Make key agreement the secret input for key derivation
* Documentation
* Proof-of-concept implementation
* Updates to the tests (work in progress)
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 9b8e01c..f90a7b3 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -405,8 +405,7 @@
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
static psa_status_t key_agreement_with_self( psa_crypto_generator_t *generator,
- psa_key_handle_t handle,
- psa_algorithm_t alg )
+ psa_key_handle_t handle )
{
psa_key_type_t private_key_type;
psa_key_type_t public_key_type;
@@ -428,9 +427,8 @@
public_key, public_key_length,
&public_key_length ) );
- status = psa_key_agreement( generator, handle,
- public_key, public_key_length,
- alg );
+ status = psa_key_agreement( generator, PSA_KDF_STEP_SECRET, handle,
+ public_key, public_key_length );
exit:
mbedtls_free( public_key );
return( status );
@@ -448,7 +446,8 @@
{
/* We need two keys to exercise key agreement. Exercise the
* private key against its own public key. */
- PSA_ASSERT( key_agreement_with_self( &generator, handle, alg ) );
+ PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
+ PSA_ASSERT( key_agreement_with_self( &generator, handle ) );
PSA_ASSERT( psa_generator_read( &generator,
output,
sizeof( output ) ) );
@@ -1791,7 +1790,8 @@
PSA_ASSERT( psa_import_key( handle, key_type,
key_data->x, key_data->len ) );
- status = key_agreement_with_self( &generator, handle, exercise_alg );
+ PSA_ASSERT( psa_key_derivation_setup( &generator, exercise_alg ) );
+ status = key_agreement_with_self( &generator, handle );
if( policy_alg == exercise_alg &&
( policy_usage & PSA_KEY_USAGE_DERIVE ) != 0 )
@@ -3848,10 +3848,10 @@
our_key_data->x,
our_key_data->len ) );
- TEST_EQUAL( psa_key_agreement( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
+ TEST_EQUAL( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
- peer_key_data->x, peer_key_data->len,
- alg ),
+ peer_key_data->x, peer_key_data->len ),
expected_status_arg );
exit:
@@ -3887,10 +3887,10 @@
our_key_data->x,
our_key_data->len ) );
- PSA_ASSERT( psa_key_agreement( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
+ PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
- peer_key_data->x, peer_key_data->len,
- alg ) );
+ peer_key_data->x, peer_key_data->len ) );
/* Test the advertized capacity. */
PSA_ASSERT( psa_get_generator_capacity(
@@ -3944,10 +3944,10 @@
our_key_data->x,
our_key_data->len ) );
- PSA_ASSERT( psa_key_agreement( &generator,
+ PSA_ASSERT( psa_key_derivation_setup( &generator, alg ) );
+ PSA_ASSERT( psa_key_agreement( &generator, PSA_KDF_STEP_SECRET,
our_key,
- peer_key_data->x, peer_key_data->len,
- alg ) );
+ peer_key_data->x, peer_key_data->len ) );
PSA_ASSERT( psa_generator_read( &generator,
actual_output,