Skip to content

Commit

Permalink
Merge pull request #8781 from silabs-Kusumit/kdf_incorrect_initial_ca…
Browse files Browse the repository at this point in the history
…pacity_backport

Backport 2.28: Fix KDF Incorrect Initial Capacity
  • Loading branch information
gilles-peskine-arm authored Feb 6, 2024
2 parents 6b36a5d + bfa27e3 commit 856bf3a
Show file tree
Hide file tree
Showing 4 changed files with 86 additions and 25 deletions.
3 changes: 3 additions & 0 deletions ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Bugfix
* Correct initial capacities for key derivation algorithms:TLS12_PRF,
TLS12_PSK_TO_MS
57 changes: 40 additions & 17 deletions library/psa_crypto.c
Original file line number Diff line number Diff line change
Expand Up @@ -4375,21 +4375,10 @@ static psa_status_t psa_hash_try_support(psa_algorithm_t alg)
return status;
}

static psa_status_t psa_key_derivation_setup_kdf(
static psa_status_t psa_key_derivation_set_maximum_capacity(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg)
{
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset(&operation->ctx, 0, sizeof(operation->ctx));

/* Make sure that kdf_alg is a supported key derivation algorithm. */
if (!is_kdf_alg_supported(kdf_alg)) {
return PSA_ERROR_NOT_SUPPORTED;
}

/* All currently supported key derivation algorithms are based on a
* hash algorithm. */
psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
size_t hash_size = PSA_HASH_LENGTH(hash_alg);
if (hash_size == 0) {
Expand All @@ -4404,14 +4393,48 @@ static psa_status_t psa_key_derivation_setup_kdf(
return status;
}

if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) &&
!(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
#if defined(PSA_WANT_ALG_HKDF)
if (PSA_ALG_IS_HKDF(kdf_alg)) {
operation->capacity = 255 * hash_size;
} else
#endif
#if defined(PSA_WANT_ALG_TLS12_PRF)
if (PSA_ALG_IS_TLS12_PRF(kdf_alg) &&
(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
operation->capacity = SIZE_MAX;
} else
#endif
#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg) &&
(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
/* Master Secret is always 48 bytes
* https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */
operation->capacity = 48U;
} else
#endif
{
(void) hash_size;
status = PSA_ERROR_NOT_SUPPORTED;
}
return status;
}


static psa_status_t psa_key_derivation_setup_kdf(
psa_key_derivation_operation_t *operation,
psa_algorithm_t kdf_alg)
{
/* Make sure that operation->ctx is properly zero-initialised. (Macro
* initialisers for this union leave some bytes unspecified.) */
memset(&operation->ctx, 0, sizeof(operation->ctx));
/* Make sure that kdf_alg is a supported key derivation algorithm. */
if (!is_kdf_alg_supported(kdf_alg)) {
return PSA_ERROR_NOT_SUPPORTED;
}

operation->capacity = 255 * hash_size;
return PSA_SUCCESS;
psa_status_t status = psa_key_derivation_set_maximum_capacity(operation,
kdf_alg);
return status;
}

static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)
Expand Down
47 changes: 41 additions & 6 deletions tests/suites/test_suite_psa_crypto.data
Original file line number Diff line number Diff line change
Expand Up @@ -3597,6 +3597,25 @@ PSA key derivation: HKDF SHA-1, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT

# TLS 1.2 PRF does not have a maximum capacity therefore
# derive_set_capacity negative test case is not added

PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):48U + 1U:PSA_ERROR_INVALID_ARGUMENT

PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, request too much capacity
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):48U + 1U:PSA_ERROR_INVALID_ARGUMENT

PSA key derivation: TLS 1.2 PRF SHA-256, request maximum capacity
depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_256
derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):SIZE_MAX:PSA_SUCCESS

PSA key derivation: TLS 1.2 PRF SHA-384, request maximum capacity
depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_384
derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):SIZE_MAX:PSA_SUCCESS

PSA key derivation: over capacity 42: output 42+1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff"
Expand All @@ -3617,17 +3636,33 @@ PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1

PSA key derivation: HKDF SHA-512, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1

PSA key derivation: HKDF SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)

PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
PSA key derivation: HKDF SHA-512, read maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512)

PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47

PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47

PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48

PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48

PSA key derivation: HKDF SHA-256, exercise AES128-CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
Expand Down
4 changes: 2 additions & 2 deletions tests/suites/test_suite_psa_crypto.function
Original file line number Diff line number Diff line change
Expand Up @@ -4466,7 +4466,7 @@ exit:
/* END_CASE */

/* BEGIN_CASE */
void derive_set_capacity(int alg_arg, int capacity_arg,
void derive_set_capacity(int alg_arg, int64_t capacity_arg,
int expected_status_arg)
{
psa_algorithm_t alg = alg_arg;
Expand Down Expand Up @@ -4788,7 +4788,7 @@ void derive_full(int alg_arg,
psa_algorithm_t alg = alg_arg;
size_t requested_capacity = requested_capacity_arg;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
unsigned char output_buffer[16];
unsigned char output_buffer[32];
size_t expected_capacity = requested_capacity;
size_t current_capacity;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
Expand Down

0 comments on commit 856bf3a

Please sign in to comment.