mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-16 08:42:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

exercise_key_agreement_key: add special handling for HKDF_EXPAND

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2022-06-14 14:41:42 +02:00
parent d898745f70
commit 6c9fd61565
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tests/src/psa_exercise_key.c
View File

@ -627,6 +627,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
unsigned char output[1]; unsigned char output[1];
int ok = 0; int ok = 0;
psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg ); psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF( alg );
psa_status_t expected_key_agreement_status = PSA_SUCCESS;
if( usage & PSA_KEY_USAGE_DERIVE ) if( usage & PSA_KEY_USAGE_DERIVE )
{ {
@ -648,7 +649,25 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
input, sizeof( input ) ) ); input, sizeof( input ) ) );
} }
PSA_ASSERT( mbedtls_test_psa_key_agreement_with_self( &operation, key ) ); /* For HKDF_EXPAND input secret may fail as secret size may not match
to expected PRK size. In practice it means that key bits must match
hash length. Otherwise test should fail with INVALID_ARGUMENT. */
if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
{
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
size_t key_bits = psa_get_key_bits( &attributes );
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg );
if( PSA_BITS_TO_BYTES( key_bits ) != PSA_HASH_LENGTH( hash_alg ) )
expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT;
}
TEST_EQUAL( mbedtls_test_psa_key_agreement_with_self( &operation, key ),
expected_key_agreement_status );
if( expected_key_agreement_status != PSA_SUCCESS )
return( 1 );
if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) ||
PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) )
@ -657,7 +676,7 @@ static int exercise_key_agreement_key( mbedtls_svc_key_id_t key,
&operation, PSA_KEY_DERIVATION_INPUT_LABEL, &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
input, sizeof( input ) ) ); input, sizeof( input ) ) );
} }
else if( PSA_ALG_IS_HKDF( kdf_alg ) ) else if( PSA_ALG_IS_HKDF( kdf_alg ) || PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
{ {
PSA_ASSERT( psa_key_derivation_input_bytes( PSA_ASSERT( psa_key_derivation_input_bytes(
&operation, PSA_KEY_DERIVATION_INPUT_INFO, &operation, PSA_KEY_DERIVATION_INPUT_INFO,

5
tests/suites/test_suite_psa_crypto_storage_format.function
View File

@ -151,11 +151,6 @@ static int can_exercise( const psa_key_attributes_t *attributes )
PSA_ALG_NONE; PSA_ALG_NONE;
psa_key_usage_t usage = psa_get_key_usage_flags( attributes ); psa_key_usage_t usage = psa_get_key_usage_flags( attributes );
/* Disable KA(ECDH,HKDF_EXTRACT/EXPAND...) test cases. */
if( PSA_ALG_IS_KEY_AGREEMENT( alg ) &&
( PSA_ALG_HKDF_EXTRACT( alg ) || PSA_ALG_HKDF_EXPAND( alg ) ) )
return 0;
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
/* We test some configurations using drivers where the driver doesn't /* We test some configurations using drivers where the driver doesn't
* support certain hash algorithms, but declares that it supports * support certain hash algorithms, but declares that it supports