Make salt mandatory for HKDF-EXTRACT + adapt tests

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2025-01-26 03:35:35 +00:00 · 2022-06-03 16:00:25 +02:00 · 2022-06-03 16:00:25 +02:00 · 0586f4c4ea
commit 0586f4c4ea
parent 0e99391afe
2 changed files with 11 additions and 15 deletions
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -5233,9 +5233,14 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
            else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
            {
-                /* If no salt was provided, use an empty salt. */
+                /* HKDF: If no salt was provided, use an empty salt.
+                 * HKDF-EXTRACT: salt is mandatory. */
                if( hkdf->state == HKDF_STATE_INIT )
                {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
+                    if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
+                        return( PSA_ERROR_BAD_STATE );
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
                    status = psa_key_derivation_start_hmac( &hkdf->hmac,
                                                            hash_alg,
                                                            NULL, 0 );
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@ -5166,10 +5166,6 @@ PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 k
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:1:0

-PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, k, no salt
-depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:1:0
-
 PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, k derive key
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"":0:1:1
@ -5222,22 +5218,13 @@ PSA key derivation: HKDF-Extract SHA-1, RFC5869 #7, out 20+0 b
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_1
 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"2adccada18779e7c2077ad2eb19d3f3e731385dd":"":0:0:0

-PSA key derivation: HKDF-Extract SHA-256, RFC5869 #3, b no salt
-depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"":0:0:0
-
-# HKDF-Extract tests: Invalid test cases
-PSA key derivation: HKDF-Extract salt after secret
-depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
-
 PSA key derivation: HKDF-Extract info before secret
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0

 PSA key derivation: HKDF-Extract info after secret
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:1:0
+derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_ERROR_INVALID_ARGUMENT:0:"":PSA_SUCCESS:"":32:"":"":0:1:0

 PSA key derivation: HKDF-Extract input other secret
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
@ -5267,6 +5254,10 @@ PSA key derivation: HKDF-Extract SHA-256, RFC5869 #1, out 32+1 (over capacity)
 depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
 derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"00":0:1:0

+PSA key derivation: HKDF-Extract SHA-256, no salt
+depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
+derive_output:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":32:"":"":0:0:0
+
 # HKDF-Expand tests: out - output, k - secret provided as key, b - secret provided as bytes
 PSA key derivation: HKDF-Expand SHA-256, RFC5869 #1, out 42+0 k
 depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256