diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8e439bab0d..15c8130ef5 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1270,7 +1270,7 @@ typedef uint32_t psa_algorithm_t; * \param kdf_alg A key derivation algorithm (\c PSA_ALG_XXX value such * that #PSA_ALG_IS_KEY_DERIVATION(\p hash_alg) is true) * or a key selection algorithm (\c PSA_ALG_XXX value such - * that #PSA_ALG_IS_SELECTION(\p hash_alg) is true). + * that #PSA_ALG_IS_KEY_SELECTION(\p hash_alg) is true). * * \return The Diffie-Hellman algorithm with the specified * selection or derivation algorithm. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index f11b87cca4..44a1a60572 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -85,7 +85,7 @@ struct psa_hash_operation_s } ctx; }; - +#if defined(MBEDTLS_MD_C) typedef struct { /** The hash context. */ @@ -93,7 +93,7 @@ typedef struct /** The HMAC part of the context. */ uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; } psa_hmac_internal_data; - +#endif /* MBEDTLS_MD_C */ struct psa_mac_operation_s { @@ -130,6 +130,7 @@ struct psa_cipher_operation_s } ctx; }; +#if defined(MBEDTLS_MD_C) typedef struct { uint8_t *info; @@ -143,7 +144,9 @@ typedef struct uint8_t offset_in_block; uint8_t block_number; } psa_hkdf_generator_t; +#endif /* MBEDTLS_MD_C */ +#if defined(MBEDTLS_MD_C) typedef struct psa_tls12_prf_generator_s { /* The TLS 1.2 PRF uses the key for each HMAC iteration, @@ -172,6 +175,7 @@ typedef struct psa_tls12_prf_generator_s uint8_t block_number; } psa_tls12_prf_generator_t; +#endif /* MBEDTLS_MD_C */ struct psa_crypto_generator_s { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f0de861242..b0fb5a8830 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1431,6 +1431,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( (int) key_bits, mode ) ); } +#if defined(MBEDTLS_MD_C) static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { switch( alg ) @@ -1457,6 +1458,7 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) return( 0 ); } } +#endif /* MBEDTLS_MD_C */ /* Initialize the MAC operation structure. Once this function has been * called, psa_mac_abort can run and will do the right thing. */ @@ -2164,6 +2166,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, goto cleanup; } +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg ); @@ -2174,7 +2177,9 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp, md_alg ) ); } else +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ { + (void) alg; MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d, hash, hash_length, mbedtls_ctr_drbg_random, @@ -2265,7 +2270,13 @@ psa_status_t psa_asymmetric_sign( psa_key_slot_t key, if( PSA_KEY_TYPE_IS_ECC( slot->type ) ) { #if defined(MBEDTLS_ECDSA_C) - if( PSA_ALG_IS_ECDSA( alg ) ) + if( +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + PSA_ALG_IS_ECDSA( alg ) +#else + PSA_ALG_IS_RANDOMIZED_ECDSA( alg ) +#endif + ) status = psa_ecdsa_sign( slot->data.ecp, alg, hash, hash_length, @@ -3637,8 +3648,13 @@ exit: /* Key derivation */ /****************************************************************/ +#if defined(MBEDTLS_MD_C) /* Set up an HKDF-based generator. This is exactly the extract phase - * of the HKDF algorithm. */ + * of the HKDF algorithm. + * + * Note that if this function fails, you must call psa_generator_abort() + * to potentially free embedded data structures and wipe confidential data. + */ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, const uint8_t *secret, size_t secret_length, @@ -3674,8 +3690,14 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, } return( PSA_SUCCESS ); } +#endif /* MBEDTLS_MD_C */ -/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). */ +#if defined(MBEDTLS_MD_C) +/* Set up a TLS-1.2-prf-based generator (see RFC 5246, Section 5). + * + * Note that if this function fails, you must call psa_generator_abort() + * to potentially free embedded data structures and wipe confidential data. + */ static psa_status_t psa_generator_tls12_prf_setup( psa_tls12_prf_generator_t *tls12_prf, const unsigned char *key, @@ -3727,7 +3749,11 @@ static psa_status_t psa_generator_tls12_prf_setup( return( PSA_SUCCESS ); } +#endif /* MBEDTLS_MD_C */ +/* Note that if this function fails, you must call psa_generator_abort() + * to potentially free embedded data structures and wipe confidential data. + */ static psa_status_t psa_key_derivation_internal( psa_crypto_generator_t *generator, const uint8_t *secret, size_t secret_length, @@ -3744,8 +3770,10 @@ static psa_status_t psa_key_derivation_internal( if( alg == PSA_ALG_SELECT_RAW ) { + (void) salt; if( salt_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); + (void) label; if( label_length != 0 ) return( PSA_ERROR_INVALID_ARGUMENT ); generator->ctx.buffer.data = mbedtls_calloc( 1, secret_length ); @@ -3854,6 +3882,7 @@ psa_status_t psa_key_derivation( psa_crypto_generator_t *generator, /* Key agreement */ /****************************************************************/ +#if defined(MBEDTLS_ECDH_C) static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, size_t peer_key_length, const mbedtls_ecp_keypair *our_key, @@ -3905,9 +3934,13 @@ exit: mbedtls_ecdh_free( &ecdh ); return( mbedtls_to_psa_error( ret ) ); } +#endif /* MBEDTLS_ECDH_C */ #define PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE MBEDTLS_ECP_MAX_BYTES +/* Note that if this function fails, you must call psa_generator_abort() + * to potentially free embedded data structures and wipe confidential data. + */ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generator, key_slot_t *private_key, const uint8_t *peer_key, @@ -3934,6 +3967,9 @@ static psa_status_t psa_key_agreement_internal( psa_crypto_generator_t *generato break; #endif /* MBEDTLS_ECDH_C */ default: + (void) private_key; + (void) peer_key; + (void) peer_key_length; return( PSA_ERROR_NOT_SUPPORTED ); } if( status != PSA_SUCCESS ) @@ -3965,10 +4001,13 @@ psa_status_t psa_key_agreement( psa_crypto_generator_t *generator, PSA_KEY_USAGE_DERIVE, alg ); if( status != PSA_SUCCESS ) return( status ); - return( psa_key_agreement_internal( generator, - slot, - peer_key, peer_key_length, - alg ) ); + status = psa_key_agreement_internal( generator, + slot, + peer_key, peer_key_length, + alg ); + if( status != PSA_SUCCESS ) + psa_generator_abort( generator ); + return( status ); } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7f37db197c..da105d2d1a 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1618,7 +1618,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3059301306072a8648ce3d020106082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS PSA key agreement setup: ECDH, raw: public key on different curve -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C key_agreement_setup:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3076301006072a8648ce3d020106052b8104002203620004e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, raw: public key instead of private key @@ -1697,6 +1697,10 @@ PSA key agreement: ECDH brainpoolP512r1 (RFC 7027), raw: read depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C key_agreement_output:PSA_ALG_ECDH(PSA_ALG_SELECT_RAW):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_BRAINPOOL_P512R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"30819b301406072a8648ce3d020106092b240303020801010d03818200049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f":"" +PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32 +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_MD_C +key_agreement_output:PSA_ALG_ECDH(PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEYPAIR(PSA_ECC_CURVE_SECP256R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"3059301306072a8648ce3d020106082a8648ce3d03010703420004d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"" + PSA generate random: 0 bytes generate_random:0