diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index b08f46d09..3675ac61b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -224,6 +224,17 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats ); psa_status_t mbedtls_psa_inject_entropy(const unsigned char *seed, size_t seed_size); +/* + * If this option is not turned on, then the function `psa_key_derivation()` + * is removed. + * + * The sole purpose of this option is to make the transition to the new API + * smoother. Once the transition is complete it can and should be removed + * along with the old API and its implementation. + */ +#define PSA_PRE_1_0_KEY_DERIVATION + +#if defined(PSA_PRE_1_0_KEY_DERIVATION) /** Set up a key derivation operation. * * FIMXE This function is no longer part of the official API. Its prototype @@ -280,6 +291,7 @@ psa_status_t psa_key_derivation(psa_key_derivation_operation_t *operation, const uint8_t *label, size_t label_length, size_t capacity); +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ /* FIXME Deprecated. Remove this as soon as all the tests are updated. */ #define PSA_ALG_SELECT_RAW ((psa_algorithm_t)0x31000001) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d45a85200..bf425df38 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4311,6 +4311,7 @@ psa_status_t psa_key_derivation_output_key( const psa_key_attributes_t *attribut /****************************************************************/ #if defined(MBEDTLS_MD_C) +#if defined(PSA_PRE_1_0_KEY_DERIVATION) /* Set up an HKDF-based operation. This is exactly the extract phase * of the HKDF algorithm. * @@ -4354,9 +4355,11 @@ static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hk hkdf->info_set = 1; return( PSA_SUCCESS ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_MD_C) +#if defined(PSA_PRE_1_0_KEY_DERIVATION) /* Set up a TLS-1.2-prf-based operation (see RFC 5246, Section 5). * * Note that if this function fails, you must call psa_key_derivation_abort() @@ -4413,7 +4416,9 @@ static psa_status_t psa_key_derivation_tls12_prf_setup( return( PSA_SUCCESS ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ +#if defined(PSA_PRE_1_0_KEY_DERIVATION) /* Set up a TLS-1.2-PSK-to-MS-based operation. */ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( psa_tls12_prf_key_derivation_t *tls12_prf, @@ -4454,8 +4459,10 @@ static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( mbedtls_platform_zeroize( pms, sizeof( pms ) ); return( status ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ #endif /* MBEDTLS_MD_C */ +#if defined(PSA_PRE_1_0_KEY_DERIVATION) /* Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ @@ -4554,7 +4561,9 @@ static psa_status_t psa_key_derivation_internal( return( PSA_SUCCESS ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ +#if defined(PSA_PRE_1_0_KEY_DERIVATION) psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation, psa_key_handle_t handle, psa_algorithm_t alg, @@ -4594,6 +4603,7 @@ psa_status_t psa_key_derivation( psa_key_derivation_operation_t *operation, psa_key_derivation_abort( operation ); return( status ); } +#endif /* PSA_PRE_1_0_KEY_DERIVATION */ static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index af7be1e0a..426e41f87 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -66,12 +66,14 @@ /* If the build options we need are not enabled, compile a placeholder. */ #if !defined(MBEDTLS_SHA256_C) || !defined(MBEDTLS_MD_C) || \ !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CCM_C) || \ - !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO) ||\ + !defined(PSA_PRE_1_0_KEY_DERIVATION) int main( void ) { printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or " "MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or " - "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n"); + "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO and/or " + "PSA_PRE_1_0_KEY_DERIVATION not defined.\n"); return( 0 ); } #else diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b3d27a8b4..f057f7797 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1849,70 +1849,70 @@ derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0 # Test vectors taken from https://www.ietf.org/mail-archive/web/tls/current/msg03416.html PSA key derivation: TLS 1.2 PRF SHA-256, output 100+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66":"" PSA key derivation: TLS 1.2 PRF SHA-256, output 99+1 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b":"66" PSA key derivation: TLS 1.2 PRF SHA-256, output 1+99 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3":"f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa022f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66" PSA key derivation: TLS 1.2 PRF SHA-256, output 50+50 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b66" PSA key derivation: TLS 1.2 PRF SHA-256, output 50+49 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"9bbe436ba940f017b17652849a71db35":"a0ba9f936cda311827a6f796ffd5198c":"74657374206c6162656c":100:"e3f229ba727be17b8d122620557cd453c2aab21d07c3d495329b52d4e61edb5a6b301791e90d35c9c9a46b4e14baf9af0fa0":"22f7077def17abfd3797c0564bab4fbc91666e9def9b97fce34f796789baa48082d122ee42c5a72e5a5110fff70187347b" PSA key derivation: TLS 1.2 PRF SHA-384, output 148+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f":"" PSA key derivation: TLS 1.2 PRF SHA-384, output 147+1 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5":"6f" PSA key derivation: TLS 1.2 PRF SHA-384, output 1+147 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b":"0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792eca722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f" PSA key derivation: TLS 1.2 PRF SHA-384, output 74+74 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e56f" PSA key derivation: TLS 1.2 PRF SHA-384, output 74+73 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):"b80b733d6ceefcdc71566ea48e5567df":"cd665cf6a8447dd6ff8b27555edb7465":"74657374206c6162656c":148:"7b0c18e9ced410ed1804f2cfa34a336a1c14dffb4900bb5fd7942107e81c83cde9ca0faa60be9fe34f82b1233c9146a0e534cb400fed2700884f9dc236f80edd8bfa961144c9e8d792ec":"a722a7b32fc3d416d473ebc2c5fd4abfdad05d9184259b5bf8cd4d90fa0d31e2dec479e4f1a26066f2eea9a69236a3e52655c9e9aee691c8f3a26854308d5eaa3be85e0990703d73e5" # Test case manually extracted from debug output of TLS-PSK run # Label: "master secret" # Salt: Concatenation of ClientHello.Random and ServerHello.Random PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 48+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710":"" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 24+24 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32c":"a43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-256, 0+48 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48:"":"5a9dd5ffa78b4d1f28f40d91b4e6e6ed37849042d61ba32ca43d866e744cee7cd1baaa497e1ecd5c2e60f9f13030a710" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 48+0 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18":"" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 24+24 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"":"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c85ca71689301f9f4d875128c87608b75250b20a9550e4fe18" PSA key derivation: TLS 1.2 PSK-to-MS, SHA-384, 0+48 -depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C +depends_on:MBEDTLS_MD_C:MBEDTLS_SHA512_C:PSA_PRE_1_0_KEY_DERIVATION derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bed47716a11a49a6268a8350b085929116ad9ccc8181f09a05b07a7741576d65bed47718dfd82f2d3f57544afe52decae6819b970dc716ada72ae0dd3072e9a":"6d617374657220736563726574":48:"f5a61fbdd2ec415762abb8042a6c16645a53d2edb6dec8c8":"5ca71689301f9f4d875128c87608b75250b20a9550e4fe18" PSA key derivation: HKDF SHA-256, request maximum capacity diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4441e9b4c..b21a8f16d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -545,6 +545,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, seed, seed_length ) ); } +#if defined(PSA_PRE_1_0_KEY_DERIVATION) else { // legacy @@ -554,6 +555,7 @@ static int exercise_key_derivation_key( psa_key_handle_t handle, seed, seed_length, sizeof( output ) ) ); } +#endif PSA_ASSERT( psa_key_derivation_output_bytes( &operation, output, sizeof( output ) ) ); @@ -1776,7 +1778,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */ void derive_key_policy( int policy_usage, int policy_alg, int key_type, @@ -4024,7 +4026,7 @@ void key_derivation_init( ) } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */ void derive_setup( int key_type_arg, data_t *key_data, int alg_arg, @@ -4063,7 +4065,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */ void test_derive_invalid_key_derivation_state( ) { psa_key_handle_t handle = 0; @@ -4199,6 +4201,7 @@ void derive_output( int alg_arg, PSA_KEY_DERIVATION_INPUT_INFO, label->x, label->len ) ); } +#if defined(PSA_PRE_1_0_KEY_DERIVATION) else { // legacy @@ -4207,6 +4210,7 @@ void derive_output( int alg_arg, label->x, label->len, requested_capacity ) ); } +#endif PSA_ASSERT( psa_key_derivation_get_capacity( &operation, ¤t_capacity ) ); TEST_EQUAL( current_capacity, requested_capacity ); @@ -4295,6 +4299,8 @@ void derive_full( int alg_arg, PSA_KEY_DERIVATION_INPUT_INFO, label->x, label->len ) ); } + +#if defined(PSA_PRE_1_0_KEY_DERIVATION) else { // legacy @@ -4303,6 +4309,7 @@ void derive_full( int alg_arg, label->x, label->len, requested_capacity ) ); } +#endif PSA_ASSERT( psa_key_derivation_get_capacity( &operation, ¤t_capacity ) ); TEST_EQUAL( current_capacity, expected_capacity ); @@ -4335,7 +4342,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */ void derive_key_exercise( int alg_arg, data_t *key_data, data_t *salt, @@ -4395,7 +4402,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:PSA_PRE_1_0_KEY_DERIVATION */ void derive_key_export( int alg_arg, data_t *key_data, data_t *salt,