From 3cb6e41dfa7e1603876b03e256f6ca1f814054d3 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:14:15 +0530 Subject: [PATCH 01/30] Add define for builtin pbkdf2_cmac Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index b7e89472f7..f1cff20b51 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -599,6 +599,14 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ +#if defined(PSA_WANT_ALG_CMAC) && defined(PSA_HAVE_SOFT_KEY_TYPE_AES) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 +#define MBEDTLS_CMAC_C +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#endif /* PSA_WANT_ALG_CMAC && PSA_HAVE_SOFT_KEY_TYPE_AES */ + #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_ECP_DP_BP256R1_ENABLED From dd45667a18fa3d37a10db3b8a72b7af35ff33a8f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:21:13 +0530 Subject: [PATCH 02/30] Define struct for pbkdf2_cmac Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 6 ++++-- include/psa/crypto_driver_contexts_key_derivation.h | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index cd6d51df02..c598fa438e 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,7 +105,8 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) typedef enum { PSA_PBKDF2_STATE_INIT, /* no input provided */ PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ @@ -125,6 +126,7 @@ typedef struct { uint8_t MBEDTLS_PRIVATE(bytes_used); uint32_t MBEDTLS_PRIVATE(block_number); } psa_pbkdf2_key_derivation_t; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 5b4e4745d6..32de4f7654 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,7 +55,8 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); #endif } psa_driver_key_derivation_context_t; From 3ab146f99e51179fc8e2b37d3ec9504a205b50ab Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:35:36 +0530 Subject: [PATCH 03/30] Add builtin pbkdf2 cmac guard for all the pbkdf2 functions Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 51 +++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2b9c8a29ff..4d8979cafd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5080,7 +5080,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ @@ -5184,8 +5185,10 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); @@ -5194,7 +5197,8 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) status = PSA_SUCCESS; } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) */ { status = PSA_ERROR_BAD_STATE; } @@ -5521,7 +5525,8 @@ static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read( } #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) static psa_status_t psa_key_derivation_pbkdf2_generate_block( psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t prf_alg, @@ -5650,7 +5655,8 @@ static psa_status_t psa_key_derivation_pbkdf2_read( return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5705,12 +5711,15 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, output, output_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ { (void) kdf_alg; @@ -6628,7 +6637,8 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) static psa_status_t psa_pbkdf2_set_input_cost( psa_pbkdf2_key_derivation_t *pbkdf2, psa_key_derivation_step_t step, @@ -6749,7 +6759,8 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_INVALID_ARGUMENT; } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -6846,12 +6857,15 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, step, data, data_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ { /* This can't happen unless the operation object was not initialized */ (void) data; @@ -6875,12 +6889,15 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || + kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_pbkdf2_set_input_cost( &operation->ctx.pbkdf2, step, value); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || + * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ { (void) step; (void) value; From 857cd4b3eeba38961010c00c5a750abd26a2aada Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:37:23 +0530 Subject: [PATCH 04/30] Add AES_CMAC_PRF_128 output size macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09f..61ec2e6c8d 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -276,6 +276,9 @@ * This is a vendor-specific macro. This can be configured if necessary */ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff +/* Output size of AES_CMAC_PRF_128 algorithm */ +#define AES_CMAC_PRF_128_OUTPUT_SIZE 16 + /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 From 2cd649684af255a20628679628dd9fada0cc8d4c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:38:57 +0530 Subject: [PATCH 05/30] Add pbkdf2_cmac to key derivation setup Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4d8979cafd..f29d1abde5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6142,6 +6142,11 @@ static int is_kdf_alg_supported(psa_algorithm_t kdf_alg) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { return 1; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + return 1; + } #endif return 0; } @@ -6168,10 +6173,14 @@ static psa_status_t psa_key_derivation_setup_kdf( } /* All currently supported key derivation algorithms (apart from - * ecjpake to pms) are based on a hash algorithm. */ + * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); size_t hash_size = PSA_HASH_LENGTH(hash_alg); - if (kdf_alg != PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + hash_size = AES_CMAC_PRF_128_OUTPUT_SIZE; + } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; } @@ -6183,8 +6192,6 @@ static psa_status_t psa_key_derivation_setup_kdf( if (status != PSA_SUCCESS) { return status; } - } else { - hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || From 3d5edb8eeffbf3a7c0d7485acbd73312e4645113 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:41:25 +0530 Subject: [PATCH 06/30] Add input password function for pbkdf2 cmac Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 43 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f29d1abde5..8606f17c70 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6727,6 +6727,33 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, return status; } +static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, + size_t input_len, + uint8_t *output, + size_t *output_len) +{ + psa_status_t status = PSA_SUCCESS; + if (input_len != AES_CMAC_PRF_128_OUTPUT_SIZE) { + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t zeros[16] = {0}; + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); + /* Passing AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver + * function sets mac_output_length = mac_size on success. See #7801*/ + status = psa_driver_wrapper_mac_compute(&attributes, + zeros, sizeof(zeros), + PSA_ALG_CMAC, input, input_len, + output, + AES_CMAC_PRF_128_OUTPUT_SIZE, + output_len); + } else { + memcpy(output, input, input_len); + *output_len = AES_CMAC_PRF_128_OUTPUT_SIZE; + } + return status; +} + static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t kdf_alg, const uint8_t *data, @@ -6737,13 +6764,15 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } - if (data_length != 0) { - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { - psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); - status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, - pbkdf2->password, - &pbkdf2->password_length); - } + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { + psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); + status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, + pbkdf2->password, + &pbkdf2->password_length); + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + status = psa_pbkdf2_cmac_set_password(data, data_length, + pbkdf2->password, + &pbkdf2->password_length); } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; From a2520a5b7e9fadb887c915fab5d8d866ee6dc557 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:42:19 +0530 Subject: [PATCH 07/30] Add pbkdf2 cmac to key derivation output_bytes Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8606f17c70..c3531e404a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5611,8 +5611,10 @@ static psa_status_t psa_key_derivation_pbkdf2_read( prf_alg = PSA_ALG_HMAC(PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg)); prf_output_length = PSA_HASH_LENGTH(prf_alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); - } else { - return PSA_ERROR_INVALID_ARGUMENT; + } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + prf_alg = PSA_ALG_CMAC; + prf_output_length = AES_CMAC_PRF_128_OUTPUT_SIZE; + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); } switch (pbkdf2->state) { From 4536bb6f2bfdb3a552f756607ac815961a7e0c8c Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:42:59 +0530 Subject: [PATCH 08/30] Change mac_size parameter in driver_mac_compute to output length See #7801 for reference Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3531e404a..1f5ab0d557 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5575,11 +5575,14 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block( memcpy(U_accumulator, U_i, prf_output_length); for (i = 1; i < pbkdf2->input_cost; i++) { + /* We are passing prf_output_length as mac_size because the driver + * function directly sets mac_output_length as mac_size upon success. + * See #7801 */ status = psa_driver_wrapper_mac_compute(attributes, pbkdf2->password, pbkdf2->password_length, prf_alg, U_i, prf_output_length, - U_i, sizeof(U_i), + U_i, prf_output_length, &mac_output_length); if (status != PSA_SUCCESS) { goto cleanup; From 1d3fca21b18cfae44838af3daf3fa1dafe4b15d6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:45:15 +0530 Subject: [PATCH 09/30] Add test cases for input validation of pbkdf2 cmac Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 73 +++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 6587e93d65..4895f9bc42 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5543,6 +5543,79 @@ PSA key derivation: PBKDF2-HMAC-SHA256, reject cost greater than PSA_VENDOR_PBKD depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input_invalid_cost:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, direct output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, key output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, key output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password missing +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt and password before cost +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password before cost +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password bad key type +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, direct output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct empty password, direct output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, key output +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, DERIVE key as salt +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate cost step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate salt step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"6c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject secret step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject label step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 9d4c74f25c9763f17c5440faa522b7ae266d1a91 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 22 Jun 2023 15:47:25 +0530 Subject: [PATCH 10/30] Add test cases for output validation of pbkdf2 cmac PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library: https://github.com/Legrandin/pycryptodome Steps to generate test vectors: 1. pip install pycryptodome 2. Use the python script below to generate Derived key (see description for details): Example usage: pbkdf2_cmac.py derive_ms.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16 password : 4a30314e4d45 salt : 54687265616437333563383762344f70656e54687265616444656d6f input cost : 16384 derived key len : 16 output : 8b27beed7e7a4dd6c53138c879a8e33c """ from Crypto.Protocol.KDF import PBKDF2 from Crypto.Hash import CMAC from Crypto.Cipher import AES import sys def main(): #check args if len(sys.argv) != 5: print("Invalid number of arguments. Expected: ") return password = bytes.fromhex(sys.argv[1]) salt = bytes.fromhex(sys.argv[2]) iterations = int(sys.argv[3]) dklen = int(sys.argv[4]) # If password is not 16 bytes then we need to use CMAC to derive the password if len(password) != 16: zeros = bytes.fromhex("00000000000000000000000000000000") cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16) passwd = bytes.fromhex(cobj_pass.hexdigest()) else: passwd = password cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest() actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf) print('password : ' + password.hex()) print('salt : ' + salt.hex()) print('input cost : ' + str(iterations)) print('derived key len : ' + str(dklen)) print('output : ' + actual_output.hex()) if __name__ == "__main__": main() """ Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 37 +++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4895f9bc42..021af4dbea 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6398,6 +6398,43 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, 20+1 (over capacity) depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0 + +#The following test vectors were generated by a python script. Details can be found in the commit message. +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 3 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"38ba9795fe87e47d519eacb77e82e35daa795870":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 4 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726450415353574f524470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":25:"25e7c43283d2e98cb6d9537a783e93153a45595a876779e00d":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 5 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"3d2828c5a437d781e7733ca353c40579":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6 +depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0 + PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT From b3042c39fe4686769f17bb092dcd2337bf196e30 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:39:47 +0530 Subject: [PATCH 11/30] Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 13 +++++-------- include/psa/crypto_config.h | 1 + 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index f1cff20b51..9f6b9cafed 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -519,6 +519,11 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_CMAC */ #if defined(PSA_WANT_ALG_CTR) @@ -599,14 +604,6 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ -#if defined(PSA_WANT_ALG_CMAC) && defined(PSA_HAVE_SOFT_KEY_TYPE_AES) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#define MBEDTLS_CMAC_C -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ -#endif /* PSA_WANT_ALG_CMAC && PSA_HAVE_SOFT_KEY_TYPE_AES */ - #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) #if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) #define MBEDTLS_ECP_DP_BP256R1_ENABLED diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 9da28de8b7..af78dce177 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -76,6 +76,7 @@ #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 #define PSA_WANT_ALG_PBKDF2_HMAC 1 +#define PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 1 #define PSA_WANT_ALG_RIPEMD160 1 #define PSA_WANT_ALG_RSA_OAEP 1 #define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 From 3fde8feaa96236e075e43d515126bb685318cd67 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:41:43 +0530 Subject: [PATCH 12/30] FIx name of macro Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 2 +- library/psa_crypto.c | 16 +++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 61ec2e6c8d..b884defe0c 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -277,7 +277,7 @@ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff /* Output size of AES_CMAC_PRF_128 algorithm */ -#define AES_CMAC_PRF_128_OUTPUT_SIZE 16 +#define PSA_AES_CMAC_PRF_128_OUTPUT_SIZE 16 /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1f5ab0d557..048ab58b33 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5616,8 +5616,10 @@ static psa_status_t psa_key_derivation_pbkdf2_read( psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { prf_alg = PSA_ALG_CMAC; - prf_output_length = AES_CMAC_PRF_128_OUTPUT_SIZE; + prf_output_length = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); + } else { + return PSA_ERROR_INVALID_ARGUMENT; } switch (pbkdf2->state) { @@ -6184,7 +6186,7 @@ static psa_status_t psa_key_derivation_setup_kdf( if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { - hash_size = AES_CMAC_PRF_128_OUTPUT_SIZE; + hash_size = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; @@ -6738,23 +6740,23 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, size_t *output_len) { psa_status_t status = PSA_SUCCESS; - if (input_len != AES_CMAC_PRF_128_OUTPUT_SIZE) { + if (input_len != PSA_AES_CMAC_PRF_128_OUTPUT_SIZE) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t zeros[16] = {0}; + uint8_t zeros[16] = { 0 }; psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - /* Passing AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver + /* Passing PSA_AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver * function sets mac_output_length = mac_size on success. See #7801*/ status = psa_driver_wrapper_mac_compute(&attributes, zeros, sizeof(zeros), PSA_ALG_CMAC, input, input_len, output, - AES_CMAC_PRF_128_OUTPUT_SIZE, + PSA_AES_CMAC_PRF_128_OUTPUT_SIZE, output_len); } else { memcpy(output, input, input_len); - *output_len = AES_CMAC_PRF_128_OUTPUT_SIZE; + *output_len = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; } return status; } From 671320633c08458b5b7a81b9d1fafd131784559a Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:45:06 +0530 Subject: [PATCH 13/30] Add test cases for key and plain inputs Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 70 +++++++++++++++---------- 1 file changed, 43 insertions(+), 27 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 021af4dbea..2cb9bf55e8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5544,76 +5544,76 @@ depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_input_invalid_cost:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, direct output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, key output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, key output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS #Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password missing -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt and password before cost -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password before cost -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, password bad key type -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_RAW_DATA:"706173737764":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, direct output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct empty password, direct output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: PBKDF2-AES-CMAC-PRF-128, direct password, key output -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED PSA key derivation: PBKDF2-AES-CMAC-PRF-128, DERIVE key as salt -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_DERIVE:"73616c74":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate cost step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, duplicate salt step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"6c74":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject secret step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject label step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation over capacity: HKDF @@ -6399,42 +6399,58 @@ depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0 #The following test vectors were generated by a python script. Details can be found in the commit message. PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 3 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"38ba9795fe87e47d519eacb77e82e35daa795870":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 4 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c7453414c5473616c7453414c5473616c7453414c5473616c7453414c5473616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726450415353574f524470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":25:"25e7c43283d2e98cb6d9537a783e93153a45595a876779e00d":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 5 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"3d2828c5a437d781e7733ca353c40579":"":0:1:0 PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6 -depends_on:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, salt in two step +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"5468726561643733356338376234":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as key, derive key +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":""::0:1:1 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes, derive key +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:1 + PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 derive_ecjpake_to_pms:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:32:PSA_SUCCESS:"":PSA_ERROR_INVALID_ARGUMENT From d80183864a6c2375d27e2e1b83831a7efaeff5fc Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 27 Jun 2023 10:51:16 +0530 Subject: [PATCH 14/30] Add test case for zero input cost Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2cb9bf55e8..ee9b1e20a8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5616,6 +5616,10 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject seed step depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject zero input cost +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"00":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 7333ed3efa66c1ac9d886b7506a476a6c4b1995e Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 4 Jul 2023 11:42:08 +0530 Subject: [PATCH 15/30] Add max iterations test case for cmac Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ee9b1e20a8..0bbe6bcc14 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -5555,11 +5555,6 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, good case, DERIVE key as password, depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, input cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS -#Input cost is passed as hex number. Value of PSA_VENDOR_PBKDF2_MAX_ITERATIONS is 0xffffffff -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"0100000000":PSA_ERROR_NOT_SUPPORTED:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_DERIVE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE - PSA key derivation: PBKDF2-AES-CMAC-PRF-128, salt missing depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"01":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_PASSWORD:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE @@ -5620,6 +5615,10 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject zero input cost depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_input:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:INPUT_INTEGER:"00":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"73616c74":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_PASSWORD:PSA_KEY_TYPE_NONE:"706173737764":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, reject cost greater than PSA_VENDOR_PBKDF2_MAX_ITERATIONS +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_input_invalid_cost:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_VENDOR_PBKDF2_MAX_ITERATIONS+1ULL + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) From 5168bd5f0f06f6ac5e63d9f3e4bd5d41b06bc5f2 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 4 Jul 2023 11:43:45 +0530 Subject: [PATCH 16/30] Add changelog entry Signed-off-by: Kusumit Ghoderao --- ChangeLog.d/add-pbkdf2-cmac.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add-pbkdf2-cmac.txt diff --git a/ChangeLog.d/add-pbkdf2-cmac.txt b/ChangeLog.d/add-pbkdf2-cmac.txt new file mode 100644 index 0000000000..0ed84ea51c --- /dev/null +++ b/ChangeLog.d/add-pbkdf2-cmac.txt @@ -0,0 +1,2 @@ +Features + * Add support for PBKDF2-CMAC through the PSA API. From ce38db1c0b28458c59b5629842e73774b2775beb Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:01:03 +0530 Subject: [PATCH 17/30] Change config_psa.h PBKDF2_CMAC dependencies Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 9f6b9cafed..5762ee2f3d 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -519,12 +519,20 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#endif /* PSA_WANT_ALG_CMAC */ + #if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ #endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ -#endif /* PSA_WANT_ALG_CMAC */ + #if defined(PSA_WANT_ALG_CTR) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ From 105f772fe84cfa180b3eb7cca244c50c16d8deae Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:03:06 +0530 Subject: [PATCH 18/30] Add PSA_HAVE_SOFT_PBKDF2 Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 5762ee2f3d..ce34386a21 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -273,6 +273,7 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define PSA_HAVE_SOFT_PBKDF2_HMAC #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ @@ -524,6 +525,7 @@ extern "C" { #if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#define PSA_HAVE_SOFT_PBKDF2_CMAC #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ @@ -533,6 +535,10 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) +#define PSA_HAVE_SOFT_PBKDF2 1 +#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */ #if defined(PSA_WANT_ALG_CTR) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ From 2addf35855a40c3ee9ec6499957d9f6695bef577 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:09:26 +0530 Subject: [PATCH 19/30] Replace MBEDTLS_PSA_BUILTIN_PBKDF2_XXX with PSA_HAVE_SOFT_PBKDF2 Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_builtin_key_derivation.h | 6 +-- library/psa_crypto.c | 47 ++++++--------------- 2 files changed, 15 insertions(+), 38 deletions(-) diff --git a/include/psa/crypto_builtin_key_derivation.h b/include/psa/crypto_builtin_key_derivation.h index c598fa438e..8a2143a7ec 100644 --- a/include/psa/crypto_builtin_key_derivation.h +++ b/include/psa/crypto_builtin_key_derivation.h @@ -105,8 +105,7 @@ typedef struct psa_tls12_prf_key_derivation_s { } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) typedef enum { PSA_PBKDF2_STATE_INIT, /* no input provided */ PSA_PBKDF2_STATE_INPUT_COST_SET, /* input cost has been set */ @@ -126,7 +125,6 @@ typedef struct { uint8_t MBEDTLS_PRIVATE(bytes_used); uint32_t MBEDTLS_PRIVATE(block_number); } psa_pbkdf2_key_derivation_t; -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ #endif /* PSA_CRYPTO_BUILTIN_KEY_DERIVATION_H */ diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 048ab58b33..c3c4d58798 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5080,8 +5080,7 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation) defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + defined(PSA_HAVE_SOFT_PBKDF2) #define AT_LEAST_ONE_BUILTIN_KDF #endif /* At least one builtin KDF */ @@ -5185,10 +5184,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) sizeof(operation->ctx.tls12_ecjpake_to_pms.data)); } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); @@ -5197,8 +5193,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) status = PSA_SUCCESS; } else -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) */ +#endif /* defined(PSA_HAVE_SOFT_PBKDF2) */ { status = PSA_ERROR_BAD_STATE; } @@ -5525,8 +5520,7 @@ static psa_status_t psa_key_derivation_tls12_ecjpake_to_pms_read( } #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) static psa_status_t psa_key_derivation_pbkdf2_generate_block( psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t prf_alg, @@ -5662,8 +5656,7 @@ static psa_status_t psa_key_derivation_pbkdf2_read( return PSA_SUCCESS; } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *operation, @@ -5718,15 +5711,11 @@ psa_status_t psa_key_derivation_output_bytes( &operation->ctx.tls12_ecjpake_to_pms, output, output_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, output, output_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ { (void) kdf_alg; @@ -6651,8 +6640,7 @@ static psa_status_t psa_tls12_ecjpake_to_pms_input( } #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) static psa_status_t psa_pbkdf2_set_input_cost( psa_pbkdf2_key_derivation_t *pbkdf2, psa_key_derivation_step_t step, @@ -6802,8 +6790,7 @@ static psa_status_t psa_pbkdf2_input(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_INVALID_ARGUMENT; } } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ /** Check whether the given key type is acceptable for the given * input step of a key derivation. @@ -6900,15 +6887,11 @@ static psa_status_t psa_key_derivation_input_internal( &operation->ctx.tls12_ecjpake_to_pms, step, data, data_length); } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, step, data, data_length); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ { /* This can't happen unless the operation object was not initialized */ (void) data; @@ -6932,15 +6915,11 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_status_t status; psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || - kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if defined(PSA_HAVE_SOFT_PBKDF2) status = psa_pbkdf2_set_input_cost( &operation->ctx.pbkdf2, step, value); } else -#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC || - * MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_HAVE_SOFT_PBKDF2 */ { (void) step; (void) value; From 9ab03c3d727e2026d45f0b2a4ea19501f910402e Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:14:05 +0530 Subject: [PATCH 20/30] Define PSA_ALG_IS_PBKDF2 Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 4 ++++ library/psa_crypto.c | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 580e3ae80d..50df3e3d04 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2115,6 +2115,10 @@ */ #define PSA_ALG_PBKDF2_AES_CMAC_PRF_128 ((psa_algorithm_t) 0x08800200) +#define PSA_ALG_IS_PBKDF2(kdf_alg) \ + (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \ + (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3c4d58798..2e3d451bae 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5185,6 +5185,7 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) } else #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) */ #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { if (operation->ctx.pbkdf2.salt != NULL) { mbedtls_platform_zeroize(operation->ctx.pbkdf2.salt, operation->ctx.pbkdf2.salt_length); @@ -5712,6 +5713,7 @@ psa_status_t psa_key_derivation_output_bytes( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_key_derivation_pbkdf2_read(&operation->ctx.pbkdf2, kdf_alg, output, output_length); } else @@ -6888,6 +6890,7 @@ static psa_status_t psa_key_derivation_input_internal( } else #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */ #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_pbkdf2_input(&operation->ctx.pbkdf2, kdf_alg, step, data, data_length); } else @@ -6916,6 +6919,7 @@ static psa_status_t psa_key_derivation_input_integer_internal( psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg(operation); #if defined(PSA_HAVE_SOFT_PBKDF2) + if (PSA_ALG_IS_PBKDF2(kdf_alg)) { status = psa_pbkdf2_set_input_cost( &operation->ctx.pbkdf2, step, value); } else From a12e2d53bd5032acdf25bef067c9da3cdb504eb6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:18:30 +0530 Subject: [PATCH 21/30] Replace AES_CMAC_128_PRF_OUTPUT_SIZE with PSA_MAC_LENGTH() Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_sizes.h | 3 --- library/psa_crypto.c | 16 +++++++++------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index b884defe0c..8cc965b09f 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -276,9 +276,6 @@ * This is a vendor-specific macro. This can be configured if necessary */ #define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff -/* Output size of AES_CMAC_PRF_128 algorithm */ -#define PSA_AES_CMAC_PRF_128_OUTPUT_SIZE 16 - /** The maximum size of a block cipher. */ #define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2e3d451bae..f8d295afbd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5611,7 +5611,7 @@ static psa_status_t psa_key_derivation_pbkdf2_read( psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { prf_alg = PSA_ALG_CMAC; - prf_output_length = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; + prf_output_length = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); } else { return PSA_ERROR_INVALID_ARGUMENT; @@ -6177,7 +6177,7 @@ static psa_status_t psa_key_derivation_setup_kdf( if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256); } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { - hash_size = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; + hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); } else { if (hash_size == 0) { return PSA_ERROR_NOT_SUPPORTED; @@ -6730,23 +6730,25 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, size_t *output_len) { psa_status_t status = PSA_SUCCESS; - if (input_len != PSA_AES_CMAC_PRF_128_OUTPUT_SIZE) { + if (input_len != PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC)) { psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; uint8_t zeros[16] = { 0 }; psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - /* Passing PSA_AES_CMAC_PRF_128_OUTPUT_SIZE as mac_size as the driver - * function sets mac_output_length = mac_size on success. See #7801*/ + /* Passing PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC) as + * mac_size as the driver function sets mac_output_length = mac_size */ status = psa_driver_wrapper_mac_compute(&attributes, zeros, sizeof(zeros), PSA_ALG_CMAC, input, input_len, output, - PSA_AES_CMAC_PRF_128_OUTPUT_SIZE, + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, + 128U, + PSA_ALG_CMAC), output_len); } else { memcpy(output, input, input_len); - *output_len = PSA_AES_CMAC_PRF_128_OUTPUT_SIZE; + *output_len = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC); } return status; } From 0bca4c5fc45c7ca4f128505d6a9e8cc1b1a16292 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:20:14 +0530 Subject: [PATCH 22/30] Add ifdef for hmac and cmac specific functions Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f8d295afbd..3c4730eb41 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6707,6 +6707,7 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_SUCCESS; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, const uint8_t *input, size_t input_len, @@ -6723,7 +6724,9 @@ static psa_status_t psa_pbkdf2_hmac_set_password(psa_algorithm_t hash_alg, } return status; } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, size_t input_len, uint8_t *output, @@ -6752,6 +6755,7 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, } return status; } +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, psa_algorithm_t kdf_alg, From 5f3345ae44342a782a3ee464ed6eeb05bc8644bd Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:21:38 +0530 Subject: [PATCH 23/30] Add issue link instead of issue number Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3c4730eb41..ec99e166b6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5572,7 +5572,7 @@ static psa_status_t psa_key_derivation_pbkdf2_generate_block( for (i = 1; i < pbkdf2->input_cost; i++) { /* We are passing prf_output_length as mac_size because the driver * function directly sets mac_output_length as mac_size upon success. - * See #7801 */ + * See https://github.com/Mbed-TLS/mbedtls/issues/7801 */ status = psa_driver_wrapper_mac_compute(attributes, pbkdf2->password, pbkdf2->password_length, @@ -6740,7 +6740,8 @@ static psa_status_t psa_pbkdf2_cmac_set_password(const uint8_t *input, psa_set_key_bits(&attributes, PSA_BYTES_TO_BITS(sizeof(zeros))); psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); /* Passing PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC) as - * mac_size as the driver function sets mac_output_length = mac_size */ + * mac_size as the driver function sets mac_output_length = mac_size + * on success. See https://github.com/Mbed-TLS/mbedtls/issues/7801 */ status = psa_driver_wrapper_mac_compute(&attributes, zeros, sizeof(zeros), PSA_ALG_CMAC, input, input_len, From be55b7e45a45a737727f20d8755edda6e718ee5f Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Thu, 27 Jul 2023 21:22:26 +0530 Subject: [PATCH 24/30] Add test cases for 16 byte and empty password Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0bbe6bcc14..12043484da 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6438,6 +6438,14 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 6 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f524d9ecbf864eb814a46cda50ad5ec4c0dc03578c6c5fb4a3f9880deb5cab537e4":"":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, empty direct password +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"db00f3996d041b415eb273362d8c8c83":"":0:0:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, 16 byte password +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"c4c112c6e1e3b8757640603dec78825f":"":0:1:0 + PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, salt in two step depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"5468726561643733356338376234":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 From f3e696dc1be31b80089a4e26b4d1af099179f25a Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 28 Jul 2023 13:30:50 +0530 Subject: [PATCH 25/30] Add ifdef for hmac and cmac set password Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ec99e166b6..947c2e229c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6768,15 +6768,23 @@ static psa_status_t psa_pbkdf2_set_password(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { psa_algorithm_t hash_alg = PSA_ALG_PBKDF2_HMAC_GET_HASH(kdf_alg); status = psa_pbkdf2_hmac_set_password(hash_alg, data, data_length, pbkdf2->password, &pbkdf2->password_length); - } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { status = psa_pbkdf2_cmac_set_password(data, data_length, pbkdf2->password, &pbkdf2->password_length); + } else +#endif /* MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 */ + { + return PSA_ERROR_INVALID_ARGUMENT; } pbkdf2->state = PSA_PBKDF2_STATE_PASSWORD_SET; From c22affd9ec68311257f6d16bc1717f2bd671a30b Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 28 Jul 2023 13:31:58 +0530 Subject: [PATCH 26/30] Fix dependencies for pbkdf2 cmac Signed-off-by: Kusumit Ghoderao --- include/mbedtls/config_psa.h | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index ce34386a21..64e2261442 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -439,13 +439,21 @@ extern "C" { #define PSA_HAVE_SOFT_BLOCK_AEAD 1 #endif +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#define PSA_HAVE_SOFT_PBKDF2_CMAC +#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ + #if defined(PSA_WANT_KEY_TYPE_AES) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ #if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) + defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #define MBEDTLS_AES_C #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ @@ -516,25 +524,13 @@ extern "C" { #if defined(PSA_WANT_ALG_CMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) #define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 #define MBEDTLS_CMAC_C #endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ #endif /* PSA_WANT_ALG_CMAC */ -#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_HAVE_SOFT_PBKDF2_CMAC -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ -#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ -#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ - #if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \ defined(PSA_HAVE_SOFT_PBKDF2_CMAC) #define PSA_HAVE_SOFT_PBKDF2 1 From baf350c6bdbc93ba8475c4a4ce47634f32b49b1d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Mon, 31 Jul 2023 20:22:33 +0530 Subject: [PATCH 27/30] Add PSA_HAVE_SOFT_PBKDF2 to crypto_driver_context_key_derivation Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_driver_contexts_key_derivation.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/psa/crypto_driver_contexts_key_derivation.h b/include/psa/crypto_driver_contexts_key_derivation.h index 32de4f7654..3fb29ff7f2 100644 --- a/include/psa/crypto_driver_contexts_key_derivation.h +++ b/include/psa/crypto_driver_contexts_key_derivation.h @@ -55,8 +55,7 @@ typedef union { #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) psa_tls12_ecjpake_to_pms_t MBEDTLS_PRIVATE(tls12_ecjpake_to_pms); #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_HAVE_SOFT_PBKDF2) psa_pbkdf2_key_derivation_t MBEDTLS_PRIVATE(pbkdf2); #endif } psa_driver_key_derivation_context_t; From 6eff0b2258d53dd6661c6569560ec7abea6774b3 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 2 Aug 2023 17:22:49 +0530 Subject: [PATCH 28/30] Remove test vector Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 39 ++++++++++++------------- 1 file changed, 18 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 12043484da..302a9aa48a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6401,23 +6401,20 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, 20+1 (over capacity) depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"0c60c80f961f0e71f3a9b524af6012062fe037a6":"00":0:1:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 16+0 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 - -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 15+1 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e3":"3c":0:1:0 - -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, 0+16 -depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"":"8b27beed7e7a4dd6c53138c879a8e33c":0:1:0 - #The following test vectors were generated by a python script. Details can be found in the commit message. -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1 +#The input cost, salt and password are the same as PBKDF2-HMAC test vectors +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 20+0 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 10+10 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e2777":"7606a315876ec71227de":0:1:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 1, 0+20 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"1b72f6419173a06e27777606a315876ec71227de":0:1:0 + PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test Vector 2 depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"02":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"160597e28021fb3dd9cf088b007b688360fed438":"":0:1:0 @@ -6446,21 +6443,21 @@ PSA key derivation: PBKDF2-AES-CMAC-PRF-128, 16 byte password depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f726470617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"c4c112c6e1e3b8757640603dec78825f":"":0:1:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, salt in two step +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, salt in two step depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"5468726561643733356338376234":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"4f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:1:0 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as key, derive key +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as key, derive key depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":""::0:1:1 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:1:1 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:0 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:0:0 -PSA key derivation: PBKDF2-AES-CMAC-PRF-128, OpenThread vector, password as bytes, derive key +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes, derive key depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"4000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"54687265616437333563383762344f70656e54687265616444656d6f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"4a30314e4d45":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"8b27beed7e7a4dd6c53138c879a8e33c":"":0:0:1 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"":0:0:1 PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 From 6c104b9b3b4378b3bdf62a31fd6a94186191de56 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 16 Aug 2023 11:47:24 +0530 Subject: [PATCH 29/30] Modify derive output test cases and add actual output Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 302a9aa48a..950a706e54 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6391,7 +6391,7 @@ derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as bytes, derive key depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 -derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"":"":0:0:1 +derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:0:1 PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #1, salt before cost depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 @@ -6457,7 +6457,7 @@ derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01" PSA key derivation: PBKDF2-AES-CMAC-PRF-128, Test vector 1, password as bytes, derive key depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES -derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"":"":0:0:1 +derive_output:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"70617373776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":20:"1b72f6419173a06e27777606a315876ec71227de":"":0:0:1 PSA key derivation: ECJPAKE to PMS, no input depends_on:PSA_WANT_ALG_SHA_256 From 9928ca1875cfbf998fa0e97f182892c047c3bad0 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Wed, 16 Aug 2023 11:48:27 +0530 Subject: [PATCH 30/30] Code styling Signed-off-by: Kusumit Ghoderao --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 50df3e3d04..241b7c80d1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2117,7 +2117,7 @@ #define PSA_ALG_IS_PBKDF2(kdf_alg) \ (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg) || \ - (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) + ((kdf_alg) == PSA_ALG_PBKDF2_AES_CMAC_PRF_128)) #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000)