mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 18:35:44 +00:00
Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
parent
949cde682e
commit
fa5e631d23
|
@ -2,3 +2,5 @@ Features
|
||||||
* In PSA, allow using a key declared with a base key agreement algorithm
|
* In PSA, allow using a key declared with a base key agreement algorithm
|
||||||
in combined key agreement and derivation operations, as long as the key
|
in combined key agreement and derivation operations, as long as the key
|
||||||
agreement algorithm in use matches the algorithm the key was declared with.
|
agreement algorithm in use matches the algorithm the key was declared with.
|
||||||
|
This is currently non-standard behaviour, but expected to make it into a
|
||||||
|
future revision of the PSA Crypto standard.
|
||||||
|
|
|
@ -1085,7 +1085,8 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
|
||||||
( requested_alg & ~PSA_ALG_HASH_MASK ) );
|
( requested_alg & ~PSA_ALG_HASH_MASK ) );
|
||||||
}
|
}
|
||||||
/* If policy_alg is a generic key agreement operation, then using it for
|
/* If policy_alg is a generic key agreement operation, then using it for
|
||||||
* a key derivation with that key agreement is also compliant. */
|
* a key derivation with that key agreement should also be allowed. This
|
||||||
|
* behaviour is expected to be defined in a future specification version. */
|
||||||
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
|
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
|
||||||
PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
|
PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
|
||||||
{
|
{
|
||||||
|
@ -5876,12 +5877,6 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
|
||||||
PSA_KEY_TYPE_DERIVE,
|
PSA_KEY_TYPE_DERIVE,
|
||||||
shared_secret,
|
shared_secret,
|
||||||
shared_secret_length );
|
shared_secret_length );
|
||||||
|
|
||||||
/* If a private key has been added as SECRET, we allow the derived
|
|
||||||
* key material to be used as a key in PSA Crypto. */
|
|
||||||
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
|
|
||||||
operation->can_output_key = 1;
|
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
|
mbedtls_platform_zeroize( shared_secret, shared_secret_length );
|
||||||
return( status );
|
return( status );
|
||||||
|
@ -5906,6 +5901,13 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o
|
||||||
peer_key, peer_key_length );
|
peer_key, peer_key_length );
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
psa_key_derivation_abort( operation );
|
psa_key_derivation_abort( operation );
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* If a private key has been added as SECRET, we allow the derived
|
||||||
|
* key material to be used as a key in PSA Crypto. */
|
||||||
|
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
|
||||||
|
operation->can_output_key = 1;
|
||||||
|
}
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5233,7 +5233,7 @@ void key_agreement_setup( int alg_arg,
|
||||||
{
|
{
|
||||||
psa_key_handle_t our_key = 0;
|
psa_key_handle_t our_key = 0;
|
||||||
psa_algorithm_t alg = alg_arg;
|
psa_algorithm_t alg = alg_arg;
|
||||||
psa_algorithm_t key_alg = our_key_alg_arg;
|
psa_algorithm_t our_key_alg = our_key_alg_arg;
|
||||||
psa_key_type_t our_key_type = our_key_type_arg;
|
psa_key_type_t our_key_type = our_key_type_arg;
|
||||||
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
|
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
@ -5243,7 +5243,7 @@ void key_agreement_setup( int alg_arg,
|
||||||
PSA_ASSERT( psa_crypto_init( ) );
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
|
||||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
|
||||||
psa_set_key_algorithm( &attributes, key_alg );
|
psa_set_key_algorithm( &attributes, our_key_alg );
|
||||||
psa_set_key_type( &attributes, our_key_type );
|
psa_set_key_type( &attributes, our_key_type );
|
||||||
PSA_ASSERT( psa_import_key( &attributes,
|
PSA_ASSERT( psa_import_key( &attributes,
|
||||||
our_key_data->x, our_key_data->len,
|
our_key_data->x, our_key_data->len,
|
||||||
|
|
Loading…
Reference in a new issue