From 23cb12ef9f4bef638fc135b9a42255edc5fce394 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Apr 2021 20:54:40 +0200 Subject: [PATCH] A key agreement algorithm can contain a key derivation PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm when kdf is one. Signed-off-by: Gilles Peskine --- scripts/mbedtls_dev/crypto_knowledge.py | 20 ++++ tests/scripts/generate_psa_tests.py | 6 +- ...st_suite_psa_crypto_op_fail.generated.data | 112 ++++++++++++++---- 3 files changed, 111 insertions(+), 27 deletions(-) diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 49ff0d937..a551c6df4 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -364,3 +364,23 @@ class Algorithm: self.head = self.determine_head(self.base_expression) self.category = self.determine_category(self.base_expression, self.head) self.is_wildcard = self.determine_wildcard(self.expression) + + def is_key_agreement_with_derivation(self) -> bool: + """Whether this is a combined key agreement and key derivation algorithm.""" + if self.category != AlgorithmCategory.KEY_AGREEMENT: + return False + m = re.match(r'PSA_ALG_KEY_AGREEMENT\(\w+,\s*(.*)\)\Z', self.expression) + if not m: + return False + kdf_alg = m.group(1) + # Assume kdf_alg is either a valid KDF or 0. + return not re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg) + + def can_do(self, category: AlgorithmCategory) -> bool: + """Whether this algorithm fits the specified operation category.""" + if category == self.category: + return True + if category == AlgorithmCategory.KEY_DERIVATION and \ + self.is_key_agreement_with_derivation(): + return True + return False diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 8595d45a8..d1d8abcb2 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -373,7 +373,7 @@ class OpFail: category: crypto_knowledge.AlgorithmCategory, ) -> Iterator[test_case.TestCase]: """Generate failure test cases for keyless operations with the specified algorithm.""" - if category == alg.category: + if alg.can_do(category): # Compatible operation, unsupported algorithm for dep in automatic_dependencies(alg.base_expression): yield self.make_test_case(alg, category, @@ -392,7 +392,7 @@ class OpFail: for kt in self.key_types: key_is_compatible = kt.can_do(alg) # To do: public key for a private key operation - if key_is_compatible and category == alg.category: + if key_is_compatible and alg.can_do(category): # Compatible key and operation, unsupported algorithm for dep in automatic_dependencies(alg.base_expression): yield self.make_test_case(alg, category, @@ -403,7 +403,7 @@ class OpFail: yield self.make_test_case(alg, category, self.Reason.INVALID, kt=kt) - elif category == alg.category: + elif alg.can_do(category): # Incompatible key, compatible operation, supported algorithm yield self.make_test_case(alg, category, self.Reason.INCOMPATIBLE, diff --git a/tests/suites/test_suite_psa_crypto_op_fail.generated.data b/tests/suites/test_suite_psa_crypto_op_fail.generated.data index 57efc400c..4957560ae 100644 --- a/tests/suites/test_suite_psa_crypto_op_fail.generated.data +++ b/tests/suites/test_suite_psa_crypto_op_fail.generated.data @@ -18547,9 +18547,17 @@ PSA asymmetric_encryption KEY_AGREEMENT(ECDH,HKDF(SHA_256)): invalid with ECC_PU depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_FAMILY_SECT_R2:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY asymmetric_encryption_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_256)): invalid -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_256)): !ECDH +depends_on:!PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_256)): !HKDF +depends_on:PSA_WANT_ALG_ECDH:!PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_256)): !SHA_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:!PSA_WANT_ALG_SHA_256 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(ECDH,HKDF(SHA_256)): incompatible with AES depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES @@ -18799,9 +18807,17 @@ PSA hash KEY_AGREEMENT(FFDH,HKDF(SHA_256)): invalid depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 hash_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_256)): invalid -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_256)): !FFDH +depends_on:!PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_256)): !HKDF +depends_on:PSA_WANT_ALG_FFDH:!PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_256)): !SHA_256 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:!PSA_WANT_ALG_SHA_256 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(FFDH,HKDF(SHA_256)): incompatible with AES depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES @@ -19243,9 +19259,17 @@ PSA asymmetric_encryption KEY_AGREEMENT(ECDH,HKDF(SHA_384)): invalid with ECC_PU depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_ECC_FAMILY_SECT_R2:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY asymmetric_encryption_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_384)): invalid -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_384)): !ECDH +depends_on:!PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_384)): !HKDF +depends_on:PSA_WANT_ALG_ECDH:!PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,HKDF(SHA_384)): !SHA_384 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:!PSA_WANT_ALG_SHA_384 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(ECDH,HKDF(SHA_384)): incompatible with AES depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES @@ -19815,9 +19839,17 @@ PSA asymmetric_encryption KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): invalid with E depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ECC_FAMILY_SECT_R2:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY asymmetric_encryption_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): invalid -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): !ECDH +depends_on:!PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): !SHA_256 +depends_on:PSA_WANT_ALG_ECDH:!PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): !TLS12_PRF +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:!PSA_WANT_ALG_TLS12_PRF +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): incompatible with AES depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_AES @@ -20387,9 +20419,17 @@ PSA asymmetric_encryption KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): invalid with E depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ECC_FAMILY_SECT_R2:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY asymmetric_encryption_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): invalid -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): !ECDH +depends_on:!PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): !SHA_384 +depends_on:PSA_WANT_ALG_ECDH:!PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): !TLS12_PRF +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:!PSA_WANT_ALG_TLS12_PRF +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): incompatible with AES depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_KEY_TYPE_AES @@ -20959,9 +20999,17 @@ PSA asymmetric_encryption KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_256)): invalid depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ECC_FAMILY_SECT_R2:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY asymmetric_encryption_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_256)): invalid -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_256)): !ECDH +depends_on:!PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_256)): !SHA_256 +depends_on:PSA_WANT_ALG_ECDH:!PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_256)): !TLS12_PSK_TO_MS +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:!PSA_WANT_ALG_TLS12_PSK_TO_MS +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_256)): incompatible with AES depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_AES @@ -21531,9 +21579,17 @@ PSA asymmetric_encryption KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_384)): invalid depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ECC_FAMILY_SECT_R2:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY asymmetric_encryption_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_384)): invalid -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_384)): !ECDH +depends_on:!PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_384)): !SHA_384 +depends_on:PSA_WANT_ALG_ECDH:!PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_384)): !TLS12_PSK_TO_MS +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:!PSA_WANT_ALG_TLS12_PSK_TO_MS +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH,PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(ECDH,TLS12_PSK_TO_MS(SHA_384)): incompatible with AES depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_KEY_TYPE_AES @@ -21783,9 +21839,17 @@ PSA hash KEY_AGREEMENT(FFDH,HKDF(SHA_384)): invalid depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 hash_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT -PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_384)): invalid -depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 -key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_INVALID_ARGUMENT +PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_384)): !FFDH +depends_on:!PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_384)): !HKDF +depends_on:PSA_WANT_ALG_FFDH:!PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED + +PSA key_derivation KEY_AGREEMENT(FFDH,HKDF(SHA_384)): !SHA_384 +depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:!PSA_WANT_ALG_SHA_384 +key_derivation_fail:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH,PSA_ALG_HKDF(PSA_ALG_SHA_384)):PSA_ERROR_NOT_SUPPORTED PSA key_agreement KEY_AGREEMENT(FFDH,HKDF(SHA_384)): incompatible with AES depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES