From 86e83dd4a7be88d6da353aa787d38aa777364aa1 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 1 Dec 2023 16:38:26 +0530 Subject: [PATCH] Add kdf_set_max_capacity function Signed-off-by: Kusumit Ghoderao --- library/psa_crypto.c | 149 ++++++++++++++++++++++++------------------- 1 file changed, 82 insertions(+), 67 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a1d96bfa98..a116beff69 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6063,6 +6063,86 @@ static psa_status_t psa_hash_try_support(psa_algorithm_t alg) return status; } +static psa_status_t psa_key_derivation_set_maximum_capacity( + psa_key_derivation_operation_t *operation, + psa_algorithm_t kdf_alg) +{ +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) + if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { + operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256); + return PSA_SUCCESS; + } +#endif +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) + if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { +#if (SIZE_MAX > UINT32_MAX) + operation->capacity = UINT32_MAX * PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, + 128U, + PSA_ALG_CMAC); +#else + operation->capacity = SIZE_MAX; +#endif + return PSA_SUCCESS; + } +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ + + /* After this point, if kdf_alg is not valid then value of hash_alg may be + * invalid or meaningless but it does not affect this function */ + psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(kdf_alg); + size_t hash_size = PSA_HASH_LENGTH(hash_alg); + + /* Make sure that hash_alg is a supported hash algorithm. Otherwise + * we might fail later, which is somewhat unfriendly and potentially + * risk-prone. */ + psa_status_t status = psa_hash_try_support(hash_alg); + if (status != PSA_SUCCESS) { + return status; + } + +#if defined(PSA_WANT_ALG_HKDF) + if (PSA_ALG_IS_HKDF(kdf_alg)) { + operation->capacity = 255 * hash_size; + } else +#endif +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) + if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { + operation->capacity = hash_size; + } else +#endif +#if defined(PSA_WANT_ALG_HKDF_EXPAND) + if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { + operation->capacity = 255 * hash_size; + } else +#endif +#if defined(PSA_WANT_ALG_TLS12_PRF) + if (PSA_ALG_IS_TLS12_PRF(kdf_alg) && + (hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { + operation->capacity = SIZE_MAX; + } else +#endif +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) + if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg) && + (hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { + /* Master Secret is always 48 bytes + * https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */ + operation->capacity = 48U; + } else +#endif +#if defined(PSA_WANT_ALG_PBKDF2_HMAC) + if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { +#if (SIZE_MAX > UINT32_MAX) + operation->capacity = UINT32_MAX * hash_size; +#else + operation->capacity = SIZE_MAX; +#endif + } else +#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ + { + status = PSA_ERROR_NOT_SUPPORTED; + } + return status; +} + static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg) @@ -6075,74 +6155,9 @@ static psa_status_t psa_key_derivation_setup_kdf( if (!is_kdf_alg_supported(kdf_alg)) { return PSA_ERROR_NOT_SUPPORTED; } - psa_status_t status = PSA_SUCCESS; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) - if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { - operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256); - return PSA_SUCCESS; - } -#endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128) - if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) { -#if (UINT_MAX > UINT32_MAX) - operation->capacity = UINT32_MAX * PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, - 128U, - PSA_ALG_CMAC); -#else - operation->capacity = UINT32_MAX; -#endif - return PSA_SUCCESS; - } -#endif - - psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg); - size_t hash_size = PSA_HASH_LENGTH(hash_alg); - if (hash_size == 0) { - return PSA_ERROR_NOT_SUPPORTED; - } - - /* Make sure that hash_alg is a supported hash algorithm. Otherwise - * we might fail later, which is somewhat unfriendly and potentially - * risk-prone. */ - status = psa_hash_try_support(hash_alg); - if (status != PSA_SUCCESS) { - return status; - } - - if (PSA_ALG_IS_HKDF(kdf_alg)) { - operation->capacity = 255 * hash_size; - } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) - if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { - operation->capacity = hash_size; - } -#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) - if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { - operation->capacity = 255 * hash_size; - } -#endif - if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) || - PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) && - !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) { - return PSA_ERROR_NOT_SUPPORTED; - } - if (PSA_ALG_IS_TLS12_PRF(kdf_alg)) { - operation->capacity = UINT_MAX; - } - if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) { - /* Master Secret is always 48 bytes - * https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */ - operation->capacity = 48U; - } - if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) { -#if (UINT_MAX > UINT32_MAX) - operation->capacity = UINT32_MAX * hash_size; -#else - operation->capacity = UINT32_MAX; -#endif - } + psa_status_t status = psa_key_derivation_set_maximum_capacity(operation, + kdf_alg); return status; }