diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index ac7b7e8c4..b469d3c8d 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -611,6 +611,10 @@ extern "C" { #define PSA_WANT_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #define PSA_WANT_ALG_HKDF 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 +#define PSA_WANT_ALG_HKDF_EXTRACT 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 +#define PSA_WANT_ALG_HKDF_EXPAND 1 #endif /* MBEDTLS_HKDF_C */ #if defined(MBEDTLS_MD_C) diff --git a/library/ssl_tls13_invasive.h b/library/ssl_tls13_invasive.h index 4e39f90cf..f874a8821 100644 --- a/library/ssl_tls13_invasive.h +++ b/library/ssl_tls13_invasive.h @@ -26,60 +26,6 @@ #if defined(MBEDTLS_TEST_HOOKS) -/** - * \brief Take the input keying material \p ikm and extract from it a - * fixed-length pseudorandom key \p prk. - * - * \param hash_alg Hash algorithm to use. - * \param salt An optional salt value (a non-secret random value); - * if the salt is not provided, a string of all zeros - * of the length of the hash provided by \p alg is used - * as the salt. - * \param salt_len The length in bytes of the optional \p salt. - * \param ikm The input keying material. - * \param ikm_len The length in bytes of \p ikm. - * \param[out] prk A pseudorandom key of \p prk_len bytes. - * \param prk_size Size of the \p prk buffer in bytes. - * \param[out] prk_len On success, the length in bytes of the - * pseudorandom key in \p prk. - * - * \return 0 on success. - * \return #PSA_ERROR_INVALID_ARGUMENT when the parameters are invalid. - * \return An PSA_ERROR_* error for errors returned from the underlying - * PSA layer. - */ -psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk, size_t prk_size, - size_t *prk_len ); - -/** - * \brief Expand the supplied \p prk into several additional pseudorandom - * keys, which is the output of the HKDF. - * - * \param hash_alg Hash algorithm to use. - * \param prk A pseudorandom key of \p prk_len bytes. \p prk is - * usually the output from the HKDF extract step. - * \param prk_len The length in bytes of \p prk. - * \param info An optional context and application specific information - * string. This can be a zero-length string. - * \param info_len The length of \p info in bytes. - * \param okm The output keying material of \p okm_len bytes. - * \param okm_len The length of the output keying material in bytes. This - * must be less than or equal to - * 255 * #PSA_HASH_LENGTH( \p alg ) bytes. - * - * \return 0 on success. - * \return #PSA_ERROR_INVALID_ARGUMENT when the parameters are invalid. - * \return An PSA_ERROR_* error for errors returned from the underlying - * PSA layer. - */ -psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg, - const unsigned char *prk, size_t prk_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ); - #endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 91cc4d9fc..d4a8e4643 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -137,182 +137,6 @@ static void ssl_tls13_hkdf_encode_label( *dst_len = total_hkdf_lbl_len; } -MBEDTLS_STATIC_TESTABLE -psa_status_t mbedtls_psa_hkdf_extract( psa_algorithm_t hash_alg, - const unsigned char *salt, size_t salt_len, - const unsigned char *ikm, size_t ikm_len, - unsigned char *prk, size_t prk_size, - size_t *prk_len ) -{ - unsigned char null_salt[PSA_MAC_MAX_SIZE] = { '\0' }; - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg ); - - if( salt == NULL || salt_len == 0 ) - { - size_t hash_len; - - if( salt_len != 0 ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - hash_len = PSA_HASH_LENGTH( alg ); - - if( hash_len == 0 ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - /* salt_len <= sizeof( salt ) because - PSA_HASH_LENGTH( alg ) <= PSA_MAC_MAX_SIZE. */ - salt = null_salt; - salt_len = hash_len; - } - - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - - status = psa_import_key( &attributes, salt, salt_len, &key ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - status = psa_mac_compute( key, alg, ikm, ikm_len, prk, prk_size, prk_len ); - -cleanup: - destroy_status = psa_destroy_key( key ); - - return( ( status == PSA_SUCCESS ) ? destroy_status : status ); -} - -MBEDTLS_STATIC_TESTABLE -psa_status_t mbedtls_psa_hkdf_expand( psa_algorithm_t hash_alg, - const unsigned char *prk, size_t prk_len, - const unsigned char *info, size_t info_len, - unsigned char *okm, size_t okm_len ) -{ - size_t hash_len; - size_t where = 0; - size_t n; - size_t t_len = 0; - size_t i; - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t destroy_status = PSA_ERROR_CORRUPTION_DETECTED; - unsigned char t[PSA_MAC_MAX_SIZE]; - psa_algorithm_t alg = PSA_ALG_HMAC( hash_alg ); - - if( okm == NULL ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - hash_len = PSA_HASH_LENGTH( alg ); - - if( prk_len < hash_len || hash_len == 0 ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - if( info == NULL ) - { - info = (const unsigned char *) ""; - info_len = 0; - } - - n = okm_len / hash_len; - - if( okm_len % hash_len != 0 ) - { - n++; - } - - /* - * Per RFC 5869 Section 2.3, okm_len must not exceed - * 255 times the hash length - */ - if( n > 255 ) - { - return( PSA_ERROR_INVALID_ARGUMENT ); - } - - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - - status = psa_import_key( &attributes, prk, prk_len, &key ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - memset( t, 0, hash_len ); - - /* - * Compute T = T(1) | T(2) | T(3) | ... | T(N) - * Where T(N) is defined in RFC 5869 Section 2.3 - */ - for( i = 1; i <= n; i++ ) - { - size_t num_to_copy; - unsigned char c = i & 0xff; - size_t len; - - status = psa_mac_sign_setup( &operation, key, alg ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - status = psa_mac_update( &operation, t, t_len ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - status = psa_mac_update( &operation, info, info_len ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - /* The constant concatenated to the end of each T(n) is a single octet. */ - status = psa_mac_update( &operation, &c, 1 ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - status = psa_mac_sign_finish( &operation, t, PSA_MAC_MAX_SIZE, &len ); - if( status != PSA_SUCCESS ) - { - goto cleanup; - } - - num_to_copy = i != n ? hash_len : okm_len - where; - memcpy( okm + where, t, num_to_copy ); - where += hash_len; - t_len = hash_len; - } - -cleanup: - if( status != PSA_SUCCESS ) - psa_mac_abort( &operation ); - destroy_status = psa_destroy_key( key ); - - mbedtls_platform_zeroize( t, sizeof( t ) ); - - return( ( status == PSA_SUCCESS ) ? destroy_status : status ); -} - int mbedtls_ssl_tls13_hkdf_expand_label( psa_algorithm_t hash_alg, const unsigned char *secret, size_t secret_len, @@ -321,7 +145,11 @@ int mbedtls_ssl_tls13_hkdf_expand_label( unsigned char *buf, size_t buf_len ) { unsigned char hkdf_label[ SSL_TLS1_3_KEY_SCHEDULE_MAX_HKDF_LABEL_LEN ]; - size_t hkdf_label_len; + size_t hkdf_label_len = 0; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_derivation_operation_t operation = + PSA_KEY_DERIVATION_OPERATION_INIT; if( label_len > MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_LABEL_LEN ) { @@ -352,11 +180,39 @@ int mbedtls_ssl_tls13_hkdf_expand_label( hkdf_label, &hkdf_label_len ); - return( psa_ssl_status_to_mbedtls( - mbedtls_psa_hkdf_expand( hash_alg, - secret, secret_len, - hkdf_label, hkdf_label_len, - buf, buf_len ) ) ); + status = psa_key_derivation_setup( &operation, PSA_ALG_HKDF_EXPAND( hash_alg ) ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + secret, + secret_len ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_INFO, + hkdf_label, + hkdf_label_len ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_output_bytes( &operation, + buf, + buf_len ); + + if( status != PSA_SUCCESS ) + goto cleanup; + +cleanup: + abort_status = psa_key_derivation_abort( &operation ); + status = ( status == PSA_SUCCESS ? abort_status : status ); + mbedtls_platform_zeroize( hkdf_label, hkdf_label_len ); + return( psa_ssl_status_to_mbedtls ( status ) ); } /* @@ -473,10 +329,13 @@ int mbedtls_ssl_tls13_evolve_secret( unsigned char *secret_new ) { int ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; size_t hlen, ilen; unsigned char tmp_secret[ PSA_MAC_MAX_SIZE ] = { 0 }; unsigned char tmp_input [ MBEDTLS_ECP_MAX_BYTES ] = { 0 }; - size_t secret_len; + psa_key_derivation_operation_t operation = + PSA_KEY_DERIVATION_OPERATION_INIT; if( ! PSA_ALG_IS_HASH( hash_alg ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -498,6 +357,8 @@ int mbedtls_ssl_tls13_evolve_secret( goto cleanup; } + ret = 0; + if( input != NULL ) { memcpy( tmp_input, input, input_len ); @@ -508,17 +369,39 @@ int mbedtls_ssl_tls13_evolve_secret( ilen = hlen; } - /* HKDF-Extract takes a salt and input key material. - * The salt is the old secret, and the input key material - * is the input secret (PSK / ECDHE). */ - ret = psa_ssl_status_to_mbedtls( - mbedtls_psa_hkdf_extract( hash_alg, - tmp_secret, hlen, - tmp_input, ilen, - secret_new, hlen, &secret_len ) ); + status = psa_key_derivation_setup( &operation, + PSA_ALG_HKDF_EXTRACT( hash_alg ) ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_SALT, + tmp_secret, + hlen ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_input_bytes( &operation, + PSA_KEY_DERIVATION_INPUT_SECRET, + tmp_input, + ilen ); + + if( status != PSA_SUCCESS ) + goto cleanup; + + status = psa_key_derivation_output_bytes( &operation, + secret_new, + PSA_HASH_LENGTH( hash_alg ) ); + + if( status != PSA_SUCCESS ) + goto cleanup; cleanup: - + abort_status = psa_key_derivation_abort( &operation ); + status = ( status == PSA_SUCCESS ? abort_status : status ); + ret = ( ret == 0 ? psa_ssl_status_to_mbedtls ( status ) : ret ); mbedtls_platform_zeroize( tmp_secret, sizeof(tmp_secret) ); mbedtls_platform_zeroize( tmp_input, sizeof(tmp_input) ); return( ret ); diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 5192342c8..f643335cc 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2792,83 +2792,6 @@ SSL TLS 1.3 Key schedule: Secret evolution #3 depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_key_evolution:PSA_ALG_SHA_256:"fb9fc80689b3a5d02c33243bf69a1b1b20705588a794304a6e7120155edf149a":"":"7f2882bb9b9a46265941653e9c2f19067118151e21d12e57a7b6aca1f8150c8d" -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Extract -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_extract:PSA_ALG_SHA_256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #2 Extract -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_extract:PSA_ALG_SHA_256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #3 Extract -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_extract:PSA_ALG_SHA_256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #4 Extract -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_extract:PSA_ALG_SHA_1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #5 Extract -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_extract:PSA_ALG_SHA_1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #6 Extract -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_extract:PSA_ALG_SHA_1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #7 Extract -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_extract:PSA_ALG_SHA_1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd" - -SSL TLS 1.3 Key schedule: HKDF extract fails with wrong hash alg -psa_hkdf_extract_ret:0:PSA_ERROR_INVALID_ARGUMENT - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #1 Expand -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_expand:PSA_ALG_SHA_256:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #2 Expand -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_expand:PSA_ALG_SHA_256:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #3 Expand -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_expand:PSA_ALG_SHA_256:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #4 Expand -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_expand:PSA_ALG_SHA_1:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #5 Expand -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_expand:PSA_ALG_SHA_1:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #6 Expand -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_expand:PSA_ALG_SHA_1:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" - -SSL TLS 1.3 Key schedule: HKDF RFC5869 Test Vector #7 Expand -depends_on:PSA_WANT_ALG_SHA_1 -psa_hkdf_expand:PSA_ALG_SHA_1:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" - -SSL TLS 1.3 Key schedule: HKDF expand fails with NULL okm -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:0:PSA_ERROR_INVALID_ARGUMENT - -SSL TLS 1.3 Key schedule: HKDF expand fails with invalid alg -psa_hkdf_expand_ret:0:32:32:PSA_ERROR_INVALID_ARGUMENT - -SSL TLS 1.3 Key schedule: HKDF expand fails with prk_len < hash_len -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_expand_ret:PSA_ALG_SHA_256:16:32:PSA_ERROR_INVALID_ARGUMENT - -SSL TLS 1.3 Key schedule: HKDF expand fails with okm_len / hash_len > 255 -psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:8192:PSA_ERROR_INVALID_ARGUMENT - -SSL TLS 1.3 Key schedule: HKDF expand fails with key import -depends_on:PSA_WANT_ALG_SHA_256 -psa_hkdf_expand_ret:PSA_ALG_SHA_256:32:32:PSA_ERROR_INSUFFICIENT_MEMORY - SSL TLS 1.3 Key schedule: HKDF Expand Label #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Server handshake traffic secret -> Server traffic key diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8d683adb4..ad29f6cb7 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3964,157 +3964,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ -void psa_hkdf_extract( int alg, - data_t *ikm, - data_t *salt, - data_t *prk ) -{ - unsigned char *output_prk = NULL; - size_t output_prk_size, output_prk_len; - - PSA_INIT( ); - - output_prk_size = PSA_HASH_LENGTH( alg ); - ASSERT_ALLOC( output_prk, output_prk_size ); - - PSA_ASSERT( mbedtls_psa_hkdf_extract( alg, salt->x, salt->len, - ikm->x, ikm->len, - output_prk, output_prk_size, - &output_prk_len ) ); - - ASSERT_COMPARE( output_prk, output_prk_len, prk->x, prk->len ); - -exit: - mbedtls_free( output_prk ); - - PSA_DONE( ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ -void psa_hkdf_extract_ret( int alg, int ret ) -{ - int output_ret; - unsigned char *salt = NULL; - unsigned char *ikm = NULL; - unsigned char *prk = NULL; - size_t salt_len, ikm_len, prk_len; - - PSA_INIT( ); - - ASSERT_ALLOC( prk, PSA_MAC_MAX_SIZE); - salt_len = 0; - ikm_len = 0; - prk_len = 0; - - output_ret = mbedtls_psa_hkdf_extract( alg, salt, salt_len, - ikm, ikm_len, - prk, PSA_MAC_MAX_SIZE, &prk_len ); - TEST_ASSERT( output_ret == ret ); - TEST_ASSERT( prk_len == 0 ); - -exit: - mbedtls_free( prk ); - - PSA_DONE( ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ -void psa_hkdf_expand( int alg, - data_t *info, - data_t *prk, - data_t *okm ) -{ - enum { OKM_LEN = 1024 }; - unsigned char *output_okm = NULL; - - PSA_INIT( ); - - ASSERT_ALLOC( output_okm, OKM_LEN ); - TEST_ASSERT( prk->len == PSA_HASH_LENGTH( alg ) ); - TEST_ASSERT( okm->len < OKM_LEN ); - - PSA_ASSERT( mbedtls_psa_hkdf_expand( alg, prk->x, prk->len, - info->x, info->len, - output_okm, OKM_LEN ) ); - - ASSERT_COMPARE( output_okm, okm->len, okm->x, okm->len ); - -exit: - mbedtls_free( output_okm ); - - PSA_DONE( ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_SSL_PROTO_TLS1_3 */ -void psa_hkdf_expand_ret( int alg, int prk_len, int okm_len, int ret ) -{ - int output_ret; - unsigned char *info = NULL; - unsigned char *prk = NULL; - unsigned char *okm = NULL; - size_t info_len; - size_t i; - mbedtls_svc_key_id_t *keys = NULL; - - PSA_INIT( ); - - info_len = 0; - - if( prk_len > 0 ) - ASSERT_ALLOC( prk, prk_len ); - - if( okm_len > 0 ) - ASSERT_ALLOC( okm, okm_len ); - - if( ret == PSA_ERROR_INSUFFICIENT_MEMORY ) - { - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - - /* Reserve all key slot to make the key import fail. */ - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_MESSAGE ); - psa_set_key_algorithm( &attributes, alg ); - psa_set_key_type( &attributes, PSA_KEY_TYPE_HMAC ); - - ASSERT_ALLOC( keys, MBEDTLS_PSA_KEY_SLOT_COUNT ); - - for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ ) - { - /* Do not use the 0 value because it will be passed to - mbedtls_psa_hkdf_expand */ - prk[0] = i + 1; - keys[i] = MBEDTLS_SVC_KEY_ID_INIT; - psa_import_key( &attributes, prk, prk_len, &keys[i] ); - } - - /* reset prk buffer */ - prk[0] = 0; - } - - output_ret = mbedtls_psa_hkdf_expand( alg, prk, prk_len, - info, info_len, - okm, okm_len ); - TEST_ASSERT( output_ret == ret ); - -exit: - mbedtls_free( prk ); - mbedtls_free( okm ); - - if( ret == PSA_ERROR_INSUFFICIENT_MEMORY ) - { - for( i = 0; i < MBEDTLS_PSA_KEY_SLOT_COUNT; i++ ) - psa_destroy_key( keys[i] ); - - mbedtls_free( keys ); - } - - PSA_DONE( ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ void ssl_tls13_hkdf_expand_label( int hash_alg, data_t *secret,