Rename "generator" to "operation"
Generators are now key derivation operations.
Keep "random generator" intact.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 29a0496..3e77dce 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -4066,19 +4066,19 @@
#define HKDF_STATE_OUTPUT 3 /* output started */
static psa_algorithm_t psa_key_derivation_get_kdf_alg(
- const psa_key_derivation_operation_t *generator )
+ const psa_key_derivation_operation_t *operation )
{
- if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
- return( PSA_ALG_KEY_AGREEMENT_GET_KDF( generator->alg ) );
+ if ( PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
+ return( PSA_ALG_KEY_AGREEMENT_GET_KDF( operation->alg ) );
else
- return( generator->alg );
+ return( operation->alg );
}
-psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator )
+psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *operation )
{
psa_status_t status = PSA_SUCCESS;
- psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
if( kdf_alg == 0 )
{
/* The object has (apparently) been initialized but it is not
@@ -4088,36 +4088,36 @@
else
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
- if( generator->ctx.buffer.data != NULL )
+ if( operation->ctx.buffer.data != NULL )
{
- mbedtls_platform_zeroize( generator->ctx.buffer.data,
- generator->ctx.buffer.size );
- mbedtls_free( generator->ctx.buffer.data );
+ mbedtls_platform_zeroize( operation->ctx.buffer.data,
+ operation->ctx.buffer.size );
+ mbedtls_free( operation->ctx.buffer.data );
}
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
- mbedtls_free( generator->ctx.hkdf.info );
- status = psa_hmac_abort_internal( &generator->ctx.hkdf.hmac );
+ mbedtls_free( operation->ctx.hkdf.info );
+ status = psa_hmac_abort_internal( &operation->ctx.hkdf.hmac );
}
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
- /* TLS-1.2 PSK-to-MS KDF uses the same generator as TLS-1.2 PRF */
+ /* TLS-1.2 PSK-to-MS KDF uses the same core as TLS-1.2 PRF */
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
- if( generator->ctx.tls12_prf.key != NULL )
+ if( operation->ctx.tls12_prf.key != NULL )
{
- mbedtls_platform_zeroize( generator->ctx.tls12_prf.key,
- generator->ctx.tls12_prf.key_len );
- mbedtls_free( generator->ctx.tls12_prf.key );
+ mbedtls_platform_zeroize( operation->ctx.tls12_prf.key,
+ operation->ctx.tls12_prf.key_len );
+ mbedtls_free( operation->ctx.tls12_prf.key );
}
- if( generator->ctx.tls12_prf.Ai_with_seed != NULL )
+ if( operation->ctx.tls12_prf.Ai_with_seed != NULL )
{
- mbedtls_platform_zeroize( generator->ctx.tls12_prf.Ai_with_seed,
- generator->ctx.tls12_prf.Ai_with_seed_len );
- mbedtls_free( generator->ctx.tls12_prf.Ai_with_seed );
+ mbedtls_platform_zeroize( operation->ctx.tls12_prf.Ai_with_seed,
+ operation->ctx.tls12_prf.Ai_with_seed_len );
+ mbedtls_free( operation->ctx.tls12_prf.Ai_with_seed );
}
}
else
@@ -4125,36 +4125,36 @@
{
status = PSA_ERROR_BAD_STATE;
}
- memset( generator, 0, sizeof( *generator ) );
+ memset( operation, 0, sizeof( *operation ) );
return( status );
}
-psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t *operation,
size_t *capacity)
{
- if( generator->alg == 0 )
+ if( operation->alg == 0 )
{
- /* This is a blank generator. */
+ /* This is a blank key derivation operation. */
return PSA_ERROR_BAD_STATE;
}
- *capacity = generator->capacity;
+ *capacity = operation->capacity;
return( PSA_SUCCESS );
}
-psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *operation,
size_t capacity )
{
- if( generator->alg == 0 )
+ if( operation->alg == 0 )
return( PSA_ERROR_BAD_STATE );
- if( capacity > generator->capacity )
+ if( capacity > operation->capacity )
return( PSA_ERROR_INVALID_ARGUMENT );
- generator->capacity = capacity;
+ operation->capacity = capacity;
return( PSA_SUCCESS );
}
#if defined(MBEDTLS_MD_C)
-/* Read some bytes from an HKDF-based generator. This performs a chunk
+/* Read some bytes from an HKDF-based operation. This performs a chunk
* of the expand phase of the HKDF algorithm. */
static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf,
psa_algorithm_t hash_alg,
@@ -4182,7 +4182,7 @@
break;
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_key_derivation_output_bytes() would have
- * prevented this call. It could happen only if the generator
+ * prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
if( hkdf->block_number == 0xff )
@@ -4237,7 +4237,7 @@
/* We can't be wanting more output after block 0xff, otherwise
* the capacity check in psa_key_derivation_output_bytes() would have
- * prevented this call. It could happen only if the generator
+ * prevented this call. It could happen only if the operation
* object was corrupted or if this function is called directly
* inside the library. */
if( tls12_prf->block_number == 0xff )
@@ -4335,7 +4335,7 @@
return( status );
}
-/* Read some bytes from an TLS-1.2-PRF-based generator.
+/* Read some bytes from an TLS-1.2-PRF-based operation.
* See Section 5 of RFC 5246. */
static psa_status_t psa_key_derivation_tls12_prf_read(
psa_tls12_prf_key_derivation_t *tls12_prf,
@@ -4376,53 +4376,53 @@
}
#endif /* MBEDTLS_MD_C */
-psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation,
uint8_t *output,
size_t output_length )
{
psa_status_t status;
- psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
- if( generator->alg == 0 )
+ if( operation->alg == 0 )
{
- /* This is a blank generator. */
+ /* This is a blank operation. */
return PSA_ERROR_BAD_STATE;
}
- if( output_length > generator->capacity )
+ if( output_length > operation->capacity )
{
- generator->capacity = 0;
+ operation->capacity = 0;
/* Go through the error path to wipe all confidential data now
- * that the generator object is useless. */
+ * that the operation object is useless. */
status = PSA_ERROR_INSUFFICIENT_DATA;
goto exit;
}
- if( output_length == 0 && generator->capacity == 0 )
+ if( output_length == 0 && operation->capacity == 0 )
{
- /* Edge case: this is a finished generator, and 0 bytes
+ /* Edge case: this is a finished operation, and 0 bytes
* were requested. The right error in this case could
* be either INSUFFICIENT_CAPACITY or BAD_STATE. Return
* INSUFFICIENT_CAPACITY, which is right for a finished
- * generator, for consistency with the case when
+ * operation, for consistency with the case when
* output_length > 0. */
return( PSA_ERROR_INSUFFICIENT_DATA );
}
- generator->capacity -= output_length;
+ operation->capacity -= output_length;
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
- /* Initially, the capacity of a selection generator is always
- * the size of the buffer, i.e. `generator->ctx.buffer.size`,
+ /* Initially, the capacity of a selection operation is always
+ * the size of the buffer, i.e. `operation->ctx.buffer.size`,
* abbreviated in this comment as `size`. When the remaining
* capacity is `c`, the next bytes to serve start `c` bytes
* from the end of the buffer, i.e. `size - c` from the
- * beginning of the buffer. Since `generator->capacity` was just
+ * beginning of the buffer. Since `operation->capacity` was just
* decremented above, we need to serve the bytes from
- * `size - generator->capacity - output_length` to
- * `size - generator->capacity`. */
+ * `size - operation->capacity - output_length` to
+ * `size - operation->capacity`. */
size_t offset =
- generator->ctx.buffer.size - generator->capacity - output_length;
- memcpy( output, generator->ctx.buffer.data + offset, output_length );
+ operation->ctx.buffer.size - operation->capacity - output_length;
+ memcpy( output, operation->ctx.buffer.data + offset, output_length );
status = PSA_SUCCESS;
}
else
@@ -4430,13 +4430,13 @@
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
- status = psa_key_derivation_hkdf_read( &generator->ctx.hkdf, hash_alg,
+ status = psa_key_derivation_hkdf_read( &operation->ctx.hkdf, hash_alg,
output, output_length );
}
else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
{
- status = psa_key_derivation_tls12_prf_read( &generator->ctx.tls12_prf,
+ status = psa_key_derivation_tls12_prf_read( &operation->ctx.tls12_prf,
kdf_alg, output,
output_length );
}
@@ -4450,12 +4450,12 @@
if( status != PSA_SUCCESS )
{
/* Preserve the algorithm upon errors, but clear all sensitive state.
- * This allows us to differentiate between exhausted generators and
- * blank generators, so we can return PSA_ERROR_BAD_STATE on blank
- * generators. */
- psa_algorithm_t alg = generator->alg;
- psa_key_derivation_abort( generator );
- generator->alg = alg;
+ * This allows us to differentiate between exhausted operations and
+ * blank operations, so we can return PSA_ERROR_BAD_STATE on blank
+ * operations. */
+ psa_algorithm_t alg = operation->alg;
+ psa_key_derivation_abort( operation );
+ operation->alg = alg;
memset( output, '!', output_length );
}
return( status );
@@ -4476,7 +4476,7 @@
static psa_status_t psa_generate_derived_key_internal(
psa_key_slot_t *slot,
size_t bits,
- psa_key_derivation_operation_t *generator )
+ psa_key_derivation_operation_t *operation )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
@@ -4490,7 +4490,7 @@
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- status = psa_key_derivation_output_bytes( generator, data, bytes );
+ status = psa_key_derivation_output_bytes( operation, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
@@ -4505,7 +4505,7 @@
}
psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attributes,
- psa_key_derivation_operation_t *generator,
+ psa_key_derivation_operation_t *operation,
psa_key_handle_t *handle )
{
psa_status_t status;
@@ -4515,7 +4515,7 @@
{
status = psa_generate_derived_key_internal( slot,
attributes->bits,
- generator );
+ operation );
}
if( status == PSA_SUCCESS )
status = psa_finish_key_creation( slot );
@@ -4530,7 +4530,7 @@
psa_status_t psa_generate_derived_key_to_handle( psa_key_handle_t handle,
psa_key_type_t type,
size_t bits,
- psa_key_derivation_operation_t *generator )
+ psa_key_derivation_operation_t *operation )
{
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES( bits );
@@ -4544,7 +4544,7 @@
if( data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- status = psa_key_derivation_output_bytes( generator, data, bytes );
+ status = psa_key_derivation_output_bytes( operation, data, bytes );
if( status != PSA_SUCCESS )
goto exit;
#if defined(MBEDTLS_DES_C)
@@ -4565,7 +4565,7 @@
/****************************************************************/
#if defined(MBEDTLS_MD_C)
-/* Set up an HKDF-based generator. This is exactly the extract phase
+/* Set up an HKDF-based operation. This is exactly the extract phase
* of the HKDF algorithm.
*
* Note that if this function fails, you must call psa_key_derivation_abort()
@@ -4611,7 +4611,7 @@
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_MD_C)
-/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
+/* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5).
*
* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
@@ -4668,7 +4668,7 @@
return( PSA_SUCCESS );
}
-/* Set up a TLS-1.2-PSK-to-MS-based generator. */
+/* Set up a TLS-1.2-PSK-to-MS-based operation. */
static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup(
psa_tls12_prf_key_derivation_t *tls12_prf,
const unsigned char *psk,
@@ -4714,7 +4714,7 @@
* to potentially free embedded data structures and wipe confidential data.
*/
static psa_status_t psa_key_derivation_internal(
- psa_key_derivation_operation_t *generator,
+ psa_key_derivation_operation_t *operation,
const uint8_t *secret, size_t secret_length,
psa_algorithm_t alg,
const uint8_t *salt, size_t salt_length,
@@ -4724,8 +4724,8 @@
psa_status_t status;
size_t max_capacity;
- /* Set generator->alg even on failure so that abort knows what to do. */
- generator->alg = alg;
+ /* Set operation->alg even on failure so that abort knows what to do. */
+ operation->alg = alg;
if( alg == PSA_ALG_SELECT_RAW )
{
@@ -4735,11 +4735,11 @@
(void) label;
if( label_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
- if( generator->ctx.buffer.data == NULL )
+ operation->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
+ if( operation->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( generator->ctx.buffer.data, secret, secret_length );
- generator->ctx.buffer.size = secret_length;
+ memcpy( operation->ctx.buffer.data, secret, secret_length );
+ operation->ctx.buffer.size = secret_length;
max_capacity = secret_length;
status = PSA_SUCCESS;
}
@@ -4752,7 +4752,7 @@
if( hash_size == 0 )
return( PSA_ERROR_NOT_SUPPORTED );
max_capacity = 255 * hash_size;
- status = psa_key_derivation_hkdf_setup( &generator->ctx.hkdf,
+ status = psa_key_derivation_hkdf_setup( &operation->ctx.hkdf,
secret, secret_length,
hash_alg,
salt, salt_length,
@@ -4776,7 +4776,7 @@
if( PSA_ALG_IS_TLS12_PRF( alg ) )
{
- status = psa_key_derivation_tls12_prf_setup( &generator->ctx.tls12_prf,
+ status = psa_key_derivation_tls12_prf_setup( &operation->ctx.tls12_prf,
secret, secret_length,
hash_alg, salt, salt_length,
label, label_length );
@@ -4784,7 +4784,7 @@
else
{
status = psa_key_derivation_tls12_psk_to_ms_setup(
- &generator->ctx.tls12_prf,
+ &operation->ctx.tls12_prf,
secret, secret_length,
hash_alg, salt, salt_length,
label, label_length );
@@ -4800,16 +4800,16 @@
return( status );
if( capacity <= max_capacity )
- generator->capacity = capacity;
+ operation->capacity = capacity;
else if( capacity == PSA_KEY_DERIVATION_UNLIMITED_CAPACITY )
- generator->capacity = max_capacity;
+ operation->capacity = max_capacity;
else
return( PSA_ERROR_INVALID_ARGUMENT );
return( PSA_SUCCESS );
}
-psa_status_t psa_key_derivation( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *salt,
@@ -4821,7 +4821,7 @@
psa_key_slot_t *slot;
psa_status_t status;
- if( generator->alg != 0 )
+ if( operation->alg != 0 )
return( PSA_ERROR_BAD_STATE );
/* Make sure that alg is a key derivation algorithm. This prevents
@@ -4837,7 +4837,7 @@
if( slot->type != PSA_KEY_TYPE_DERIVE )
return( PSA_ERROR_INVALID_ARGUMENT );
- status = psa_key_derivation_internal( generator,
+ status = psa_key_derivation_internal( operation,
slot->data.raw.data,
slot->data.raw.bytes,
alg,
@@ -4845,12 +4845,12 @@
label, label_length,
capacity );
if( status != PSA_SUCCESS )
- psa_key_derivation_abort( generator );
+ psa_key_derivation_abort( operation );
return( status );
}
static psa_status_t psa_key_derivation_setup_kdf(
- psa_key_derivation_operation_t *generator,
+ psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg )
{
/* Make sure that kdf_alg is a supported key derivation algorithm. */
@@ -4869,7 +4869,7 @@
{
return( PSA_ERROR_NOT_SUPPORTED );
}
- generator->capacity = 255 * hash_size;
+ operation->capacity = 255 * hash_size;
return( PSA_SUCCESS );
}
#endif /* MBEDTLS_MD_C */
@@ -4877,12 +4877,12 @@
return( PSA_ERROR_NOT_SUPPORTED );
}
-psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *operation,
psa_algorithm_t alg )
{
psa_status_t status;
- if( generator->alg != 0 )
+ if( operation->alg != 0 )
return( PSA_ERROR_BAD_STATE );
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( alg ) )
@@ -4890,17 +4890,17 @@
else if( PSA_ALG_IS_KEY_AGREEMENT( alg ) )
{
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
- status = psa_key_derivation_setup_kdf( generator, kdf_alg );
+ status = psa_key_derivation_setup_kdf( operation, kdf_alg );
}
else if( PSA_ALG_IS_KEY_DERIVATION( alg ) )
{
- status = psa_key_derivation_setup_kdf( generator, alg );
+ status = psa_key_derivation_setup_kdf( operation, alg );
}
else
return( PSA_ERROR_INVALID_ARGUMENT );
if( status == PSA_SUCCESS )
- generator->alg = alg;
+ operation->alg = alg;
return( status );
}
@@ -4972,31 +4972,31 @@
#endif /* MBEDTLS_MD_C */
static psa_status_t psa_key_derivation_input_raw(
- psa_key_derivation_operation_t *generator,
+ psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
{
psa_status_t status;
- psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator );
+ psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( operation );
if( kdf_alg == PSA_ALG_SELECT_RAW )
{
- if( generator->capacity != 0 )
+ if( operation->capacity != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
- generator->ctx.buffer.data = mbedtls_calloc( 1, data_length );
- if( generator->ctx.buffer.data == NULL )
+ operation->ctx.buffer.data = mbedtls_calloc( 1, data_length );
+ if( operation->ctx.buffer.data == NULL )
return( PSA_ERROR_INSUFFICIENT_MEMORY );
- memcpy( generator->ctx.buffer.data, data, data_length );
- generator->ctx.buffer.size = data_length;
- generator->capacity = data_length;
+ memcpy( operation->ctx.buffer.data, data, data_length );
+ operation->ctx.buffer.size = data_length;
+ operation->capacity = data_length;
status = PSA_SUCCESS;
}
else
#if defined(MBEDTLS_MD_C)
if( PSA_ALG_IS_HKDF( kdf_alg ) )
{
- status = psa_hkdf_input( &generator->ctx.hkdf,
+ status = psa_hkdf_input( &operation->ctx.hkdf,
PSA_ALG_HKDF_GET_HASH( kdf_alg ),
step, data, data_length );
}
@@ -5013,16 +5013,16 @@
else
#endif /* MBEDTLS_MD_C */
{
- /* This can't happen unless the generator object was not initialized */
+ /* This can't happen unless the operation object was not initialized */
return( PSA_ERROR_BAD_STATE );
}
if( status != PSA_SUCCESS )
- psa_key_derivation_abort( generator );
+ psa_key_derivation_abort( operation );
return( status );
}
-psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_input_bytes( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length )
@@ -5032,14 +5032,14 @@
case PSA_KEY_DERIVATION_INPUT_LABEL:
case PSA_KEY_DERIVATION_INPUT_SALT:
case PSA_KEY_DERIVATION_INPUT_INFO:
- return( psa_key_derivation_input_raw( generator, step,
+ return( psa_key_derivation_input_raw( operation, step,
data, data_length ) );
default:
return( PSA_ERROR_INVALID_ARGUMENT );
}
}
-psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_input_key( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t handle )
{
@@ -5047,7 +5047,7 @@
psa_status_t status;
status = psa_get_key_from_slot( handle, &slot,
PSA_KEY_USAGE_DERIVE,
- generator->alg );
+ operation->alg );
if( status != PSA_SUCCESS )
return( status );
if( slot->type != PSA_KEY_TYPE_DERIVE )
@@ -5060,7 +5060,7 @@
* and leak values derived from the key. So be conservative. */
if( step != PSA_KEY_DERIVATION_INPUT_SECRET )
return( PSA_ERROR_INVALID_ARGUMENT );
- return( psa_key_derivation_input_raw( generator,
+ return( psa_key_derivation_input_raw( operation,
step,
slot->data.raw.data,
slot->data.raw.bytes ) );
@@ -5151,7 +5151,7 @@
/* Note that if this function fails, you must call psa_key_derivation_abort()
* to potentially free embedded data structures and wipe confidential data.
*/
-static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *generator,
+static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_slot_t *private_key,
const uint8_t *peer_key,
@@ -5160,7 +5160,7 @@
psa_status_t status;
uint8_t shared_secret[PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE];
size_t shared_secret_length = 0;
- psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( generator->alg );
+ psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE( operation->alg );
/* Step 1: run the secret agreement algorithm to generate the shared
* secret. */
@@ -5175,7 +5175,7 @@
/* Step 2: set up the key derivation to generate key material from
* the shared secret. */
- status = psa_key_derivation_input_raw( generator, step,
+ status = psa_key_derivation_input_raw( operation, step,
shared_secret, shared_secret_length );
exit:
@@ -5183,7 +5183,7 @@
return( status );
}
-psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *generator,
+psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_handle_t private_key,
const uint8_t *peer_key,
@@ -5191,17 +5191,17 @@
{
psa_key_slot_t *slot;
psa_status_t status;
- if( ! PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) )
+ if( ! PSA_ALG_IS_KEY_AGREEMENT( operation->alg ) )
return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_key_from_slot( private_key, &slot,
- PSA_KEY_USAGE_DERIVE, generator->alg );
+ PSA_KEY_USAGE_DERIVE, operation->alg );
if( status != PSA_SUCCESS )
return( status );
- status = psa_key_agreement_internal( generator, step,
+ status = psa_key_agreement_internal( operation, step,
slot,
peer_key, peer_key_length );
if( status != PSA_SUCCESS )
- psa_key_derivation_abort( generator );
+ psa_key_derivation_abort( operation );
return( status );
}
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index d98470d..abc73ae 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1716,7 +1716,7 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT
-Crypto generator initializers zero properly
+Crypto derivation operation object initializers zero properly
key_derivation_init:
PSA key derivation: HKDF-SHA-256, good case
@@ -1755,11 +1755,11 @@
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ALG_CATEGORY_KEY_DERIVATION:"":"":42:PSA_ERROR_NOT_SUPPORTED
-PSA key derivation: invalid generator state ( double generate + read past capacity )
+PSA key derivation: invalid state (double generate + read past capacity)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
test_derive_invalid_key_derivation_state:
-PSA key derivation: invalid generator state ( call read/get_capacity after init and abort )
+PSA key derivation: invalid state (call read/get_capacity after init and abort)
depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C
test_derive_invalid_key_derivation_tests:
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 52c41e7..4c28b80 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -525,7 +525,7 @@
psa_key_usage_t usage,
psa_algorithm_t alg )
{
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char label[16] = "This is a label.";
size_t label_length = sizeof( label );
unsigned char seed[16] = "abcdefghijklmnop";
@@ -536,15 +536,15 @@
{
if( PSA_ALG_IS_HKDF( alg ) )
{
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
label,
label_length ) );
- PSA_ASSERT( psa_key_derivation_input_key( &generator,
+ PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
handle ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
seed,
seed_length ) );
@@ -552,16 +552,16 @@
else
{
// legacy
- PSA_ASSERT( psa_key_derivation( &generator,
+ PSA_ASSERT( psa_key_derivation( &operation,
handle, alg,
label, label_length,
seed, seed_length,
sizeof( output ) ) );
}
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
return( 1 );
@@ -572,7 +572,7 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
-static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *generator,
+static psa_status_t key_agreement_with_self( psa_key_derivation_operation_t *operation,
psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
@@ -596,7 +596,7 @@
public_key, public_key_length,
&public_key_length ) );
- status = psa_key_derivation_key_agreement( generator, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
+ status = psa_key_derivation_key_agreement( operation, PSA_KEY_DERIVATION_INPUT_SECRET, handle,
public_key, public_key_length );
exit:
mbedtls_free( public_key );
@@ -664,7 +664,7 @@
psa_key_usage_t usage,
psa_algorithm_t alg )
{
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output[1];
int ok = 0;
@@ -672,12 +672,12 @@
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( key_agreement_with_self( &operation, handle ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output,
sizeof( output ) ) );
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
}
ok = 1;
@@ -1844,7 +1844,7 @@
{
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -1856,7 +1856,7 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- status = psa_key_derivation( &generator, handle,
+ status = psa_key_derivation( &operation, handle,
exercise_alg,
NULL, 0,
NULL, 0,
@@ -1868,7 +1868,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -1884,7 +1884,7 @@
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -1896,8 +1896,8 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
- status = key_agreement_with_self( &generator, handle );
+ PSA_ASSERT( psa_key_derivation_setup( &operation, exercise_alg ) );
+ status = key_agreement_with_self( &operation, handle );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -1906,7 +1906,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -1922,7 +1922,7 @@
psa_key_handle_t handle = 0;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_type_t key_type = key_type_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_status_t status;
PSA_ASSERT( psa_crypto_init( ) );
@@ -1943,7 +1943,7 @@
TEST_EQUAL( status, PSA_ERROR_NOT_PERMITTED );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -4009,7 +4009,7 @@
memset( &zero, 0, sizeof( zero ) );
- /* A default generator should not be able to report its capacity. */
+ /* A default operation should not be able to report its capacity. */
TEST_EQUAL( psa_key_derivation_get_capacity( &func, &capacity ),
PSA_ERROR_BAD_STATE );
TEST_EQUAL( psa_key_derivation_get_capacity( &init, &capacity ),
@@ -4017,7 +4017,7 @@
TEST_EQUAL( psa_key_derivation_get_capacity( &zero, &capacity ),
PSA_ERROR_BAD_STATE );
- /* A default generator should be abortable without error. */
+ /* A default operation should be abortable without error. */
PSA_ASSERT( psa_key_derivation_abort(&func) );
PSA_ASSERT( psa_key_derivation_abort(&init) );
PSA_ASSERT( psa_key_derivation_abort(&zero) );
@@ -4038,7 +4038,7 @@
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_status_t expected_status = expected_status_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_crypto_init( ) );
@@ -4050,14 +4050,14 @@
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
&handle ) );
- TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
+ TEST_EQUAL( psa_key_derivation( &operation, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ),
expected_status );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -4068,7 +4068,7 @@
{
psa_key_handle_t handle = 0;
size_t key_type = PSA_KEY_TYPE_DERIVE;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_algorithm_t alg = PSA_ALG_HKDF( PSA_ALG_SHA_256 );
uint8_t buffer[42];
size_t capacity = sizeof( buffer );
@@ -4088,25 +4088,25 @@
&handle ) );
/* valid key derivation */
- PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+ PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
NULL, 0,
NULL, 0,
capacity ) );
- /* state of generator shouldn't allow additional generation */
- TEST_EQUAL( psa_key_derivation( &generator, handle, alg,
+ /* state of operation shouldn't allow additional generation */
+ TEST_EQUAL( psa_key_derivation( &operation, handle, alg,
NULL, 0,
NULL, 0,
capacity ),
PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator, buffer, capacity ) );
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation, buffer, capacity ) );
- TEST_EQUAL( psa_key_derivation_output_bytes( &generator, buffer, capacity ),
+ TEST_EQUAL( psa_key_derivation_output_bytes( &operation, buffer, capacity ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -4118,24 +4118,24 @@
uint8_t output_buffer[16];
size_t buffer_size = 16;
size_t capacity = 0;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
+ TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
- TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
+ TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
== PSA_ERROR_BAD_STATE );
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
- TEST_ASSERT( psa_key_derivation_output_bytes( &generator, output_buffer, buffer_size )
+ TEST_ASSERT( psa_key_derivation_output_bytes( &operation, output_buffer, buffer_size )
== PSA_ERROR_BAD_STATE );
- TEST_ASSERT( psa_key_derivation_get_capacity( &generator, &capacity )
+ TEST_ASSERT( psa_key_derivation_get_capacity( &operation, &capacity )
== PSA_ERROR_BAD_STATE );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
}
/* END_CASE */
@@ -4151,7 +4151,7 @@
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *expected_outputs[2] =
{expected_output1->x, expected_output2->x};
size_t output_sizes[2] =
@@ -4184,28 +4184,28 @@
/* Extraction phase. */
if( PSA_ALG_IS_HKDF( alg ) )
{
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
requested_capacity ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
salt->x, salt->len ) );
- PSA_ASSERT( psa_key_derivation_input_key( &generator,
+ PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
handle ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
label->x, label->len ) );
}
else
{
// legacy
- PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+ PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
}
- PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
¤t_capacity ) );
TEST_EQUAL( current_capacity, requested_capacity );
expected_capacity = requested_capacity;
@@ -4214,7 +4214,7 @@
for( i = 0; i < ARRAY_LENGTH( expected_outputs ); i++ )
{
/* Read some bytes. */
- status = psa_key_derivation_output_bytes( &generator,
+ status = psa_key_derivation_output_bytes( &operation,
output_buffer, output_sizes[i] );
if( expected_capacity == 0 && output_sizes[i] == 0 )
{
@@ -4236,17 +4236,17 @@
if( output_sizes[i] != 0 )
ASSERT_COMPARE( output_buffer, output_sizes[i],
expected_outputs[i], output_sizes[i] );
- /* Check the generator status. */
+ /* Check the operation status. */
expected_capacity -= output_sizes[i];
- PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
¤t_capacity ) );
TEST_EQUAL( expected_capacity, current_capacity );
}
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
exit:
mbedtls_free( output_buffer );
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -4262,7 +4262,7 @@
psa_key_handle_t handle = 0;
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output_buffer[16];
size_t expected_capacity = requested_capacity;
size_t current_capacity;
@@ -4280,28 +4280,28 @@
/* Extraction phase. */
if( PSA_ALG_IS_HKDF( alg ) )
{
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- PSA_ASSERT( psa_key_derivation_set_capacity( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_set_capacity( &operation,
requested_capacity ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_SALT,
salt->x, salt->len ) );
- PSA_ASSERT( psa_key_derivation_input_key( &generator,
+ PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
handle ) );
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
label->x, label->len ) );
}
else
{
// legacy
- PSA_ASSERT( psa_key_derivation( &generator, handle, alg,
+ PSA_ASSERT( psa_key_derivation( &operation, handle, alg,
salt->x, salt->len,
label->x, label->len,
requested_capacity ) );
}
- PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
¤t_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
@@ -4311,23 +4311,23 @@
size_t read_size = sizeof( output_buffer );
if( read_size > current_capacity )
read_size = current_capacity;
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer,
read_size ) );
expected_capacity -= read_size;
- PSA_ASSERT( psa_key_derivation_get_capacity( &generator,
+ PSA_ASSERT( psa_key_derivation_get_capacity( &operation,
¤t_capacity ) );
TEST_EQUAL( current_capacity, expected_capacity );
}
- /* Check that the generator refuses to go over capacity. */
- TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output_buffer, 1 ),
+ /* Check that the operation refuses to go over capacity. */
+ TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output_buffer, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( handle );
mbedtls_psa_crypto_free( );
}
@@ -4351,7 +4351,7 @@
psa_key_usage_t derived_usage = derived_usage_arg;
psa_algorithm_t derived_alg = derived_alg_arg;
size_t capacity = PSA_BITS_TO_BYTES( derived_bits );
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -4364,7 +4364,7 @@
&base_handle ) );
/* Derive a key. */
- PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+ PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
@@ -4372,7 +4372,7 @@
psa_set_key_algorithm( &attributes, derived_alg );
psa_set_key_type( &attributes, derived_type );
psa_set_key_bits( &attributes, derived_bits );
- PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
+ PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
&derived_handle ) );
/* Test the key information */
@@ -4385,7 +4385,7 @@
goto exit;
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_reset_key_attributes( &got_attributes );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
@@ -4407,7 +4407,7 @@
size_t bytes1 = bytes1_arg;
size_t bytes2 = bytes2_arg;
size_t capacity = bytes1 + bytes2;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
uint8_t *output_buffer = NULL;
uint8_t *export_buffer = NULL;
psa_key_attributes_t base_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -4425,17 +4425,17 @@
&base_handle ) );
/* Derive some material and output it. */
- PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+ PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output_buffer,
capacity ) );
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
/* Derive the same output again, but this time store it in key objects. */
- PSA_ASSERT( psa_key_derivation( &generator, base_handle, alg,
+ PSA_ASSERT( psa_key_derivation( &operation, base_handle, alg,
salt->x, salt->len,
label->x, label->len,
capacity ) );
@@ -4443,7 +4443,7 @@
psa_set_key_algorithm( &derived_attributes, 0 );
psa_set_key_type( &derived_attributes, PSA_KEY_TYPE_RAW_DATA );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes1 ) );
- PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
+ PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer, bytes1,
@@ -4451,7 +4451,7 @@
TEST_EQUAL( length, bytes1 );
PSA_ASSERT( psa_destroy_key( derived_handle ) );
psa_set_key_bits( &derived_attributes, PSA_BYTES_TO_BITS( bytes2 ) );
- PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &generator,
+ PSA_ASSERT( psa_key_derivation_output_key( &derived_attributes, &operation,
&derived_handle ) );
PSA_ASSERT( psa_export_key( derived_handle,
export_buffer + bytes1, bytes2,
@@ -4465,7 +4465,7 @@
exit:
mbedtls_free( output_buffer );
mbedtls_free( export_buffer );
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( base_handle );
psa_destroy_key( derived_handle );
mbedtls_psa_crypto_free( );
@@ -4481,7 +4481,7 @@
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
@@ -4499,10 +4499,10 @@
* Test cases that fail at the setup step should be changed to call
* key_derivation_setup instead, and this function should be renamed
* to key_agreement_fail. */
- status = psa_key_derivation_setup( &generator, alg );
+ status = psa_key_derivation_setup( &operation, alg );
if( status == PSA_SUCCESS )
{
- TEST_EQUAL( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
+ TEST_EQUAL( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ),
expected_status );
@@ -4513,7 +4513,7 @@
}
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
}
@@ -4565,7 +4565,7 @@
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t actual_capacity;
unsigned char output[16];
@@ -4579,37 +4579,37 @@
our_key_data->x, our_key_data->len,
&our_key ) );
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
{
/* The test data is for info="" */
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
}
/* Test the advertized capacity. */
PSA_ASSERT( psa_key_derivation_get_capacity(
- &generator, &actual_capacity ) );
+ &operation, &actual_capacity ) );
TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
/* Test the actual capacity by reading the output. */
while( actual_capacity > sizeof( output ) )
{
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output, sizeof( output ) ) );
actual_capacity -= sizeof( output );
}
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
output, actual_capacity ) );
- TEST_EQUAL( psa_key_derivation_output_bytes( &generator, output, 1 ),
+ TEST_EQUAL( psa_key_derivation_output_bytes( &operation, output, 1 ),
PSA_ERROR_INSUFFICIENT_DATA );
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
}
@@ -4624,7 +4624,7 @@
psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg;
psa_key_type_t our_key_type = our_key_type_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
@@ -4640,26 +4640,26 @@
our_key_data->x, our_key_data->len,
&our_key ) );
- PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
- PSA_ASSERT( psa_key_derivation_key_agreement( &generator, PSA_KEY_DERIVATION_INPUT_SECRET,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, alg ) );
+ PSA_ASSERT( psa_key_derivation_key_agreement( &operation, PSA_KEY_DERIVATION_INPUT_SECRET,
our_key,
peer_key_data->x, peer_key_data->len ) );
if( PSA_ALG_IS_HKDF( PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ) ) )
{
/* The test data is for info="" */
- PSA_ASSERT( psa_key_derivation_input_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_input_bytes( &operation,
PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
}
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
actual_output,
expected_output1->len ) );
ASSERT_COMPARE( actual_output, expected_output1->len,
expected_output1->x, expected_output1->len );
if( expected_output2->len != 0 )
{
- PSA_ASSERT( psa_key_derivation_output_bytes( &generator,
+ PSA_ASSERT( psa_key_derivation_output_bytes( &operation,
actual_output,
expected_output2->len ) );
ASSERT_COMPARE( actual_output, expected_output2->len,
@@ -4667,7 +4667,7 @@
}
exit:
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( our_key );
mbedtls_psa_crypto_free( );
mbedtls_free( actual_output );
@@ -4886,7 +4886,7 @@
size_t bits = bits_arg;
psa_key_usage_t usage_flags = usage_flags_arg;
psa_algorithm_t alg = alg_arg;
- psa_key_derivation_operation_t generator = PSA_KEY_DERIVATION_OPERATION_INIT;
+ psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char *first_export = NULL;
unsigned char *second_export = NULL;
size_t export_size = PSA_KEY_EXPORT_MAX_SIZE( type, bits );
@@ -4933,16 +4933,16 @@
data->x, data->len,
&base_key ) );
/* Derive a key. */
- PSA_ASSERT( psa_key_derivation_setup( &generator, derive_alg ) );
- PSA_ASSERT( psa_key_derivation_input_key( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &operation, derive_alg ) );
+ PSA_ASSERT( psa_key_derivation_input_key( &operation,
PSA_KEY_DERIVATION_INPUT_SECRET,
base_key ) );
PSA_ASSERT( psa_key_derivation_input_bytes(
- &generator, PSA_KEY_DERIVATION_INPUT_INFO,
+ &operation, PSA_KEY_DERIVATION_INPUT_INFO,
NULL, 0 ) );
- PSA_ASSERT( psa_key_derivation_output_key( &attributes, &generator,
+ PSA_ASSERT( psa_key_derivation_output_key( &attributes, &operation,
&handle ) );
- PSA_ASSERT( psa_key_derivation_abort( &generator ) );
+ PSA_ASSERT( psa_key_derivation_abort( &operation ) );
PSA_ASSERT( psa_destroy_key( base_key ) );
base_key = 0;
}
@@ -4994,7 +4994,7 @@
psa_reset_key_attributes( &attributes );
mbedtls_free( first_export );
mbedtls_free( second_export );
- psa_key_derivation_abort( &generator );
+ psa_key_derivation_abort( &operation );
psa_destroy_key( base_key );
if( handle == 0 )
{