diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0bff6cee9..17af57dec 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3002,7 +3002,7 @@ psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle, * make any assumptions about the content of this structure except * as directed by the documentation of a specific implementation. */ -typedef struct psa_crypto_generator_s psa_key_derivation_operation_t; +typedef struct psa_key_derivation_s psa_key_derivation_operation_t; /** \def PSA_KEY_DERIVATION_OPERATION_INIT * diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 74e362d8e..be570c2fa 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -188,11 +188,11 @@ typedef struct uint8_t block_number; unsigned int state : 2; unsigned int info_set : 1; -} psa_hkdf_generator_t; +} psa_hkdf_key_derivation_t; #endif /* MBEDTLS_MD_C */ #if defined(MBEDTLS_MD_C) -typedef struct psa_tls12_prf_generator_s +typedef struct psa_tls12_prf_key_derivation_s { /* The TLS 1.2 PRF uses the key for each HMAC iteration, * hence we must store it for the lifetime of the generator. @@ -219,10 +219,10 @@ typedef struct psa_tls12_prf_generator_s /* The 1-based number of the block. */ uint8_t block_number; -} psa_tls12_prf_generator_t; +} psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_MD_C */ -struct psa_crypto_generator_s +struct psa_key_derivation_s { psa_algorithm_t alg; size_t capacity; @@ -234,16 +234,16 @@ struct psa_crypto_generator_s size_t size; } buffer; #if defined(MBEDTLS_MD_C) - psa_hkdf_generator_t hkdf; - psa_tls12_prf_generator_t tls12_prf; + psa_hkdf_key_derivation_t hkdf; + psa_tls12_prf_key_derivation_t tls12_prf; #endif } ctx; }; #define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, {{0, 0}}} -static inline struct psa_crypto_generator_s psa_key_derivation_operation_init( void ) +static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void ) { - const struct psa_crypto_generator_s v = PSA_KEY_DERIVATION_OPERATION_INIT; + const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; return( v ); } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 71648eba2..29a0496bc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4065,7 +4065,7 @@ exit: #define HKDF_STATE_KEYED 2 /* got key */ #define HKDF_STATE_OUTPUT 3 /* output started */ -static psa_algorithm_t psa_generator_get_kdf_alg( +static psa_algorithm_t psa_key_derivation_get_kdf_alg( const psa_key_derivation_operation_t *generator ) { if ( PSA_ALG_IS_KEY_AGREEMENT( generator->alg ) ) @@ -4078,7 +4078,7 @@ static psa_algorithm_t psa_generator_get_kdf_alg( psa_status_t psa_key_derivation_abort( psa_key_derivation_operation_t *generator ) { psa_status_t status = PSA_SUCCESS; - psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); if( kdf_alg == 0 ) { /* The object has (apparently) been initialized but it is not @@ -4156,7 +4156,7 @@ psa_status_t psa_key_derivation_set_capacity( psa_key_derivation_operation_t *ge #if defined(MBEDTLS_MD_C) /* Read some bytes from an HKDF-based generator. This performs a chunk * of the expand phase of the HKDF algorithm. */ -static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf, +static psa_status_t psa_key_derivation_hkdf_read( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, uint8_t *output, size_t output_length ) @@ -4223,8 +4223,8 @@ static psa_status_t psa_generator_hkdf_read( psa_hkdf_generator_t *hkdf, return( PSA_SUCCESS ); } -static psa_status_t psa_generator_tls12_prf_generate_next_block( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_prf_generate_next_block( + psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( alg ); @@ -4258,7 +4258,7 @@ static psa_status_t psa_generator_tls12_prf_generate_next_block( * A(0) = seed * A(i) = HMAC_hash( secret, A(i-1) ) * - * The `psa_tls12_prf_generator` structures saves the block + * The `psa_tls12_prf_key_derivation` structures saves the block * `HMAC_hash(secret, A(i) + seed)` from which the output * is currently extracted as `output_block`, while * `A(i) + seed` is stored in `Ai_with_seed`. @@ -4337,8 +4337,8 @@ cleanup: /* Read some bytes from an TLS-1.2-PRF-based generator. * See Section 5 of RFC 5246. */ -static psa_status_t psa_generator_tls12_prf_read( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_prf_read( + psa_tls12_prf_key_derivation_t *tls12_prf, psa_algorithm_t alg, uint8_t *output, size_t output_length ) @@ -4355,7 +4355,7 @@ static psa_status_t psa_generator_tls12_prf_read( /* Check if we have fully processed the current block. */ if( n == 0 ) { - status = psa_generator_tls12_prf_generate_next_block( tls12_prf, + status = psa_key_derivation_tls12_prf_generate_next_block( tls12_prf, alg ); if( status != PSA_SUCCESS ) return( status ); @@ -4381,7 +4381,7 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge size_t output_length ) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); if( generator->alg == 0 ) { @@ -4430,13 +4430,13 @@ psa_status_t psa_key_derivation_output_bytes( psa_key_derivation_operation_t *ge if( PSA_ALG_IS_HKDF( kdf_alg ) ) { psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); - status = psa_generator_hkdf_read( &generator->ctx.hkdf, hash_alg, + status = psa_key_derivation_hkdf_read( &generator->ctx.hkdf, hash_alg, output, output_length ); } else if( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) { - status = psa_generator_tls12_prf_read( &generator->ctx.tls12_prf, + status = psa_key_derivation_tls12_prf_read( &generator->ctx.tls12_prf, kdf_alg, output, output_length ); } @@ -4571,7 +4571,7 @@ exit: * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, +static psa_status_t psa_key_derivation_hkdf_setup( psa_hkdf_key_derivation_t *hkdf, const uint8_t *secret, size_t secret_length, psa_algorithm_t hash_alg, @@ -4616,8 +4616,8 @@ static psa_status_t psa_generator_hkdf_setup( psa_hkdf_generator_t *hkdf, * Note that if this function fails, you must call psa_key_derivation_abort() * to potentially free embedded data structures and wipe confidential data. */ -static psa_status_t psa_generator_tls12_prf_setup( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_prf_setup( + psa_tls12_prf_key_derivation_t *tls12_prf, const unsigned char *key, size_t key_len, psa_algorithm_t hash_alg, @@ -4669,8 +4669,8 @@ static psa_status_t psa_generator_tls12_prf_setup( } /* Set up a TLS-1.2-PSK-to-MS-based generator. */ -static psa_status_t psa_generator_tls12_psk_to_ms_setup( - psa_tls12_prf_generator_t *tls12_prf, +static psa_status_t psa_key_derivation_tls12_psk_to_ms_setup( + psa_tls12_prf_key_derivation_t *tls12_prf, const unsigned char *psk, size_t psk_len, psa_algorithm_t hash_alg, @@ -4699,7 +4699,7 @@ static psa_status_t psa_generator_tls12_psk_to_ms_setup( pms[2 + psk_len + 1] = pms[1]; memcpy( pms + 4 + psk_len, psk, psk_len ); - status = psa_generator_tls12_prf_setup( tls12_prf, + status = psa_key_derivation_tls12_prf_setup( tls12_prf, pms, 4 + 2 * psk_len, hash_alg, salt, salt_length, @@ -4752,7 +4752,7 @@ static psa_status_t psa_key_derivation_internal( if( hash_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); max_capacity = 255 * hash_size; - status = psa_generator_hkdf_setup( &generator->ctx.hkdf, + status = psa_key_derivation_hkdf_setup( &generator->ctx.hkdf, secret, secret_length, hash_alg, salt, salt_length, @@ -4776,14 +4776,14 @@ static psa_status_t psa_key_derivation_internal( if( PSA_ALG_IS_TLS12_PRF( alg ) ) { - status = psa_generator_tls12_prf_setup( &generator->ctx.tls12_prf, + status = psa_key_derivation_tls12_prf_setup( &generator->ctx.tls12_prf, secret, secret_length, hash_alg, salt, salt_length, label, label_length ); } else { - status = psa_generator_tls12_psk_to_ms_setup( + status = psa_key_derivation_tls12_psk_to_ms_setup( &generator->ctx.tls12_prf, secret, secret_length, hash_alg, salt, salt_length, @@ -4905,7 +4905,7 @@ psa_status_t psa_key_derivation_setup( psa_key_derivation_operation_t *generator } #if defined(MBEDTLS_MD_C) -static psa_status_t psa_hkdf_input( psa_hkdf_generator_t *hkdf, +static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf, psa_algorithm_t hash_alg, psa_key_derivation_step_t step, const uint8_t *data, @@ -4978,7 +4978,7 @@ static psa_status_t psa_key_derivation_input_raw( size_t data_length ) { psa_status_t status; - psa_algorithm_t kdf_alg = psa_generator_get_kdf_alg( generator ); + psa_algorithm_t kdf_alg = psa_key_derivation_get_kdf_alg( generator ); if( kdf_alg == PSA_ALG_SELECT_RAW ) { diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 991d91a3e..d98470d3d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1717,7 +1717,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEYPAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT Crypto generator initializers zero properly -crypto_generator_init: +key_derivation_init: PSA key derivation: HKDF-SHA-256, good case depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C @@ -1757,11 +1757,11 @@ derive_setup:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b": PSA key derivation: invalid generator state ( double generate + read past capacity ) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -test_derive_invalid_generator_state: +test_derive_invalid_key_derivation_state: PSA key derivation: invalid generator state ( call read/get_capacity after init and abort ) depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C -test_derive_invalid_generator_tests: +test_derive_invalid_key_derivation_tests: PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0 depends_on:MBEDTLS_MD_C:MBEDTLS_SHA256_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5527e3966..52c41e7eb 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -3996,7 +3996,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void crypto_generator_init( ) +void key_derivation_init( ) { /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even @@ -4064,7 +4064,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void test_derive_invalid_generator_state( ) +void test_derive_invalid_key_derivation_state( ) { psa_key_handle_t handle = 0; size_t key_type = PSA_KEY_TYPE_DERIVE; @@ -4113,7 +4113,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void test_derive_invalid_generator_tests( ) +void test_derive_invalid_key_derivation_tests( ) { uint8_t output_buffer[16]; size_t buffer_size = 16;