESS; + if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { + status = psa_hash_compute(hash_alg, input, input_len, output, + PSA_HMAC_MAX_HASH_BLOCK_SIZE, &output_len); + } else { + memcpy(output, input, input_len); + output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); + } + return status; +} + static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_algorithm_t kdf_alg, const uint8_t *data, size_t data_length) { + psa_status_t status; if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; } if (data_length != 0) { - pbkdf2->password = mbedtls_calloc(1, data_length); - if (pbkdf2->password == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); + status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, + pbkdf2->password, + pbkdf2->password_length); } - - memcpy(pbkdf2->password, data, data_length); - pbkdf2->password_length = data_length; } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; - return PSA_SUCCESS; + return status; } static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, + psa_algorithm_t kdf_alg, psa_key_derivation_step_t step, const uint8_t *data, size_t data_length) @@ -6502,7 +6521,7 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, case PSA_KEY_DERIVATION_INPUT_SALT: return psa_pbkdf2_set_salt(pbkdf2, data, data_length); case PSA_KEY_DERIVATION_INPUT_PASSWORD: - return psa_pbkdf2_set_password(pbkdf2, data, data_length); + return psa_pbkdf2_set_password(pbkdf2, kdf_alg, data, data_length); default: return PSA_ERROR_INVALID_ARGUMENT; } @@ -6606,8 +6625,8 @@ static psa_status_t psa_key_derivation_input_internal( #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - status = psa_pbkdf2_input( - &operation->ctx.pbkdf2, step, data, data_length); + status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, + step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ { From 0202ccc9cc036c711bf630dc9760e0acee2480ad Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 12:38:40 +0530 Subject: [PATCH 26/31] Add tests with direct and key output Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index d1972995e..351d0ceda 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5309,7 +5309,15 @@ derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KE PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_NOT_SUPPORTED + +PSA key derivation: PBKDF2-HMAC-SHA256, good case, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED + +PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key output +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 From aac9a581f80f6db7c5bce36bc2dba67f21133aa9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 14:19:17 +0530 Subject: [PATCH 27/31] Fix code style and initialize status Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 02ca4d735..4cce837c5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6471,10 +6471,10 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, } static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, - const uint8_t *input, - size_t input_len, - uint8_t *output, - size_t output_len) + const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t output_len) { psa_status_t status = PSA_SUCCESS; if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { @@ -6492,7 +6492,7 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - psa_status_t status; + psa_status_t status = PSA_SUCCESS; if (pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { return PSA_ERROR_BAD_STATE; } From d7a3f8065f7a274ed267b59798977979acd3b68c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:19:47 +0530 Subject: [PATCH 28/31] Restructure set salt function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4cce837c5..f3699d41b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6451,18 +6451,18 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, memcpy(pbkdf2->salt, data, data_length); pbkdf2->salt_length = data_length; } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { - uint8_t *prev_salt = pbkdf2->salt; - size_t prev_salt_length = pbkdf2->salt_length; + uint8_t *next_salt; - pbkdf2->salt = mbedtls_calloc(1, data_length + prev_salt_length); - if (pbkdf2->salt == NULL) { + next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length); + if (next_salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(pbkdf2->salt, prev_salt, prev_salt_length); - memcpy(pbkdf2->salt + prev_salt_length, data, data_length); + memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length); + memcpy(next_salt + pbkdf2->salt_length, data, data_length); pbkdf2->salt_length += data_length; - mbedtls_free(prev_salt); + mbedtls_free(pbkdf2->salt); + pbkdf2->salt = next_salt; } pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; From 91f99f52c442d78f91683e9947277aa399a49a2c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:21:48 +0530 Subject: [PATCH 29/31] Change output length parameter in pbkdf2_hmac_set_password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f3699d41b..ae7d7473f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6474,15 +6474,15 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, const uint8_t *input, size_t input_len, uint8_t *output, - size_t output_len) + size_t *output_len) { psa_status_t status = PSA_SUCCESS; if (input_len > PSA_HASH_BLOCK_LENGTH(hash_alg)) { status = psa_hash_compute(hash_alg, input, input_len, output, - PSA_HMAC_MAX_HASH_BLOCK_SIZE, &output_len); + PSA_HMAC_MAX_HASH_BLOCK_SIZE, output_len); } else { memcpy(output, input, input_len); - output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); + *output_len = PSA_HASH_BLOCK_LENGTH(hash_alg); } return status; } @@ -6502,7 +6502,7 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, pbkdf2->password, - pbkdf2->password_length); + &pbkdf2->password_length); } } From 5e7ef203e38a198e7d1e266b4b5400de0ecdc59d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 24 May 2023 22:59:42 +0530 Subject: [PATCH 30/31] Add test case for PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 351d0ceda..c16879bc0 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5319,6 +5319,11 @@ PSA key derivation: PBKDF2-HMAC-SHA256, good case, DERIVE key as password, key o depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_ERROR_NOT_SUPPORTED +PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000001":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE From b20f13a41bb20a4e392b392047289a4e6bb629c0 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 31 May 2023 12:51:02 +0530 Subject: [PATCH 31/31] Change input cost type to uint64_t and fix max iteration test case Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 2 +- tests/suites/test_suite_psa_crypto.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index 245f26a15..d54291f81 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -116,7 +116,7 @@ typedef enum { typedef struct { psa_pbkdf2_key_derivation_state_t MBEDTLS_PRIVATE(state); - size_t MBEDTLS_PRIVATE(input_cost); + uint64_t MBEDTLS_PRIVATE(input_cost); uint8_t *MBEDTLS_PRIVATE(salt); size_t MBEDTLS_PRIVATE(salt_length); uint8_t MBEDTLS_PRIVATE(password)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c16879bc0..a979570b4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5322,7 +5322,7 @@ derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST: PSA key derivation: PBKDF2-HMAC-SHA256, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS #Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000001":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +derive_input:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-HMAC-SHA256, salt missing depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256