Merge pull request #202 from ARMmbed/psa-tls12_prf_minor_fixes
Minor fixes for ECDH and TLS12_PRF
diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 8e439ba..15c8130 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1270,7 +1270,7 @@
* \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such
* that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true)
* or a key selection algorithm (\c PSA_ALG_XXX value such
- * that #PSA_ALG_IS_SELECTION(\p hash_alg) is true).
+ * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true).
*
* \return The Diffie-Hellman algorithm with the specified
* selection or derivation algorithm.
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index f11b87c..44a1a60 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -85,7 +85,7 @@
} ctx;
};
-
+#if defined(MBEDTLS_MD_C)
typedef struct
{
/** The hash context. */
@@ -93,7 +93,7 @@
/** The HMAC part of the context. */
uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE];
} psa_hmac_internal_data;
-
+#endif /* MBEDTLS_MD_C */
struct psa_mac_operation_s
{
@@ -130,6 +130,7 @@
} ctx;
};
+#if defined(MBEDTLS_MD_C)
typedef struct
{
uint8_t *info;
@@ -143,7 +144,9 @@
uint8_t offset_in_block;
uint8_t block_number;
} psa_hkdf_generator_t;
+#endif /* MBEDTLS_MD_C */
+#if defined(MBEDTLS_MD_C)
typedef struct psa_tls12_prf_generator_s
{
/* The TLS 1.2 PRF uses the key for each HMAC iteration,
@@ -172,6 +175,7 @@
uint8_t block_number;
} psa_tls12_prf_generator_t;
+#endif /* MBEDTLS_MD_C */
struct psa_crypto_generator_s
{
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index f0de861..b0fb5a8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1431,6 +1431,7 @@
(int) key_bits, mode ) );
}
+#if defined(MBEDTLS_MD_C)
static size_t psa_get_hash_block_size( psa_algorithm_t alg )
{
switch( alg )
@@ -1457,6 +1458,7 @@
return( 0 );
}
}
+#endif /* MBEDTLS_MD_C */
/* Initialize the MAC operation structure. Once this function has been
* called, psa_mac_abort can run and will do the right thing. */
@@ -2164,6 +2166,7 @@
goto cleanup;
}
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
{
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
@@ -2174,7 +2177,9 @@
md_alg ) );
}
else
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
{
+ (void) alg;
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
hash, hash_length,
mbedtls_ctr_drbg_random,
@@ -2265,7 +2270,13 @@
if( PSA_KEY_TYPE_IS_ECC( slot->type ) )
{
#if defined(MBEDTLS_ECDSA_C)
- if( PSA_ALG_IS_ECDSA( alg ) )
+ if(
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+ PSA_ALG_IS_ECDSA( alg )
+#else
+ PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
+#endif
+ )
status = psa_ecdsa_sign( slot->data.ecp,
alg,
hash, hash_length,
@@ -3637,8 +3648,13 @@
/* Key derivation */
/****************************************************************/
+#if defined(MBEDTLS_MD_C)
/* Set up an HKDF-based generator. This is exactly the extract phase
- * of the HKDF algorithm. */
+ * of the HKDF algorithm.
+ *
+ * Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf,
const uint8_t *secret,
size_t secret_length,
@@ -3674,8 +3690,14 @@
}
return( PSA_SUCCESS );
}
+#endif /* MBEDTLS_MD_C */
-/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). */
+#if defined(MBEDTLS_MD_C)
+/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5).
+ *
+ * Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
static psa_status_t psa_generator_tls12_prf_setup(
psa_tls12_prf_generator_t *tls12_prf,
const unsigned char *key,
@@ -3727,7 +3749,11 @@
return( PSA_SUCCESS );
}
+#endif /* MBEDTLS_MD_C */
+/* Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
static psa_status_t psa_key_derivation_internal(
psa_crypto_generator_t *generator,
const uint8_t *secret, size_t secret_length,
@@ -3744,8 +3770,10 @@
if( alg == PSA_ALG_SELECT_RAW )
{
+ (void) salt;
if( salt_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
+ (void) label;
if( label_length != 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length );
@@ -3854,6 +3882,7 @@
/* Key agreement */
/****************************************************************/
+#if defined(MBEDTLS_ECDH_C)
static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key,
size_t peer_key_length,
const mbedtls_ecp_keypair *our_key,
@@ -3905,9 +3934,13 @@
mbedtls_ecdh_free( &ecdh );
return( mbedtls_to_psa_error( ret ) );
}
+#endif /* MBEDTLS_ECDH_C */
#define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES
+/* Note that if this function fails, you must call psa_generator_abort()
+ * to potentially free embedded data structures and wipe confidential data.
+ */
static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator,
key_slot_t *private_key,
const uint8_t *peer_key,
@@ -3934,6 +3967,9 @@
break;
#endif /* MBEDTLS_ECDH_C */
default:
+ (void) private_key;
+ (void) peer_key;
+ (void) peer_key_length;
return( PSA_ERROR_NOT_SUPPORTED );
}
if( status != PSA_SUCCESS )
@@ -3965,10 +4001,13 @@
PSA_KEY_USAGE_DERIVE, alg );
if( status != PSA_SUCCESS )
return( status );
- return( psa_key_agreement_internal( generator,
- slot,
- peer_key, peer_key_length,
- alg ) );
+ status = psa_key_agreement_internal( generator,
+ slot,
+ peer_key, peer_key_length,
+ alg );
+ if( status != PSA_SUCCESS )
+ psa_generator_abort( generator );
+ return( status );
}
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 7f37db1..da105d2 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -1618,7 +1618,7 @@
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3059301306072a8648ce3d020106082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS
PSA key agreement setup: ECDH, raw: public key on different curve
-depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3076301006072a8648ce3d020106052b8104002203620004e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT
PSA key agreement setup: ECDH, raw: public key instead of private key
@@ -1697,6 +1697,10 @@
depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C
key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":""
+PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32
+depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C
+key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3059301306072a8648ce3d020106082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":""
+
PSA generate random: 0 bytes
generate_random:0