diff --git a/doc/nrf/libraries/nrf_security/doc/driver_config.rst b/doc/nrf/libraries/nrf_security/doc/driver_config.rst index 9263e1ad0259..c5ec673bdce4 100644 --- a/doc/nrf/libraries/nrf_security/doc/driver_config.rst +++ b/doc/nrf/libraries/nrf_security/doc/driver_config.rst @@ -727,15 +727,21 @@ Password-authenticated key exchange configurations To enable password-authenticated key exchange (PAKE) support, set one or more of the Kconfig options in the following table: -+-----------------------+-----------------------------------------------+ -| PAKE algorithm | Configuration option | -+=======================+===============================================+ -| EC J-PAKE | :kconfig:option:`CONFIG_PSA_WANT_ALG_JPAKE` | -+-----------------------+-----------------------------------------------+ -| SPAKE2+ | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P` | -+-----------------------+-----------------------------------------------+ -| SRP-6 | :kconfig:option:`CONFIG_PSA_WANT_ALG_SRP_6` | -+-----------------------+-----------------------------------------------+ ++------------------------+------------------------------------------------------+ +| PAKE algorithm | Configuration option | ++========================+======================================================+ +| EC J-PAKE | :kconfig:option:`CONFIG_PSA_WANT_ALG_JPAKE` | ++------------------------+------------------------------------------------------+ +| SPAKE2+ with HMAC | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P_HMAC` | ++------------------------+------------------------------------------------------+ +| SPAKE2+ with CMAC | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P_CMAC` | ++------------------------+------------------------------------------------------+ +| SPAKE2+ for Matter | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P_MATTER` | ++------------------------+------------------------------------------------------+ +| SRP-6 | :kconfig:option:`CONFIG_PSA_WANT_ALG_SRP_6` | ++------------------------+------------------------------------------------------+ +| SRP-6 password hashing | :kconfig:option:`CONFIG_PSA_WANT_ALG_SRP_6` | ++------------------------+------------------------------------------------------+ .. note:: * The provided support is experimental. diff --git a/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h b/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h index 68a812e1bb14..ff8ea21b344f 100644 --- a/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h +++ b/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h @@ -56,6 +56,20 @@ #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT) || \ + defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT) || \ + defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_GENERATE) || \ + defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) +#define PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC 1 +#endif + +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT) || \ + defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT) || \ + defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_GENERATE) || \ + defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE) +#define PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC 1 +#endif + /***************************************************************** * BASIC -> corresponding PUBLIC ****************************************************************/ @@ -72,4 +86,12 @@ #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY 1 +#endif + +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY 1 +#endif + #endif /* PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H */ diff --git a/ext/oberon/psa/core/include/psa/crypto_extra.h b/ext/oberon/psa/core/include/psa/crypto_extra.h index 1ce52f976475..3c6ae192e97b 100644 --- a/ext/oberon/psa/core/include/psa/crypto_extra.h +++ b/ext/oberon/psa/core/include/psa/crypto_extra.h @@ -427,11 +427,6 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) -/** PAKE operation stages. */ -#define PSA_PAKE_OPERATION_STAGE_SETUP 0 -#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 -#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 - /** * \brief Set domain parameters for a key. * @@ -770,6 +765,108 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * @{ */ +#define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE ((psa_key_type_t) 0x7400) +#define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4400) +#define PSA_KEY_TYPE_SPAKE2P_CURVE_MASK ((psa_key_type_t) 0x00ff) + + /** SPAKE2+ key pair. Both the prover and verifier key. + * + * The size of a SPAKE2+ key is the size associated with the elliptic curve + * group. See the documentation of each elliptic curve family for details. + * To construct a SPAKE2+ key pair, it must be output from a key derivation + * operation. + * The corresponding public key can be exported using psa_export_public_key(). + * See also #PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(). + * + * \param curve A value of type psa_ecc_family_t that identifies the elliptic + * curve family to be used. + */ +#define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(curve) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE | (curve))) + + /** SPAKE2+ public key. The verifier key. + * + * The size of an SPAKE2+ public key is the same as the corresponding private + * key. See #PSA_KEY_TYPE_SPAKE2P_KEY_PAIR() and the documentation of each + * elliptic curve family for details. + * To construct a SPAKE2+ public key, it must be imported. + * + * \param curve A value of type psa_ecc_family_t that identifies the elliptic + * curve family to be used. + */ +#define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(curve) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE | (curve))) + + /** Whether a key type is a SPAKE2+ key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_SPAKE2P(type) \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE) + /** Whether a key type is a SPAKE2+ key pair. */ +#define PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type) \ + (((type) & ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE) + /** Whether a key type is a SPAKE2+ public key. */ +#define PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(type) \ + (((type) & ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE) + /** Extract the curve from a SPAKE2+ key type. */ +#define PSA_KEY_TYPE_SPAKE2P_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_SPAKE2P(type) ? \ + ((type) & PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) : \ + 0)) + +#define PSA_KEY_TYPE_SRP_KEY_PAIR_BASE ((psa_key_type_t) 0x7700) +#define PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4700) +#define PSA_KEY_TYPE_SRP_GROUP_MASK ((psa_key_type_t) 0x00ff) + + /** SRP key pair. Both the client and server key. + * + * The size of a SRP key is the size associated with the Diffie-Hellman + * group. See the documentation of each Diffie-Hellman group for details. + * To construct a SRP key pair, the password hash must be imported. + * The corresponding public key (password verifier) can be exported using + * psa_export_public_key(). See also #PSA_KEY_TYPE_SRP_PUBLIC_KEY(). + * + * \param group A value of type ::psa_dh_family_t that identifies the + * Diffie-Hellman group to be used. + */ +#define PSA_KEY_TYPE_SRP_KEY_PAIR(group) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SRP_KEY_PAIR_BASE | (group))) + + /** SRP public key. The server key (password verifier). + * + * The size of an SRP public key is the same as the corresponding private + * key. See #PSA_KEY_TYPE_SRP_KEY_PAIR() and the documentation of each + * Diffie-Hellman group for details. + * To construct a SRP public key, it must be imported. The key size + * in attributes must not be zero. + * + * \param group A value of type ::psa_dh_family_t that identifies the + * Diffie-Hellman group to be used. + */ +#define PSA_KEY_TYPE_SRP_PUBLIC_KEY(group) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE | (group))) + + /** Whether a key type is a SRP key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_SRP(type) \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE) + /** Whether a key type is a SRP key pair. */ +#define PSA_KEY_TYPE_IS_SRP_KEY_PAIR(type) \ + (((type) & ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_KEY_PAIR_BASE) + /** Whether a key type is a SRP public key. */ +#define PSA_KEY_TYPE_IS_SRP_PUBLIC_KEY(type) \ + (((type) & ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE) + /** Extract the curve from a SRP key type. */ +#define PSA_KEY_TYPE_SRP_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_SRP(type) ? \ + ((type) & PSA_KEY_TYPE_SRP_GROUP_MASK) : \ + 0)) + #define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t) 0x0a000000) /** Whether the specified algorithm is a password-authenticated key exchange. @@ -798,10 +895,9 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * in any order: * * \code - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE(hash)); * psa_pake_cs_set_primitive(cipher_suite, * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); * \endcode * * For more information on how to set a specific curve or field, refer to the @@ -810,10 +906,9 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * After initializing a J-PAKE operation, call * * \code - * psa_pake_setup(operation, cipher_suite); + * psa_pake_setup(operation, key, cipher_suite); * psa_pake_set_user(operation, ...); * psa_pake_set_peer(operation, ...); - * psa_pake_set_password_key(operation, ...); * \endcode * * The password is provided as a key. This can be the password text itself, @@ -824,8 +919,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here * \c q is order of the group defined by the primitive set in the cipher suite. - * The \c psa_pake_set_password_key() function returns an error if the result - * of the reduction is 0.) + * The \c psa_pake_setup() function returns an error if the result of the + * reduction is 0.) * * The key exchange flow for J-PAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call @@ -881,7 +976,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * -# To access the shared secret call * \code * // Get Ka=Kb=K - * psa_pake_get_implicit_key() + * psa_pake_get_shared_key() * \endcode * * For more information consult the documentation of the individual @@ -899,86 +994,125 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * of RFC 8236 for two examples. * */ -#define PSA_ALG_JPAKE ((psa_algorithm_t) 0x0a000100) +#define PSA_ALG_JPAKE_BASE ((psa_algorithm_t) 0x0a000100) +#define PSA_ALG_JPAKE(hash_alg) (PSA_ALG_JPAKE_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_JPAKE(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_JPAKE_BASE) /** The SPAKE2+ algorithm. * - * This is SPAKE2+ as defined by draft-bar-cfrg-spake2plus-08, instantiated - * with the following parameters: + * SPAKE2+ is the augmented password-authenticated key exchange protocol, + * defined by RFC9383. SPAKE2+ includes confirmation of the shared secret + * key that results from the key exchange. + * SPAKE2+ is required by Matter Specification, Version 1.2, as MATTER_PAKE. + * Matter uses an earlier draft of the SPAKE2+ protocol: "SPAKE2+, an + * Augmented PAKE (Draft 02)". + * Although the operation of the PAKE is similar for both of these variants, + * they have different key schedules for the derivation of the shared secret. + * + * When setting up a PAKE cipher suite to use the SPAKE2+ protocol defined + * in RFC9383: + * - For cipher-suites that use HMAC for key confirmation, use the + * PSA_ALG_SPAKE2P_HMAC() algorithm, parameterized by the required hash + * algorithm. + * - For cipher-suites that use CMAC-AES-128 for key confirmation, use the + * PSA_ALG_SPAKE2P_CMAC() algorithm, parameterized by the required hash + * algorithm. + * - Use a PAKE primitive for the required elliptic curve. + * + * For example, the following code creates a cipher suite to select SPAKE2+ + * using edwards25519 with the SHA-256 hash function: * - * - The group can be either an elliptic curve or defined over a finite field. - * - A cryptographic hash function. + * \code + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SPAKE2P_HMAC(PSA_ALG_SHA_256)); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_TWISTED_EDWARDS, 255)); + * \endcode * - * To select these parameters and set up the cipher suite, call these functions - * in any order: + * When setting up a PAKE cipher suite to use the SPAKE2+ protocol used by + * Matter: + * - Use the PSA_ALG_SPAKE2P_MATTER algorithm. + * - Use the PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_SECP_R1, 256) + * PAKE primitive. + * + * The following code creates a cipher suite to select the Matter variant of + * SPAKE2+: * * \code - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SPAKE2P); - * psa_pake_cs_set_primitive(cipher_suite, - * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_SPAKE2P_MATTER); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_SECP_R1, 256)); * \endcode * - * For more information on how to set a specific curve or field, refer to the - * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - * * After initializing a SPAKE2+ operation, call * * \code - * psa_pake_setup(operation, cipher_suite); + * psa_pake_setup(operation, password, cipher_suite); * psa_pake_set_role(operation, ...); - * psa_pake_set_user(operation, ...); - * psa_pake_set_peer(operation, ...); - * psa_pake_set_password_key(operation, ...); * \endcode * + * The password provided to the client side must be of type + * #PSA_KEY_TYPE_SPAKE2P_KEY_PAIR. + * The password provided to the server side must be of type + * #PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY. + * * The role set by \c psa_pake_set_role() must be either * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER. * - * The password provided to the client side consists of the concatenation - * of the two password hash values w0 and w1. - * The password provided to the server side consists of the concatenation - * of the password hash w0 and the registration record value L. + * Then provide any additional, optional parameters: + * + * \code + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * psa_pake_set_context(operation, ...); + * \endcode + * * * The key exchange flow for a SPAKE2+ client is as follows: * \code - * // get context (optional) - * psa_pake_input(operation, PSA_PAKE_STEP_CONTEXT, ...); * // send shareP * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // receive shareV * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // receive confirmP + * // receive confirmV * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); - * // send confirmV + * // send confirmP * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // get K_shared - * psa_pake_get_implicit_key(operation, ...); + * psa_pake_get_shared_key(operation, ...); * \endcode * * The key exchange flow for a SPAKE2+ server is as follows: * \code - * // get context (optional) - * psa_pake_input(operation, PSA_PAKE_STEP_CONTEXT, ...); * // receive shareP * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // send shareV * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // send confirmP + * // send confirmV * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); - * // receive confirmV + * // receive confirmP * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // get K_shared - * psa_pake_get_implicit_key(operation, ...); + * psa_pake_get_shared_key(operation, ...); * \endcode * - * For more information consult the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. + * The shared secret that is produced by SPAKE2+ is pseudorandom. Although + * it can be used directly as an encryption key, it is recommended to use + * the shared secret as an input to a key derivation operation to produce + * additional cryptographic keys. */ -#define PSA_ALG_SPAKE2P ((psa_algorithm_t) 0x0a000200) +#define PSA_ALG_IS_SPAKE2P_HMAC_BASE ((psa_algorithm_t) 0x0a000400) +#define PSA_ALG_SPAKE2P_HMAC(hash_alg) (PSA_ALG_IS_SPAKE2P_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_SPAKE2P_CMAC_BASE ((psa_algorithm_t) 0x0a000500) +#define PSA_ALG_SPAKE2P_CMAC(hash_alg) (PSA_ALG_IS_SPAKE2P_CMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_SPAKE2P_MATTER ((psa_algorithm_t) 0x0A000609) +#define PSA_ALG_IS_SPAKE2P(alg) (((alg) & ~0x000003ff) == PSA_ALG_IS_SPAKE2P_HMAC_BASE) +#define PSA_ALG_IS_SPAKE2P_HMAC(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_IS_SPAKE2P_HMAC_BASE) +#define PSA_ALG_IS_SPAKE2P_CMAC(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_IS_SPAKE2P_CMAC_BASE) /** The Secure Remote Passwort key exchange (SRP) algorithm. * @@ -988,30 +1122,30 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * - The group is defined over a finite field using a secure prime. * - A cryptographic hash function. * - * To select these parameters and set up the cipher suite, call these functions - * in any order: + * To select these parameters and set up the cipher suite, call these functions: * * \code - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); - * psa_pake_cs_set_primitive(cipher_suite, + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SRP_6(hash)); + * psa_pake_cs_set_primitive(&cipher_suite, * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); * \endcode * - * For more information on how to set a specific curve or field, refer to the - * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - * - * After initializing a SRP operation, call + * After initializing a SRP operation, call: * * \code - * psa_pake_setup(operation, cipher_suite); - * psa_pake_set_role(operation, ...); // PSA_PAKE_ROLE_CLIENT or PSA_PAKE_ROLE_SERVER + * psa_pake_setup(operation, password, cipher_suite); + * psa_pake_set_role(operation, ...); * psa_pake_set_user(operation, ...); - * psa_pake_set_password_key(operation, ...); * \endcode * - * The password provided to the client side consists of the password hash h. - * The password provided to the server side consists of the password verifier. + * The password provided to the client side must be of type + * #PSA_KEY_TYPE_SRP_KEY_PAIR. + * The password provided to the server side must be of type + * #PSA_KEY_TYPE_SRP_PUBLIC_KEY. + * + * The role set by \c psa_pake_set_role() must be either + * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER. * * For the SRP client key exchange call the following functions in any order: * \code @@ -1040,7 +1174,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * // receive M2 * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // Get secret - * psa_pake_get_implicit_key() + * psa_pake_get_shared_key() * \endcode * * For the server proof phase call the following functions in this order: @@ -1050,16 +1184,17 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * // send M2 * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // Get secret - * psa_pake_get_implicit_key() + * psa_pake_get_shared_key() * \endcode * - * For more information consult the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. + * The shared secret that is produced by SRP is pseudorandom. Although + * it can be used directly as an encryption key, it is recommended to use + * the shared secret as an input to a key derivation operation to produce + * additional cryptographic keys. */ -#define PSA_ALG_SRP_6 ((psa_algorithm_t) 0x0a000300) +#define PSA_ALG_SRP_6_BASE ((psa_algorithm_t) 0x0a000300) +#define PSA_ALG_SRP_6(hash_alg) (PSA_ALG_SRP_6_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_SRP_6(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SRP_6_BASE) /** @} */ @@ -1117,8 +1252,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * specific elliptic curve, using the same mapping that is used for ECC * (::psa_ecc_family_t) keys. * - * (Here \c family means the value returned by psa_pake_cs_get_family() and - * \c bits means the value returned by psa_pake_cs_get_bits().) + * (Here \c family means the value returned by PSA_PAKE_PRIMITIVE_GET_FAMILY() and + * \c bits means the value returned by PSA_PAKE_PRIMITIVE_GET_BITS().) * * Input and output during the operation can involve group elements and scalar * values: @@ -1137,8 +1272,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * a specific Diffie-Hellman group, using the same mapping that is used for * Diffie-Hellman (::psa_dh_family_t) keys. * - * (Here \c family means the value returned by psa_pake_cs_get_family() and - * \c bits means the value returned by psa_pake_cs_get_bits().) + * (Here \c family means the value returned by PSA_PAKE_PRIMITIVE_GET_FAMILY() and + * \c bits means the value returned by PSA_PAKE_PRIMITIVE_GET_BITS().) * * Input and output during the operation can involve group elements and scalar * values: @@ -1171,11 +1306,41 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * ::psa_pake_primitive_t. */ #define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ - ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ - ((psa_pake_primitive_t) (((pake_type) << 24 | \ - (pake_family) << 16) | (pake_bits))) + (((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ + ((psa_pake_primitive_t) (((pake_type) << 24 | \ + (pake_family) << 16) | (pake_bits)))) + +#define PSA_PAKE_PRIMITIVE_GET_BITS(pake_primitive) \ + ((size_t)(pake_primitive & 0xFFFF)) -/** The key share being sent to or received from the peer. +#define PSA_PAKE_PRIMITIVE_GET_FAMILY(pake_primitive) \ + ((psa_pake_family_t)((pake_primitive >> 16) & 0xFF)) + +#define PSA_PAKE_PRIMITIVE_GET_TYPE(pake_primitive) \ + ((psa_pake_primitive_type_t)((pake_primitive >> 24) & 0xFF)) + +/** A key confirmation value that indicates a confirmed key in a PAKE cipher + * suite. + * + * This key confirmation value will result in the PAKE algorithm exchanging + * data to verify that the shared key is identical for both parties. This is + * the default key confirmation value in an initialized PAKE cipher suite + * object. + * Some algorithms do not include confirmation of the shared key. + */ +#define PSA_PAKE_CONFIRMED_KEY 0 + +/** A key confirmation value that indicates an unconfirmed key in a PAKE cipher + * suite. + * + * This key confirmation value will result in the PAKE algorithm terminating + * prior to confirming that the resulting shared key is identical for both + * parties. + * Some algorithms do not support returning an unconfirmed shared key. + */ +#define PSA_PAKE_UNCONFIRMED_KEY 1 + + /** The key share being sent to or received from the peer. * * The format for both input and output at this step is the same as for public * keys on the group determined by the primitive (::psa_pake_primitive_t) would @@ -1229,11 +1394,14 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( /** The key confirmation value. * - * For PSA_ALG_SPAKE2P, the format for both input and output at this step is - * the same as the output of the MAC algorithm used. + * This value is used during the key confirmation phase of a PAKE protocol. + * The format of the value depends on the algorithm and cipher suite: + * + * For SPAKE2+ algorithms, the format for both input and output at this step is + * the same as the output of the MAC algorithm specified in the cipher suite. * * For PSA_ALG_SRP_6, the format for both input and output at this step is - * the same as the output of the Hash algorithm used. + * the same as the output of the Hash algorithm specified. */ #define PSA_PAKE_STEP_CONFIRM ((psa_pake_step_t)0x04) @@ -1243,12 +1411,6 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( */ #define PSA_PAKE_STEP_SALT ((psa_pake_step_t)0x05) -/** The context information. - * - * The format for this input step is plain binary data. - */ -#define PSA_PAKE_STEP_CONTEXT ((psa_pake_step_t)0x06) - /** Retrieve the PAKE algorithm from a PAKE cipher suite. * * \param[in] cipher_suite The cipher suite structure to query. @@ -1294,54 +1456,6 @@ static psa_pake_primitive_t psa_pake_cs_get_primitive( static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive); -/** Retrieve the PAKE family from a PAKE cipher suite. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The PAKE family stored in the cipher suite structure. - */ -static psa_pake_family_t psa_pake_cs_get_family( - const psa_pake_cipher_suite_t *cipher_suite); - -/** Retrieve the PAKE primitive bit-size from a PAKE cipher suite. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The PAKE primitive bit-size stored in the cipher suite structure. - */ -static uint16_t psa_pake_cs_get_bits( - const psa_pake_cipher_suite_t *cipher_suite); - -/** Retrieve the hash algorithm from a PAKE cipher suite. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The hash algorithm stored in the cipher suite structure. The return - * value is 0 if the PAKE is not parametrised by a hash algorithm or if - * the hash algorithm is not set. - */ -static psa_algorithm_t psa_pake_cs_get_hash( - const psa_pake_cipher_suite_t *cipher_suite); - -/** Declare the hash algorithm for a PAKE cipher suite. - * - * This function overwrites any hash algorithm - * previously set in \p cipher_suite. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param hash The hash involved in the cipher suite. - * (`PSA_ALG_XXX` values of type ::psa_algorithm_t - * such that #PSA_ALG_IS_HASH(\c alg) is true.) - * If this is 0, the hash algorithm in - * \p cipher_suite becomes unspecified. - */ -static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, - psa_algorithm_t hash); - /** The type of the state data structure for PAKE operations. * * Before calling any function on a PAKE operation object, the application @@ -1385,7 +1499,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Initialize the operation object with one of the methods described in the * documentation for #psa_pake_operation_t, e.g. * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify the cipher suite. + * -# Call psa_pake_setup() to specify the password key and the cipher suite. * -# Call \c psa_pake_set_xxx() functions on the operation to complete the * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs * to be called depends on the algorithm in use. @@ -1402,7 +1516,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * the key share that was received from the peer. * -# Depending on the algorithm additional calls to psa_pake_output() and * psa_pake_input() might be necessary. - * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * -# Call psa_pake_get_shared_key() for accessing the shared secret. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) @@ -1417,27 +1531,40 @@ static psa_pake_operation_t psa_pake_operation_init(void); * eventually terminate the operation. The following events terminate an * operation: * - A call to psa_pake_abort(). - * - A successful call to psa_pake_get_implicit_key(). + * - A successful call to psa_pake_get_shared_key(). * * \param[in,out] operation The operation object to set up. It must have * been initialized but not set up yet. + * \param[in] password_key Identifier of the key holding the password or + * a value derived from the password. It must + * remain valid until the operation terminates. + * The valid key types depend on the PAKE algorithm, + * and participant role. * \param[in] cipher_suite The cipher suite to use. (A cipher suite fully * characterizes a PAKE algorithm and determines * the algorithm as well.) * * \retval #PSA_SUCCESS * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p password_key is not a valid key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not + * permit the \p operation's algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The algorithm in \p cipher_suite is not a PAKE algorithm, or the - * PAKE primitive in \p cipher_suite is not compatible with the - * PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid - * or not compatible with the PAKE algorithm and primitive. + * The algorithm in \p cipher_suite is not a PAKE algorithm or encodes + * an invalid hash algorithm, or the PAKE primitive in \p cipher_suite + * is not compatible with the PAKE algorithm, or the key confirmation + * value in \p cipher_suite is not compatible with the PAKE algorithm + * and primitive, or the \p password_key is not compatible with + * \p cipher_suite. * \retval #PSA_ERROR_NOT_SUPPORTED * The algorithm in \p cipher_suite is not a supported PAKE algorithm, * or the PAKE primitive in \p cipher_suite is not supported or not - * compatible with the PAKE algorithm, or the hash algorithm in - * \p cipher_suite is not supported or not compatible with the PAKE - * algorithm and primitive. + * compatible with the PAKE algorithm, or the key confirmation value + * in \p cipher_suite is not supported or not compatible with the PAKE + * algorithm and primitive, or the key type or key size of + * \p password_key is not supported with \p cipher_suite. * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE @@ -1447,55 +1574,49 @@ static psa_pake_operation_t psa_pake_operation_init(void); * results in this error code. */ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password_key, const psa_pake_cipher_suite_t *cipher_suite); -/** Set the password for a password-authenticated key exchange from key ID. - * - * Call this function when the password, or a value derived from the password, - * is already present in the key store. - * - * \param[in,out] operation The operation object to set the password for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the password hasn't - * been set yet (psa_pake_set_password_key() - * hasn't been called yet). - * \param password Identifier of the key holding the password or a - * value derived from the password (eg. by a - * memory-hard function). It must remain valid - * until the operation terminates. It must be of - * type #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow - * the usage #PSA_KEY_USAGE_DERIVE. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \p password is not a valid key identifier. - * \retval #PSA_ERROR_NOT_PERMITTED - * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not - * permit the \p operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with - * the \p operation's cipher suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key type or key size of \p password is not supported with the - * \p operation's cipher suite. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription - * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription - * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription - * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription - * \retval #PSA_ERROR_DATA_INVALID \emptydescription - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.), or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); +/** Set the application role for a password-authenticated key exchange. +* +* Not all PAKE algorithms need to differentiate the communicating entities. +* It is optional to call this function for PAKEs that don't require a role +* to be specified. For such PAKEs the application role parameter is ignored, +* or #PSA_PAKE_ROLE_NONE can be passed as \c role. +* +* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` +* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) +* for more information. +* +* \param[in,out] operation The operation object to specify the +* application's role for. It must have been set up +* by psa_pake_setup() and not yet in use (neither +* psa_pake_output() nor psa_pake_input() has been +* called yet). It must be an operation for which +* the application's role hasn't been specified +* (psa_pake_set_role() hasn't been called yet). +* \param role A value of type ::psa_pake_role_t indicating the +* application's role in the PAKE algorithm +* that is being set up. For more information see +* the documentation of \c PSA_PAKE_ROLE_XXX +* constants. +* +* \retval #PSA_SUCCESS +* Success. +* \retval #PSA_ERROR_INVALID_ARGUMENT +* The \p role is not a valid PAKE role in the \p operation’s algorithm. +* \retval #PSA_ERROR_NOT_SUPPORTED +* The \p role for this algorithm is not supported or is not valid. +* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription +* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription +* \retval #PSA_ERROR_BAD_STATE +* The operation state is not valid, or +* the library has not been previously initialized by psa_crypto_init(). +* It is implementation-dependent whether a failure to initialize +* results in this error code. +*/ +psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, + psa_pake_role_t role); /** Set the user ID for a password-authenticated key exchange. * @@ -1580,46 +1701,43 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len); -/** Set the application role for a password-authenticated key exchange. +/** Set the context data for a password-authenticated key exchange. * - * Not all PAKE algorithms need to differentiate the communicating entities. - * It is optional to call this function for PAKEs that don't require a role - * to be specified. For such PAKEs the application role parameter is ignored, - * or #PSA_PAKE_ROLE_NONE can be passed as \c role. + * Call this function for PAKE algorithms that accept additional context data + * as part of the protocol setup. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * - * \param[in,out] operation The operation object to specify the - * application's role for. It must have been set up - * by psa_pake_setup() and not yet in use (neither - * psa_pake_output() nor psa_pake_input() has been - * called yet). It must be an operation for which - * the application's role hasn't been specified - * (psa_pake_set_role() hasn't been called yet). - * \param role A value of type ::psa_pake_role_t indicating the - * application's role in the PAKE algorithm - * that is being set up. For more information see - * the documentation of \c PSA_PAKE_ROLE_XXX - * constants. + * \param[in,out] operation The operation object to set the context for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the context hasn't + * been set (psa_pake_set_context() hasn't been + * called yet). + * \param[in] context The context. + * \param context_len Size of the \p context buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The \p role is not a valid PAKE role in the \p operation’s algorithm. + * The \p context is not valid for the operation’s algorithm and cipher suite. * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p role for this algorithm is not supported or is not valid. + * The \p context is not supported by the implementation. * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). + * Calling psa_pake_set_context() is invalid with the \p operation's + * algorithm, the operation state is not valid, or the library has not + * been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, - psa_pake_role_t role); +psa_status_t psa_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, + size_t context_len); /** Get output for a step of a password-authenticated key exchange. * @@ -1636,8 +1754,8 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, * state and must be aborted by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param step The step of the algorithm for which the output is - * requested. + * \param step The step of the algorithm for which the output + * is requested. * \param[out] output Buffer where the output is to be written in the * format appropriate for this \p step. Refer to * the documentation of the individual @@ -1671,8 +1789,8 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps), or - * the library has not been previously initialized by psa_crypto_init(). + * for ordering of input and output steps), or the library has not + * been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1710,10 +1828,12 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step. * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p step is not compatible with the operation's algorithm, or * \p input_length is not compatible with the \p operation’s algorithm, * or the \p input is not valid for the \p operation's algorithm, * cipher suite or \p step. * \retval #PSA_ERROR_NOT_SUPPORTED + * \p step is not supported with the operation's algorithm, or * \p step p is not supported with the \p operation's algorithm, or the * \p input is not supported for the \p operation's algorithm, cipher * suite or \p step. @@ -1726,8 +1846,8 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps), or - * the library has not been previously initialized by psa_crypto_init(). + * for ordering of input and output steps), or the library has not + * been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1736,47 +1856,82 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, const uint8_t *input, size_t input_length); -/** Get implicitly confirmed shared secret from a PAKE. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party it claims to be and was able to do so. +/** Get shared secret from a PAKE. * - * That is, the authentication is only implicit. Since the peer is not - * authenticated yet, no action should be taken yet that assumes that the peer - * is who it claims to be. For example, do not access restricted files on the - * peer's behalf until an explicit authentication has succeeded. + * This is the final call in a PAKE operation, which retrieves the shared + * secret as a key. It is recommended that this key is used as an input to a + * key derivation operation to produce additional cryptographic keys. For + * some PAKE algorithms, the shared secret is also suitable for use as a key + * in cryptographic operations such as encryption. Refer to the documentation + * of individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. * - * This function can be called after the key exchange phase of the operation - * has completed. It imports the shared secret output of the PAKE into the - * provided derivation operation. The input step - * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key - * material in the key derivation operation. + * Depending on the key confirmation requested in the cipher suite, + * psa_pake_get_shared_key() must be called either before or after the + * key-confirmation output and input steps for the PAKE algorithm. The key + * confirmation affects the guarantees that can be made about the shared key: + * + * Unconfirmed key + * If the cipher suite used to set up the operation requested an unconfirmed + * key, the application must call psa_pake_get_shared_key() after the + * key-exchange output and input steps are completed. The PAKE algorithm + * provides a cryptographic guarantee that only a peer who used the same + * password, and identity inputs, is able to compute the same key. However, + * there is no guarantee that the peer is the participant it claims to be, + * and was able to compute the same key. + * Since the peer is not authenticated, no action should be taken that assumes + * that the peer is who it claims to be. For example, do not access restricted + * files on the peer’s behalf until an explicit authentication has succeeded. + * Note: + * Some PAKE algorithms do not enable the output of the shared secret until it + * has been confirmed. + * + * Confirmed key + * If the cipher suite used to set up the operation requested a confirmed key, + * the application must call psa_pake_get_shared_key() after the key-exchange + * and key-confirmation output and input steps are completed. + * Following key confirmation, the PAKE algorithm provides a cryptographic + * guarantee that the peer used the same password and identity inputs, and has + * computed the identical shared secret key. + * Since the peer is not authenticated, no action should be taken that assumes + * that the peer is who it claims to be. For example, do not access restricted + * files on the peer’s behalf until an explicit authentication has succeeded. + * Note: + * Some PAKE algorithms do not include any key-confirmation steps. * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. + * exchange depends on the algorithm in use. * * When this function returns successfully, \p operation becomes inactive. * If this function returns an error status, both \p operation - * and \c key_derivation operations enter an error state and must be aborted by - * calling psa_pake_abort() and psa_key_derivation_abort() respectively. + * and \c key_derivation operations enter an error state and must be aborted + * by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param[out] output A key derivation operation that is ready - * for an input step of type - * #PSA_KEY_DERIVATION_INPUT_SECRET. + * \param[in] attributes The attributes for the new key. + * \param[out] key On success, an identifier for the newly created + * key. #PSA_KEY_ID_NULL on failure. * * \retval #PSA_SUCCESS * Success. + * \retval #PSA_ERROR_NOT_PERMITTED + * The implementation does not permit creating a key with the + * specified attributes due to some implementation-specific policy. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. * \retval #PSA_ERROR_INVALID_ARGUMENT - * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the - * algorithm in the \p output key derivation operation. + * The key type is not valid for output from this operation’s + * algorithm, or the key size is nonzero, or the key lifetime is + * invalid, the key identifier is not valid for the key lifetime, + * or the key usage flags include invalid values, or the key’s + * permitted-usage algorithm is invalid, or the key attributes, + * as a whole, are invalid. * \retval #PSA_ERROR_NOT_SUPPORTED - * Input from a PAKE is not supported by the algorithm in the \p output - * key derivation operation. + * The key attributes, as a whole, are not supported for creation + * from a PAKE secret, either by the implementation in general or + * in the specified storage location. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription @@ -1784,18 +1939,15 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE - * The PAKE operation state is not valid (it must be active, but beyond - * that validity is specific to the algorithm), or - * the library has not been previously initialized by psa_crypto_init(), - * or the state of \p output is not valid for - * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the - * step is out of order or the application has done this step already - * and it may not be repeated. + * The PAKE operation state is not valid (it must be ready to return + * the shared secret), or the library has not been previously + * initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output); +psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key); /** Abort a PAKE operation. * @@ -1807,7 +1959,7 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * object has been initialized as described in #psa_pake_operation_t. * * In particular, calling psa_pake_abort() after the operation has been - * terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key() + * terminated by a call to psa_pake_abort() or psa_pake_get_shared_key() * is safe and has no effect. * * \param[in,out] operation The operation to abort. @@ -1846,15 +1998,19 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * return 0. */ #define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \ - (alg == PSA_ALG_JPAKE && \ - primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \ - PSA_ECC_FAMILY_SECP_R1, 256) ? \ - ( \ - output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \ - output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \ - 32 \ - ) : \ - 0) + (output_step == PSA_PAKE_STEP_KEY_SHARE ? \ + PSA_PAKE_PRIMITIVE_GET_TYPE(primitive) == PSA_PAKE_PRIMITIVE_TYPE_DH ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_ZK_PUBLIC ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_ZK_PROOF ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_CONFIRM ? \ + PSA_ALG_IS_SPAKE2P_CMAC(alg) ? \ + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) : \ + PSA_HASH_LENGTH(alg) : \ + 0u) /** A sufficient input buffer size for psa_pake_input(). * @@ -1876,15 +2032,21 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * the parameters are incompatible, return 0. */ #define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \ - (alg == PSA_ALG_JPAKE && \ - primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \ - PSA_ECC_FAMILY_SECP_R1, 256) ? \ - ( \ - input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \ - input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \ - 32 \ - ) : \ - 0) + (input_step == PSA_PAKE_STEP_KEY_SHARE ? \ + PSA_PAKE_PRIMITIVE_GET_TYPE(primitive) == PSA_PAKE_PRIMITIVE_TYPE_DH ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_ZK_PUBLIC ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_ZK_PROOF ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_CONFIRM ? \ + PSA_ALG_IS_SPAKE2P_CMAC(alg) ? \ + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) : \ + PSA_HASH_LENGTH(alg) : \ + input_step == PSA_PAKE_STEP_SALT ? \ + 64u : \ + 0u) /** Output buffer size for psa_pake_output() for any of the supported PAKE * algorithm and primitive suites and output step. @@ -1896,7 +2058,11 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p output_step). */ -#define PSA_PAKE_OUTPUT_MAX_SIZE 65 +#ifdef PSA_WANT_ALG_SRP_6 +#define PSA_PAKE_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#else +#define PSA_PAKE_OUTPUT_MAX_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif /** Input buffer size for psa_pake_input() for any of the supported PAKE * algorithm and primitive suites and input step. @@ -1908,7 +2074,11 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p output_step). */ -#define PSA_PAKE_INPUT_MAX_SIZE 65 +#ifdef PSA_WANT_ALG_SRP_6 +#define PSA_PAKE_INPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#else +#define PSA_PAKE_INPUT_MAX_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif static inline psa_algorithm_t psa_pake_cs_get_algorithm( const psa_pake_cipher_suite_t *cipher_suite) @@ -1930,45 +2100,27 @@ static inline void psa_pake_cs_set_algorithm( static inline psa_pake_primitive_t psa_pake_cs_get_primitive( const psa_pake_cipher_suite_t *cipher_suite) { - return PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family, - cipher_suite->bits); + return cipher_suite->primitive; } static inline void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive) { - cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24); - cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16)); - cipher_suite->bits = (uint16_t) (0xFFFF & primitive); + cipher_suite->primitive = primitive; } -static inline psa_pake_family_t psa_pake_cs_get_family( - const psa_pake_cipher_suite_t *cipher_suite) +static inline uint32_t psa_pake_cs_get_key_confirmation( + const psa_pake_cipher_suite_t* cipher_suite) { - return cipher_suite->family; + return cipher_suite->key_confirmation; } -static inline uint16_t psa_pake_cs_get_bits( - const psa_pake_cipher_suite_t *cipher_suite) +static inline void psa_pake_cs_set_key_confirmation( + psa_pake_cipher_suite_t* cipher_suite, + uint32_t key_confirmation) { - return cipher_suite->bits; -} - -static inline psa_algorithm_t psa_pake_cs_get_hash( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return cipher_suite->hash; -} - -static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, - psa_algorithm_t hash) -{ - if (!PSA_ALG_IS_HASH(hash)) { - cipher_suite->hash = 0; - } else { - cipher_suite->hash = hash; - } + cipher_suite->key_confirmation = key_confirmation; } diff --git a/ext/oberon/psa/core/include/psa/crypto_sizes.h b/ext/oberon/psa/core/include/psa/crypto_sizes.h index a287c283663f..7021cc286171 100644 --- a/ext/oberon/psa/core/include/psa/crypto_sizes.h +++ b/ext/oberon/psa/core/include/psa/crypto_sizes.h @@ -901,6 +901,34 @@ #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) +/* Maximum size of the export encoding of an SPAKE2+ public key. + * + * An SPAKE2+ public key is represented by the secret values w0 and L. + */ +#define PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (3u * PSA_BITS_TO_BYTES(key_bits) + 1u) + +/* Maximum size of the export encoding of an SPAKE2+ key pair. + * + * An SPAKE2+ key pair is represented by the secret values w0 and w1. + */ +#define PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(key_bits) \ + (2u * PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an SRP public key. + * + * An SRP public key is represented by the password verifier. + */ +#define PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an SRP key pair. + * + * An SRP key pair is represented by the password hash. + */ +#define PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(key_bits) \ + (PSA_HASH_MAX_SIZE) + /** Sufficient output buffer size for psa_export_key() or * psa_export_public_key(). * @@ -947,7 +975,11 @@ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ - PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1) : /*!!OM-PCI-27*/ \ + PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(key_type) ? 2u * PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(key_type) ? 3u * PSA_BITS_TO_BYTES(key_bits) + 1u : \ + PSA_KEY_TYPE_IS_SRP_KEY_PAIR(key_type) ? PSA_HASH_MAX_SIZE : \ + PSA_KEY_TYPE_IS_SRP_PUBLIC_KEY(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1u) : /*!!OM-PCI-27*/ \ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_MONTGOMERY ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ @@ -1001,6 +1033,8 @@ #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P(key_type) ? 3u * PSA_BITS_TO_BYTES(key_bits) + 1u : \ + PSA_KEY_TYPE_IS_SRP(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1) : \ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_MONTGOMERY ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ @@ -1037,6 +1071,20 @@ #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient buffer size for exporting any asymmetric public key. * @@ -1070,6 +1118,20 @@ #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient output buffer size for psa_raw_key_agreement(). * diff --git a/ext/oberon/psa/core/include/psa/crypto_struct.h b/ext/oberon/psa/core/include/psa/crypto_struct.h index 60a1015eb318..6d6fde68390f 100644 --- a/ext/oberon/psa/core/include/psa/crypto_struct.h +++ b/ext/oberon/psa/core/include/psa/crypto_struct.h @@ -464,31 +464,17 @@ static inline size_t psa_get_key_bits( struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; - psa_pake_primitive_type_t type; - psa_pake_family_t family; - uint16_t bits; - psa_algorithm_t hash; + psa_pake_primitive_t primitive; + uint32_t key_confirmation; }; -#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0, 0, PSA_ALG_NONE} +#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0} static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) { const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT; return v; } -struct psa_crypto_driver_pake_inputs_s { - uint8_t *MBEDTLS_PRIVATE(password); - size_t MBEDTLS_PRIVATE(password_len); - psa_pake_role_t MBEDTLS_PRIVATE(role); - uint8_t *MBEDTLS_PRIVATE(user); - size_t MBEDTLS_PRIVATE(user_len); - uint8_t *MBEDTLS_PRIVATE(peer); - size_t MBEDTLS_PRIVATE(peer_len); - psa_key_attributes_t MBEDTLS_PRIVATE(attributes); - psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); -}; - struct psa_pake_operation_s { /*!!OM*/ #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) mbedtls_psa_client_handle_t handle; @@ -502,22 +488,22 @@ struct psa_pake_operation_s { /*!!OM*/ unsigned int MBEDTLS_PRIVATE(id); psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(passw_set) : 1; unsigned int MBEDTLS_PRIVATE(user_set) : 1; unsigned int MBEDTLS_PRIVATE(peer_set) : 1; unsigned int MBEDTLS_PRIVATE(role_set) : 1; + unsigned int MBEDTLS_PRIVATE(context_set) : 1; unsigned int MBEDTLS_PRIVATE(is_second) : 1; unsigned int MBEDTLS_PRIVATE(started) : 1; unsigned int MBEDTLS_PRIVATE(done) : 1; unsigned int MBEDTLS_PRIVATE(sequence); - psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); + uint32_t secret_size; psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); #endif }; /* This only zeroes out the first byte in the union, the rest is unspecified. */ -#define PSA_PAKE_OPERATION_INIT {} +#define PSA_PAKE_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } } static inline struct psa_pake_operation_s psa_pake_operation_init(void) { const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT; @@ -547,7 +533,7 @@ struct psa_sign_hash_interruptible_operation_s { #endif }; -#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT {} +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0, 0, 0 } static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) diff --git a/ext/oberon/psa/core/include/psa/crypto_types.h b/ext/oberon/psa/core/include/psa/crypto_types.h index 250322752046..c39c2aa230c2 100644 --- a/ext/oberon/psa/core/include/psa/crypto_types.h +++ b/ext/oberon/psa/core/include/psa/crypto_types.h @@ -509,8 +509,4 @@ typedef uint8_t psa_pake_role_t; */ typedef uint8_t psa_pake_step_t; -/** The type of input values for PAKE operations. */ -typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; - - #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/ext/oberon/psa/core/include/psa/crypto_values.h b/ext/oberon/psa/core/include/psa/crypto_values.h index be3b894fbce7..ce7d4c48ec68 100644 --- a/ext/oberon/psa/core/include/psa/crypto_values.h +++ b/ext/oberon/psa/core/include/psa/crypto_values.h @@ -743,7 +743,7 @@ * 1536, 2048, 3072, 4096, 6144, 8192. A given implementation may support * all of these sizes or only a subset. */ -#define PSA_DH_FAMILY_RFC3526 ((psa_dh_family_t) 0x04) /*!!OM*/ +#define PSA_DH_FAMILY_RFC3526 ((psa_dh_family_t) 0x05) /*!!OM*/ #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \ (((type) >> 8) & 7) @@ -2221,6 +2221,35 @@ */ #define PSA_ALG_SP800_108_COUNTER_CMAC ((psa_algorithm_t) 0x08000800) +#define PSA_ALG_SRP_PASSWORD_HASH_BASE ((psa_algorithm_t) 0x08800300) + /** The SRP password to password-hash KDF. + * It takes the password p, the salt s, and the user id u. + * It calculates the password hash h as + * h = H(salt || H(u || ":" || p)) + * where H is the given hash algorithm. + * + * This key derivation algorithm uses the following inputs, which must be + * provided in the following order: + * - #PSA_KEY_DERIVATION_INPUT_INFO is the user id. + * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password. + * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt. + * The output has to be read as a key of type PSA_KEY_TYPE_SRP_KEY_PAIR. + */ +#define PSA_ALG_SRP_PASSWORD_HASH(hash_alg) \ + (PSA_ALG_SRP_PASSWORD_HASH_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) + + /** Whether the specified algorithm is a key derivation algorithm constructed + * using #PSA_ALG_SRP_PASSWORD_HASH(\p hash_alg). + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a key derivation algorithm constructed using #PSA_ALG_SRP_PASSWORD_HASH(), + * 0 otherwise. This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_SRP_PASSWORD_HASH(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SRP_PASSWORD_HASH_BASE) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000) diff --git a/ext/oberon/psa/core/library/psa_crypto.c b/ext/oberon/psa/core/library/psa_crypto.c index 4b74ae5e59fd..7f0f6ae9eb5c 100644 --- a/ext/oberon/psa/core/library/psa_crypto.c +++ b/ext/oberon/psa/core/library/psa_crypto.c @@ -821,9 +821,11 @@ psa_status_t psa_export_key_internal( { psa_key_type_t type = attributes->core.type; - if (key_type_is_raw_bytes(type) || - PSA_KEY_TYPE_IS_RSA(type) || - PSA_KEY_TYPE_IS_ECC(type)) { + if (key_type_is_raw_bytes(type) || + PSA_KEY_TYPE_IS_RSA(type) || + PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_SPAKE2P(type) || + PSA_KEY_TYPE_IS_SRP(type)) { return psa_export_key_buffer_internal( key_buffer, key_buffer_size, data, data_size, data_length); @@ -892,7 +894,8 @@ psa_status_t psa_export_public_key_internal( if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { + PSA_KEY_TYPE_IS_DH(type) || PSA_KEY_TYPE_IS_SPAKE2P(type) || + PSA_KEY_TYPE_IS_SRP(type))) { /* Exporting public -> public */ return psa_export_key_buffer_internal( key_buffer, key_buffer_size, @@ -3691,6 +3694,31 @@ static psa_status_t psa_key_derivation_check_state( } else #endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */ +#ifdef PSA_WANT_ALG_SRP_PASSWORD_HASH + if (PSA_ALG_IS_SRP_PASSWORD_HASH(alg)) { + switch (step) { + case PSA_KEY_DERIVATION_INPUT_INFO: + if (operation->info_set) return PSA_ERROR_BAD_STATE; + operation->info_set = 1; + break; + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + if (!operation->info_set || operation->passw_set) return PSA_ERROR_BAD_STATE; + operation->passw_set = 1; + break; + case PSA_KEY_DERIVATION_INPUT_SALT: + if (!operation->passw_set || operation->salt_set) return PSA_ERROR_BAD_STATE; + operation->salt_set = 1; + break; + case PSA_KEY_DERIVATION_OUTPUT: + if (!operation->salt_set) return PSA_ERROR_BAD_STATE; + operation->no_input = 1; + break; + default: + return PSA_ERROR_INVALID_ARGUMENT; + } + } else +#endif /* PSA_WANT_ALG_SRP_PASSWORD_HASH */ + #if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) || defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC) #if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) && defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC) if (PSA_ALG_IS_SP800_108_COUNTER_HMAC(alg) || alg == PSA_ALG_SP800_108_COUNTER_CMAC) { @@ -3783,25 +3811,35 @@ static psa_status_t psa_generate_derived_key_internal( size_t storage_size = bytes; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes; - psa_ecc_family_t curve = 0; + psa_key_type_t type = slot->attr.type; int calculate_key = 0; - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { return PSA_ERROR_INVALID_ARGUMENT; } - if (key_type_is_raw_bytes(slot->attr.type)) { + if (key_type_is_raw_bytes(type)) { if (bits % 8 != 0) return PSA_ERROR_INVALID_ARGUMENT; #ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - } else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(slot->attr.type)) { - curve = PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type); - if (PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) { - /* Weierstrass elliptic curve */ - calculate_key = 1; + } else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) { + bytes = PSA_BITS_TO_BYTES(bits + 1); // ED needs an extra bit } + calculate_key = 1; #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ +#ifdef PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE + } else if (PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type)) { + storage_size = bytes * 2u; // w0 : w1 + bytes = storage_size + 16u; // w0s : w1s + calculate_key = 1; +#endif /* PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE */ +#ifdef PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE + } else if (PSA_KEY_TYPE_IS_SRP_KEY_PAIR(type)) { + if (!PSA_ALG_IS_SRP_PASSWORD_HASH(operation->alg)) return PSA_ERROR_INVALID_ARGUMENT; + storage_size = bytes = PSA_HASH_LENGTH(operation->alg); +#endif /* PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE */ } else { - (void)curve; + (void)calculate_key; return PSA_ERROR_NOT_SUPPORTED; } @@ -3830,45 +3868,26 @@ static psa_status_t psa_generate_derived_key_internal( status = psa_key_derivation_output_bytes_internal(operation, data, bytes); if (status != PSA_SUCCESS) goto exit; -#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) if (calculate_key) { - uint32_t c; - size_t i; - - // mask data & avoid invalid argument error inside import_key() - switch (bits) { - case 192: - case 224: - case 256: - case 384: break; - case 521: data[0] &= 0x01; break; // truncate to 521 bits - default: - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + status = psa_driver_wrapper_derive_key( + &attributes, + data, bytes, + slot->key.data, slot->key.bytes, &slot->key.bytes); + + } else +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE || PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE */ + { + status = psa_driver_wrapper_import_key( + &attributes, + data, bytes, + slot->key.data, slot->key.bytes, &slot->key.bytes, + &bits); + if (bits != slot->attr.bits) { + status = PSA_ERROR_INVALID_ARGUMENT; } - - // increment data (to be compatible with PSA API spec) - c = 1; i = bytes; - do { - c += data[--i]; - data[i] = (uint8_t)c; - c >>= 8; - } while (i > 0); } -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ - - status = psa_driver_wrapper_import_key( - &attributes, - data, bytes, - slot->key.data, slot->key.bytes, &slot->key.bytes, - &bits); - } while (status == PSA_ERROR_INVALID_ARGUMENT && calculate_key); - - if (bits != slot->attr.bits) { - status = PSA_ERROR_INVALID_ARGUMENT; - } + } while (status == PSA_ERROR_INSUFFICIENT_DATA); exit: mbedtls_zeroize_and_free(data, bytes); @@ -4019,7 +4038,7 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, operation->alg = alg; if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { operation->capacity = 255 * PSA_HASH_LENGTH(kdf_alg); - } else if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { + } else if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) || PSA_ALG_IS_SRP_PASSWORD_HASH(kdf_alg)) { operation->capacity = PSA_HASH_LENGTH(kdf_alg); } else if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { operation->capacity = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE; @@ -4342,24 +4361,98 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, /****************************************************************/ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password_key, const psa_pake_cipher_suite_t *cipher_suite) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_algorithm_t alg = psa_pake_cs_get_algorithm(cipher_suite); + psa_pake_primitive_t primitive = psa_pake_cs_get_primitive(cipher_suite); + psa_pake_primitive_t ptype = PSA_PAKE_PRIMITIVE_GET_TYPE(primitive); + psa_ecc_family_t family = PSA_PAKE_PRIMITIVE_GET_FAMILY(primitive); + size_t bits = PSA_PAKE_PRIMITIVE_GET_BITS(primitive); + psa_key_attributes_t attributes; + psa_key_slot_t *slot = NULL; + psa_key_type_t ktype; + if (operation->alg) { return PSA_ERROR_BAD_STATE; } - if (!PSA_ALG_IS_PAKE(cipher_suite->algorithm) || - !PSA_ALG_IS_HASH(cipher_suite->hash) || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH)) { + if (!PSA_ALG_IS_PAKE(alg) || + (ptype != PSA_PAKE_PRIMITIVE_TYPE_ECC && ptype != PSA_PAKE_PRIMITIVE_TYPE_DH)) { return PSA_ERROR_INVALID_ARGUMENT; } - operation->alg = cipher_suite->algorithm; + status = psa_get_and_lock_key_slot_with_policy( + password_key, &slot, PSA_KEY_USAGE_DERIVE, alg); + if (status != PSA_SUCCESS) goto exit; + ktype = slot->attr.type; + + if (PSA_ALG_IS_JPAKE(alg)) { + if ((ktype != PSA_KEY_TYPE_PASSWORD && ktype != PSA_KEY_TYPE_PASSWORD_HASH) || + psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_UNCONFIRMED_KEY) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + if (ptype == PSA_PAKE_PRIMITIVE_TYPE_ECC) { + operation->secret_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(bits); + } else if (ptype == PSA_PAKE_PRIMITIVE_TYPE_DH) { + operation->secret_size = PSA_BITS_TO_BYTES(bits); + } else { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else { + if (PSA_ALG_IS_SPAKE2P(alg)) { + if (!PSA_KEY_TYPE_IS_SPAKE2P(ktype) || ptype != PSA_PAKE_PRIMITIVE_TYPE_ECC || + family != PSA_KEY_TYPE_SPAKE2P_GET_FAMILY(ktype)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else if (PSA_ALG_IS_SRP_6(alg)) { + if (!PSA_KEY_TYPE_IS_SRP(ktype) || ptype != PSA_PAKE_PRIMITIVE_TYPE_DH || + family != PSA_KEY_TYPE_SRP_GET_FAMILY(ktype)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + if (psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_CONFIRMED_KEY || + bits != slot->attr.bits) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->secret_size = PSA_HASH_LENGTH(alg); + if (alg == PSA_ALG_SPAKE2P_MATTER) operation->secret_size >>= 1; + } + + attributes = (psa_key_attributes_t) { + .core = slot->attr + }; + + status = psa_driver_wrapper_pake_setup( + operation, &attributes, + slot->key.data, slot->key.bytes, + cipher_suite); + + operation->alg = alg; + operation->started = 0; operation->sequence = 0; - operation->inputs.cipher_suite = *cipher_suite; - return PSA_SUCCESS; +exit: + unlock_status = psa_unlock_key_slot(slot); + + if (status == PSA_SUCCESS) { + status = unlock_status; + } else { + psa_pake_abort(operation); + } + + return status; } psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, @@ -4372,24 +4465,25 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, goto exit; } - switch (operation->alg) { #ifdef PSA_WANT_ALG_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { if (role > PSA_PAKE_ROLE_SECOND) return PSA_ERROR_INVALID_ARGUMENT; - break; + } else #endif -#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6) - case PSA_ALG_SPAKE2P: - case PSA_ALG_SRP_6: +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || \ + defined(PSA_WANT_ALG_SPAKE2P_MATTER) || defined(PSA_WANT_ALG_SRP_6) + if (PSA_ALG_IS_SPAKE2P(operation->alg) || PSA_ALG_IS_SRP_6(operation->alg)) { if (role == PSA_PAKE_ROLE_SERVER) operation->is_second = 1; else if (role != PSA_PAKE_ROLE_CLIENT) return PSA_ERROR_INVALID_ARGUMENT; - break; + } else #endif - default: + { return PSA_ERROR_INVALID_ARGUMENT; } - operation->inputs.role = role; + status = psa_driver_wrapper_pake_set_role(operation, role); + if (status != PSA_SUCCESS) goto exit; + operation->role_set = 1; return PSA_SUCCESS; @@ -4409,39 +4503,45 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, goto exit; } -#ifdef PSA_WANT_ALG_SPAKE2P - if (operation->alg == PSA_ALG_SPAKE2P) { - if (user_id == NULL && user_id_len != 0) { +#ifdef PSA_WANT_ALG_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (user_id == NULL || user_id_len == 0) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } } else #endif - { - if (user_id == NULL || user_id_len == 0) { +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (!operation->role_set) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + if (user_id == NULL && user_id_len != 0) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - } - -#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6) - if (operation->alg == PSA_ALG_SPAKE2P || operation->alg == PSA_ALG_SRP_6) { + } else +#endif +#ifdef PSA_WANT_ALG_SRP_6 + if (PSA_ALG_IS_SRP_6(operation->alg)) { if (!operation->role_set) { status = PSA_ERROR_BAD_STATE; goto exit; } - } + if (user_id == NULL || user_id_len == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else #endif + { + return PSA_ERROR_INVALID_ARGUMENT; + } + + status = psa_driver_wrapper_pake_set_user(operation, user_id, user_id_len); + if (status != PSA_SUCCESS) goto exit; - if(user_id_len != 0) { - operation->inputs.user = mbedtls_calloc(1, user_id_len); - if (operation->inputs.user == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto exit; - } - memcpy(operation->inputs.user, user_id, user_id_len); - } - operation->inputs.user_len = user_id_len; operation->user_set = 1; return PSA_SUCCESS; @@ -4461,40 +4561,38 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, goto exit; } -#ifdef PSA_WANT_ALG_SPAKE2P - if (operation->alg == PSA_ALG_SPAKE2P) { - if (peer_id == NULL && peer_id_len != 0) { - status = PSA_ERROR_INVALID_ARGUMENT; +#ifdef PSA_WANT_ALG_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (!operation->user_set) { + status = PSA_ERROR_BAD_STATE; goto exit; } - } else -#endif - { if (peer_id == NULL || peer_id_len == 0) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - } - -#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6) - if (operation->alg == PSA_ALG_SPAKE2P || operation->alg == PSA_ALG_SRP_6) { + } else +#endif +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { if (!operation->role_set) { status = PSA_ERROR_BAD_STATE; goto exit; } - } + if (peer_id == NULL && peer_id_len != 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else #endif + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } - if(peer_id_len != 0) { - operation->inputs.peer = mbedtls_calloc(1, peer_id_len); - if (operation->inputs.peer == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto exit; - } - memcpy(operation->inputs.peer, peer_id, peer_id_len); - } + status = psa_driver_wrapper_pake_set_peer(operation, peer_id, peer_id_len); + if (status != PSA_SUCCESS) goto exit; - operation->inputs.peer_len = peer_id_len; operation->peer_set = 1; return PSA_SUCCESS; @@ -4503,64 +4601,42 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, return status; } -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password) +psa_status_t psa_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, + size_t context_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot = NULL; - psa_key_attributes_t attributes; - psa_key_type_t type; - if (operation->alg == 0 || operation->passw_set || operation->started) { + if (operation->alg == 0 || operation->context_set || !operation->role_set || operation->started) { status = PSA_ERROR_BAD_STATE; goto exit; } -#ifdef PSA_WANT_ALG_SPAKE2P - if (operation->alg == PSA_ALG_SPAKE2P && - (!operation->role_set || !operation->user_set || !operation->peer_set)) { +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (context == NULL && context_len != 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else +#endif + { status = PSA_ERROR_BAD_STATE; goto exit; } -#endif - status = psa_get_and_lock_key_slot_with_policy( - password, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); + status = psa_driver_wrapper_pake_set_context(operation, context, context_len); if (status != PSA_SUCCESS) goto exit; - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - - type = psa_get_key_type( &attributes ); - if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - operation->inputs.password = mbedtls_calloc(1, slot->key.bytes); - if (operation->inputs.password == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto exit; - } - memcpy(operation->inputs.password, slot->key.data, slot->key.bytes); - operation->inputs.password_len = slot->key.bytes; - operation->inputs.attributes = attributes; - operation->passw_set = 1; + operation->context_set = 1; + return PSA_SUCCESS; exit: - unlock_status = psa_unlock_key_slot( slot ); - - if (status == PSA_SUCCESS) { - status = unlock_status; - } else { - psa_pake_abort( operation ); - } - + psa_pake_abort(operation); return status; } + #ifdef PSA_WANT_ALG_JPAKE /* JPAKE sequence numbers: * first second @@ -4570,14 +4646,13 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * 9-11: input SHARE,PUBLIC,PROOF output SHARE,PUBLIC,PROOF * 12-14: output SHARE,PUBLIC,PROOF input SHARE,PUBLIC,PROOF * 15-17: input SHARE,PUBLIC,PROOF output SHARE,PUBLIC,PROOF - * 18: get_implicit_key get_implicit_key */ static psa_status_t psa_check_jpake_sequence(psa_pake_operation_t *operation, psa_pake_step_t step, unsigned int first) { - if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { // ??? + if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -4614,36 +4689,35 @@ static psa_status_t psa_check_jpake_sequence(psa_pake_operation_t *operation, } #endif -#ifdef PSA_WANT_ALG_SPAKE2P +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) /* SPAKE2+ sequence numbers: * prover (client) verifier (server) * 0: output shareP input shareP * 1: input shareV output shareV * 2: input confirmV output confirmV * 3: output confirmP input confirmP - * 4: get_implicit_key get_implicit_key */ static psa_status_t psa_check_spake2p_sequence(psa_pake_operation_t *operation, psa_pake_step_t step, unsigned int first) { + if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_CONFIRM) { + return PSA_ERROR_INVALID_ARGUMENT; + } + switch (operation->sequence) { case 0: // shareP - if (!first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_INVALID_ARGUMENT; + if (!first || step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_BAD_STATE; break; case 1: // shareV - if (first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_INVALID_ARGUMENT; + if (first || step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_BAD_STATE; break; case 2: // confirmV - if (first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; + if (first || step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_BAD_STATE; break; case 3: // confirmP - if (!first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; + if (!first || step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_BAD_STATE; operation->done = 1; break; default: @@ -4656,66 +4730,49 @@ static psa_status_t psa_check_spake2p_sequence(psa_pake_operation_t *operation, #ifdef PSA_WANT_ALG_SRP_6 /* SRP sequence numbers: + * (salt and share can be used in any order) * client server - * 012: input salt input salt - * 012: output client key input client key - * 012: input server key output server key - * 3: output proof1 input proof1 - * 4: input proof2 output proof2 - * 5: get_implicit_key get_implicit_key + * ~1: input salt input salt + * ~2: output client share input client share + * ~4: input server share output server share + * 7: output proof1 input proof1 + * 15: input proof2 output proof2 */ static psa_status_t psa_check_srp_sequence(psa_pake_operation_t *operation, psa_pake_step_t step, unsigned int first) { - switch (operation->sequence) { - case 0: - case 1: - case 2: // salt or key - if (step != PSA_PAKE_STEP_SALT && step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_INVALID_ARGUMENT; + switch (step) { + case PSA_PAKE_STEP_SALT: + if (operation->sequence & 1) return PSA_ERROR_BAD_STATE; break; - case 3: // proof1 - if (!first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; + case PSA_PAKE_STEP_KEY_SHARE: + if (first) { + if (operation->sequence & 2) return PSA_ERROR_BAD_STATE; + operation->sequence += 1; + } else { + if (operation->sequence & 4) return PSA_ERROR_BAD_STATE; + operation->sequence += 3; + } break; - case 4: // proof2 - if (first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; - operation->done = 1; + case PSA_PAKE_STEP_CONFIRM: + if (first) { + if (operation->sequence != 7) return PSA_ERROR_BAD_STATE; + operation->sequence += 7; + } else { + if (operation->sequence != 15) return PSA_ERROR_BAD_STATE; + operation->done = 1; + } break; default: - return PSA_ERROR_BAD_STATE; + return PSA_ERROR_INVALID_ARGUMENT; } return PSA_SUCCESS; } #endif -psa_status_t psa_pake_start_input_output(psa_pake_operation_t *operation) -{ - psa_status_t status; - psa_crypto_driver_pake_inputs_t *inputs = &operation->inputs; - - status = psa_driver_wrapper_pake_setup( - operation, - &inputs->cipher_suite, - &inputs->attributes, - inputs->password, inputs->password_len, - inputs->user, inputs->user_len, - inputs->peer, inputs->peer_len, - inputs->role); - mbedtls_zeroize_and_free(inputs->password, inputs->password_len); - mbedtls_free(inputs->user); - mbedtls_free(inputs->peer); - if (status != PSA_SUCCESS) { - psa_pake_abort(operation); - return status; - } - operation->started = 1; - return PSA_SUCCESS; -} - psa_status_t psa_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, @@ -4724,42 +4781,38 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == 0 || !operation->passw_set) { + if (operation->alg == 0) { return PSA_ERROR_BAD_STATE; } - switch (operation->alg) { - case PSA_ALG_JPAKE: #ifdef PSA_WANT_ALG_JPAKE - if (!operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (!operation->peer_set) return PSA_ERROR_BAD_STATE; if (operation->sequence == 0 || operation->sequence == 12) operation->is_second = 0; status = psa_check_jpake_sequence(operation, step, 1 - operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif -#ifdef PSA_WANT_ALG_SPAKE2P - case PSA_ALG_SPAKE2P: - if (!operation->role_set || !operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (!operation->role_set) return PSA_ERROR_BAD_STATE; status = psa_check_spake2p_sequence(operation, step, 1 - operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif #ifdef PSA_WANT_ALG_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { if (!operation->role_set || !operation->user_set) return PSA_ERROR_BAD_STATE; if (step == PSA_PAKE_STEP_SALT) return PSA_ERROR_INVALID_ARGUMENT; status = psa_check_srp_sequence(operation, step, 1 - operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif - default: + { return PSA_ERROR_NOT_SUPPORTED; } - if (operation->started == 0) { - status = psa_pake_start_input_output(operation); - if (status) return status; - } + operation->started = 1; operation->sequence++; status = psa_driver_wrapper_pake_output( @@ -4780,55 +4833,40 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == 0 || !operation->passw_set) { + if (operation->alg == 0) { return PSA_ERROR_BAD_STATE; } if (input == NULL || input_length == 0) return PSA_ERROR_INVALID_ARGUMENT; - switch (operation->alg) { #ifdef PSA_WANT_ALG_JPAKE - case PSA_ALG_JPAKE: - if (!operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (!operation->peer_set) return PSA_ERROR_BAD_STATE; if (operation->sequence == 0 || operation->sequence == 12) operation->is_second = 1; status = psa_check_jpake_sequence(operation, step, operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif -#ifdef PSA_WANT_ALG_SPAKE2P - case PSA_ALG_SPAKE2P: - if (!operation->role_set || !operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; - if (step == PSA_PAKE_STEP_CONTEXT) { - if (operation->sequence != 0 || operation->started) return PSA_ERROR_BAD_STATE; - } else { - status = psa_check_spake2p_sequence(operation, step, operation->is_second); - if (status != PSA_SUCCESS) return status; - } - break; +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (!operation->role_set) return PSA_ERROR_BAD_STATE; + status = psa_check_spake2p_sequence(operation, step, operation->is_second); + if (status != PSA_SUCCESS) return status; + } else #endif #ifdef PSA_WANT_ALG_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { if (!operation->role_set || !operation->user_set) return PSA_ERROR_BAD_STATE; status = psa_check_srp_sequence(operation, step, operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif - default: + { return PSA_ERROR_NOT_SUPPORTED; } - if (operation->started == 0) { - status = psa_pake_start_input_output(operation); - if (status) return status; - } - -#ifdef PSA_WANT_ALG_SPAKE2P - if (step != PSA_PAKE_STEP_CONTEXT) { -#endif - operation->sequence++; -#ifdef PSA_WANT_ALG_SPAKE2P - } -#endif + operation->started = 1; + operation->sequence++; status = psa_driver_wrapper_pake_input( operation, step, @@ -4841,38 +4879,61 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, return status; } -psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output) +psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#if defined(PSA_WANT_ALG_JPAKE) && PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE > PSA_HASH_MAX_SIZE - uint8_t data[PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE]; -#else - uint8_t data[PSA_HASH_MAX_SIZE]; -#endif - size_t data_length = 0; + psa_key_slot_t *slot = NULL; + psa_se_drv_table_entry_t *driver = NULL; + psa_key_type_t type; + size_t storage_size; if (operation->alg == 0 || operation->done == 0) { return PSA_ERROR_BAD_STATE; } - status = psa_driver_wrapper_pake_get_implicit_key( - operation, - data, sizeof data, &data_length); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(output); - goto exit; + if (psa_get_key_bits(attributes) != 0) { + return PSA_ERROR_INVALID_ARGUMENT; } - // forward common secret to key derivation function - output->can_output_key = 1; - status = psa_key_derivation_input_internal( - output, - PSA_KEY_DERIVATION_INPUT_SECRET, - PSA_KEY_TYPE_DERIVE, - data, data_length); + type = psa_get_key_type(attributes); + if (type != PSA_KEY_TYPE_DERIVE && type != PSA_KEY_TYPE_HMAC) { + if (PSA_ALG_IS_SPAKE2P(operation->alg) || PSA_ALG_IS_SRP_6(operation->alg)) { + // the SPAKE2+ and SRP secret can be used directly for symmetric crypto + if ((type & PSA_KEY_TYPE_CATEGORY_MASK) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + } + + status = psa_start_key_creation( + PSA_KEY_CREATION_DERIVE, attributes, &slot, &driver); + if (status != PSA_SUCCESS) goto exit; + + storage_size = operation->secret_size; + if (psa_key_lifetime_is_external(attributes->core.lifetime)) { + status = psa_driver_wrapper_get_key_buffer_size(attributes, &storage_size); + if (status != PSA_SUCCESS) goto exit; + } + status = psa_allocate_buffer_to_slot(slot, storage_size); + if (status != PSA_SUCCESS) goto exit; + + status = psa_driver_wrapper_pake_get_shared_key( + operation, attributes, + slot->key.data, slot->key.bytes, &slot->key.bytes); + if (status == PSA_SUCCESS) { + status = psa_finish_key_creation(slot, driver, key); + } exit: + if (status != PSA_SUCCESS) { + psa_fail_key_creation(slot, driver); + *key = MBEDTLS_SVC_KEY_ID_INIT; + } + psa_pake_abort(operation); return status; } diff --git a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h index c8346d6643bf..12bf0fc5bf19 100644 --- a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h +++ b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h @@ -147,6 +147,12 @@ psa_status_t psa_driver_wrapper_copy_key( const uint8_t *source_key, size_t source_key_length, uint8_t *target_key_buffer, size_t target_key_buffer_size, size_t *target_key_buffer_length); + +psa_status_t psa_driver_wrapper_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); + /* * Cipher functions */ @@ -441,13 +447,26 @@ psa_status_t psa_driver_wrapper_key_derivation_abort( */ psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t psa_driver_wrapper_pake_set_role( + psa_pake_operation_t *operation, psa_pake_role_t role); +psa_status_t psa_driver_wrapper_pake_set_user( + psa_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_length); + +psa_status_t psa_driver_wrapper_pake_set_peer( + psa_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_length); + +psa_status_t psa_driver_wrapper_pake_set_context( + psa_pake_operation_t *operation, + const uint8_t *context, size_t context_length); + psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -461,10 +480,10 @@ psa_status_t psa_driver_wrapper_pake_input( const uint8_t *input, size_t input_length); -psa_status_t psa_driver_wrapper_pake_get_implicit_key( +psa_status_t psa_driver_wrapper_pake_get_shared_key( psa_pake_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length); + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t *operation); diff --git a/ext/oberon/psa/drivers/oberon_ec_keys.c b/ext/oberon/psa/drivers/oberon_ec_keys.c index 057a809672fc..b225b467dc66 100644 --- a/ext/oberon/psa/drivers/oberon_ec_keys.c +++ b/ext/oberon/psa/drivers/oberon_ec_keys.c @@ -162,30 +162,36 @@ psa_status_t oberon_export_ec_public_key( } #if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY) || \ - defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) || \ + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY) static void oberon_set_forced_bits(uint8_t *key, size_t bits) { switch (bits) { #if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) || \ - defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255) + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255) || \ + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255) case 255: key[0] = (uint8_t)(key[0] & 0xF8); key[31] = (uint8_t)((key[31] & 0x7F) | 0x40); break; #endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 || - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 */ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 || + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 */ #if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) || \ - defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448) + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448) || \ + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448) case 448: key[0] = (uint8_t)(key[0] & 0xFC); key[55] = (uint8_t)(key[55] | 0x80); break; #endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 || - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 */ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 || + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 */ } } #endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY || - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY */ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY || + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY */ psa_status_t oberon_import_ec_key( const psa_key_attributes_t *attributes, @@ -387,7 +393,7 @@ psa_status_t oberon_generate_ec_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length) { - int res = 0; + int res; psa_status_t status; size_t bits = psa_get_key_bits(attributes); psa_key_type_t type = psa_get_key_type(attributes); @@ -476,3 +482,101 @@ psa_status_t oberon_generate_ec_key( *key_length = length; return PSA_SUCCESS; } + +psa_status_t oberon_derive_ec_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length) +{ + int res; + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP + uint32_t c; + size_t i; +#endif + + if (key_size < input_length) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(key, input, input_length); + *key_length = input_length; + + // check and preprocess key data + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP + case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + + // increment key data + c = 1; i = input_length; + do { + c += key[--i]; + key[i] = (uint8_t)c; + c >>= 8; + } while (i > 0); + + switch (bits) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 + case 224: + res = ocrypto_ecdh_p224_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 + case 256: + res = ocrypto_ecdh_p256_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 + case 384: + res = ocrypto_ecdh_p384_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + case 521: + key[0] &= 0x01; // truncate to 521 bits + res = ocrypto_ecdh_p521_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 */ + default: + return PSA_ERROR_INVALID_ARGUMENT; + } + // repeat if input out of range + if (res || !oberon_ct_compare_zero(key, input_length)) return PSA_ERROR_INSUFFICIENT_DATA; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY + case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY): + switch (bits) { +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255) + case 255: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 */ +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448) + case 448: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 */ + default: return PSA_ERROR_INVALID_ARGUMENT; + } + oberon_set_forced_bits(key, bits); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS + case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS): + switch (bits) { +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255) + case 255: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 */ +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448) + case 448: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 */ + default: return PSA_ERROR_INVALID_ARGUMENT; + } + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS */ + + default: + (void)res; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} diff --git a/ext/oberon/psa/drivers/oberon_ec_keys.h b/ext/oberon/psa/drivers/oberon_ec_keys.h index 65fb2c23bdc0..046930897c11 100644 --- a/ext/oberon/psa/drivers/oberon_ec_keys.h +++ b/ext/oberon/psa/drivers/oberon_ec_keys.h @@ -34,6 +34,11 @@ psa_status_t oberon_generate_ec_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); +psa_status_t oberon_derive_ec_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length); + #ifdef __cplusplus } diff --git a/ext/oberon/psa/drivers/oberon_jpake.c b/ext/oberon/psa/drivers/oberon_jpake.c index edcd7e79efc1..84ec46f333d0 100644 --- a/ext/oberon/psa/drivers/oberon_jpake.c +++ b/ext/oberon/psa/drivers/oberon_jpake.c @@ -12,6 +12,7 @@ #include "psa/crypto.h" #include "oberon_jpake.h" +#include "oberon_helpers.h" #include "psa_crypto_driver_wrappers.h" #include "ocrypto_ecjpake_p256.h" @@ -186,7 +187,7 @@ static psa_status_t oberon_read_zk_proof( uint8_t h[PSA_HASH_MAX_SIZE]; size_t h_len; - if (input_length > sizeof op->r) return PSA_ERROR_INVALID_ARGUMENT; + if (input_length > sizeof op->r) return PSA_ERROR_INVALID_SIGNATURE; if (input_length < sizeof op->r) { memset(rp, 0, sizeof op->r - input_length); rp += sizeof op->r - input_length; @@ -210,41 +211,57 @@ static psa_status_t oberon_read_zk_proof( psa_status_t oberon_jpake_setup( oberon_jpake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - (void)role; - if (cipher_suite->algorithm != PSA_ALG_JPAKE || - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite->bits != 256 || - cipher_suite->hash != PSA_ALG_SHA_256) { + (void)attributes; + + if (psa_pake_cs_get_primitive(cipher_suite) != + PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256)) { return PSA_ERROR_NOT_SUPPORTED; } - operation->hash_alg = cipher_suite->hash; + operation->hash_alg = PSA_ALG_GET_HASH(psa_pake_cs_get_algorithm(cipher_suite)); + if (operation->hash_alg != PSA_ALG_SHA_256) return PSA_ERROR_NOT_SUPPORTED; + operation->rd_idx = 0; operation->wr_idx = 0; - if (user_id_length == peer_id_length) { - if (memcmp(user_id, peer_id, user_id_length) == 0) { + // store reduced password + ocrypto_ecjpake_read_shared_secret(operation->secret, password, password_length); + + if (oberon_ct_compare_zero(operation->secret, sizeof operation->secret) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + return PSA_SUCCESS; +} + +psa_status_t oberon_jpake_set_user( + oberon_jpake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ + if (user_id_len > sizeof operation->user_id) return PSA_ERROR_NOT_SUPPORTED; + memcpy(operation->user_id, user_id, user_id_len); + operation->user_id_length = (uint8_t)user_id_len; + + return PSA_SUCCESS; +} + +psa_status_t oberon_jpake_set_peer( + oberon_jpake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len) +{ + if (peer_id_len == operation->user_id_length) { + if (memcmp(peer_id, operation->user_id, peer_id_len) == 0) { // user and peer ids must not be equal return PSA_ERROR_INVALID_ARGUMENT; } } - // store reduced password - ocrypto_ecjpake_read_shared_secret(operation->secret, password, password_length); - - if (user_id_length > sizeof operation->user_id) return PSA_ERROR_NOT_SUPPORTED; - memcpy(operation->user_id, user_id, user_id_length); - operation->user_id_length = (uint8_t)user_id_length; - - if (peer_id_length > sizeof operation->peer_id) return PSA_ERROR_NOT_SUPPORTED; - memcpy(operation->peer_id, peer_id, peer_id_length); - operation->peer_id_length = (uint8_t)peer_id_length; + if (peer_id_len > sizeof operation->peer_id) return PSA_ERROR_NOT_SUPPORTED; + memcpy(operation->peer_id, peer_id, peer_id_len); + operation->peer_id_length = (uint8_t)peer_id_len; return PSA_SUCCESS; } @@ -295,7 +312,7 @@ psa_status_t oberon_jpake_input( } } -psa_status_t oberon_jpake_get_implicit_key( +psa_status_t oberon_jpake_get_shared_key( oberon_jpake_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { diff --git a/ext/oberon/psa/drivers/oberon_jpake.h b/ext/oberon/psa/drivers/oberon_jpake.h index be42993ba9ae..0274f545df87 100644 --- a/ext/oberon/psa/drivers/oberon_jpake.h +++ b/ext/oberon/psa/drivers/oberon_jpake.h @@ -39,11 +39,17 @@ typedef struct { psa_status_t oberon_jpake_setup( oberon_jpake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role); + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_jpake_set_user( + oberon_jpake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + +psa_status_t oberon_jpake_set_peer( + oberon_jpake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len); psa_status_t oberon_jpake_output( oberon_jpake_operation_t *operation, @@ -55,7 +61,7 @@ psa_status_t oberon_jpake_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_jpake_get_implicit_key( +psa_status_t oberon_jpake_get_shared_key( oberon_jpake_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); diff --git a/ext/oberon/psa/drivers/oberon_key_derivation.c b/ext/oberon/psa/drivers/oberon_key_derivation.c index 97fb0b8a48f0..f22ea33b0176 100644 --- a/ext/oberon/psa/drivers/oberon_key_derivation.c +++ b/ext/oberon/psa/drivers/oberon_key_derivation.c @@ -66,7 +66,7 @@ static psa_status_t oberon_hash_key( size_t length; memset(&operation->hash_op, 0, sizeof operation->hash_op); - status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_HMAC_GET_HASH(operation->mac_alg)); + status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->mac_alg)); if (status) goto exit; status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); if (status) goto exit; @@ -104,6 +104,13 @@ psa_status_t oberon_key_derivation_setup( } else #endif /* PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + if (PSA_ALG_IS_SRP_PASSWORD_HASH(alg)) { + operation->alg = OBERON_SRP_PASSWORD_HASH_ALG; + operation->mac_alg = PSA_ALG_HKDF_GET_HASH(alg); + } else +#endif /* PSA_NEED_OBERON_SRP_PASSWORD_HASH */ + { // all olthers are HMAC based psa_algorithm_t hash = PSA_ALG_HKDF_GET_HASH(alg); @@ -215,6 +222,17 @@ psa_status_t oberon_key_derivation_input_bytes( if (status) goto exit; operation->salt_length = (uint16_t)data_length; #endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + } else if (operation->alg == OBERON_SRP_PASSWORD_HASH_ALG) { + status = psa_driver_wrapper_hash_finish(&operation->hash_op, operation->data, sizeof operation->data, &length); + if (status) goto exit; + status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->mac_alg)); + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); // salt + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, operation->data, length); // H(u, ":", pw) + if (status) goto exit; +#endif /* PSA_NEED_OBERON_SRP_PASSWORD_HASH */ } else { #if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) length = operation->salt_length + data_length; @@ -301,25 +319,41 @@ psa_status_t oberon_key_derivation_input_bytes( status = psa_driver_wrapper_mac_update(&operation->mac_op, data, data_length); if (status) goto exit; // HKDF extract - status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, operation->key, operation->block_length, &length); + status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, + operation->key, operation->block_length, &length); if (status) goto exit; #endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT */ return PSA_SUCCESS; } #endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT || PSA_NEED_OBERON_HKDF_EXPAND || PSA_NEED_OBERON_TLS12 */ -#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || defined(PSA_NEED_OBERON_HKDF_EXPAND) +#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || defined(PSA_NEED_OBERON_HKDF_EXPAND) || \ + defined(PSA_NEED_OBERON_SRP_PASSWORD_HASH) case PSA_KEY_DERIVATION_INPUT_INFO: - if (data_length > sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY; - memcpy(operation->info, data, data_length); - operation->info_length = (uint16_t)data_length; - return PSA_SUCCESS; -#endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT || PSA_NEED_OBERON_HKDF_EXPAND */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + if (operation->alg == OBERON_SRP_PASSWORD_HASH_ALG) { + status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->mac_alg)); + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); // user id + if (status) goto exit; + return PSA_SUCCESS; + } else +#endif + { + if (data_length > sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY; + memcpy(operation->info, data, data_length); + operation->info_length = (uint16_t)data_length; + return PSA_SUCCESS; + } +#endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT || PSA_NEED_OBERON_HKDF_EXPAND || + PSA_NEED_OBERON_SRP_PASSWORD_HASH */ -#if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || \ + defined(PSA_NEED_OBERON_SRP_PASSWORD_HASH) case PSA_KEY_DERIVATION_INPUT_PASSWORD: - if (operation->alg == OBERON_PBKDF2_HMAC_ALG) { + switch (operation->alg) { #ifdef PSA_NEED_OBERON_PBKDF2_HMAC + case OBERON_PBKDF2_HMAC_ALG: if (data_length > PSA_HASH_BLOCK_LENGTH(operation->mac_alg)) { // key = H(password) status = oberon_hash_key(operation, data, data_length); @@ -329,9 +363,10 @@ psa_status_t oberon_key_derivation_input_bytes( memcpy(operation->key, data, data_length); operation->key_length = (uint16_t)data_length; } + break; #endif /* PSA_NEED_OBERON_PBKDF2_HMAC */ - } else { #ifdef PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 + case OBERON_PBKDF2_CMAC_ALG: if (data_length == 16) { memcpy(operation->key, data, 16); } else { @@ -344,10 +379,21 @@ psa_status_t oberon_key_derivation_input_bytes( if (status) goto exit; } operation->key_length = 16; + break; #endif /* PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + case OBERON_SRP_PASSWORD_HASH_ALG: + status = psa_driver_wrapper_hash_update(&operation->hash_op, (const uint8_t *)":", 1); // ":" + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); // pw + if (status) goto exit; + break; +#endif /* PSA_NEED_OBERON_SRP_PASSWORD_HASH */ + default: + break; } return PSA_SUCCESS; -#endif /* PSA_NEED_OBERON_PBKDF2_HMAC || PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_NEED_OBERON_PBKDF2_HMAC || PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 || PSA_NEED_OBERON_SRP_PASSWORD_HASH */ #if defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS) case PSA_KEY_DERIVATION_INPUT_SEED: @@ -407,9 +453,16 @@ psa_status_t oberon_key_derivation_input_bytes( } #if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || \ - defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) + defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || defined(PSA_NEED_OBERON_SRP_PASSWORD_HASH) exit: - psa_driver_wrapper_mac_abort(&operation->mac_op); +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + if (operation->alg == OBERON_PBKDF2_HMAC_ALG) { + psa_driver_wrapper_hash_abort(&operation->hash_op); + } else +#endif + { + psa_driver_wrapper_mac_abort(&operation->mac_op); + } return status; #endif } @@ -570,6 +623,14 @@ psa_status_t oberon_key_derivation_output_bytes( return psa_driver_wrapper_hash_compute(PSA_ALG_SHA_256, operation->key, 32, output, output_length, &length); #endif /* PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + case OBERON_SRP_PASSWORD_HASH_ALG: + status = psa_driver_wrapper_hash_finish(&operation->hash_op, output, output_length, &length); + if (status != PSA_SUCCESS) psa_driver_wrapper_hash_abort(&operation->hash_op); + if (output_length != length) return PSA_ERROR_INVALID_ARGUMENT; + return status; +#endif + #if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC) case OBERON_SP800_108_COUNTER_ALG: // key @@ -631,9 +692,15 @@ psa_status_t oberon_key_derivation_abort( oberon_key_derivation_operation_t *operation ) { switch (operation->alg) { +#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) case OBERON_HKDF_ALG: case OBERON_HKDF_EXTRACT_ALG: return psa_driver_wrapper_mac_abort(&operation->mac_op); +#endif +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + case OBERON_SRP_PASSWORD_HASH_ALG: + return psa_driver_wrapper_hash_abort(&operation->hash_op); +#endif default: return PSA_SUCCESS; } diff --git a/ext/oberon/psa/drivers/oberon_key_derivation.h b/ext/oberon/psa/drivers/oberon_key_derivation.h index 44604b2b84ac..0890936fbbac 100644 --- a/ext/oberon/psa/drivers/oberon_key_derivation.h +++ b/ext/oberon/psa/drivers/oberon_key_derivation.h @@ -34,6 +34,7 @@ typedef enum { OBERON_TLS12_PSK_TO_MS_ALG = 7, OBERON_ECJPAKE_TO_PMS_ALG = 8, OBERON_SP800_108_COUNTER_ALG = 9, + OBERON_SRP_PASSWORD_HASH_ALG = 10, } oberon_kdf_alg; typedef struct { diff --git a/ext/oberon/psa/drivers/oberon_key_management.c b/ext/oberon/psa/drivers/oberon_key_management.c index 20bb9793e04c..7845af623fa3 100644 --- a/ext/oberon/psa/drivers/oberon_key_management.c +++ b/ext/oberon/psa/drivers/oberon_key_management.c @@ -12,6 +12,8 @@ #include "oberon_key_management.h" #include "oberon_ec_keys.h" #include "oberon_rsa.h" +#include "oberon_spake2p.h" +#include "oberon_srp.h" psa_status_t oberon_export_public_key( @@ -37,6 +39,22 @@ psa_status_t oberon_export_public_key( } else #endif /* PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT + if (PSA_KEY_TYPE_IS_SPAKE2P(type)) { + return oberon_export_spake2p_public_key( + attributes, key, key_length, + data, data_size, data_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT + if (PSA_KEY_TYPE_IS_SRP(type)) { + return oberon_export_srp_public_key( + attributes, key, key_length, + data, data_size, data_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT */ + { (void)key; (void)key_length; @@ -72,6 +90,22 @@ psa_status_t oberon_import_key( } else #endif /* PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT + if (PSA_KEY_TYPE_IS_SPAKE2P(type)) { + return oberon_import_spake2p_key( + attributes, data, data_length, + key, key_size, key_length, key_bits); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT + if (PSA_KEY_TYPE_IS_SRP(type)) { + return oberon_import_srp_key( + attributes, data, data_length, + key, key_size, key_length, key_bits); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT */ + { (void)data; (void)data_length; @@ -91,7 +125,7 @@ psa_status_t oberon_generate_key( psa_key_type_t type = psa_get_key_type(attributes); #ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE - if (PSA_KEY_TYPE_IS_ECC(type)) { + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { return oberon_generate_ec_key( attributes, key, key_size, key_length); @@ -106,3 +140,37 @@ psa_status_t oberon_generate_key( return PSA_ERROR_NOT_SUPPORTED; } } + +psa_status_t oberon_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length) +{ + psa_key_type_t type = psa_get_key_type(attributes); + +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + return oberon_derive_ec_key( + attributes, input, input_length, + key, key_size, key_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE + if (PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type)) { + return oberon_derive_spake2p_key( + attributes, input, input_length, + key, key_size, key_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE */ + + { + (void)input; + (void)input_length; + (void)key; + (void)key_size; + (void)key_length; + (void)type; + return PSA_ERROR_NOT_SUPPORTED; + } +} diff --git a/ext/oberon/psa/drivers/oberon_key_management.h b/ext/oberon/psa/drivers/oberon_key_management.h index d1c6b643c747..75c7444de881 100644 --- a/ext/oberon/psa/drivers/oberon_key_management.h +++ b/ext/oberon/psa/drivers/oberon_key_management.h @@ -34,6 +34,11 @@ psa_status_t oberon_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); +psa_status_t oberon_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length); + #ifdef __cplusplus } diff --git a/ext/oberon/psa/drivers/oberon_pake.c b/ext/oberon/psa/drivers/oberon_pake.c index 46c1bdae876c..dbbd259fe568 100644 --- a/ext/oberon/psa/drivers/oberon_pake.c +++ b/ext/oberon/psa/drivers/oberon_pake.c @@ -16,53 +16,141 @@ psa_status_t oberon_pake_setup( oberon_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - operation->alg = cipher_suite->algorithm; + operation->alg = psa_pake_cs_get_algorithm(cipher_suite); - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_setup( - &operation->ctx.oberon_jpake_ctx, cipher_suite, - password, password_length, - user_id, user_id_length, - peer_id, peer_id_length, - role); + &operation->ctx.oberon_jpake_ctx, + attributes, password, password_length, + cipher_suite); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_setup( - &operation->ctx.oberon_spake2p_ctx, cipher_suite, - password, password_length, - user_id, user_id_length, - peer_id, peer_id_length, - role); + &operation->ctx.oberon_spake2p_ctx, + attributes, password, password_length, + cipher_suite); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_setup( - &operation->ctx.oberon_srp_ctx, cipher_suite, - password, password_length, - user_id, user_id_length, - peer_id, peer_id_length, - role); + &operation->ctx.oberon_srp_ctx, + attributes, password, password_length, + cipher_suite); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { (void)attributes; (void)password; (void)password_length; + return PSA_ERROR_NOT_SUPPORTED; + } +} + +psa_status_t oberon_pake_set_role( + oberon_pake_operation_t *operation, + psa_pake_role_t role) +{ +#ifdef PSA_NEED_OBERON_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return PSA_SUCCESS; + } else +#endif /* PSA_NEED_OBERON_JPAKE */ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_role( + &operation->ctx.oberon_spake2p_ctx, role); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ +#ifdef PSA_NEED_OBERON_SRP_6 + if (PSA_ALG_IS_SRP_6(operation->alg)) { + return oberon_srp_set_role( + &operation->ctx.oberon_srp_ctx, role); + } else +#endif /* PSA_NEED_OBERON_SRP_6 */ + { + (void)operation; + (void)role; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t oberon_pake_set_user( + oberon_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ +#ifdef PSA_NEED_OBERON_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return oberon_jpake_set_user( + &operation->ctx.oberon_jpake_ctx, user_id, user_id_len); + } else +#endif /* PSA_NEED_OBERON_JPAKE */ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_user( + &operation->ctx.oberon_spake2p_ctx, user_id, user_id_len); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ +#ifdef PSA_NEED_OBERON_SRP_6 + if (PSA_ALG_IS_SRP_6(operation->alg)) { + return oberon_srp_set_user( + &operation->ctx.oberon_srp_ctx, user_id, user_id_len); + } else +#endif /* PSA_NEED_OBERON_SRP_6 */ + { + (void)operation; (void)user_id; - (void)user_id_length; + (void)user_id_len; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t oberon_pake_set_peer( + oberon_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len) +{ +#ifdef PSA_NEED_OBERON_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return oberon_jpake_set_peer( + &operation->ctx.oberon_jpake_ctx, peer_id, peer_id_len); + } else +#endif /* PSA_NEED_OBERON_JPAKE */ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_peer( + &operation->ctx.oberon_spake2p_ctx, peer_id, peer_id_len); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ + { + (void)operation; (void)peer_id; - (void)peer_id_length; - (void)role; - return PSA_ERROR_NOT_SUPPORTED; + (void)peer_id_len; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t oberon_pake_set_context( + oberon_pake_operation_t *operation, + const uint8_t *context, size_t context_len) +{ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_context( + &operation->ctx.oberon_spake2p_ctx, context, context_len); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ + { + (void)operation; + (void)context; + (void)context_len; + return PSA_ERROR_BAD_STATE; } } @@ -71,23 +159,26 @@ psa_status_t oberon_pake_output( psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_output( &operation->ctx.oberon_jpake_ctx, step, output, output_size, output_length); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_output( &operation->ctx.oberon_spake2p_ctx, step, output, output_size, output_length); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_output( &operation->ctx.oberon_srp_ctx, step, output, output_size, output_length); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { + (void)operation; (void)step; (void)output; (void)output_size; @@ -101,23 +192,26 @@ psa_status_t oberon_pake_input( psa_pake_step_t step, const uint8_t *input, size_t input_length) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_input( &operation->ctx.oberon_jpake_ctx, step, input, input_length); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_input( &operation->ctx.oberon_spake2p_ctx, step, input, input_length); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_input( &operation->ctx.oberon_srp_ctx, step, input, input_length); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { + (void)operation; (void)step; (void)input; (void)input_length; @@ -125,30 +219,35 @@ psa_status_t oberon_pake_input( } } -psa_status_t oberon_pake_get_implicit_key( +psa_status_t oberon_pake_get_shared_key( oberon_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length) + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: - return oberon_jpake_get_implicit_key( - &operation->ctx.oberon_jpake_ctx, output, output_size, output_length); + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return oberon_jpake_get_shared_key( + &operation->ctx.oberon_jpake_ctx, key, key_size, key_length); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: - return oberon_spake2p_get_implicit_key( - &operation->ctx.oberon_spake2p_ctx, output, output_size, output_length); + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_get_shared_key( + &operation->ctx.oberon_spake2p_ctx, key, key_size, key_length); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: - return oberon_srp_get_implicit_key( - &operation->ctx.oberon_srp_ctx, output, output_size, output_length); + if (PSA_ALG_IS_SRP_6(operation->alg)) { + return oberon_srp_get_shared_key( + &operation->ctx.oberon_srp_ctx, key, key_size, key_length); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: - (void)output; - (void)output_size; - (void)output_length; + { + (void)operation; + (void)attributes; + (void)key; + (void)key_size; + (void)key_length; return PSA_ERROR_BAD_STATE; } } @@ -156,23 +255,26 @@ psa_status_t oberon_pake_get_implicit_key( psa_status_t oberon_pake_abort( oberon_pake_operation_t *operation) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_abort( &operation->ctx.oberon_jpake_ctx); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_abort( &operation->ctx.oberon_spake2p_ctx); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_abort( &operation->ctx.oberon_srp_ctx); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { + (void)operation; return PSA_ERROR_BAD_STATE; } } diff --git a/ext/oberon/psa/drivers/oberon_pake.h b/ext/oberon/psa/drivers/oberon_pake.h index 41984d2c24d6..ded1acb8cc4a 100644 --- a/ext/oberon/psa/drivers/oberon_pake.h +++ b/ext/oberon/psa/drivers/oberon_pake.h @@ -48,13 +48,26 @@ typedef struct { psa_status_t oberon_pake_setup( oberon_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_pake_set_role( + oberon_pake_operation_t *operation, psa_pake_role_t role); +psa_status_t oberon_pake_set_user( + oberon_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + +psa_status_t oberon_pake_set_peer( + oberon_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len); + +psa_status_t oberon_pake_set_context( + oberon_pake_operation_t *operation, + const uint8_t *context, size_t context_len); + psa_status_t oberon_pake_output( oberon_pake_operation_t *operation, psa_pake_step_t step, @@ -65,9 +78,10 @@ psa_status_t oberon_pake_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_pake_get_implicit_key( +psa_status_t oberon_pake_get_shared_key( oberon_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length); psa_status_t oberon_pake_abort( oberon_pake_operation_t *operation); diff --git a/ext/oberon/psa/drivers/oberon_spake2p.c b/ext/oberon/psa/drivers/oberon_spake2p.c index eca0364897e2..4d4ff39e680d 100644 --- a/ext/oberon/psa/drivers/oberon_spake2p.c +++ b/ext/oberon/psa/drivers/oberon_spake2p.c @@ -17,13 +17,10 @@ #include "oberon_helpers.h" #include "psa_crypto_driver_wrappers.h" +#include "ocrypto_ecdh_p256.h" #include "ocrypto_spake2p_p256.h" -// up to version 04 the K_main, K_confirmP, and K_confirmV values were calculated differently -//#define SPAKE2P_USE_VERSION_04 - - #define P256_KEY_SIZE 32 #define P256_POINT_SIZE 65 @@ -84,14 +81,15 @@ static psa_status_t oberon_write_key_share( { int res; psa_status_t status; - uint8_t xs[40]; + const uint8_t *mn; // random secret key - status = psa_generate_random(xs, sizeof xs); + status = psa_generate_random(op->XY, 40); if (status != PSA_SUCCESS) return status; - ocrypto_spake2p_p256_reduce(op->xy, xs, sizeof xs); + ocrypto_spake2p_p256_reduce(op->xy, op->XY, 40); - res = ocrypto_spake2p_p256_get_key_share(op->XY, op->w0, op->xy, op->MN); + mn = op->role == PSA_PAKE_ROLE_CLIENT ? M : N; + res = ocrypto_spake2p_p256_get_key_share(op->XY, op->w0, op->xy, mn); if (res) return PSA_ERROR_INVALID_ARGUMENT; if (output_size < P256_POINT_SIZE) return PSA_ERROR_BUFFER_TOO_SMALL; @@ -132,16 +130,17 @@ static psa_status_t oberon_get_confirmation_keys( uint8_t *KconfP, uint8_t *KconfV) { psa_status_t status; + psa_algorithm_t hkdf_alg = PSA_ALG_HKDF(PSA_ALG_GET_HASH(op->alg)); psa_key_derivation_operation_t kdf_op = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t Z[P256_POINT_SIZE]; uint8_t V[P256_POINT_SIZE]; - size_t hash_len; + size_t hash_len, conf_len = 0, shared_len = 0, mac_len = 0; // add Z, V, and w0 to TT if (op->role == PSA_PAKE_ROLE_CLIENT) { - ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, op->w1, op->xy, op->YX, op->NM, NULL); + ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, &op->w1L[1], op->xy, op->YX, N, NULL); } else { - ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, NULL, op->xy, op->YX, op->NM, op->L); + ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, NULL, op->xy, op->YX, M, op->w1L); } status = oberon_update_hash_with_prefix(&op->hash_op, Z, P256_POINT_SIZE); if (status) return status; @@ -156,37 +155,67 @@ static psa_status_t oberon_get_confirmation_keys( psa_driver_wrapper_hash_abort(&op->hash_op); return status; } - op->hash_len = hash_len; // get K_shared -#ifdef SPAKE2P_USE_VERSION_04 - hash_len >>= 1; // K_confirm and confirm size is hash_len / 2 - memcpy(op->shared, V + hash_len, hash_len); -#else - status = psa_driver_wrapper_key_derivation_setup(&kdf_op, PSA_ALG_HKDF(op->hash_alg)); - if (status) goto exit; - status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t *)"SharedKey", 9); - if (status) goto exit; - status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, hash_len); - if (status) goto exit; - status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, op->shared, hash_len); - if (status) goto exit; - psa_key_derivation_abort(&kdf_op); +#ifdef PSA_NEED_OBERON_SPAKE2P_MATTER + if (op->alg == PSA_ALG_SPAKE2P_MATTER) { + // Spake2+ draft version 2 + conf_len = hash_len >> 1; // K_confirm is hash_len / 2 + shared_len = hash_len >> 1; // shared key size is hash_len / 2 + mac_len = hash_len; // mac size is hash_len + memcpy(op->shared, V + conf_len, shared_len); + } else +#endif + { +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + shared_len = hash_len; +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) && defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + if (PSA_ALG_IS_SPAKE2P_CMAC(op->alg)) { #endif +#ifdef PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 + mac_len = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC); +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) && defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + } else { +#endif +#ifdef PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 + mac_len = hash_len; +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) && defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + } +#endif + conf_len = mac_len; + status = psa_driver_wrapper_key_derivation_setup(&kdf_op, hkdf_alg); + if (status) goto exit; + status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t *)"SharedKey", 9); + if (status) goto exit; + status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, hash_len); + if (status) goto exit; + status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, op->shared, shared_len); + if (status) goto exit; + psa_key_derivation_abort(&kdf_op); +#endif /* PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 || PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 */ + } + + op->conf_len = (uint8_t)conf_len; + op->shared_len = (uint8_t)shared_len; + op->mac_len = (uint8_t)mac_len; // get K_confirmP & K_confirmV - status = psa_driver_wrapper_key_derivation_setup(&kdf_op, PSA_ALG_HKDF(op->hash_alg)); + status = psa_driver_wrapper_key_derivation_setup(&kdf_op, hkdf_alg); if (status) goto exit; status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t *)"ConfirmationKeys", 16); if (status) goto exit; - status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, hash_len); + status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, conf_len); if (status) goto exit; - status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfP, hash_len); + status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfP, conf_len); if (status) goto exit; - status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfV, hash_len); + status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfV, conf_len); exit: psa_driver_wrapper_key_derivation_abort(&kdf_op); + memset(Z, 0, sizeof Z); + memset(V, 0, sizeof V); return status; } @@ -198,19 +227,37 @@ static psa_status_t oberon_get_confirmation( { size_t length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t mac_alg = 0; + +#if defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) && \ + (defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER)) + if (PSA_ALG_IS_SPAKE2P_CMAC(op->alg)) { +#endif +#ifdef PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 + mac_alg = PSA_ALG_CMAC; + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) && \ + (defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER)) + } else { +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER) + mac_alg = PSA_ALG_HMAC(PSA_ALG_GET_HASH(op->alg)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) && \ + (defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER)) + } +#endif + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(op->hash_alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); + psa_set_key_algorithm(&attributes, mac_alg); return psa_driver_wrapper_mac_compute( -#ifdef SPAKE2P_USE_VERSION_04 - &attributes, kconf, op->hash_len >> 1, -#else - &attributes, kconf, op->hash_len, -#endif - PSA_ALG_HMAC(op->hash_alg), + &attributes, kconf, op->conf_len, + mac_alg, share, P256_POINT_SIZE, - conf, op->hash_len, &length); + conf, op->mac_len, &length); } static psa_status_t oberon_write_confirm( @@ -224,10 +271,10 @@ static psa_status_t oberon_write_confirm( if (status) return status; } - if (output_size < op->hash_len) return PSA_ERROR_BUFFER_TOO_SMALL; + if (output_size < op->mac_len) return PSA_ERROR_BUFFER_TOO_SMALL; status = oberon_get_confirmation(op, op->KconfPV, op->YX, output); if (status) return status; - *output_length = op->hash_len; + *output_length = op->mac_len; return PSA_SUCCESS; } @@ -247,8 +294,8 @@ static psa_status_t oberon_read_confirm( status = oberon_get_confirmation(op, op->KconfVP, op->XY, conf); if (status) return status; - if (input_length != op->hash_len) return PSA_ERROR_INVALID_SIGNATURE; - if (oberon_ct_compare(input, conf, op->hash_len)) return PSA_ERROR_INVALID_SIGNATURE; + if (input_length != op->mac_len) return PSA_ERROR_INVALID_SIGNATURE; + if (oberon_ct_compare(input, conf, op->mac_len)) return PSA_ERROR_INVALID_SIGNATURE; return PSA_SUCCESS; } @@ -256,66 +303,110 @@ static psa_status_t oberon_read_confirm( psa_status_t oberon_spake2p_setup( oberon_spake2p_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - psa_status_t status; - int res; + (void)attributes; - if (cipher_suite->algorithm != PSA_ALG_SPAKE2P || - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite->bits != 256) { + if (psa_pake_cs_get_primitive(cipher_suite) != + PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256) || + psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_CONFIRMED_KEY) { return PSA_ERROR_NOT_SUPPORTED; } + if (password_length == 2 * P256_KEY_SIZE) { + // password = w0:w1 + memcpy(operation->w0, password, P256_KEY_SIZE); + password += P256_KEY_SIZE; + operation->w1L[0] = 0; // w1L is 0x00:w1 + ocrypto_spake2p_p256_reduce(&operation->w1L[1], password, P256_KEY_SIZE); + } else if (password_length == P256_KEY_SIZE + P256_POINT_SIZE) { + // password = w0:L + memcpy(operation->w0, password, P256_KEY_SIZE); + password += P256_KEY_SIZE; + memcpy(operation->w1L, password, P256_POINT_SIZE); // w1L is L = 0x04:x:y + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + // prepare TT calculation - operation->hash_alg = cipher_suite->hash; - operation->role = role; - status = psa_driver_wrapper_hash_setup(&operation->hash_op, cipher_suite->hash); - if (status) return status; + operation->alg = psa_pake_cs_get_algorithm(cipher_suite); + return psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->alg)); +} +psa_status_t oberon_spake2p_set_role( + oberon_spake2p_operation_t *operation, + psa_pake_role_t role) +{ if (role == PSA_PAKE_ROLE_CLIENT) { - operation->MN = M; - operation->NM = N; + if (operation->w1L[0] == 0x04) return PSA_ERROR_INVALID_ARGUMENT; + } else { + if (operation->w1L[0] != 0x04) { // secret key -> public key + operation->w1L[0] = 0x04; + ocrypto_ecdh_p256_public_key(&operation->w1L[1], &operation->w1L[1]); + } + } + operation->role = role; + return PSA_SUCCESS; +} + +psa_status_t oberon_spake2p_set_user( + oberon_spake2p_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ + if (operation->role == PSA_PAKE_ROLE_CLIENT) { // prover = user; verifier = peer - if (user_id_length > sizeof operation->prover || peer_id_length > sizeof operation->verifier) { + if (user_id_len > sizeof operation->prover) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(operation->prover, user_id, user_id_length); - operation->prover_len = (uint8_t)user_id_length; - memcpy(operation->verifier, peer_id, peer_id_length); - operation->verifier_len = (uint8_t)peer_id_length; - // password = w0s:w1s - if (password_length < 2 * P256_KEY_SIZE) return PSA_ERROR_INVALID_ARGUMENT; - ocrypto_spake2p_p256_reduce(operation->w0, password, password_length >> 1); - password += password_length >> 1; - ocrypto_spake2p_p256_reduce(operation->w1, password, password_length >> 1); + memcpy(operation->prover, user_id, user_id_len); + operation->prover_len = (uint8_t)user_id_len; } else { /* role == PSA_PAKE_ROLE_SERVER */ - operation->MN = N; - operation->NM = M; // prover = peer; verifier = user - if (peer_id_length > sizeof operation->prover || user_id_length > sizeof operation->verifier) { + if (user_id_len > sizeof operation->verifier) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(operation->prover, peer_id, peer_id_length); - operation->prover_len = (uint8_t)peer_id_length; - memcpy(operation->verifier, user_id, user_id_length); - operation->verifier_len = (uint8_t)user_id_length; - // password = w0s:L - if (password_length < P256_KEY_SIZE + P256_POINT_SIZE) return PSA_ERROR_INVALID_ARGUMENT; - ocrypto_spake2p_p256_reduce(operation->w0, password, password_length - P256_POINT_SIZE); - password += password_length - P256_POINT_SIZE; - res = ocrypto_spake2p_p256_check_key(password); - if (res) return PSA_ERROR_INVALID_ARGUMENT; - memcpy(operation->L, password, P256_POINT_SIZE); + memcpy(operation->verifier, user_id, user_id_len); + operation->verifier_len = (uint8_t)user_id_len; + } + return PSA_SUCCESS; +} + +psa_status_t oberon_spake2p_set_peer( + oberon_spake2p_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len) +{ + if (operation->role == PSA_PAKE_ROLE_CLIENT) { + // prover = user; verifier = peer + if (peer_id_len > sizeof operation->verifier) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + memcpy(operation->verifier, peer_id, peer_id_len); + operation->verifier_len = (uint8_t)peer_id_len; + } else { /* role == PSA_PAKE_ROLE_SERVER */ + // prover = peer; verifier = user + if (peer_id_len > sizeof operation->prover) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + memcpy(operation->prover, peer_id, peer_id_len); + operation->prover_len = (uint8_t)peer_id_len; } return PSA_SUCCESS; } +psa_status_t oberon_spake2p_set_context( + oberon_spake2p_operation_t *operation, + const uint8_t *context, size_t context_len) +{ + if (context_len == 0) return PSA_SUCCESS; + + // add context to TT + return oberon_update_hash_with_prefix( + &operation->hash_op, + context, context_len); +} + psa_status_t oberon_spake2p_output( oberon_spake2p_operation_t *operation, psa_pake_step_t step, @@ -341,11 +432,6 @@ psa_status_t oberon_spake2p_input( const uint8_t *input, size_t input_length) { switch (step) { - case PSA_PAKE_STEP_CONTEXT: - // add context to TT - return oberon_update_hash_with_prefix( - &operation->hash_op, - input, input_length); case PSA_PAKE_STEP_KEY_SHARE: return oberon_read_key_share( operation, @@ -359,19 +445,14 @@ psa_status_t oberon_spake2p_input( } } -psa_status_t oberon_spake2p_get_implicit_key( +psa_status_t oberon_spake2p_get_shared_key( oberon_spake2p_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { -#ifdef SPAKE2P_USE_VERSION_04 - if (output_size < operation->hash_len >> 1) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, operation->shared, operation->hash_len >> 1); - *output_length = operation->hash_len >> 1; -#else - if (output_size < operation->hash_len) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, operation->shared, operation->hash_len); - *output_length = operation->hash_len; -#endif + size_t shared_len = operation->shared_len; + if (output_size < shared_len) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(output, operation->shared, shared_len); + *output_length = shared_len; return PSA_SUCCESS; } @@ -380,3 +461,129 @@ psa_status_t oberon_spake2p_abort( { return psa_driver_wrapper_hash_abort(&operation->hash_op); } + + +// key management + +psa_status_t oberon_derive_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length) +{ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + if (bits != 256) return PSA_ERROR_NOT_SUPPORTED; + if (input_length != 80) return PSA_ERROR_INVALID_ARGUMENT; + if (key_size < 64) return PSA_ERROR_BUFFER_TOO_SMALL; + ocrypto_spake2p_p256_reduce(key, input, 40); // w0s -> w0 + if (!oberon_ct_compare_zero(key, 32)) return PSA_ERROR_INVALID_ARGUMENT; + ocrypto_spake2p_p256_reduce(key + 32, input + 40, 40); // w1s -> w1 + if (!oberon_ct_compare_zero(key + 32, 32)) return PSA_ERROR_INVALID_ARGUMENT; + *key_length = 64; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 */ + + default: + (void)input; + (void)input_length; + (void)key; + (void)key_size; + (void)key_length; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} + +psa_status_t oberon_import_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *key_bits) +{ + int res; + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + if (data_length != 64) return PSA_ERROR_NOT_SUPPORTED; + if (bits != 0 && (bits != 256)) return PSA_ERROR_INVALID_ARGUMENT; + if (!oberon_ct_compare_zero(data, 32)) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_secret_key_check(data); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range + if (!oberon_ct_compare_zero(data + 32, 32)) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_secret_key_check(data + 32); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1): + if (data_length != 32 + 65) return PSA_ERROR_NOT_SUPPORTED; + if (bits != 0 && (bits != 256)) return PSA_ERROR_INVALID_ARGUMENT; + if (!oberon_ct_compare_zero(data, 32)) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_secret_key_check(data); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range + if (data[32] != 0x04) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_public_key_check(&data[33]); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // point not on curve + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 */ + + default: + (void)res; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + if (key_size < data_length) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(key, data, data_length); + *key_length = data_length; + *key_bits = 256; + return PSA_SUCCESS; +} + +psa_status_t oberon_export_spake2p_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length) +{ + int res; + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_length > data_size) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(data, key, key_length); + *data_length = key_length; + return PSA_SUCCESS; + } + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + if (bits != 256) return PSA_ERROR_NOT_SUPPORTED; + if (key_length != 64) return PSA_ERROR_INVALID_ARGUMENT; + if (data_size < 32 + 65) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(data, key, 32); // w0 + data[32] = 0x04; + res = ocrypto_ecdh_p256_public_key(&data[33], &key[32]); // w1 -> L + if (res) return PSA_ERROR_INVALID_ARGUMENT; + *data_length = 32 + 65; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 */ + default: + (void)res; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} diff --git a/ext/oberon/psa/drivers/oberon_spake2p.h b/ext/oberon/psa/drivers/oberon_spake2p.h index 98c22468877c..916123500257 100644 --- a/ext/oberon/psa/drivers/oberon_spake2p.h +++ b/ext/oberon/psa/drivers/oberon_spake2p.h @@ -24,11 +24,9 @@ extern "C" { typedef struct { psa_hash_operation_t hash_op; // TT - psa_algorithm_t hash_alg; - size_t hash_len; + psa_algorithm_t alg; uint8_t w0[32]; - uint8_t w1[32]; - uint8_t L[65]; + uint8_t w1L[65]; uint8_t xy[32]; uint8_t XY[65]; uint8_t YX[65]; @@ -39,20 +37,35 @@ typedef struct { uint8_t verifier[32]; uint8_t prover_len; uint8_t verifier_len; - const uint8_t *MN; - const uint8_t *NM; + uint8_t shared_len; + uint8_t conf_len; + uint8_t mac_len; psa_pake_role_t role; } oberon_spake2p_operation_t; psa_status_t oberon_spake2p_setup( oberon_spake2p_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_spake2p_set_role( + oberon_spake2p_operation_t *operation, psa_pake_role_t role); +psa_status_t oberon_spake2p_set_user( + oberon_spake2p_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + +psa_status_t oberon_spake2p_set_peer( + oberon_spake2p_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len); + +psa_status_t oberon_spake2p_set_context( + oberon_spake2p_operation_t *operation, + const uint8_t *context, size_t context_len); + psa_status_t oberon_spake2p_output( oberon_spake2p_operation_t *operation, psa_pake_step_t step, @@ -63,7 +76,7 @@ psa_status_t oberon_spake2p_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_spake2p_get_implicit_key( +psa_status_t oberon_spake2p_get_shared_key( oberon_spake2p_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); @@ -71,6 +84,22 @@ psa_status_t oberon_spake2p_abort( oberon_spake2p_operation_t *operation); +psa_status_t oberon_derive_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length); + +psa_status_t oberon_import_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *bits); + +psa_status_t oberon_export_spake2p_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length); + #ifdef __cplusplus } #endif diff --git a/ext/oberon/psa/drivers/oberon_srp.c b/ext/oberon/psa/drivers/oberon_srp.c index c01d886891ee..b6a7dffcea62 100644 --- a/ext/oberon/psa/drivers/oberon_srp.c +++ b/ext/oberon/psa/drivers/oberon_srp.c @@ -19,11 +19,11 @@ #include "ocrypto_srp.h" -#define SRP_KEY_SIZE (256/8) -#define SRP_FIELD_SIZE (3072/8) +#define SRP_FIELD_BITS 3072 +#define SRP_FIELD_SIZE PSA_BITS_TO_BYTES(SRP_FIELD_BITS) -static const uint8_t oberon_P3072[] = { +static const uint8_t oberon_P3072[SRP_FIELD_SIZE] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, @@ -136,20 +136,12 @@ static psa_status_t oberon_get_proof(oberon_srp_operation_t *op) // H(p) ^ H(g) oberon_xor(op->m2, op->m2, op->m1, hash_len); - // H(user) - status = psa_driver_wrapper_hash_setup(&hash_op, op->hash_alg); - if (status) goto exit; - status = psa_driver_wrapper_hash_update(&hash_op, op->user, op->user_len); - if (status) goto exit; - status = psa_driver_wrapper_hash_finish(&hash_op, op->m1, sizeof op->m1, &hash_len); - if (status) goto exit; - // m1 = H(H(p) ^ H(g) | H(user) | salt | A | B | k) status = psa_driver_wrapper_hash_setup(&hash_op, op->hash_alg); if (status) goto exit; status = psa_driver_wrapper_hash_update(&hash_op, op->m2, hash_len); // H(p) ^ H(g) if (status) goto exit; - status = psa_driver_wrapper_hash_update(&hash_op, op->m1, hash_len); // H(user) + status = psa_driver_wrapper_hash_update(&hash_op, op->user, hash_len); // H(user) if (status) goto exit; status = psa_driver_wrapper_hash_update(&hash_op, op->salt, op->salt_len); if (status) goto exit; @@ -177,17 +169,16 @@ static psa_status_t oberon_get_proof(oberon_srp_operation_t *op) return PSA_SUCCESS; exit: psa_hash_abort(&hash_op); + memset(s, 0, sizeof s); return status; } - static psa_status_t oberon_write_key_share( oberon_srp_operation_t *op, uint8_t *output, size_t output_size, size_t *output_length) { psa_status_t status; psa_hash_operation_t hash_op = PSA_HASH_OPERATION_INIT; - uint8_t k[SRP_FIELD_SIZE]; // random secret key status = psa_generate_random(op->ab, sizeof op->ab); @@ -201,10 +192,10 @@ static psa_status_t oberon_write_key_share( memcpy(output, op->A, SRP_FIELD_SIZE); } else { // k = H(p | g) - status = oberon_get_multiplier(op, &hash_op, k); + status = oberon_get_multiplier(op, &hash_op, op->B); if (status) return status; // B = k*v + g^b - ocrypto_srp_server_public_key(op->B, op->ab, k, op->password); + ocrypto_srp_server_public_key(op->B, op->ab, op->B, op->password); memcpy(output, op->B, SRP_FIELD_SIZE); } @@ -265,43 +256,55 @@ static psa_status_t oberon_read_confirm( psa_status_t oberon_srp_setup( oberon_srp_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - (void)peer_id; - (void)peer_id_length; + (void)attributes; - if (cipher_suite->algorithm != PSA_ALG_SRP_6 || - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH || - cipher_suite->family != PSA_DH_FAMILY_RFC3526 || - cipher_suite->bits != 3072) { + if (psa_pake_cs_get_primitive(cipher_suite) != + PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_DH_FAMILY_RFC3526, SRP_FIELD_BITS) || + psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_CONFIRMED_KEY) { return PSA_ERROR_NOT_SUPPORTED; } - operation->hash_alg = cipher_suite->hash; - operation->hash_len = PSA_HASH_LENGTH(cipher_suite->hash); - operation->role = role; + operation->hash_alg = PSA_ALG_GET_HASH(psa_pake_cs_get_algorithm(cipher_suite)); + operation->hash_len = PSA_HASH_LENGTH(operation->hash_alg); - if (user_id_length > sizeof operation->user) return PSA_ERROR_NOT_SUPPORTED; - memcpy(operation->user, user_id, user_id_length); - operation->user_len = user_id_length; - - if (operation->role == PSA_PAKE_ROLE_CLIENT) { - // password hash - if (password_length != operation->hash_len) return PSA_ERROR_INVALID_ARGUMENT; - memcpy(operation->password, password, operation->hash_len); - } else { /* role == PSA_PAKE_ROLE_SERVER */ - // password verifier - if (password_length != SRP_FIELD_SIZE) return PSA_ERROR_INVALID_ARGUMENT; - memcpy(operation->password, password, SRP_FIELD_SIZE); - } + if (password_length != operation->hash_len && password_length != SRP_FIELD_SIZE) return PSA_ERROR_INVALID_ARGUMENT; + memcpy(operation->password, password, password_length); + operation->pw_len = (uint16_t)password_length; + + return PSA_SUCCESS; +} +psa_status_t oberon_srp_set_role( + oberon_srp_operation_t *operation, + psa_pake_role_t role) +{ + if (role == PSA_PAKE_ROLE_CLIENT) { + if (operation->pw_len != operation->hash_len) return PSA_ERROR_INVALID_ARGUMENT; + } else { + if (operation->pw_len != SRP_FIELD_SIZE) { + ocrypto_srp_client_public_key(operation->password, operation->password, operation->pw_len); + } + } + operation->role = role; return PSA_SUCCESS; } +psa_status_t oberon_srp_set_user( + oberon_srp_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ + size_t length; + + // store H(user) + return psa_driver_wrapper_hash_compute(operation->hash_alg, + user_id, user_id_len, + operation->user, sizeof operation->user, &length); +} + psa_status_t oberon_srp_output( oberon_srp_operation_t *operation, psa_pake_step_t step, @@ -330,7 +333,7 @@ psa_status_t oberon_srp_input( case PSA_PAKE_STEP_SALT: if (input_length > sizeof operation->salt) return PSA_ERROR_NOT_SUPPORTED; memcpy(operation->salt, input, input_length); - operation->salt_len = input_length; + operation->salt_len = (uint8_t)input_length; return PSA_SUCCESS; case PSA_PAKE_STEP_KEY_SHARE: return oberon_read_key_share( @@ -345,7 +348,7 @@ psa_status_t oberon_srp_input( } } -psa_status_t oberon_srp_get_implicit_key( +psa_status_t oberon_srp_get_shared_key( oberon_srp_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { @@ -361,3 +364,89 @@ psa_status_t oberon_srp_abort( (void)operation; return PSA_SUCCESS; } + + +// key management + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 +// constant-time big endian byte stream compare less than +static int less_than(const uint8_t *a, const uint8_t *b, size_t len) +{ + int i, c = 0; + for (i = len - 1; i >= 0; i--) { + c = (c + (int)a[i] - (int)b[i]) >> 8; + } + return c; +} +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 */ + +psa_status_t oberon_import_srp_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *key_bits) +{ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + case PSA_KEY_TYPE_SRP_KEY_PAIR(PSA_DH_FAMILY_RFC3526): + if (bits != SRP_FIELD_BITS) return PSA_ERROR_NOT_SUPPORTED; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + case PSA_KEY_TYPE_SRP_PUBLIC_KEY(PSA_DH_FAMILY_RFC3526): + if (data_length != SRP_FIELD_SIZE) return PSA_ERROR_NOT_SUPPORTED; + if (bits != 0 && (bits != SRP_FIELD_BITS)) return PSA_ERROR_INVALID_ARGUMENT; + // check key < P + if (!less_than(data, oberon_P3072, SRP_FIELD_SIZE)) return PSA_ERROR_INVALID_ARGUMENT; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 */ + + default: + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + // check key > 0 + if (oberon_ct_compare_zero(data, data_length) == 0) return PSA_ERROR_INVALID_ARGUMENT; + if (key_size < data_length) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(key, data, data_length); + *key_length = data_length; + *key_bits = SRP_FIELD_BITS; + return PSA_SUCCESS; +} + +psa_status_t oberon_export_srp_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length) +{ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_length > data_size) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(data, key, key_length); + *data_length = key_length; + return PSA_SUCCESS; + } + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + case PSA_KEY_TYPE_SRP_KEY_PAIR(PSA_DH_FAMILY_RFC3526): + if (bits != SRP_FIELD_BITS) return PSA_ERROR_NOT_SUPPORTED; + if (data_size < SRP_FIELD_SIZE) return PSA_ERROR_BUFFER_TOO_SMALL; + ocrypto_srp_client_public_key(data, key, key_length); // hash -> verifier + *data_length = SRP_FIELD_SIZE; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 */ + default: + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} diff --git a/ext/oberon/psa/drivers/oberon_srp.h b/ext/oberon/psa/drivers/oberon_srp.h index ec6eab47bcc3..eaf931bc18f0 100644 --- a/ext/oberon/psa/drivers/oberon_srp.h +++ b/ext/oberon/psa/drivers/oberon_srp.h @@ -32,22 +32,28 @@ typedef struct { uint8_t m1[PSA_HASH_MAX_SIZE]; uint8_t m2[PSA_HASH_MAX_SIZE]; uint8_t k[PSA_HASH_MAX_SIZE]; - uint8_t user[256]; - size_t user_len; + uint8_t user[PSA_HASH_MAX_SIZE]; uint8_t salt[64]; - size_t salt_len; + uint8_t salt_len; + uint16_t pw_len; psa_pake_role_t role; } oberon_srp_operation_t; psa_status_t oberon_srp_setup( oberon_srp_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_srp_set_role( + oberon_srp_operation_t *operation, psa_pake_role_t role); +psa_status_t oberon_srp_set_user( + oberon_srp_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + psa_status_t oberon_srp_output( oberon_srp_operation_t *operation, psa_pake_step_t step, @@ -58,7 +64,7 @@ psa_status_t oberon_srp_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_srp_get_implicit_key( +psa_status_t oberon_srp_get_shared_key( oberon_srp_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); @@ -66,6 +72,18 @@ psa_status_t oberon_srp_abort( oberon_srp_operation_t *operation); +psa_status_t oberon_import_srp_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *bits); + +psa_status_t oberon_export_srp_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length); + + #ifdef __cplusplus } #endif diff --git a/samples/crypto/ecjpake/src/main.c b/samples/crypto/ecjpake/src/main.c index 5ab7ae9dcf4d..8c026122427f 100644 --- a/samples/crypto/ecjpake/src/main.c +++ b/samples/crypto/ecjpake/src/main.c @@ -101,9 +101,9 @@ psa_status_t do_rounds(psa_pake_operation_t *server, psa_pake_operation_t *clien } psa_status_t pake_setup(psa_pake_operation_t *op, psa_pake_cipher_suite_t *cs, const char *user, - const char *peer, psa_key_id_t *password) + const char *peer, psa_key_id_t password) { - psa_status_t status = psa_pake_setup(op, cs); + psa_status_t status = psa_pake_setup(op, password, cs); if (status != PSA_SUCCESS) { LOG_INF("psa_pake_setup failed. (Error: %d)", status); @@ -122,30 +122,36 @@ psa_status_t pake_setup(psa_pake_operation_t *op, psa_pake_cipher_suite_t *cs, c return status; } - status = psa_pake_set_password_key(op, *password); - if (status != PSA_SUCCESS) { - LOG_INF("psa_pake_set_password_key failed. (Error: %d)", status); - return status; - } - return PSA_SUCCESS; } psa_status_t do_key_derivation(psa_pake_operation_t *op, uint8_t *key_buffer, size_t key_buffer_size) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_id_t key; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t kdf = PSA_KEY_DERIVATION_OPERATION_INIT; - psa_status_t status = psa_key_derivation_setup(&kdf, PSA_ALG_TLS12_ECJPAKE_TO_PMS); + psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_TLS12_ECJPAKE_TO_PMS); + status = psa_pake_get_shared_key(op, &attributes, &key); + if (status != PSA_SUCCESS) { + LOG_INF("psa_pake_get_shared_key failed. (Error: %d)", status); + return status; + } + + status = psa_key_derivation_setup(&kdf, PSA_ALG_TLS12_ECJPAKE_TO_PMS); if (status != PSA_SUCCESS) { LOG_INF("psa_key_derivation_setup failed. (Error: %d)", status); return status; } - status = psa_pake_get_implicit_key(op, &kdf); + status = psa_key_derivation_input_key(&kdf, PSA_KEY_DERIVATION_INPUT_SECRET, key); if (status != PSA_SUCCESS) { - LOG_INF("psa_pake_get_implicit_key failed. (Error: %d)", status); + LOG_INF("psa_key_derivation_input_key failed. (Error: %d)", status); psa_key_derivation_abort(&kdf); return status; } @@ -169,16 +175,14 @@ int main(void) } psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; - - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256)); - psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + psa_pake_cs_set_key_confirmation(&cipher_suite, PSA_PAKE_UNCONFIRMED_KEY); psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&key_attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&key_attributes, PSA_KEY_TYPE_PASSWORD); psa_key_id_t key; @@ -192,7 +196,7 @@ int main(void) /* Initialize PAKE operation object for the client.*/ psa_pake_operation_t client = PSA_PAKE_OPERATION_INIT; - status = pake_setup(&client, &cipher_suite, "client", "server", &key); + status = pake_setup(&client, &cipher_suite, "client", "server", key); if (status != PSA_SUCCESS) { goto error; } @@ -200,7 +204,7 @@ int main(void) /* Initialize PAKE operation object for the server. */ psa_pake_operation_t server = PSA_PAKE_OPERATION_INIT; - status = pake_setup(&server, &cipher_suite, "server", "client", &key); + status = pake_setup(&server, &cipher_suite, "server", "client", key); if (status != PSA_SUCCESS) { goto error; } diff --git a/subsys/nrf_security/cmake/psa_crypto_config.cmake b/subsys/nrf_security/cmake/psa_crypto_config.cmake index b7526e5cd8aa..5a2dc9652b9c 100644 --- a/subsys/nrf_security/cmake/psa_crypto_config.cmake +++ b/subsys/nrf_security/cmake/psa_crypto_config.cmake @@ -24,121 +24,139 @@ kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_ASYMMETRIC_SIGNATURE_DRIVER) # Convert nrf_oberon driver configurations -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_GCM_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AEAD_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ANY_RSA_KEY_SIZE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CBC_NO_PADDING_AES) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CBC_PKCS7_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECB_NO_PADDING_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_AES) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CIPHER_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECB_NO_PADDING_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_224) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_384) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_DETERMINISTIC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_RANDOMIZED) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_224) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_384) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_VERIFY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECJPAKE_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ED25519PH) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ED448PH) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_VERIFY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SIGN) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_DETERMINISTIC) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_RANDOMIZED) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_512) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE256_512) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_GCM_AES) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HASH_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_JPAKE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_DERIVATION_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_MAC_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_DERIVATION_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECJPAKE_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_JPAKE) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6_3072) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PAKE_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_CRYPT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_VERIFY) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1024) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1536) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_2048) @@ -146,19 +164,34 @@ kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_3072) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_4096) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_6144) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_8192) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ANY_RSA_KEY_SIZE) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PSS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_VERIFY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_SIGN) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_OAEP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_CRYPT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) -set(SPAKE2P_USE_VERSION_04 ${CONFIG_PSA_CRYPTO_SPAKE2P_USE_VERSION_04}) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PSS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE256_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_MATTER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_PASSWORD_HASH) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS) + # Convert NRF_RNG driver configuration kconfig_check_and_set_base_to_one(PSA_NEED_NRF_RNG_ENTROPY_DRIVER) diff --git a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake index 75e451a988f6..3938fb5165c3 100644 --- a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake +++ b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake @@ -7,137 +7,152 @@ # All PSA_WANT_ symbols in alphabetical order */ -kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_128) -kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_192) -kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_MAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_NO_PADDING) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_PKCS7) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CCM) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CCM_STAR_NO_TAG) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CFB) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CHACHA20_POLY1305) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CMAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CTR) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CTR_DRBG) -kconfig_check_and_set_base_int(PSA_WANT_ALG_DETERMINISTIC_ECDSA) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECB_NO_PADDING) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDSA) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDSA_ANY) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ED25519PH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ED448PH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_FFDH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_GCM) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF_EXPAND) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF_EXTRACT) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HMAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HMAC_DRBG) -kconfig_check_and_set_base_int(PSA_WANT_ALG_JPAKE) -kconfig_check_and_set_base_int(PSA_WANT_ALG_MD2) -kconfig_check_and_set_base_int(PSA_WANT_ALG_MD4) -kconfig_check_and_set_base_int(PSA_WANT_ALG_MD5) -kconfig_check_and_set_base_int(PSA_WANT_ALG_OFB) -kconfig_check_and_set_base_int(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) -kconfig_check_and_set_base_int(PSA_WANT_ALG_PBKDF2_HMAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_PURE_EDDSA) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RIPEMD160) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_OAEP) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PSS) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PSS_ANY_SALT) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_224) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_384) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_512) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHAKE256_512) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_1) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_224) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_384) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512_224) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SM3) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SPAKE2P) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SRP_6) -kconfig_check_and_set_base_int(PSA_WANT_ALG_STREAM_CIPHER) -kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) -kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_PRF) -kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_PSK_TO_MS) -kconfig_check_and_set_base_int(PSA_WANT_ALG_XTS) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_160) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_192) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_224) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_320) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -kconfig_check_and_set_base_int(PSA_WANT_ECC_FRP_V1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_MONTGOMERY_255) -kconfig_check_and_set_base_int(PSA_WANT_ECC_MONTGOMERY_448) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_192) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_224) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_192) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_224) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_384) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_521) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R2_160) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_163) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_233) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_239) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_283) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_409) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_571) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_163) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_233) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_283) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_409) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_571) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R2_163) -kconfig_check_and_set_base_int(PSA_WANT_ECC_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_int(PSA_WANT_ECC_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_int(PSA_WANT_GENERATE_RANDOM) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_AES) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ARC4) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ARIA) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_CAMELLIA) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_CHACHA20) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DERIVE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DES) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_HMAC) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PASSWORD) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PASSWORD_HASH) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PEPPER) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RAW_DATA) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_SM4) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_1024) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_1536) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_2048) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_3072) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_4096) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_6144) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_8192) +kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_128) +kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_192) +kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_MAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_NO_PADDING) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_PKCS7) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CCM) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CCM_STAR_NO_TAG) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CFB) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CHACHA20_POLY1305) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CTR) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CTR_DRBG) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECB_NO_PADDING) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDSA) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDSA_ANY) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ED25519PH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ED448PH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_FFDH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_GCM) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF_EXPAND) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF_EXTRACT) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HMAC_DRBG) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_JPAKE) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD2) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD4) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD5) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_OFB) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PBKDF2_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PURE_EDDSA) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RIPEMD160) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_OAEP) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PSS) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PSS_ANY_SALT) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHAKE256_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_1) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SM3) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P_CMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P_MATTER) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SRP_6) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SRP_PASSWORD_HASH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_STREAM_CIPHER) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_PRF) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_PSK_TO_MS) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_XTS) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_160) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_192) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_320) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_FRP_V1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_192) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_192) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R2_160) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_163) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_233) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_239) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_283) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_409) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_571) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_163) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_233) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_283) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_409) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_571) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R2_163) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_WANT_GENERATE_RANDOM) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_AES) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ARC4) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ARIA) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_CAMELLIA) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DES) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PASSWORD) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PASSWORD_HASH) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PEPPER) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RAW_DATA) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SM4) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_1024) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_1536) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_2048) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_3072) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_4096) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_6144) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_8192) kconfig_check_and_set_base_int(PSA_MAX_RSA_KEY_BITS) diff --git a/subsys/nrf_security/configs/psa_crypto_config.h.template b/subsys/nrf_security/configs/psa_crypto_config.h.template index 40d64ab84f9f..079eaffc993d 100644 --- a/subsys/nrf_security/configs/psa_crypto_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_config.h.template @@ -34,143 +34,173 @@ /* * nrf_oberon driver configurations */ -#cmakedefine PSA_NEED_OBERON_CCM_AES @PSA_NEED_OBERON_CCM_AES@ -#cmakedefine PSA_NEED_OBERON_GCM_AES @PSA_NEED_OBERON_GCM_AES@ -#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@ -#cmakedefine PSA_NEED_OBERON_AEAD_DRIVER @PSA_NEED_OBERON_AEAD_DRIVER@ -#cmakedefine PSA_NEED_OBERON_CTR_AES @PSA_NEED_OBERON_CTR_AES@ -#cmakedefine PSA_NEED_OBERON_CBC_NO_PADDING_AES @PSA_NEED_OBERON_CBC_NO_PADDING_AES@ -#cmakedefine PSA_NEED_OBERON_CBC_PKCS7_AES @PSA_NEED_OBERON_CBC_PKCS7_AES@ -#cmakedefine PSA_NEED_OBERON_ECB_NO_PADDING_AES @PSA_NEED_OBERON_ECB_NO_PADDING_AES@ -#cmakedefine PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES @PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES@ -#cmakedefine PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20 @PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20@ -#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_224 @PSA_NEED_OBERON_ECDH_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_256 @PSA_NEED_OBERON_ECDH_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_384 @PSA_NEED_OBERON_ECDH_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_521 @PSA_NEED_OBERON_ECDH_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_255 @PSA_NEED_OBERON_ECDH_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_448 @PSA_NEED_OBERON_ECDH_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_ECDH @PSA_NEED_OBERON_ECDH@ -#cmakedefine PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER @PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_224 @PSA_NEED_OBERON_ECDSA_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_256 @PSA_NEED_OBERON_ECDSA_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_384 @PSA_NEED_OBERON_ECDSA_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_521 @PSA_NEED_OBERON_ECDSA_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_ED25519PH @PSA_NEED_OBERON_ED25519PH@ -#cmakedefine PSA_NEED_OBERON_ED448PH @PSA_NEED_OBERON_ED448PH@ -#cmakedefine PSA_NEED_OBERON_ECDSA_VERIFY @PSA_NEED_OBERON_ECDSA_VERIFY@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SIGN @PSA_NEED_OBERON_ECDSA_SIGN@ -#cmakedefine PSA_NEED_OBERON_ECDSA_DETERMINISTIC @PSA_NEED_OBERON_ECDSA_DETERMINISTIC@ -#cmakedefine PSA_NEED_OBERON_ECDSA_RANDOMIZED @PSA_NEED_OBERON_ECDSA_RANDOMIZED@ -#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@ -#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@ -#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@ -#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@ -#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@ -#cmakedefine PSA_NEED_OBERON_SHA3_224 @PSA_NEED_OBERON_SHA3_224@ -#cmakedefine PSA_NEED_OBERON_SHA3_256 @PSA_NEED_OBERON_SHA3_256@ -#cmakedefine PSA_NEED_OBERON_SHA3_384 @PSA_NEED_OBERON_SHA3_384@ -#cmakedefine PSA_NEED_OBERON_SHA3_512 @PSA_NEED_OBERON_SHA3_512@ -#cmakedefine PSA_NEED_OBERON_SHA3 @PSA_NEED_OBERON_SHA3@ -#cmakedefine PSA_NEED_OBERON_SHAKE256_512 @PSA_NEED_OBERON_SHAKE256_512@ -#cmakedefine PSA_NEED_OBERON_SHAKE @PSA_NEED_OBERON_SHAKE@ -#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER @PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER@ -#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@ -#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@ -#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@ -#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@ -#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@ -#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@ -#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@ -#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@ -#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@ -#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@ -#cmakedefine PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS@ -#cmakedefine PSA_NEED_OBERON_KEY_DERIVATION_DRIVER @PSA_NEED_OBERON_KEY_DERIVATION_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 @PSA_NEED_OBERON_ECJPAKE_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_JPAKE @PSA_NEED_OBERON_JPAKE@ -#cmakedefine PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_SPAKE2P @PSA_NEED_OBERON_SPAKE2P@ -#cmakedefine PSA_NEED_OBERON_SRP_6_3072 @PSA_NEED_OBERON_SRP_6_3072@ -#cmakedefine PSA_NEED_OBERON_SRP_6 @PSA_NEED_OBERON_SRP_6@ -#cmakedefine PSA_NEED_OBERON_PAKE_DRIVER @PSA_NEED_OBERON_PAKE_DRIVER@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1024 @PSA_NEED_OBERON_RSA_KEY_SIZE_1024@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1536 @PSA_NEED_OBERON_RSA_KEY_SIZE_1536@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_2048 @PSA_NEED_OBERON_RSA_KEY_SIZE_2048@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_3072 @PSA_NEED_OBERON_RSA_KEY_SIZE_3072@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_4096 @PSA_NEED_OBERON_RSA_KEY_SIZE_4096@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_6144 @PSA_NEED_OBERON_RSA_KEY_SIZE_6144@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_8192 @PSA_NEED_OBERON_RSA_KEY_SIZE_8192@ -#cmakedefine PSA_NEED_OBERON_ANY_RSA_KEY_SIZE @PSA_NEED_OBERON_ANY_RSA_KEY_SIZE@ -#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@ -#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_SIGN @PSA_NEED_OBERON_RSA_PKCS1V15_SIGN@ -#cmakedefine PSA_NEED_OBERON_RSA_ANY_VERIFY @PSA_NEED_OBERON_RSA_ANY_VERIFY@ -#cmakedefine PSA_NEED_OBERON_RSA_ANY_SIGN @PSA_NEED_OBERON_RSA_ANY_SIGN@ -#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@ -#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@ -#cmakedefine PSA_NEED_OBERON_RSA_ANY_CRYPT @PSA_NEED_OBERON_RSA_ANY_CRYPT@ -#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER@ -#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@ -#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@ - -/* Use Matter compatible version of Spake2+ in Oberon code. */ -#cmakedefine SPAKE2P_USE_VERSION_04 @SPAKE2_USE_VERSION_04@ +#cmakedefine PSA_NEED_OBERON_AEAD_DRIVER @PSA_NEED_OBERON_AEAD_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ANY_RSA_KEY_SIZE @PSA_NEED_OBERON_ANY_RSA_KEY_SIZE@ +#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER@ +#cmakedefine PSA_NEED_OBERON_CBC_NO_PADDING_AES @PSA_NEED_OBERON_CBC_NO_PADDING_AES@ +#cmakedefine PSA_NEED_OBERON_CBC_PKCS7_AES @PSA_NEED_OBERON_CBC_PKCS7_AES@ +#cmakedefine PSA_NEED_OBERON_CCM_AES @PSA_NEED_OBERON_CCM_AES@ +#cmakedefine PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES @PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES@ +#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@ +#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@ +#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@ +#cmakedefine PSA_NEED_OBERON_CTR_AES @PSA_NEED_OBERON_CTR_AES@ +#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ECB_NO_PADDING_AES @PSA_NEED_OBERON_ECB_NO_PADDING_AES@ +#cmakedefine PSA_NEED_OBERON_ECDH @PSA_NEED_OBERON_ECDH@ +#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_255 @PSA_NEED_OBERON_ECDH_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_448 @PSA_NEED_OBERON_ECDH_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_224 @PSA_NEED_OBERON_ECDH_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_256 @PSA_NEED_OBERON_ECDH_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_384 @PSA_NEED_OBERON_ECDH_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_521 @PSA_NEED_OBERON_ECDH_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_ECDSA_DETERMINISTIC @PSA_NEED_OBERON_ECDSA_DETERMINISTIC@ +#cmakedefine PSA_NEED_OBERON_ECDSA_RANDOMIZED @PSA_NEED_OBERON_ECDSA_RANDOMIZED@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_224 @PSA_NEED_OBERON_ECDSA_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_256 @PSA_NEED_OBERON_ECDSA_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_384 @PSA_NEED_OBERON_ECDSA_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_521 @PSA_NEED_OBERON_ECDSA_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SIGN @PSA_NEED_OBERON_ECDSA_SIGN@ +#cmakedefine PSA_NEED_OBERON_ECDSA_VERIFY @PSA_NEED_OBERON_ECDSA_VERIFY@ +#cmakedefine PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 @PSA_NEED_OBERON_ECJPAKE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_ED25519PH @PSA_NEED_OBERON_ED25519PH@ +#cmakedefine PSA_NEED_OBERON_ED448PH @PSA_NEED_OBERON_ED448PH@ +#cmakedefine PSA_NEED_OBERON_GCM_AES @PSA_NEED_OBERON_GCM_AES@ +#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@ +#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@ +#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@ +#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@ +#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@ +#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@ +#cmakedefine PSA_NEED_OBERON_JPAKE @PSA_NEED_OBERON_JPAKE@ +#cmakedefine PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER @PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_DERIVATION_DRIVER @PSA_NEED_OBERON_KEY_DERIVATION_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER @PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 @PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072@ +#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@ +#cmakedefine PSA_NEED_OBERON_PAKE_DRIVER @PSA_NEED_OBERON_PAKE_DRIVER@ +#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@ +#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@ +#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_RSA_ANY_CRYPT @PSA_NEED_OBERON_RSA_ANY_CRYPT@ +#cmakedefine PSA_NEED_OBERON_RSA_ANY_SIGN @PSA_NEED_OBERON_RSA_ANY_SIGN@ +#cmakedefine PSA_NEED_OBERON_RSA_ANY_VERIFY @PSA_NEED_OBERON_RSA_ANY_VERIFY@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1024 @PSA_NEED_OBERON_RSA_KEY_SIZE_1024@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1536 @PSA_NEED_OBERON_RSA_KEY_SIZE_1536@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_2048 @PSA_NEED_OBERON_RSA_KEY_SIZE_2048@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_3072 @PSA_NEED_OBERON_RSA_KEY_SIZE_3072@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_4096 @PSA_NEED_OBERON_RSA_KEY_SIZE_4096@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_6144 @PSA_NEED_OBERON_RSA_KEY_SIZE_6144@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_8192 @PSA_NEED_OBERON_RSA_KEY_SIZE_8192@ +#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@ +#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@ +#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_SIGN @PSA_NEED_OBERON_RSA_PKCS1V15_SIGN@ +#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@ +#cmakedefine PSA_NEED_OBERON_SHA3 @PSA_NEED_OBERON_SHA3@ +#cmakedefine PSA_NEED_OBERON_SHA3_224 @PSA_NEED_OBERON_SHA3_224@ +#cmakedefine PSA_NEED_OBERON_SHA3_256 @PSA_NEED_OBERON_SHA3_256@ +#cmakedefine PSA_NEED_OBERON_SHA3_384 @PSA_NEED_OBERON_SHA3_384@ +#cmakedefine PSA_NEED_OBERON_SHA3_512 @PSA_NEED_OBERON_SHA3_512@ +#cmakedefine PSA_NEED_OBERON_SHAKE @PSA_NEED_OBERON_SHAKE@ +#cmakedefine PSA_NEED_OBERON_SHAKE256_512 @PSA_NEED_OBERON_SHAKE256_512@ +#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@ +#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@ +#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@ +#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@ +#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P @PSA_NEED_OBERON_SPAKE2P@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_MATTER @PSA_NEED_OBERON_SPAKE2P_MATTER@ +#cmakedefine PSA_NEED_OBERON_SRP_6 @PSA_NEED_OBERON_SRP_6@ +#cmakedefine PSA_NEED_OBERON_SRP_6_3072 @PSA_NEED_OBERON_SRP_6_3072@ +#cmakedefine PSA_NEED_OBERON_SRP_PASSWORD_HASH @PSA_NEED_OBERON_SRP_PASSWORD_HASH@ +#cmakedefine PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20 @PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20@ +#cmakedefine PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS@ +#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@ +#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@ #cmakedefine PSA_NEED_NRF_RNG_ENTROPY_DRIVER @PSA_NEED_NRF_RNG_ENTROPY_DRIVER@ diff --git a/subsys/nrf_security/configs/psa_crypto_want_config.h.template b/subsys/nrf_security/configs/psa_crypto_want_config.h.template index 9b0dcb7eb4f4..2e924ba9af25 100644 --- a/subsys/nrf_security/configs/psa_crypto_want_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_want_config.h.template @@ -16,138 +16,152 @@ /* * All PSA_WANT_ symbols in alphabetical order */ -#cmakedefine PSA_WANT_AES_KEY_SIZE_128 @PSA_WANT_AES_KEY_SIZE_128@ -#cmakedefine PSA_WANT_AES_KEY_SIZE_192 @PSA_WANT_AES_KEY_SIZE_192@ -#cmakedefine PSA_WANT_AES_KEY_SIZE_256 @PSA_WANT_AES_KEY_SIZE_256@ -#cmakedefine PSA_WANT_ALG_CBC_MAC @PSA_WANT_ALG_CBC_MAC@ -#cmakedefine PSA_WANT_ALG_CBC_NO_PADDING @PSA_WANT_ALG_CBC_NO_PADDING@ -#cmakedefine PSA_WANT_ALG_CBC_PKCS7 @PSA_WANT_ALG_CBC_PKCS7@ -#cmakedefine PSA_WANT_ALG_CCM @PSA_WANT_ALG_CCM@ -#cmakedefine PSA_WANT_ALG_CCM_STAR_NO_TAG @PSA_WANT_ALG_CCM_STAR_NO_TAG@ -#cmakedefine PSA_WANT_ALG_CFB @PSA_WANT_ALG_CFB@ -#cmakedefine PSA_WANT_ALG_CHACHA20_POLY1305 @PSA_WANT_ALG_CHACHA20_POLY1305@ -#cmakedefine PSA_WANT_ALG_CMAC @PSA_WANT_ALG_CMAC@ -#cmakedefine PSA_WANT_ALG_CTR @PSA_WANT_ALG_CTR@ -#cmakedefine PSA_WANT_ALG_CTR_DRBG @PSA_WANT_ALG_CTR_DRBG@ -#cmakedefine PSA_WANT_ALG_DETERMINISTIC_ECDSA @PSA_WANT_ALG_DETERMINISTIC_ECDSA@ -#cmakedefine PSA_WANT_ALG_ECB_NO_PADDING @PSA_WANT_ALG_ECB_NO_PADDING@ -#cmakedefine PSA_WANT_ALG_ECDH @PSA_WANT_ALG_ECDH@ -#cmakedefine PSA_WANT_ALG_ECDSA @PSA_WANT_ALG_ECDSA@ -#cmakedefine PSA_WANT_ALG_ECDSA_ANY @PSA_WANT_ALG_ECDSA_ANY@ -#cmakedefine PSA_WANT_ALG_ED25519PH @PSA_WANT_ALG_ED25519PH@ -#cmakedefine PSA_WANT_ALG_ED448PH @PSA_WANT_ALG_ED448PH@ -#cmakedefine PSA_WANT_ALG_FFDH @PSA_WANT_ALG_FFDH@ -#cmakedefine PSA_WANT_ALG_GCM @PSA_WANT_ALG_GCM@ -#cmakedefine PSA_WANT_ALG_HKDF @PSA_WANT_ALG_HKDF@ -#cmakedefine PSA_WANT_ALG_HKDF_EXPAND @PSA_WANT_ALG_HKDF_EXPAND@ -#cmakedefine PSA_WANT_ALG_HKDF_EXTRACT @PSA_WANT_ALG_HKDF_EXTRACT@ -#cmakedefine PSA_WANT_ALG_HMAC @PSA_WANT_ALG_HMAC@ -#cmakedefine PSA_WANT_ALG_HMAC_DRBG @PSA_WANT_ALG_HMAC_DRBG@ -#cmakedefine PSA_WANT_ALG_JPAKE @PSA_WANT_ALG_JPAKE@ -#cmakedefine PSA_WANT_ALG_MD2 @PSA_WANT_ALG_MD2@ -#cmakedefine PSA_WANT_ALG_MD4 @PSA_WANT_ALG_MD4@ -#cmakedefine PSA_WANT_ALG_MD5 @PSA_WANT_ALG_MD5@ -#cmakedefine PSA_WANT_ALG_OFB @PSA_WANT_ALG_OFB@ -#cmakedefine PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 @PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128@ -#cmakedefine PSA_WANT_ALG_PBKDF2_HMAC @PSA_WANT_ALG_PBKDF2_HMAC@ -#cmakedefine PSA_WANT_ALG_PURE_EDDSA @PSA_WANT_ALG_PURE_EDDSA@ -#cmakedefine PSA_WANT_ALG_RIPEMD160 @PSA_WANT_ALG_RIPEMD160@ -#cmakedefine PSA_WANT_ALG_RSA_OAEP @PSA_WANT_ALG_RSA_OAEP@ -#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_CRYPT @PSA_WANT_ALG_RSA_PKCS1V15_CRYPT@ -#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN @PSA_WANT_ALG_RSA_PKCS1V15_SIGN@ -#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW @PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW@ -#cmakedefine PSA_WANT_ALG_RSA_PSS @PSA_WANT_ALG_RSA_PSS@ -#cmakedefine PSA_WANT_ALG_RSA_PSS_ANY_SALT @PSA_WANT_ALG_RSA_PSS_ANY_SALT@ -#cmakedefine PSA_WANT_ALG_SHA3_224 @PSA_WANT_ALG_SHA3_224@ -#cmakedefine PSA_WANT_ALG_SHA3_256 @PSA_WANT_ALG_SHA3_256@ -#cmakedefine PSA_WANT_ALG_SHA3_384 @PSA_WANT_ALG_SHA3_384@ -#cmakedefine PSA_WANT_ALG_SHA3_512 @PSA_WANT_ALG_SHA3_512@ -#cmakedefine PSA_WANT_ALG_SHAKE256_512 @PSA_WANT_ALG_SHAKE256_512@ -#cmakedefine PSA_WANT_ALG_SHA_1 @PSA_WANT_ALG_SHA_1@ -#cmakedefine PSA_WANT_ALG_SHA_224 @PSA_WANT_ALG_SHA_224@ -#cmakedefine PSA_WANT_ALG_SHA_256 @PSA_WANT_ALG_SHA_256@ -#cmakedefine PSA_WANT_ALG_SHA_384 @PSA_WANT_ALG_SHA_384@ -#cmakedefine PSA_WANT_ALG_SHA_512 @PSA_WANT_ALG_SHA_512@ -#cmakedefine PSA_WANT_ALG_SHA_512_224 @PSA_WANT_ALG_SHA_512_224@ -#cmakedefine PSA_WANT_ALG_SHA_512_256 @PSA_WANT_ALG_SHA_512_256@ -#cmakedefine PSA_WANT_ALG_SM3 @PSA_WANT_ALG_SM3@ -#cmakedefine PSA_WANT_ALG_SPAKE2P @PSA_WANT_ALG_SPAKE2P@ -#cmakedefine PSA_WANT_ALG_SRP_6 @PSA_WANT_ALG_SRP_6@ -#cmakedefine PSA_WANT_ALG_STREAM_CIPHER @PSA_WANT_ALG_STREAM_CIPHER@ -#cmakedefine PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS @PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS@ -#cmakedefine PSA_WANT_ALG_TLS12_PRF @PSA_WANT_ALG_TLS12_PRF@ -#cmakedefine PSA_WANT_ALG_TLS12_PSK_TO_MS @PSA_WANT_ALG_TLS12_PSK_TO_MS@ -#cmakedefine PSA_WANT_ALG_XTS @PSA_WANT_ALG_XTS@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_160 @PSA_WANT_ECC_BRAINPOOL_P_R1_160@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_192 @PSA_WANT_ECC_BRAINPOOL_P_R1_192@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_224 @PSA_WANT_ECC_BRAINPOOL_P_R1_224@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_256 @PSA_WANT_ECC_BRAINPOOL_P_R1_256@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_320 @PSA_WANT_ECC_BRAINPOOL_P_R1_320@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_384 @PSA_WANT_ECC_BRAINPOOL_P_R1_384@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_512 @PSA_WANT_ECC_BRAINPOOL_P_R1_512@ -#cmakedefine PSA_WANT_ECC_FRP_V1_256 @PSA_WANT_ECC_FRP_V1_256@ -#cmakedefine PSA_WANT_ECC_MONTGOMERY_255 @PSA_WANT_ECC_MONTGOMERY_255@ -#cmakedefine PSA_WANT_ECC_MONTGOMERY_448 @PSA_WANT_ECC_MONTGOMERY_448@ -#cmakedefine PSA_WANT_ECC_SECP_K1_192 @PSA_WANT_ECC_SECP_K1_192@ -#cmakedefine PSA_WANT_ECC_SECP_K1_224 @PSA_WANT_ECC_SECP_K1_224@ -#cmakedefine PSA_WANT_ECC_SECP_K1_256 @PSA_WANT_ECC_SECP_K1_256@ -#cmakedefine PSA_WANT_ECC_SECP_R1_192 @PSA_WANT_ECC_SECP_R1_192@ -#cmakedefine PSA_WANT_ECC_SECP_R1_224 @PSA_WANT_ECC_SECP_R1_224@ -#cmakedefine PSA_WANT_ECC_SECP_R1_256 @PSA_WANT_ECC_SECP_R1_256@ -#cmakedefine PSA_WANT_ECC_SECP_R1_384 @PSA_WANT_ECC_SECP_R1_384@ -#cmakedefine PSA_WANT_ECC_SECP_R1_521 @PSA_WANT_ECC_SECP_R1_521@ -#cmakedefine PSA_WANT_ECC_SECP_R2_160 @PSA_WANT_ECC_SECP_R2_160@ -#cmakedefine PSA_WANT_ECC_SECT_K1_163 @PSA_WANT_ECC_SECT_K1_163@ -#cmakedefine PSA_WANT_ECC_SECT_K1_233 @PSA_WANT_ECC_SECT_K1_233@ -#cmakedefine PSA_WANT_ECC_SECT_K1_239 @PSA_WANT_ECC_SECT_K1_239@ -#cmakedefine PSA_WANT_ECC_SECT_K1_283 @PSA_WANT_ECC_SECT_K1_283@ -#cmakedefine PSA_WANT_ECC_SECT_K1_409 @PSA_WANT_ECC_SECT_K1_409@ -#cmakedefine PSA_WANT_ECC_SECT_K1_571 @PSA_WANT_ECC_SECT_K1_571@ -#cmakedefine PSA_WANT_ECC_SECT_R1_163 @PSA_WANT_ECC_SECT_R1_163@ -#cmakedefine PSA_WANT_ECC_SECT_R1_233 @PSA_WANT_ECC_SECT_R1_233@ -#cmakedefine PSA_WANT_ECC_SECT_R1_283 @PSA_WANT_ECC_SECT_R1_283@ -#cmakedefine PSA_WANT_ECC_SECT_R1_409 @PSA_WANT_ECC_SECT_R1_409@ -#cmakedefine PSA_WANT_ECC_SECT_R1_571 @PSA_WANT_ECC_SECT_R1_571@ -#cmakedefine PSA_WANT_ECC_SECT_R2_163 @PSA_WANT_ECC_SECT_R2_163@ -#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_255 @PSA_WANT_ECC_TWISTED_EDWARDS_255@ -#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_448 @PSA_WANT_ECC_TWISTED_EDWARDS_448@ -#cmakedefine PSA_WANT_GENERATE_RANDOM @PSA_WANT_GENERATE_RANDOM@ -#cmakedefine PSA_WANT_KEY_TYPE_AES @PSA_WANT_KEY_TYPE_AES@ -#cmakedefine PSA_WANT_KEY_TYPE_ARC4 @PSA_WANT_KEY_TYPE_ARC4@ -#cmakedefine PSA_WANT_KEY_TYPE_ARIA @PSA_WANT_KEY_TYPE_ARIA@ -#cmakedefine PSA_WANT_KEY_TYPE_CAMELLIA @PSA_WANT_KEY_TYPE_CAMELLIA@ -#cmakedefine PSA_WANT_KEY_TYPE_CHACHA20 @PSA_WANT_KEY_TYPE_CHACHA20@ -#cmakedefine PSA_WANT_KEY_TYPE_DERIVE @PSA_WANT_KEY_TYPE_DERIVE@ -#cmakedefine PSA_WANT_KEY_TYPE_DES @PSA_WANT_KEY_TYPE_DES@ -#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR @PSA_WANT_KEY_TYPE_DH_KEY_PAIR@ -#cmakedefine PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY @PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY @PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY@ -#cmakedefine PSA_WANT_KEY_TYPE_HMAC @PSA_WANT_KEY_TYPE_HMAC@ -#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD @PSA_WANT_KEY_TYPE_PASSWORD@ -#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD_HASH @PSA_WANT_KEY_TYPE_PASSWORD_HASH@ -#cmakedefine PSA_WANT_KEY_TYPE_PEPPER @PSA_WANT_KEY_TYPE_PEPPER@ -#cmakedefine PSA_WANT_KEY_TYPE_RAW_DATA @PSA_WANT_KEY_TYPE_RAW_DATA@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY@ -#cmakedefine PSA_WANT_KEY_TYPE_SM4 @PSA_WANT_KEY_TYPE_SM4@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_1024 @PSA_WANT_RSA_KEY_SIZE_1024@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_1536 @PSA_WANT_RSA_KEY_SIZE_1536@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_2048 @PSA_WANT_RSA_KEY_SIZE_2048@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_3072 @PSA_WANT_RSA_KEY_SIZE_3072@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_4096 @PSA_WANT_RSA_KEY_SIZE_4096@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_6144 @PSA_WANT_RSA_KEY_SIZE_6144@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_8192 @PSA_WANT_RSA_KEY_SIZE_8192@ -#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_AES_KEY_SIZE_128 @PSA_WANT_AES_KEY_SIZE_128@ +#cmakedefine PSA_WANT_AES_KEY_SIZE_192 @PSA_WANT_AES_KEY_SIZE_192@ +#cmakedefine PSA_WANT_AES_KEY_SIZE_256 @PSA_WANT_AES_KEY_SIZE_256@ +#cmakedefine PSA_WANT_ALG_CBC_MAC @PSA_WANT_ALG_CBC_MAC@ +#cmakedefine PSA_WANT_ALG_CBC_NO_PADDING @PSA_WANT_ALG_CBC_NO_PADDING@ +#cmakedefine PSA_WANT_ALG_CBC_PKCS7 @PSA_WANT_ALG_CBC_PKCS7@ +#cmakedefine PSA_WANT_ALG_CCM @PSA_WANT_ALG_CCM@ +#cmakedefine PSA_WANT_ALG_CCM_STAR_NO_TAG @PSA_WANT_ALG_CCM_STAR_NO_TAG@ +#cmakedefine PSA_WANT_ALG_CFB @PSA_WANT_ALG_CFB@ +#cmakedefine PSA_WANT_ALG_CHACHA20_POLY1305 @PSA_WANT_ALG_CHACHA20_POLY1305@ +#cmakedefine PSA_WANT_ALG_CMAC @PSA_WANT_ALG_CMAC@ +#cmakedefine PSA_WANT_ALG_CTR @PSA_WANT_ALG_CTR@ +#cmakedefine PSA_WANT_ALG_CTR_DRBG @PSA_WANT_ALG_CTR_DRBG@ +#cmakedefine PSA_WANT_ALG_DETERMINISTIC_ECDSA @PSA_WANT_ALG_DETERMINISTIC_ECDSA@ +#cmakedefine PSA_WANT_ALG_ECB_NO_PADDING @PSA_WANT_ALG_ECB_NO_PADDING@ +#cmakedefine PSA_WANT_ALG_ECDH @PSA_WANT_ALG_ECDH@ +#cmakedefine PSA_WANT_ALG_ECDSA @PSA_WANT_ALG_ECDSA@ +#cmakedefine PSA_WANT_ALG_ECDSA_ANY @PSA_WANT_ALG_ECDSA_ANY@ +#cmakedefine PSA_WANT_ALG_ED25519PH @PSA_WANT_ALG_ED25519PH@ +#cmakedefine PSA_WANT_ALG_ED448PH @PSA_WANT_ALG_ED448PH@ +#cmakedefine PSA_WANT_ALG_FFDH @PSA_WANT_ALG_FFDH@ +#cmakedefine PSA_WANT_ALG_GCM @PSA_WANT_ALG_GCM@ +#cmakedefine PSA_WANT_ALG_HKDF @PSA_WANT_ALG_HKDF@ +#cmakedefine PSA_WANT_ALG_HKDF_EXPAND @PSA_WANT_ALG_HKDF_EXPAND@ +#cmakedefine PSA_WANT_ALG_HKDF_EXTRACT @PSA_WANT_ALG_HKDF_EXTRACT@ +#cmakedefine PSA_WANT_ALG_HMAC @PSA_WANT_ALG_HMAC@ +#cmakedefine PSA_WANT_ALG_HMAC_DRBG @PSA_WANT_ALG_HMAC_DRBG@ +#cmakedefine PSA_WANT_ALG_JPAKE @PSA_WANT_ALG_JPAKE@ +#cmakedefine PSA_WANT_ALG_MD2 @PSA_WANT_ALG_MD2@ +#cmakedefine PSA_WANT_ALG_MD4 @PSA_WANT_ALG_MD4@ +#cmakedefine PSA_WANT_ALG_MD5 @PSA_WANT_ALG_MD5@ +#cmakedefine PSA_WANT_ALG_OFB @PSA_WANT_ALG_OFB@ +#cmakedefine PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 @PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128@ +#cmakedefine PSA_WANT_ALG_PBKDF2_HMAC @PSA_WANT_ALG_PBKDF2_HMAC@ +#cmakedefine PSA_WANT_ALG_PURE_EDDSA @PSA_WANT_ALG_PURE_EDDSA@ +#cmakedefine PSA_WANT_ALG_RIPEMD160 @PSA_WANT_ALG_RIPEMD160@ +#cmakedefine PSA_WANT_ALG_RSA_OAEP @PSA_WANT_ALG_RSA_OAEP@ +#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_CRYPT @PSA_WANT_ALG_RSA_PKCS1V15_CRYPT@ +#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN @PSA_WANT_ALG_RSA_PKCS1V15_SIGN@ +#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW @PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW@ +#cmakedefine PSA_WANT_ALG_RSA_PSS @PSA_WANT_ALG_RSA_PSS@ +#cmakedefine PSA_WANT_ALG_RSA_PSS_ANY_SALT @PSA_WANT_ALG_RSA_PSS_ANY_SALT@ +#cmakedefine PSA_WANT_ALG_SHA3_224 @PSA_WANT_ALG_SHA3_224@ +#cmakedefine PSA_WANT_ALG_SHA3_256 @PSA_WANT_ALG_SHA3_256@ +#cmakedefine PSA_WANT_ALG_SHA3_384 @PSA_WANT_ALG_SHA3_384@ +#cmakedefine PSA_WANT_ALG_SHA3_512 @PSA_WANT_ALG_SHA3_512@ +#cmakedefine PSA_WANT_ALG_SHAKE256_512 @PSA_WANT_ALG_SHAKE256_512@ +#cmakedefine PSA_WANT_ALG_SHA_1 @PSA_WANT_ALG_SHA_1@ +#cmakedefine PSA_WANT_ALG_SHA_224 @PSA_WANT_ALG_SHA_224@ +#cmakedefine PSA_WANT_ALG_SHA_256 @PSA_WANT_ALG_SHA_256@ +#cmakedefine PSA_WANT_ALG_SHA_384 @PSA_WANT_ALG_SHA_384@ +#cmakedefine PSA_WANT_ALG_SHA_512 @PSA_WANT_ALG_SHA_512@ +#cmakedefine PSA_WANT_ALG_SHA_512_224 @PSA_WANT_ALG_SHA_512_224@ +#cmakedefine PSA_WANT_ALG_SHA_512_256 @PSA_WANT_ALG_SHA_512_256@ +#cmakedefine PSA_WANT_ALG_SM3 @PSA_WANT_ALG_SM3@ +#cmakedefine PSA_WANT_ALG_SPAKE2P_CMAC @PSA_WANT_ALG_SPAKE2P_CMAC@ +#cmakedefine PSA_WANT_ALG_SPAKE2P_HMAC @PSA_WANT_ALG_SPAKE2P_HMAC@ +#cmakedefine PSA_WANT_ALG_SPAKE2P_MATTER @PSA_WANT_ALG_SPAKE2P_MATTER@ +#cmakedefine PSA_WANT_ALG_SRP_6 @PSA_WANT_ALG_SRP_6@ +#cmakedefine PSA_WANT_ALG_SRP_PASSWORD_HASH @PSA_WANT_ALG_SRP_PASSWORD_HASH@ +#cmakedefine PSA_WANT_ALG_STREAM_CIPHER @PSA_WANT_ALG_STREAM_CIPHER@ +#cmakedefine PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS @PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS@ +#cmakedefine PSA_WANT_ALG_TLS12_PRF @PSA_WANT_ALG_TLS12_PRF@ +#cmakedefine PSA_WANT_ALG_TLS12_PSK_TO_MS @PSA_WANT_ALG_TLS12_PSK_TO_MS@ +#cmakedefine PSA_WANT_ALG_XTS @PSA_WANT_ALG_XTS@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_160 @PSA_WANT_ECC_BRAINPOOL_P_R1_160@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_192 @PSA_WANT_ECC_BRAINPOOL_P_R1_192@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_224 @PSA_WANT_ECC_BRAINPOOL_P_R1_224@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_256 @PSA_WANT_ECC_BRAINPOOL_P_R1_256@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_320 @PSA_WANT_ECC_BRAINPOOL_P_R1_320@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_384 @PSA_WANT_ECC_BRAINPOOL_P_R1_384@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_512 @PSA_WANT_ECC_BRAINPOOL_P_R1_512@ +#cmakedefine PSA_WANT_ECC_FRP_V1_256 @PSA_WANT_ECC_FRP_V1_256@ +#cmakedefine PSA_WANT_ECC_MONTGOMERY_255 @PSA_WANT_ECC_MONTGOMERY_255@ +#cmakedefine PSA_WANT_ECC_MONTGOMERY_448 @PSA_WANT_ECC_MONTGOMERY_448@ +#cmakedefine PSA_WANT_ECC_SECP_K1_192 @PSA_WANT_ECC_SECP_K1_192@ +#cmakedefine PSA_WANT_ECC_SECP_K1_224 @PSA_WANT_ECC_SECP_K1_224@ +#cmakedefine PSA_WANT_ECC_SECP_K1_256 @PSA_WANT_ECC_SECP_K1_256@ +#cmakedefine PSA_WANT_ECC_SECP_R1_192 @PSA_WANT_ECC_SECP_R1_192@ +#cmakedefine PSA_WANT_ECC_SECP_R1_224 @PSA_WANT_ECC_SECP_R1_224@ +#cmakedefine PSA_WANT_ECC_SECP_R1_256 @PSA_WANT_ECC_SECP_R1_256@ +#cmakedefine PSA_WANT_ECC_SECP_R1_384 @PSA_WANT_ECC_SECP_R1_384@ +#cmakedefine PSA_WANT_ECC_SECP_R1_521 @PSA_WANT_ECC_SECP_R1_521@ +#cmakedefine PSA_WANT_ECC_SECP_R2_160 @PSA_WANT_ECC_SECP_R2_160@ +#cmakedefine PSA_WANT_ECC_SECT_K1_163 @PSA_WANT_ECC_SECT_K1_163@ +#cmakedefine PSA_WANT_ECC_SECT_K1_233 @PSA_WANT_ECC_SECT_K1_233@ +#cmakedefine PSA_WANT_ECC_SECT_K1_239 @PSA_WANT_ECC_SECT_K1_239@ +#cmakedefine PSA_WANT_ECC_SECT_K1_283 @PSA_WANT_ECC_SECT_K1_283@ +#cmakedefine PSA_WANT_ECC_SECT_K1_409 @PSA_WANT_ECC_SECT_K1_409@ +#cmakedefine PSA_WANT_ECC_SECT_K1_571 @PSA_WANT_ECC_SECT_K1_571@ +#cmakedefine PSA_WANT_ECC_SECT_R1_163 @PSA_WANT_ECC_SECT_R1_163@ +#cmakedefine PSA_WANT_ECC_SECT_R1_233 @PSA_WANT_ECC_SECT_R1_233@ +#cmakedefine PSA_WANT_ECC_SECT_R1_283 @PSA_WANT_ECC_SECT_R1_283@ +#cmakedefine PSA_WANT_ECC_SECT_R1_409 @PSA_WANT_ECC_SECT_R1_409@ +#cmakedefine PSA_WANT_ECC_SECT_R1_571 @PSA_WANT_ECC_SECT_R1_571@ +#cmakedefine PSA_WANT_ECC_SECT_R2_163 @PSA_WANT_ECC_SECT_R2_163@ +#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_255 @PSA_WANT_ECC_TWISTED_EDWARDS_255@ +#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_448 @PSA_WANT_ECC_TWISTED_EDWARDS_448@ +#cmakedefine PSA_WANT_GENERATE_RANDOM @PSA_WANT_GENERATE_RANDOM@ +#cmakedefine PSA_WANT_KEY_TYPE_AES @PSA_WANT_KEY_TYPE_AES@ +#cmakedefine PSA_WANT_KEY_TYPE_ARC4 @PSA_WANT_KEY_TYPE_ARC4@ +#cmakedefine PSA_WANT_KEY_TYPE_ARIA @PSA_WANT_KEY_TYPE_ARIA@ +#cmakedefine PSA_WANT_KEY_TYPE_CAMELLIA @PSA_WANT_KEY_TYPE_CAMELLIA@ +#cmakedefine PSA_WANT_KEY_TYPE_CHACHA20 @PSA_WANT_KEY_TYPE_CHACHA20@ +#cmakedefine PSA_WANT_KEY_TYPE_DERIVE @PSA_WANT_KEY_TYPE_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_DES @PSA_WANT_KEY_TYPE_DES@ +#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR @PSA_WANT_KEY_TYPE_DH_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY @PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY @PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_HMAC @PSA_WANT_KEY_TYPE_HMAC@ +#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD @PSA_WANT_KEY_TYPE_PASSWORD@ +#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD_HASH @PSA_WANT_KEY_TYPE_PASSWORD_HASH@ +#cmakedefine PSA_WANT_KEY_TYPE_PEPPER @PSA_WANT_KEY_TYPE_PEPPER@ +#cmakedefine PSA_WANT_KEY_TYPE_RAW_DATA @PSA_WANT_KEY_TYPE_RAW_DATA@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_SM4 @PSA_WANT_KEY_TYPE_SM4@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY @PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY @PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_1024 @PSA_WANT_RSA_KEY_SIZE_1024@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_1536 @PSA_WANT_RSA_KEY_SIZE_1536@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_2048 @PSA_WANT_RSA_KEY_SIZE_2048@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_3072 @PSA_WANT_RSA_KEY_SIZE_3072@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_4096 @PSA_WANT_RSA_KEY_SIZE_4096@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_6144 @PSA_WANT_RSA_KEY_SIZE_6144@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_8192 @PSA_WANT_RSA_KEY_SIZE_8192@ /* The Adjusting is done in this file */ #define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H diff --git a/subsys/nrf_security/src/drivers/Kconfig b/subsys/nrf_security/src/drivers/Kconfig index 84ed98cebd35..544a358f34f5 100644 --- a/subsys/nrf_security/src/drivers/Kconfig +++ b/subsys/nrf_security/src/drivers/Kconfig @@ -204,13 +204,6 @@ config PSA_MAX_RSA_KEY_BITS endmenu -# Temporary configuration of SPAKE2+ version -config PSA_CRYPTO_SPAKE2P_USE_VERSION_04 - bool - prompt "Use SPAKE2P Version 04" - depends on PSA_CRYPTO_DRIVER_OBERON - depends on PSA_WANT_ALG_SPAKE2P - rsource "Kconfig.psa_accel" rsource "nrf_cc3xx/Kconfig" diff --git a/subsys/nrf_security/src/drivers/Kconfig.psa_accel b/subsys/nrf_security/src/drivers/Kconfig.psa_accel index 1cab025141b7..d1a19d88d470 100644 --- a/subsys/nrf_security/src/drivers/Kconfig.psa_accel +++ b/subsys/nrf_security/src/drivers/Kconfig.psa_accel @@ -1,9 +1,4 @@ -# -# Copyright (c) 2023-2024 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - +# from menuconfig even when show-all mode is enabled # This invisible menu helps hiding these not user selectable options # from menuconfig even when show-all mode is enabled menu "PSA ACCEL - invisible" @@ -427,10 +422,10 @@ config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_384 config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_512 bool -config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 bool -config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 bool config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_192 @@ -454,6 +449,9 @@ config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 bool +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + bool + config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_163 bool @@ -487,6 +485,12 @@ config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_409 config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_571 bool +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 + bool + +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + bool + config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_160 bool @@ -892,6 +896,27 @@ config PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT config PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY bool +config PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + bool + +config PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + bool + +config PSA_ACCEL_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + bool + config PSA_ACCEL_MD5 bool @@ -1582,19 +1607,37 @@ config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_384 config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_512 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_1 +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_1 + bool + +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_224 + bool + +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_256 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_224 +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_384 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_256 +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_512 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_384 +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_1 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_512 +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_224 + bool + +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_256 + bool + +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_384 + bool + +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_512 + bool + +config PSA_ACCEL_SPAKE2P_MATTER bool config PSA_ACCEL_SRP_6_3072_SHA_1 @@ -1612,6 +1655,9 @@ config PSA_ACCEL_SRP_6_3072_SHA_384 config PSA_ACCEL_SRP_6_3072_SHA_512 bool +config PSA_ACCEL_SRP_PASSWORD_HASH + bool + config PSA_ACCEL_STREAM_CIPHER_CHACHA20 bool diff --git a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig index 0ca282424db0..2032fae76c96 100644 --- a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig +++ b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig @@ -377,6 +377,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 depends on PSA_WANT_ECC_SECP_R1_224 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_224 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 + # SECP_R1_256 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 bool @@ -402,6 +408,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 depends on PSA_WANT_ECC_SECP_R1_256 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 + # SECP_R1_384 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 bool @@ -427,6 +439,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 depends on PSA_WANT_ECC_SECP_R1_384 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_384 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 + # SECP_R1_521 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 bool @@ -452,6 +470,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 depends on PSA_WANT_ECC_SECP_R1_521 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_521 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + # MONTGOMERY_255 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 bool @@ -477,6 +501,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 depends on PSA_WANT_ECC_MONTGOMERY_255 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 + bool + default y + depends on PSA_WANT_ECC_MONTGOMERY_255 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 + # MONTGOMERY_448 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 bool @@ -502,6 +532,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 depends on PSA_WANT_ECC_MONTGOMERY_448 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 + bool + default y + depends on PSA_WANT_ECC_MONTGOMERY_448 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 + # TWISTED_EDWARDS_255 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 bool @@ -527,6 +563,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 + bool + default y + depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 + # TWISTED_EDWARDS_448 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 bool @@ -552,6 +594,53 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 depends on PSA_WANT_ECC_TWISTED_EDWARDS_448 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + bool + default y + depends on PSA_WANT_ECC_TWISTED_EDWARDS_448 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + +#SPAKE2P +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + +# SRP6 +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + bool + default y + depends on PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + bool + default y + depends on PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + bool + default y + depends on PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + # Key management grouping configs # SECP config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @@ -586,6 +675,14 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + # MONTGOMERY config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY bool @@ -611,6 +708,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 + # TWISTED_EDWARDS config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS bool @@ -636,6 +739,49 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + +# SPAKE2P +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + +# SRP6 +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + # Combined ECC keys config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY bool @@ -665,6 +811,34 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS + +# SPAKE2P +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP + # RSA key types config PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY bool @@ -706,12 +880,20 @@ config PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT config PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER bool default y - depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY || \ - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT || \ - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT || \ - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE || \ - PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY || \ - PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT || \ + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE || \ + PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE || \ + PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT || \ PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT # Oberon MAC Driver @@ -806,6 +988,11 @@ config PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS default y depends on PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS && !PSA_ACCEL_TLS12_ECJPAKE_TO_PMS +config PSA_NEED_OBERON_SRP_PASSWORD_HASH + bool + default y + depends on PSA_WANT_ALG_SRP_PASSWORD_HASH && !PSA_ACCEL_SRP_PASSWORD_HASH + config PSA_NEED_OBERON_KEY_DERIVATION_DRIVER bool default y @@ -816,6 +1003,7 @@ config PSA_NEED_OBERON_KEY_DERIVATION_DRIVER PSA_NEED_OBERON_TLS12_PSK_TO_MS || \ PSA_NEED_OBERON_PBKDF2_HMAC || \ PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 || \ + PSA_NEED_OBERON_SRP_PASSWORD_HASH || \ PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @@ -836,20 +1024,38 @@ config PSA_NEED_OBERON_JPAKE default y depends on PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 -config PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 +config PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 + bool + default y + depends on PSA_WANT_ALG_SPAKE2P_HMAC + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_512) + +config PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 + bool + default y + depends on PSA_WANT_ALG_SPAKE2P_CMAC + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_512) + +config PSA_NEED_OBERON_SPAKE2P_MATTER bool default y - depends on PSA_WANT_ALG_SPAKE2P - depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_1) || \ - (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_224) || \ - (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_256) || \ - (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_384) || \ - (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_512) + depends on PSA_WANT_ALG_SPAKE2P_MATTER + depends on (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_MATTER) config PSA_NEED_OBERON_SPAKE2P bool default y - depends on PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 + depends on PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 || \ + PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 || \ + PSA_NEED_OBERON_SPAKE2P_MATTER config PSA_NEED_OBERON_SRP_6_3072 bool diff --git a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c index cf618c16307b..2d5debedc012 100644 --- a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c +++ b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c @@ -624,6 +624,33 @@ psa_status_t psa_driver_wrapper_copy_key(psa_key_attributes_t *attributes, return status; } +psa_status_t psa_driver_wrapper_derive_key(const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length) +{ + switch (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime)) { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Add cases for transparent drivers here */ +#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER + return oberon_derive_key(attributes, input, input_length, key_buffer, + key_buffer_size, key_buffer_length); +#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER */ + break; + + /* Add cases for opaque drivers here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)input; + (void)input_length; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; + } + return PSA_ERROR_INVALID_ARGUMENT; +} + /* * Cipher functions */ @@ -1920,29 +1947,100 @@ psa_status_t psa_driver_wrapper_key_agreement(const psa_key_attributes_t *attrib * These APIs are not standardized and should be considered experimental. */ psa_status_t psa_driver_wrapper_pake_setup(psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { psa_status_t status; + switch (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime)) { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Add cases for transparent drivers here */ #ifdef PSA_NEED_OBERON_PAKE_DRIVER - status = oberon_pake_setup(&operation->ctx.oberon_pake_ctx, cipher_suite, attributes, - password, password_length, user_id, user_id_length, peer_id, - peer_id_length, role); - if (status == PSA_SUCCESS) { - operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; + status = oberon_pake_setup(&operation->ctx.oberon_pake_ctx, attributes, password, + password_length, cipher_suite); + if (status == PSA_SUCCESS) { + operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; + } + return status; +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + return PSA_ERROR_NOT_SUPPORTED; + + /* Add cases for opaque driver here */ + + default: + (void)status; + (void)operation; + (void)password; + (void)password_length; + (void)cipher_suite; + return PSA_ERROR_INVALID_ARGUMENT; } - return status; +} + +psa_status_t psa_driver_wrapper_pake_set_role(psa_pake_operation_t *operation, psa_pake_role_t role) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_role(&operation->ctx.oberon_pake_ctx, role); #endif /* PSA_NEED_OBERON_PAKE_DRIVER */ - (void)status; - (void)operation; - (void)cipher_suite; - return PSA_ERROR_NOT_SUPPORTED; + default: + (void)role; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t psa_driver_wrapper_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_length) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_user(&operation->ctx.oberon_pake_ctx, user_id, + user_id_length); +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + + default: + (void)user_id; + (void)user_id_length; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t psa_driver_wrapper_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_length) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_peer(&operation->ctx.oberon_pake_ctx, peer_id, + peer_id_length); +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + + default: + (void)peer_id; + (void)peer_id_length; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t psa_driver_wrapper_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, size_t context_length) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_context(&operation->ctx.oberon_pake_ctx, context, + context_length); +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + + default: + (void)context; + (void)context_length; + return PSA_ERROR_BAD_STATE; + } } psa_status_t psa_driver_wrapper_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, @@ -1983,21 +2081,23 @@ psa_status_t psa_driver_wrapper_pake_input(psa_pake_operation_t *operation, psa_ } } -psa_status_t psa_driver_wrapper_pake_get_implicit_key(psa_pake_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length) +psa_status_t psa_driver_wrapper_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length) { switch (operation->id) { #ifdef PSA_NEED_OBERON_PAKE_DRIVER case PSA_CRYPTO_OBERON_DRIVER_ID: - return oberon_pake_get_implicit_key(&operation->ctx.oberon_pake_ctx, output, - output_size, output_length); + return oberon_pake_get_shared_key(&operation->ctx.oberon_pake_ctx, attributes, + key_buffer, key_buffer_size, key_buffer_length); #endif /* PSA_NEED_OBERON_PAKE_DRIVER */ default: - (void)output; - (void)output_size; - (void)output_length; + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; return PSA_ERROR_BAD_STATE; } } diff --git a/west.yml b/west.yml index e734ab5d71bc..aff9ca22ea6b 100644 --- a/west.yml +++ b/west.yml @@ -61,7 +61,7 @@ manifest: # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html - name: zephyr repo-path: sdk-zephyr - revision: ab0d6af736b634de495b9e599f46ccfa272b85bb + revision: 0a1854bb2c1eba17490d1c82ba1f749a5745fc1e import: # In addition to the zephyr repository itself, NCS also # imports the contents of zephyr/west.yml at the above @@ -138,7 +138,7 @@ manifest: - name: mbedtls path: modules/crypto/mbedtls repo-path: sdk-mbedtls - revision: 31eb94eca87e4b65e5b1ce662126de2dbfd4f314 + revision: 4625a6097993a0bae01f809aacd48ee2c9cb1d0b - name: nrfxlib repo-path: sdk-nrfxlib path: nrfxlib @@ -154,7 +154,7 @@ manifest: - name: matter repo-path: sdk-connectedhomeip path: modules/lib/matter - revision: b745cdf7098a417de5e24bd2256d983f8377af12 + revision: efdae04affa42dc81d51f6473fc0e148115e90b3 submodules: - name: nlio path: third_party/nlio/repo