Apply review feedback

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2020-10-15 17:07:12 +02:00
parent 949cde682e
commit fa5e631d23
3 changed files with 13 additions and 9 deletions

View file

@ -2,3 +2,5 @@ Features
* In PSA, allow using a key declared with a base key agreement algorithm * In PSA, allow using a key declared with a base key agreement algorithm
in combined key agreement and derivation operations, as long as the key in combined key agreement and derivation operations, as long as the key
agreement algorithm in use matches the algorithm the key was declared with. agreement algorithm in use matches the algorithm the key was declared with.
This is currently non-standard behaviour, but expected to make it into a
future revision of the PSA Crypto standard.

View file

@ -1085,7 +1085,8 @@ static int psa_key_algorithm_permits( psa_algorithm_t policy_alg,
( requested_alg & ~PSA_ALG_HASH_MASK ) ); ( requested_alg & ~PSA_ALG_HASH_MASK ) );
} }
/* If policy_alg is a generic key agreement operation, then using it for /* If policy_alg is a generic key agreement operation, then using it for
* a key derivation with that key agreement is also compliant. */ * a key derivation with that key agreement should also be allowed. This
* behaviour is expected to be defined in a future specification version. */
if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) && if( PSA_ALG_IS_RAW_KEY_AGREEMENT( policy_alg ) &&
PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) ) PSA_ALG_IS_KEY_AGREEMENT( requested_alg ) )
{ {
@ -5876,12 +5877,6 @@ static psa_status_t psa_key_agreement_internal( psa_key_derivation_operation_t *
PSA_KEY_TYPE_DERIVE, PSA_KEY_TYPE_DERIVE,
shared_secret, shared_secret,
shared_secret_length ); shared_secret_length );
/* If a private key has been added as SECRET, we allow the derived
* key material to be used as a key in PSA Crypto. */
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
operation->can_output_key = 1;
exit: exit:
mbedtls_platform_zeroize( shared_secret, shared_secret_length ); mbedtls_platform_zeroize( shared_secret, shared_secret_length );
return( status ); return( status );
@ -5906,6 +5901,13 @@ psa_status_t psa_key_derivation_key_agreement( psa_key_derivation_operation_t *o
peer_key, peer_key_length ); peer_key, peer_key_length );
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
psa_key_derivation_abort( operation ); psa_key_derivation_abort( operation );
else
{
/* If a private key has been added as SECRET, we allow the derived
* key material to be used as a key in PSA Crypto. */
if( step == PSA_KEY_DERIVATION_INPUT_SECRET )
operation->can_output_key = 1;
}
return( status ); return( status );
} }

View file

@ -5233,7 +5233,7 @@ void key_agreement_setup( int alg_arg,
{ {
psa_key_handle_t our_key = 0; psa_key_handle_t our_key = 0;
psa_algorithm_t alg = alg_arg; psa_algorithm_t alg = alg_arg;
psa_algorithm_t key_alg = our_key_alg_arg; psa_algorithm_t our_key_alg = our_key_alg_arg;
psa_key_type_t our_key_type = our_key_type_arg; psa_key_type_t our_key_type = our_key_type_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT; psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@ -5243,7 +5243,7 @@ void key_agreement_setup( int alg_arg,
PSA_ASSERT( psa_crypto_init( ) ); PSA_ASSERT( psa_crypto_init( ) );
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE ); psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DERIVE );
psa_set_key_algorithm( &attributes, key_alg ); psa_set_key_algorithm( &attributes, our_key_alg );
psa_set_key_type( &attributes, our_key_type ); psa_set_key_type( &attributes, our_key_type );
PSA_ASSERT( psa_import_key( &attributes, PSA_ASSERT( psa_import_key( &attributes,
our_key_data->x, our_key_data->len, our_key_data->x, our_key_data->len,