commit ea0fb4975c3be493773b9be7d57400ef9d99a107
author Gilles Peskine <Gilles.Peskine@arm.com> Thu Jul 12 17:17:20 2018 +0200
committer itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:44:04 2018 +0300
tree 2b38c2781b90fb7d8d9882e37008d19aac892d54
parent eab56e4159cdfb7ca7a033735025aadb0ad1a627

Add framework for simple key derivation

New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE.
New function psa_key_derivation.

No key derivation algorithm is implemented yet. The code may not
compile with -Wunused.

Write some unit test code for psa_key_derivation. Most of it cannot be
used yet due to the lack of a key derivation algorithm.

library/psa_crypto.c

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6cc42c6..cc59ca8 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -498,8 +498,9 @@
             break;
 #if defined(MBEDTLS_MD_C)
         case PSA_KEY_TYPE_HMAC:
-            break;
 #endif
+        case PSA_KEY_TYPE_DERIVE:
+            break;
 #if defined(MBEDTLS_AES_C)
         case PSA_KEY_TYPE_AES:
             if( bits != 128 && bits != 192 && bits != 256 )
@@ -2651,7 +2652,8 @@
                              PSA_KEY_USAGE_ENCRYPT |
                              PSA_KEY_USAGE_DECRYPT |
                              PSA_KEY_USAGE_SIGN |
-                             PSA_KEY_USAGE_VERIFY ) ) != 0 )
+                             PSA_KEY_USAGE_VERIFY |
+                             PSA_KEY_USAGE_DERIVE ) ) != 0 )
         return( PSA_ERROR_INVALID_ARGUMENT );
 
     slot->policy = *policy;
@@ -3086,6 +3088,49 @@
 
 
 /****************************************************************/
+/* Key derivation */
+/****************************************************************/
+
+psa_status_t psa_key_derivation( psa_crypto_generator_t *generator,
+                                 psa_key_type_t key,
+                                 psa_algorithm_t alg,
+                                 const uint8_t *salt,
+                                 size_t salt_length,
+                                 const uint8_t *label,
+                                 size_t label_length,
+                                 size_t capacity )
+{
+    key_slot_t *slot;
+    psa_status_t status;
+
+    if( generator->alg != 0 )
+        return( PSA_ERROR_BAD_STATE );
+
+    status = psa_get_key_from_slot( key, &slot, PSA_KEY_USAGE_DERIVE, alg );
+    if( status != PSA_SUCCESS )
+        return( status );
+    if( slot->type != PSA_KEY_TYPE_DERIVE )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    if( ! PSA_ALG_IS_KEY_DERIVATION( alg ) )
+        return( PSA_ERROR_INVALID_ARGUMENT );
+
+    {
+        return( PSA_ERROR_NOT_SUPPORTED );
+    }
+
+    /* Set generator->alg even on failure so that abort knows what to do. */
+    generator->alg = alg;
+    if( status == PSA_SUCCESS )
+        generator->capacity = capacity;
+    else
+        psa_generator_abort( generator );
+    return( status );
+}
+
+
+
+/****************************************************************/
 /* Random generation */
 /****************************************************************/