From 67f629e589989a9a967e94c1445c269a3fd67947 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Wed, 21 Feb 2024 17:32:08 +0100 Subject: [PATCH 1/6] ext: oberon: Bring Oberon PSA core v1.2.1.1 Bring Oberon PSA core version 1.2.1.1 which includes the new standardized PAKE APIs. Signed-off-by: Georgios Vasilakis Signed-off-by: Markus Swarowsky --- .../psa/crypto_adjust_config_key_pair_types.h | 22 + .../psa/core/include/psa/crypto_extra.h | 766 +++++++++++------- .../psa/core/include/psa/crypto_sizes.h | 64 +- .../psa/core/include/psa/crypto_struct.h | 28 +- .../psa/core/include/psa/crypto_types.h | 4 - .../psa/core/include/psa/crypto_values.h | 31 +- ext/oberon/psa/core/library/psa_crypto.c | 597 ++++++++------ .../core/library/psa_crypto_driver_wrappers.h | 31 +- ext/oberon/psa/drivers/oberon_ec_keys.c | 118 ++- ext/oberon/psa/drivers/oberon_ec_keys.h | 5 + ext/oberon/psa/drivers/oberon_jpake.c | 67 +- ext/oberon/psa/drivers/oberon_jpake.h | 16 +- .../psa/drivers/oberon_key_derivation.c | 95 ++- .../psa/drivers/oberon_key_derivation.h | 1 + .../psa/drivers/oberon_key_management.c | 70 +- .../psa/drivers/oberon_key_management.h | 5 + ext/oberon/psa/drivers/oberon_pake.c | 222 +++-- ext/oberon/psa/drivers/oberon_pake.h | 24 +- ext/oberon/psa/drivers/oberon_spake2p.c | 401 ++++++--- ext/oberon/psa/drivers/oberon_spake2p.h | 49 +- ext/oberon/psa/drivers/oberon_srp.c | 177 +++- ext/oberon/psa/drivers/oberon_srp.h | 32 +- 22 files changed, 1942 insertions(+), 883 deletions(-) diff --git a/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h b/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h index 68a812e1bb14..ff8ea21b344f 100644 --- a/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h +++ b/ext/oberon/psa/core/include/psa/crypto_adjust_config_key_pair_types.h @@ -56,6 +56,20 @@ #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT) || \ + defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT) || \ + defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_GENERATE) || \ + defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) +#define PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC 1 +#endif + +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT) || \ + defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT) || \ + defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_GENERATE) || \ + defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE) +#define PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC 1 +#endif + /***************************************************************** * BASIC -> corresponding PUBLIC ****************************************************************/ @@ -72,4 +86,12 @@ #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY 1 +#endif + +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY 1 +#endif + #endif /* PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H */ diff --git a/ext/oberon/psa/core/include/psa/crypto_extra.h b/ext/oberon/psa/core/include/psa/crypto_extra.h index 1ce52f976475..3c6ae192e97b 100644 --- a/ext/oberon/psa/core/include/psa/crypto_extra.h +++ b/ext/oberon/psa/core/include/psa/crypto_extra.h @@ -427,11 +427,6 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) -/** PAKE operation stages. */ -#define PSA_PAKE_OPERATION_STAGE_SETUP 0 -#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 -#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 - /** * \brief Set domain parameters for a key. * @@ -770,6 +765,108 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * @{ */ +#define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE ((psa_key_type_t) 0x7400) +#define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4400) +#define PSA_KEY_TYPE_SPAKE2P_CURVE_MASK ((psa_key_type_t) 0x00ff) + + /** SPAKE2+ key pair. Both the prover and verifier key. + * + * The size of a SPAKE2+ key is the size associated with the elliptic curve + * group. See the documentation of each elliptic curve family for details. + * To construct a SPAKE2+ key pair, it must be output from a key derivation + * operation. + * The corresponding public key can be exported using psa_export_public_key(). + * See also #PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(). + * + * \param curve A value of type psa_ecc_family_t that identifies the elliptic + * curve family to be used. + */ +#define PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(curve) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE | (curve))) + + /** SPAKE2+ public key. The verifier key. + * + * The size of an SPAKE2+ public key is the same as the corresponding private + * key. See #PSA_KEY_TYPE_SPAKE2P_KEY_PAIR() and the documentation of each + * elliptic curve family for details. + * To construct a SPAKE2+ public key, it must be imported. + * + * \param curve A value of type psa_ecc_family_t that identifies the elliptic + * curve family to be used. + */ +#define PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(curve) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE | (curve))) + + /** Whether a key type is a SPAKE2+ key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_SPAKE2P(type) \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE) + /** Whether a key type is a SPAKE2+ key pair. */ +#define PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type) \ + (((type) & ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_KEY_PAIR_BASE) + /** Whether a key type is a SPAKE2+ public key. */ +#define PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(type) \ + (((type) & ~PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) == \ + PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY_BASE) + /** Extract the curve from a SPAKE2+ key type. */ +#define PSA_KEY_TYPE_SPAKE2P_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_SPAKE2P(type) ? \ + ((type) & PSA_KEY_TYPE_SPAKE2P_CURVE_MASK) : \ + 0)) + +#define PSA_KEY_TYPE_SRP_KEY_PAIR_BASE ((psa_key_type_t) 0x7700) +#define PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE ((psa_key_type_t) 0x4700) +#define PSA_KEY_TYPE_SRP_GROUP_MASK ((psa_key_type_t) 0x00ff) + + /** SRP key pair. Both the client and server key. + * + * The size of a SRP key is the size associated with the Diffie-Hellman + * group. See the documentation of each Diffie-Hellman group for details. + * To construct a SRP key pair, the password hash must be imported. + * The corresponding public key (password verifier) can be exported using + * psa_export_public_key(). See also #PSA_KEY_TYPE_SRP_PUBLIC_KEY(). + * + * \param group A value of type ::psa_dh_family_t that identifies the + * Diffie-Hellman group to be used. + */ +#define PSA_KEY_TYPE_SRP_KEY_PAIR(group) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SRP_KEY_PAIR_BASE | (group))) + + /** SRP public key. The server key (password verifier). + * + * The size of an SRP public key is the same as the corresponding private + * key. See #PSA_KEY_TYPE_SRP_KEY_PAIR() and the documentation of each + * Diffie-Hellman group for details. + * To construct a SRP public key, it must be imported. The key size + * in attributes must not be zero. + * + * \param group A value of type ::psa_dh_family_t that identifies the + * Diffie-Hellman group to be used. + */ +#define PSA_KEY_TYPE_SRP_PUBLIC_KEY(group) \ + ((psa_key_type_t) (PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE | (group))) + + /** Whether a key type is a SRP key (pair or public-only). */ +#define PSA_KEY_TYPE_IS_SRP(type) \ + ((PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(type) & \ + ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE) + /** Whether a key type is a SRP key pair. */ +#define PSA_KEY_TYPE_IS_SRP_KEY_PAIR(type) \ + (((type) & ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_KEY_PAIR_BASE) + /** Whether a key type is a SRP public key. */ +#define PSA_KEY_TYPE_IS_SRP_PUBLIC_KEY(type) \ + (((type) & ~PSA_KEY_TYPE_SRP_GROUP_MASK) == \ + PSA_KEY_TYPE_SRP_PUBLIC_KEY_BASE) + /** Extract the curve from a SRP key type. */ +#define PSA_KEY_TYPE_SRP_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_SRP(type) ? \ + ((type) & PSA_KEY_TYPE_SRP_GROUP_MASK) : \ + 0)) + #define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t) 0x0a000000) /** Whether the specified algorithm is a password-authenticated key exchange. @@ -798,10 +895,9 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * in any order: * * \code - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE(hash)); * psa_pake_cs_set_primitive(cipher_suite, * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); * \endcode * * For more information on how to set a specific curve or field, refer to the @@ -810,10 +906,9 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * After initializing a J-PAKE operation, call * * \code - * psa_pake_setup(operation, cipher_suite); + * psa_pake_setup(operation, key, cipher_suite); * psa_pake_set_user(operation, ...); * psa_pake_set_peer(operation, ...); - * psa_pake_set_password_key(operation, ...); * \endcode * * The password is provided as a key. This can be the password text itself, @@ -824,8 +919,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here * \c q is order of the group defined by the primitive set in the cipher suite. - * The \c psa_pake_set_password_key() function returns an error if the result - * of the reduction is 0.) + * The \c psa_pake_setup() function returns an error if the result of the + * reduction is 0.) * * The key exchange flow for J-PAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call @@ -881,7 +976,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * -# To access the shared secret call * \code * // Get Ka=Kb=K - * psa_pake_get_implicit_key() + * psa_pake_get_shared_key() * \endcode * * For more information consult the documentation of the individual @@ -899,86 +994,125 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * of RFC 8236 for two examples. * */ -#define PSA_ALG_JPAKE ((psa_algorithm_t) 0x0a000100) +#define PSA_ALG_JPAKE_BASE ((psa_algorithm_t) 0x0a000100) +#define PSA_ALG_JPAKE(hash_alg) (PSA_ALG_JPAKE_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_JPAKE(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_JPAKE_BASE) /** The SPAKE2+ algorithm. * - * This is SPAKE2+ as defined by draft-bar-cfrg-spake2plus-08, instantiated - * with the following parameters: + * SPAKE2+ is the augmented password-authenticated key exchange protocol, + * defined by RFC9383. SPAKE2+ includes confirmation of the shared secret + * key that results from the key exchange. + * SPAKE2+ is required by Matter Specification, Version 1.2, as MATTER_PAKE. + * Matter uses an earlier draft of the SPAKE2+ protocol: "SPAKE2+, an + * Augmented PAKE (Draft 02)". + * Although the operation of the PAKE is similar for both of these variants, + * they have different key schedules for the derivation of the shared secret. + * + * When setting up a PAKE cipher suite to use the SPAKE2+ protocol defined + * in RFC9383: + * - For cipher-suites that use HMAC for key confirmation, use the + * PSA_ALG_SPAKE2P_HMAC() algorithm, parameterized by the required hash + * algorithm. + * - For cipher-suites that use CMAC-AES-128 for key confirmation, use the + * PSA_ALG_SPAKE2P_CMAC() algorithm, parameterized by the required hash + * algorithm. + * - Use a PAKE primitive for the required elliptic curve. + * + * For example, the following code creates a cipher suite to select SPAKE2+ + * using edwards25519 with the SHA-256 hash function: * - * - The group can be either an elliptic curve or defined over a finite field. - * - A cryptographic hash function. + * \code + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SPAKE2P_HMAC(PSA_ALG_SHA_256)); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_TWISTED_EDWARDS, 255)); + * \endcode * - * To select these parameters and set up the cipher suite, call these functions - * in any order: + * When setting up a PAKE cipher suite to use the SPAKE2+ protocol used by + * Matter: + * - Use the PSA_ALG_SPAKE2P_MATTER algorithm. + * - Use the PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_SECP_R1, 256) + * PAKE primitive. + * + * The following code creates a cipher suite to select the Matter variant of + * SPAKE2+: * * \code - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SPAKE2P); - * psa_pake_cs_set_primitive(cipher_suite, - * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_SPAKE2P_MATTER); + * psa_pake_cs_set_primitive(&cipher_suite, + * PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, + * PSA_ECC_FAMILY_SECP_R1, 256)); * \endcode * - * For more information on how to set a specific curve or field, refer to the - * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - * * After initializing a SPAKE2+ operation, call * * \code - * psa_pake_setup(operation, cipher_suite); + * psa_pake_setup(operation, password, cipher_suite); * psa_pake_set_role(operation, ...); - * psa_pake_set_user(operation, ...); - * psa_pake_set_peer(operation, ...); - * psa_pake_set_password_key(operation, ...); * \endcode * + * The password provided to the client side must be of type + * #PSA_KEY_TYPE_SPAKE2P_KEY_PAIR. + * The password provided to the server side must be of type + * #PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY. + * * The role set by \c psa_pake_set_role() must be either * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER. * - * The password provided to the client side consists of the concatenation - * of the two password hash values w0 and w1. - * The password provided to the server side consists of the concatenation - * of the password hash w0 and the registration record value L. + * Then provide any additional, optional parameters: + * + * \code + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * psa_pake_set_context(operation, ...); + * \endcode + * * * The key exchange flow for a SPAKE2+ client is as follows: * \code - * // get context (optional) - * psa_pake_input(operation, PSA_PAKE_STEP_CONTEXT, ...); * // send shareP * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // receive shareV * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // receive confirmP + * // receive confirmV * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); - * // send confirmV + * // send confirmP * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // get K_shared - * psa_pake_get_implicit_key(operation, ...); + * psa_pake_get_shared_key(operation, ...); * \endcode * * The key exchange flow for a SPAKE2+ server is as follows: * \code - * // get context (optional) - * psa_pake_input(operation, PSA_PAKE_STEP_CONTEXT, ...); * // receive shareP * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // send shareV * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // send confirmP + * // send confirmV * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); - * // receive confirmV + * // receive confirmP * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // get K_shared - * psa_pake_get_implicit_key(operation, ...); + * psa_pake_get_shared_key(operation, ...); * \endcode * - * For more information consult the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. + * The shared secret that is produced by SPAKE2+ is pseudorandom. Although + * it can be used directly as an encryption key, it is recommended to use + * the shared secret as an input to a key derivation operation to produce + * additional cryptographic keys. */ -#define PSA_ALG_SPAKE2P ((psa_algorithm_t) 0x0a000200) +#define PSA_ALG_IS_SPAKE2P_HMAC_BASE ((psa_algorithm_t) 0x0a000400) +#define PSA_ALG_SPAKE2P_HMAC(hash_alg) (PSA_ALG_IS_SPAKE2P_HMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_SPAKE2P_CMAC_BASE ((psa_algorithm_t) 0x0a000500) +#define PSA_ALG_SPAKE2P_CMAC(hash_alg) (PSA_ALG_IS_SPAKE2P_CMAC_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_SPAKE2P_MATTER ((psa_algorithm_t) 0x0A000609) +#define PSA_ALG_IS_SPAKE2P(alg) (((alg) & ~0x000003ff) == PSA_ALG_IS_SPAKE2P_HMAC_BASE) +#define PSA_ALG_IS_SPAKE2P_HMAC(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_IS_SPAKE2P_HMAC_BASE) +#define PSA_ALG_IS_SPAKE2P_CMAC(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_IS_SPAKE2P_CMAC_BASE) /** The Secure Remote Passwort key exchange (SRP) algorithm. * @@ -988,30 +1122,30 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * - The group is defined over a finite field using a secure prime. * - A cryptographic hash function. * - * To select these parameters and set up the cipher suite, call these functions - * in any order: + * To select these parameters and set up the cipher suite, call these functions: * * \code - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); - * psa_pake_cs_set_primitive(cipher_suite, + * psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_SRP_6(hash)); + * psa_pake_cs_set_primitive(&cipher_suite, * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); * \endcode * - * For more information on how to set a specific curve or field, refer to the - * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - * - * After initializing a SRP operation, call + * After initializing a SRP operation, call: * * \code - * psa_pake_setup(operation, cipher_suite); - * psa_pake_set_role(operation, ...); // PSA_PAKE_ROLE_CLIENT or PSA_PAKE_ROLE_SERVER + * psa_pake_setup(operation, password, cipher_suite); + * psa_pake_set_role(operation, ...); * psa_pake_set_user(operation, ...); - * psa_pake_set_password_key(operation, ...); * \endcode * - * The password provided to the client side consists of the password hash h. - * The password provided to the server side consists of the password verifier. + * The password provided to the client side must be of type + * #PSA_KEY_TYPE_SRP_KEY_PAIR. + * The password provided to the server side must be of type + * #PSA_KEY_TYPE_SRP_PUBLIC_KEY. + * + * The role set by \c psa_pake_set_role() must be either + * \c PSA_PAKE_ROLE_CLIENT or \c PSA_PAKE_ROLE_SERVER. * * For the SRP client key exchange call the following functions in any order: * \code @@ -1040,7 +1174,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * // receive M2 * psa_pake_output(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // Get secret - * psa_pake_get_implicit_key() + * psa_pake_get_shared_key() * \endcode * * For the server proof phase call the following functions in this order: @@ -1050,16 +1184,17 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * // send M2 * psa_pake_input(operation, #PSA_PAKE_STEP_CONFIRM, ...); * // Get secret - * psa_pake_get_implicit_key() + * psa_pake_get_shared_key() * \endcode * - * For more information consult the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. + * The shared secret that is produced by SRP is pseudorandom. Although + * it can be used directly as an encryption key, it is recommended to use + * the shared secret as an input to a key derivation operation to produce + * additional cryptographic keys. */ -#define PSA_ALG_SRP_6 ((psa_algorithm_t) 0x0a000300) +#define PSA_ALG_SRP_6_BASE ((psa_algorithm_t) 0x0a000300) +#define PSA_ALG_SRP_6(hash_alg) (PSA_ALG_SRP_6_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) +#define PSA_ALG_IS_SRP_6(alg) (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SRP_6_BASE) /** @} */ @@ -1117,8 +1252,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * specific elliptic curve, using the same mapping that is used for ECC * (::psa_ecc_family_t) keys. * - * (Here \c family means the value returned by psa_pake_cs_get_family() and - * \c bits means the value returned by psa_pake_cs_get_bits().) + * (Here \c family means the value returned by PSA_PAKE_PRIMITIVE_GET_FAMILY() and + * \c bits means the value returned by PSA_PAKE_PRIMITIVE_GET_BITS().) * * Input and output during the operation can involve group elements and scalar * values: @@ -1137,8 +1272,8 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * a specific Diffie-Hellman group, using the same mapping that is used for * Diffie-Hellman (::psa_dh_family_t) keys. * - * (Here \c family means the value returned by psa_pake_cs_get_family() and - * \c bits means the value returned by psa_pake_cs_get_bits().) + * (Here \c family means the value returned by PSA_PAKE_PRIMITIVE_GET_FAMILY() and + * \c bits means the value returned by PSA_PAKE_PRIMITIVE_GET_BITS().) * * Input and output during the operation can involve group elements and scalar * values: @@ -1171,11 +1306,41 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * ::psa_pake_primitive_t. */ #define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ - ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ - ((psa_pake_primitive_t) (((pake_type) << 24 | \ - (pake_family) << 16) | (pake_bits))) + (((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ + ((psa_pake_primitive_t) (((pake_type) << 24 | \ + (pake_family) << 16) | (pake_bits)))) + +#define PSA_PAKE_PRIMITIVE_GET_BITS(pake_primitive) \ + ((size_t)(pake_primitive & 0xFFFF)) -/** The key share being sent to or received from the peer. +#define PSA_PAKE_PRIMITIVE_GET_FAMILY(pake_primitive) \ + ((psa_pake_family_t)((pake_primitive >> 16) & 0xFF)) + +#define PSA_PAKE_PRIMITIVE_GET_TYPE(pake_primitive) \ + ((psa_pake_primitive_type_t)((pake_primitive >> 24) & 0xFF)) + +/** A key confirmation value that indicates a confirmed key in a PAKE cipher + * suite. + * + * This key confirmation value will result in the PAKE algorithm exchanging + * data to verify that the shared key is identical for both parties. This is + * the default key confirmation value in an initialized PAKE cipher suite + * object. + * Some algorithms do not include confirmation of the shared key. + */ +#define PSA_PAKE_CONFIRMED_KEY 0 + +/** A key confirmation value that indicates an unconfirmed key in a PAKE cipher + * suite. + * + * This key confirmation value will result in the PAKE algorithm terminating + * prior to confirming that the resulting shared key is identical for both + * parties. + * Some algorithms do not support returning an unconfirmed shared key. + */ +#define PSA_PAKE_UNCONFIRMED_KEY 1 + + /** The key share being sent to or received from the peer. * * The format for both input and output at this step is the same as for public * keys on the group determined by the primitive (::psa_pake_primitive_t) would @@ -1229,11 +1394,14 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( /** The key confirmation value. * - * For PSA_ALG_SPAKE2P, the format for both input and output at this step is - * the same as the output of the MAC algorithm used. + * This value is used during the key confirmation phase of a PAKE protocol. + * The format of the value depends on the algorithm and cipher suite: + * + * For SPAKE2+ algorithms, the format for both input and output at this step is + * the same as the output of the MAC algorithm specified in the cipher suite. * * For PSA_ALG_SRP_6, the format for both input and output at this step is - * the same as the output of the Hash algorithm used. + * the same as the output of the Hash algorithm specified. */ #define PSA_PAKE_STEP_CONFIRM ((psa_pake_step_t)0x04) @@ -1243,12 +1411,6 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( */ #define PSA_PAKE_STEP_SALT ((psa_pake_step_t)0x05) -/** The context information. - * - * The format for this input step is plain binary data. - */ -#define PSA_PAKE_STEP_CONTEXT ((psa_pake_step_t)0x06) - /** Retrieve the PAKE algorithm from a PAKE cipher suite. * * \param[in] cipher_suite The cipher suite structure to query. @@ -1294,54 +1456,6 @@ static psa_pake_primitive_t psa_pake_cs_get_primitive( static void psa_pake_cs_set_primitive(psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive); -/** Retrieve the PAKE family from a PAKE cipher suite. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The PAKE family stored in the cipher suite structure. - */ -static psa_pake_family_t psa_pake_cs_get_family( - const psa_pake_cipher_suite_t *cipher_suite); - -/** Retrieve the PAKE primitive bit-size from a PAKE cipher suite. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The PAKE primitive bit-size stored in the cipher suite structure. - */ -static uint16_t psa_pake_cs_get_bits( - const psa_pake_cipher_suite_t *cipher_suite); - -/** Retrieve the hash algorithm from a PAKE cipher suite. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The hash algorithm stored in the cipher suite structure. The return - * value is 0 if the PAKE is not parametrised by a hash algorithm or if - * the hash algorithm is not set. - */ -static psa_algorithm_t psa_pake_cs_get_hash( - const psa_pake_cipher_suite_t *cipher_suite); - -/** Declare the hash algorithm for a PAKE cipher suite. - * - * This function overwrites any hash algorithm - * previously set in \p cipher_suite. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param hash The hash involved in the cipher suite. - * (`PSA_ALG_XXX` values of type ::psa_algorithm_t - * such that #PSA_ALG_IS_HASH(\c alg) is true.) - * If this is 0, the hash algorithm in - * \p cipher_suite becomes unspecified. - */ -static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, - psa_algorithm_t hash); - /** The type of the state data structure for PAKE operations. * * Before calling any function on a PAKE operation object, the application @@ -1385,7 +1499,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Initialize the operation object with one of the methods described in the * documentation for #psa_pake_operation_t, e.g. * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify the cipher suite. + * -# Call psa_pake_setup() to specify the password key and the cipher suite. * -# Call \c psa_pake_set_xxx() functions on the operation to complete the * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs * to be called depends on the algorithm in use. @@ -1402,7 +1516,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * the key share that was received from the peer. * -# Depending on the algorithm additional calls to psa_pake_output() and * psa_pake_input() might be necessary. - * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * -# Call psa_pake_get_shared_key() for accessing the shared secret. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) @@ -1417,27 +1531,40 @@ static psa_pake_operation_t psa_pake_operation_init(void); * eventually terminate the operation. The following events terminate an * operation: * - A call to psa_pake_abort(). - * - A successful call to psa_pake_get_implicit_key(). + * - A successful call to psa_pake_get_shared_key(). * * \param[in,out] operation The operation object to set up. It must have * been initialized but not set up yet. + * \param[in] password_key Identifier of the key holding the password or + * a value derived from the password. It must + * remain valid until the operation terminates. + * The valid key types depend on the PAKE algorithm, + * and participant role. * \param[in] cipher_suite The cipher suite to use. (A cipher suite fully * characterizes a PAKE algorithm and determines * the algorithm as well.) * * \retval #PSA_SUCCESS * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p password_key is not a valid key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not + * permit the \p operation's algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The algorithm in \p cipher_suite is not a PAKE algorithm, or the - * PAKE primitive in \p cipher_suite is not compatible with the - * PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid - * or not compatible with the PAKE algorithm and primitive. + * The algorithm in \p cipher_suite is not a PAKE algorithm or encodes + * an invalid hash algorithm, or the PAKE primitive in \p cipher_suite + * is not compatible with the PAKE algorithm, or the key confirmation + * value in \p cipher_suite is not compatible with the PAKE algorithm + * and primitive, or the \p password_key is not compatible with + * \p cipher_suite. * \retval #PSA_ERROR_NOT_SUPPORTED * The algorithm in \p cipher_suite is not a supported PAKE algorithm, * or the PAKE primitive in \p cipher_suite is not supported or not - * compatible with the PAKE algorithm, or the hash algorithm in - * \p cipher_suite is not supported or not compatible with the PAKE - * algorithm and primitive. + * compatible with the PAKE algorithm, or the key confirmation value + * in \p cipher_suite is not supported or not compatible with the PAKE + * algorithm and primitive, or the key type or key size of + * \p password_key is not supported with \p cipher_suite. * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE @@ -1447,55 +1574,49 @@ static psa_pake_operation_t psa_pake_operation_init(void); * results in this error code. */ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password_key, const psa_pake_cipher_suite_t *cipher_suite); -/** Set the password for a password-authenticated key exchange from key ID. - * - * Call this function when the password, or a value derived from the password, - * is already present in the key store. - * - * \param[in,out] operation The operation object to set the password for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the password hasn't - * been set yet (psa_pake_set_password_key() - * hasn't been called yet). - * \param password Identifier of the key holding the password or a - * value derived from the password (eg. by a - * memory-hard function). It must remain valid - * until the operation terminates. It must be of - * type #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow - * the usage #PSA_KEY_USAGE_DERIVE. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \p password is not a valid key identifier. - * \retval #PSA_ERROR_NOT_PERMITTED - * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not - * permit the \p operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with - * the \p operation's cipher suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key type or key size of \p password is not supported with the - * \p operation's cipher suite. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription - * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription - * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription - * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription - * \retval #PSA_ERROR_DATA_INVALID \emptydescription - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.), or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); +/** Set the application role for a password-authenticated key exchange. +* +* Not all PAKE algorithms need to differentiate the communicating entities. +* It is optional to call this function for PAKEs that don't require a role +* to be specified. For such PAKEs the application role parameter is ignored, +* or #PSA_PAKE_ROLE_NONE can be passed as \c role. +* +* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` +* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) +* for more information. +* +* \param[in,out] operation The operation object to specify the +* application's role for. It must have been set up +* by psa_pake_setup() and not yet in use (neither +* psa_pake_output() nor psa_pake_input() has been +* called yet). It must be an operation for which +* the application's role hasn't been specified +* (psa_pake_set_role() hasn't been called yet). +* \param role A value of type ::psa_pake_role_t indicating the +* application's role in the PAKE algorithm +* that is being set up. For more information see +* the documentation of \c PSA_PAKE_ROLE_XXX +* constants. +* +* \retval #PSA_SUCCESS +* Success. +* \retval #PSA_ERROR_INVALID_ARGUMENT +* The \p role is not a valid PAKE role in the \p operation’s algorithm. +* \retval #PSA_ERROR_NOT_SUPPORTED +* The \p role for this algorithm is not supported or is not valid. +* \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription +* \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription +* \retval #PSA_ERROR_BAD_STATE +* The operation state is not valid, or +* the library has not been previously initialized by psa_crypto_init(). +* It is implementation-dependent whether a failure to initialize +* results in this error code. +*/ +psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, + psa_pake_role_t role); /** Set the user ID for a password-authenticated key exchange. * @@ -1580,46 +1701,43 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len); -/** Set the application role for a password-authenticated key exchange. +/** Set the context data for a password-authenticated key exchange. * - * Not all PAKE algorithms need to differentiate the communicating entities. - * It is optional to call this function for PAKEs that don't require a role - * to be specified. For such PAKEs the application role parameter is ignored, - * or #PSA_PAKE_ROLE_NONE can be passed as \c role. + * Call this function for PAKE algorithms that accept additional context data + * as part of the protocol setup. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * - * \param[in,out] operation The operation object to specify the - * application's role for. It must have been set up - * by psa_pake_setup() and not yet in use (neither - * psa_pake_output() nor psa_pake_input() has been - * called yet). It must be an operation for which - * the application's role hasn't been specified - * (psa_pake_set_role() hasn't been called yet). - * \param role A value of type ::psa_pake_role_t indicating the - * application's role in the PAKE algorithm - * that is being set up. For more information see - * the documentation of \c PSA_PAKE_ROLE_XXX - * constants. + * \param[in,out] operation The operation object to set the context for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the context hasn't + * been set (psa_pake_set_context() hasn't been + * called yet). + * \param[in] context The context. + * \param context_len Size of the \p context buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT - * The \p role is not a valid PAKE role in the \p operation’s algorithm. + * The \p context is not valid for the operation’s algorithm and cipher suite. * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p role for this algorithm is not supported or is not valid. + * The \p context is not supported by the implementation. * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). + * Calling psa_pake_set_context() is invalid with the \p operation's + * algorithm, the operation state is not valid, or the library has not + * been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, - psa_pake_role_t role); +psa_status_t psa_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, + size_t context_len); /** Get output for a step of a password-authenticated key exchange. * @@ -1636,8 +1754,8 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, * state and must be aborted by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param step The step of the algorithm for which the output is - * requested. + * \param step The step of the algorithm for which the output + * is requested. * \param[out] output Buffer where the output is to be written in the * format appropriate for this \p step. Refer to * the documentation of the individual @@ -1671,8 +1789,8 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps), or - * the library has not been previously initialized by psa_crypto_init(). + * for ordering of input and output steps), or the library has not + * been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1710,10 +1828,12 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step. * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p step is not compatible with the operation's algorithm, or * \p input_length is not compatible with the \p operation’s algorithm, * or the \p input is not valid for the \p operation's algorithm, * cipher suite or \p step. * \retval #PSA_ERROR_NOT_SUPPORTED + * \p step is not supported with the operation's algorithm, or * \p step p is not supported with the \p operation's algorithm, or the * \p input is not supported for the \p operation's algorithm, cipher * suite or \p step. @@ -1726,8 +1846,8 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps), or - * the library has not been previously initialized by psa_crypto_init(). + * for ordering of input and output steps), or the library has not + * been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -1736,47 +1856,82 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, const uint8_t *input, size_t input_length); -/** Get implicitly confirmed shared secret from a PAKE. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party it claims to be and was able to do so. +/** Get shared secret from a PAKE. * - * That is, the authentication is only implicit. Since the peer is not - * authenticated yet, no action should be taken yet that assumes that the peer - * is who it claims to be. For example, do not access restricted files on the - * peer's behalf until an explicit authentication has succeeded. + * This is the final call in a PAKE operation, which retrieves the shared + * secret as a key. It is recommended that this key is used as an input to a + * key derivation operation to produce additional cryptographic keys. For + * some PAKE algorithms, the shared secret is also suitable for use as a key + * in cryptographic operations such as encryption. Refer to the documentation + * of individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. * - * This function can be called after the key exchange phase of the operation - * has completed. It imports the shared secret output of the PAKE into the - * provided derivation operation. The input step - * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key - * material in the key derivation operation. + * Depending on the key confirmation requested in the cipher suite, + * psa_pake_get_shared_key() must be called either before or after the + * key-confirmation output and input steps for the PAKE algorithm. The key + * confirmation affects the guarantees that can be made about the shared key: + * + * Unconfirmed key + * If the cipher suite used to set up the operation requested an unconfirmed + * key, the application must call psa_pake_get_shared_key() after the + * key-exchange output and input steps are completed. The PAKE algorithm + * provides a cryptographic guarantee that only a peer who used the same + * password, and identity inputs, is able to compute the same key. However, + * there is no guarantee that the peer is the participant it claims to be, + * and was able to compute the same key. + * Since the peer is not authenticated, no action should be taken that assumes + * that the peer is who it claims to be. For example, do not access restricted + * files on the peer’s behalf until an explicit authentication has succeeded. + * Note: + * Some PAKE algorithms do not enable the output of the shared secret until it + * has been confirmed. + * + * Confirmed key + * If the cipher suite used to set up the operation requested a confirmed key, + * the application must call psa_pake_get_shared_key() after the key-exchange + * and key-confirmation output and input steps are completed. + * Following key confirmation, the PAKE algorithm provides a cryptographic + * guarantee that the peer used the same password and identity inputs, and has + * computed the identical shared secret key. + * Since the peer is not authenticated, no action should be taken that assumes + * that the peer is who it claims to be. For example, do not access restricted + * files on the peer’s behalf until an explicit authentication has succeeded. + * Note: + * Some PAKE algorithms do not include any key-confirmation steps. * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. + * exchange depends on the algorithm in use. * * When this function returns successfully, \p operation becomes inactive. * If this function returns an error status, both \p operation - * and \c key_derivation operations enter an error state and must be aborted by - * calling psa_pake_abort() and psa_key_derivation_abort() respectively. + * and \c key_derivation operations enter an error state and must be aborted + * by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param[out] output A key derivation operation that is ready - * for an input step of type - * #PSA_KEY_DERIVATION_INPUT_SECRET. + * \param[in] attributes The attributes for the new key. + * \param[out] key On success, an identifier for the newly created + * key. #PSA_KEY_ID_NULL on failure. * * \retval #PSA_SUCCESS * Success. + * \retval #PSA_ERROR_NOT_PERMITTED + * The implementation does not permit creating a key with the + * specified attributes due to some implementation-specific policy. + * \retval #PSA_ERROR_ALREADY_EXISTS + * This is an attempt to create a persistent key, and there is + * already a persistent key with the given identifier. * \retval #PSA_ERROR_INVALID_ARGUMENT - * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the - * algorithm in the \p output key derivation operation. + * The key type is not valid for output from this operation’s + * algorithm, or the key size is nonzero, or the key lifetime is + * invalid, the key identifier is not valid for the key lifetime, + * or the key usage flags include invalid values, or the key’s + * permitted-usage algorithm is invalid, or the key attributes, + * as a whole, are invalid. * \retval #PSA_ERROR_NOT_SUPPORTED - * Input from a PAKE is not supported by the algorithm in the \p output - * key derivation operation. + * The key attributes, as a whole, are not supported for creation + * from a PAKE secret, either by the implementation in general or + * in the specified storage location. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription @@ -1784,18 +1939,15 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE - * The PAKE operation state is not valid (it must be active, but beyond - * that validity is specific to the algorithm), or - * the library has not been previously initialized by psa_crypto_init(), - * or the state of \p output is not valid for - * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the - * step is out of order or the application has done this step already - * and it may not be repeated. + * The PAKE operation state is not valid (it must be ready to return + * the shared secret), or the library has not been previously + * initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output); +psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key); /** Abort a PAKE operation. * @@ -1807,7 +1959,7 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * object has been initialized as described in #psa_pake_operation_t. * * In particular, calling psa_pake_abort() after the operation has been - * terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key() + * terminated by a call to psa_pake_abort() or psa_pake_get_shared_key() * is safe and has no effect. * * \param[in,out] operation The operation to abort. @@ -1846,15 +1998,19 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * return 0. */ #define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) \ - (alg == PSA_ALG_JPAKE && \ - primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \ - PSA_ECC_FAMILY_SECP_R1, 256) ? \ - ( \ - output_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \ - output_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \ - 32 \ - ) : \ - 0) + (output_step == PSA_PAKE_STEP_KEY_SHARE ? \ + PSA_PAKE_PRIMITIVE_GET_TYPE(primitive) == PSA_PAKE_PRIMITIVE_TYPE_DH ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_ZK_PUBLIC ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_ZK_PROOF ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + output_step == PSA_PAKE_STEP_CONFIRM ? \ + PSA_ALG_IS_SPAKE2P_CMAC(alg) ? \ + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) : \ + PSA_HASH_LENGTH(alg) : \ + 0u) /** A sufficient input buffer size for psa_pake_input(). * @@ -1876,15 +2032,21 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * the parameters are incompatible, return 0. */ #define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) \ - (alg == PSA_ALG_JPAKE && \ - primitive == PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, \ - PSA_ECC_FAMILY_SECP_R1, 256) ? \ - ( \ - input_step == PSA_PAKE_STEP_KEY_SHARE ? 65 : \ - input_step == PSA_PAKE_STEP_ZK_PUBLIC ? 65 : \ - 32 \ - ) : \ - 0) + (input_step == PSA_PAKE_STEP_KEY_SHARE ? \ + PSA_PAKE_PRIMITIVE_GET_TYPE(primitive) == PSA_PAKE_PRIMITIVE_TYPE_DH ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_ZK_PUBLIC ? \ + PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_ZK_PROOF ? \ + PSA_BITS_TO_BYTES(PSA_PAKE_PRIMITIVE_GET_BITS(primitive)) : \ + input_step == PSA_PAKE_STEP_CONFIRM ? \ + PSA_ALG_IS_SPAKE2P_CMAC(alg) ? \ + PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC) : \ + PSA_HASH_LENGTH(alg) : \ + input_step == PSA_PAKE_STEP_SALT ? \ + 64u : \ + 0u) /** Output buffer size for psa_pake_output() for any of the supported PAKE * algorithm and primitive suites and output step. @@ -1896,7 +2058,11 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p primitive, \p output_step). */ -#define PSA_PAKE_OUTPUT_MAX_SIZE 65 +#ifdef PSA_WANT_ALG_SRP_6 +#define PSA_PAKE_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#else +#define PSA_PAKE_OUTPUT_MAX_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif /** Input buffer size for psa_pake_input() for any of the supported PAKE * algorithm and primitive suites and input step. @@ -1908,7 +2074,11 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p primitive, \p output_step). */ -#define PSA_PAKE_INPUT_MAX_SIZE 65 +#ifdef PSA_WANT_ALG_SRP_6 +#define PSA_PAKE_INPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#else +#define PSA_PAKE_INPUT_MAX_SIZE PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif static inline psa_algorithm_t psa_pake_cs_get_algorithm( const psa_pake_cipher_suite_t *cipher_suite) @@ -1930,45 +2100,27 @@ static inline void psa_pake_cs_set_algorithm( static inline psa_pake_primitive_t psa_pake_cs_get_primitive( const psa_pake_cipher_suite_t *cipher_suite) { - return PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family, - cipher_suite->bits); + return cipher_suite->primitive; } static inline void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive) { - cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24); - cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16)); - cipher_suite->bits = (uint16_t) (0xFFFF & primitive); + cipher_suite->primitive = primitive; } -static inline psa_pake_family_t psa_pake_cs_get_family( - const psa_pake_cipher_suite_t *cipher_suite) +static inline uint32_t psa_pake_cs_get_key_confirmation( + const psa_pake_cipher_suite_t* cipher_suite) { - return cipher_suite->family; + return cipher_suite->key_confirmation; } -static inline uint16_t psa_pake_cs_get_bits( - const psa_pake_cipher_suite_t *cipher_suite) +static inline void psa_pake_cs_set_key_confirmation( + psa_pake_cipher_suite_t* cipher_suite, + uint32_t key_confirmation) { - return cipher_suite->bits; -} - -static inline psa_algorithm_t psa_pake_cs_get_hash( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return cipher_suite->hash; -} - -static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, - psa_algorithm_t hash) -{ - if (!PSA_ALG_IS_HASH(hash)) { - cipher_suite->hash = 0; - } else { - cipher_suite->hash = hash; - } + cipher_suite->key_confirmation = key_confirmation; } diff --git a/ext/oberon/psa/core/include/psa/crypto_sizes.h b/ext/oberon/psa/core/include/psa/crypto_sizes.h index a287c283663f..7021cc286171 100644 --- a/ext/oberon/psa/core/include/psa/crypto_sizes.h +++ b/ext/oberon/psa/core/include/psa/crypto_sizes.h @@ -901,6 +901,34 @@ #define PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(key_bits) \ (PSA_BITS_TO_BYTES(key_bits)) +/* Maximum size of the export encoding of an SPAKE2+ public key. + * + * An SPAKE2+ public key is represented by the secret values w0 and L. + */ +#define PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (3u * PSA_BITS_TO_BYTES(key_bits) + 1u) + +/* Maximum size of the export encoding of an SPAKE2+ key pair. + * + * An SPAKE2+ key pair is represented by the secret values w0 and w1. + */ +#define PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(key_bits) \ + (2u * PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an SRP public key. + * + * An SRP public key is represented by the password verifier. + */ +#define PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(key_bits) \ + (PSA_BITS_TO_BYTES(key_bits)) + +/* Maximum size of the export encoding of an SRP key pair. + * + * An SRP key pair is represented by the password hash. + */ +#define PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(key_bits) \ + (PSA_HASH_MAX_SIZE) + /** Sufficient output buffer size for psa_export_key() or * psa_export_public_key(). * @@ -947,7 +975,11 @@ (key_type) == PSA_KEY_TYPE_RSA_PUBLIC_KEY ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_KEY_PAIR ? PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) : \ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ - PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1) : /*!!OM-PCI-27*/ \ + PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(key_type) ? 2u * PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P_PUBLIC_KEY(key_type) ? 3u * PSA_BITS_TO_BYTES(key_bits) + 1u : \ + PSA_KEY_TYPE_IS_SRP_KEY_PAIR(key_type) ? PSA_HASH_MAX_SIZE : \ + PSA_KEY_TYPE_IS_SRP_PUBLIC_KEY(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1u) : /*!!OM-PCI-27*/ \ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_MONTGOMERY ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ @@ -1001,6 +1033,8 @@ #define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ + PSA_KEY_TYPE_IS_SPAKE2P(key_type) ? 3u * PSA_BITS_TO_BYTES(key_bits) + 1u : \ + PSA_KEY_TYPE_IS_SRP(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_TWISTED_EDWARDS ? PSA_BITS_TO_BYTES(key_bits + 1) : \ PSA_KEY_TYPE_ECC_GET_FAMILY(key_type) == PSA_ECC_FAMILY_MONTGOMERY ? PSA_BITS_TO_BYTES(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ @@ -1037,6 +1071,20 @@ #define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ PSA_KEY_EXPORT_FFDH_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_SPAKE2P_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) && \ + (PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_KEY_PAIR_MAX_SIZE) +#undef PSA_EXPORT_KEY_PAIR_MAX_SIZE +#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \ + PSA_KEY_EXPORT_SRP_KEY_PAIR_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient buffer size for exporting any asymmetric public key. * @@ -1070,6 +1118,20 @@ #define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) #endif +#if defined(PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_SPAKE2P_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#endif +#if defined(PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY) && \ + (PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) > \ + PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) +#undef PSA_EXPORT_PUBLIC_KEY_MAX_SIZE +#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \ + PSA_KEY_EXPORT_SRP_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS) +#endif /** Sufficient output buffer size for psa_raw_key_agreement(). * diff --git a/ext/oberon/psa/core/include/psa/crypto_struct.h b/ext/oberon/psa/core/include/psa/crypto_struct.h index 60a1015eb318..6d6fde68390f 100644 --- a/ext/oberon/psa/core/include/psa/crypto_struct.h +++ b/ext/oberon/psa/core/include/psa/crypto_struct.h @@ -464,31 +464,17 @@ static inline size_t psa_get_key_bits( struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; - psa_pake_primitive_type_t type; - psa_pake_family_t family; - uint16_t bits; - psa_algorithm_t hash; + psa_pake_primitive_t primitive; + uint32_t key_confirmation; }; -#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0, 0, PSA_ALG_NONE} +#define PSA_PAKE_CIPHER_SUITE_INIT {PSA_ALG_NONE, 0, 0} static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) { const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT; return v; } -struct psa_crypto_driver_pake_inputs_s { - uint8_t *MBEDTLS_PRIVATE(password); - size_t MBEDTLS_PRIVATE(password_len); - psa_pake_role_t MBEDTLS_PRIVATE(role); - uint8_t *MBEDTLS_PRIVATE(user); - size_t MBEDTLS_PRIVATE(user_len); - uint8_t *MBEDTLS_PRIVATE(peer); - size_t MBEDTLS_PRIVATE(peer_len); - psa_key_attributes_t MBEDTLS_PRIVATE(attributes); - psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); -}; - struct psa_pake_operation_s { /*!!OM*/ #if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C) mbedtls_psa_client_handle_t handle; @@ -502,22 +488,22 @@ struct psa_pake_operation_s { /*!!OM*/ unsigned int MBEDTLS_PRIVATE(id); psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(passw_set) : 1; unsigned int MBEDTLS_PRIVATE(user_set) : 1; unsigned int MBEDTLS_PRIVATE(peer_set) : 1; unsigned int MBEDTLS_PRIVATE(role_set) : 1; + unsigned int MBEDTLS_PRIVATE(context_set) : 1; unsigned int MBEDTLS_PRIVATE(is_second) : 1; unsigned int MBEDTLS_PRIVATE(started) : 1; unsigned int MBEDTLS_PRIVATE(done) : 1; unsigned int MBEDTLS_PRIVATE(sequence); - psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); + uint32_t secret_size; psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); #endif }; /* This only zeroes out the first byte in the union, the rest is unspecified. */ -#define PSA_PAKE_OPERATION_INIT {} +#define PSA_PAKE_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } } static inline struct psa_pake_operation_s psa_pake_operation_init(void) { const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT; @@ -547,7 +533,7 @@ struct psa_sign_hash_interruptible_operation_s { #endif }; -#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT {} +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0, 0, 0 } static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) diff --git a/ext/oberon/psa/core/include/psa/crypto_types.h b/ext/oberon/psa/core/include/psa/crypto_types.h index 250322752046..c39c2aa230c2 100644 --- a/ext/oberon/psa/core/include/psa/crypto_types.h +++ b/ext/oberon/psa/core/include/psa/crypto_types.h @@ -509,8 +509,4 @@ typedef uint8_t psa_pake_role_t; */ typedef uint8_t psa_pake_step_t; -/** The type of input values for PAKE operations. */ -typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; - - #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/ext/oberon/psa/core/include/psa/crypto_values.h b/ext/oberon/psa/core/include/psa/crypto_values.h index be3b894fbce7..ce7d4c48ec68 100644 --- a/ext/oberon/psa/core/include/psa/crypto_values.h +++ b/ext/oberon/psa/core/include/psa/crypto_values.h @@ -743,7 +743,7 @@ * 1536, 2048, 3072, 4096, 6144, 8192. A given implementation may support * all of these sizes or only a subset. */ -#define PSA_DH_FAMILY_RFC3526 ((psa_dh_family_t) 0x04) /*!!OM*/ +#define PSA_DH_FAMILY_RFC3526 ((psa_dh_family_t) 0x05) /*!!OM*/ #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \ (((type) >> 8) & 7) @@ -2221,6 +2221,35 @@ */ #define PSA_ALG_SP800_108_COUNTER_CMAC ((psa_algorithm_t) 0x08000800) +#define PSA_ALG_SRP_PASSWORD_HASH_BASE ((psa_algorithm_t) 0x08800300) + /** The SRP password to password-hash KDF. + * It takes the password p, the salt s, and the user id u. + * It calculates the password hash h as + * h = H(salt || H(u || ":" || p)) + * where H is the given hash algorithm. + * + * This key derivation algorithm uses the following inputs, which must be + * provided in the following order: + * - #PSA_KEY_DERIVATION_INPUT_INFO is the user id. + * - #PSA_KEY_DERIVATION_INPUT_PASSWORD is the password. + * - #PSA_KEY_DERIVATION_INPUT_SALT is the salt. + * The output has to be read as a key of type PSA_KEY_TYPE_SRP_KEY_PAIR. + */ +#define PSA_ALG_SRP_PASSWORD_HASH(hash_alg) \ + (PSA_ALG_SRP_PASSWORD_HASH_BASE | ((hash_alg) & PSA_ALG_HASH_MASK)) + + /** Whether the specified algorithm is a key derivation algorithm constructed + * using #PSA_ALG_SRP_PASSWORD_HASH(\p hash_alg). + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a key derivation algorithm constructed using #PSA_ALG_SRP_PASSWORD_HASH(), + * 0 otherwise. This macro may return either 0 or 1 if \c alg is not a supported + * key derivation algorithm identifier. + */ +#define PSA_ALG_IS_SRP_PASSWORD_HASH(alg) \ + (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_SRP_PASSWORD_HASH_BASE) + #define PSA_ALG_KEY_DERIVATION_MASK ((psa_algorithm_t) 0xfe00ffff) #define PSA_ALG_KEY_AGREEMENT_MASK ((psa_algorithm_t) 0xffff0000) diff --git a/ext/oberon/psa/core/library/psa_crypto.c b/ext/oberon/psa/core/library/psa_crypto.c index 4b74ae5e59fd..7f0f6ae9eb5c 100644 --- a/ext/oberon/psa/core/library/psa_crypto.c +++ b/ext/oberon/psa/core/library/psa_crypto.c @@ -821,9 +821,11 @@ psa_status_t psa_export_key_internal( { psa_key_type_t type = attributes->core.type; - if (key_type_is_raw_bytes(type) || - PSA_KEY_TYPE_IS_RSA(type) || - PSA_KEY_TYPE_IS_ECC(type)) { + if (key_type_is_raw_bytes(type) || + PSA_KEY_TYPE_IS_RSA(type) || + PSA_KEY_TYPE_IS_ECC(type) || + PSA_KEY_TYPE_IS_SPAKE2P(type) || + PSA_KEY_TYPE_IS_SRP(type)) { return psa_export_key_buffer_internal( key_buffer, key_buffer_size, data, data_size, data_length); @@ -892,7 +894,8 @@ psa_status_t psa_export_public_key_internal( if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) && (PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) || - PSA_KEY_TYPE_IS_DH(type))) { + PSA_KEY_TYPE_IS_DH(type) || PSA_KEY_TYPE_IS_SPAKE2P(type) || + PSA_KEY_TYPE_IS_SRP(type))) { /* Exporting public -> public */ return psa_export_key_buffer_internal( key_buffer, key_buffer_size, @@ -3691,6 +3694,31 @@ static psa_status_t psa_key_derivation_check_state( } else #endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */ +#ifdef PSA_WANT_ALG_SRP_PASSWORD_HASH + if (PSA_ALG_IS_SRP_PASSWORD_HASH(alg)) { + switch (step) { + case PSA_KEY_DERIVATION_INPUT_INFO: + if (operation->info_set) return PSA_ERROR_BAD_STATE; + operation->info_set = 1; + break; + case PSA_KEY_DERIVATION_INPUT_PASSWORD: + if (!operation->info_set || operation->passw_set) return PSA_ERROR_BAD_STATE; + operation->passw_set = 1; + break; + case PSA_KEY_DERIVATION_INPUT_SALT: + if (!operation->passw_set || operation->salt_set) return PSA_ERROR_BAD_STATE; + operation->salt_set = 1; + break; + case PSA_KEY_DERIVATION_OUTPUT: + if (!operation->salt_set) return PSA_ERROR_BAD_STATE; + operation->no_input = 1; + break; + default: + return PSA_ERROR_INVALID_ARGUMENT; + } + } else +#endif /* PSA_WANT_ALG_SRP_PASSWORD_HASH */ + #if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) || defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC) #if defined(PSA_WANT_ALG_SP800_108_COUNTER_HMAC) && defined(PSA_WANT_ALG_SP800_108_COUNTER_CMAC) if (PSA_ALG_IS_SP800_108_COUNTER_HMAC(alg) || alg == PSA_ALG_SP800_108_COUNTER_CMAC) { @@ -3783,25 +3811,35 @@ static psa_status_t psa_generate_derived_key_internal( size_t storage_size = bytes; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes; - psa_ecc_family_t curve = 0; + psa_key_type_t type = slot->attr.type; int calculate_key = 0; - if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) { + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { return PSA_ERROR_INVALID_ARGUMENT; } - if (key_type_is_raw_bytes(slot->attr.type)) { + if (key_type_is_raw_bytes(type)) { if (bits % 8 != 0) return PSA_ERROR_INVALID_ARGUMENT; #ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - } else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(slot->attr.type)) { - curve = PSA_KEY_TYPE_ECC_GET_FAMILY(slot->attr.type); - if (PSA_ECC_FAMILY_IS_WEIERSTRASS(curve)) { - /* Weierstrass elliptic curve */ - calculate_key = 1; + } else if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS)) { + bytes = PSA_BITS_TO_BYTES(bits + 1); // ED needs an extra bit } + calculate_key = 1; #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ +#ifdef PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE + } else if (PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type)) { + storage_size = bytes * 2u; // w0 : w1 + bytes = storage_size + 16u; // w0s : w1s + calculate_key = 1; +#endif /* PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE */ +#ifdef PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE + } else if (PSA_KEY_TYPE_IS_SRP_KEY_PAIR(type)) { + if (!PSA_ALG_IS_SRP_PASSWORD_HASH(operation->alg)) return PSA_ERROR_INVALID_ARGUMENT; + storage_size = bytes = PSA_HASH_LENGTH(operation->alg); +#endif /* PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE */ } else { - (void)curve; + (void)calculate_key; return PSA_ERROR_NOT_SUPPORTED; } @@ -3830,45 +3868,26 @@ static psa_status_t psa_generate_derived_key_internal( status = psa_key_derivation_output_bytes_internal(operation, data, bytes); if (status != PSA_SUCCESS) goto exit; -#ifdef PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || defined(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) if (calculate_key) { - uint32_t c; - size_t i; - - // mask data & avoid invalid argument error inside import_key() - switch (bits) { - case 192: - case 224: - case 256: - case 384: break; - case 521: data[0] &= 0x01; break; // truncate to 521 bits - default: - { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } + status = psa_driver_wrapper_derive_key( + &attributes, + data, bytes, + slot->key.data, slot->key.bytes, &slot->key.bytes); + + } else +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE || PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE */ + { + status = psa_driver_wrapper_import_key( + &attributes, + data, bytes, + slot->key.data, slot->key.bytes, &slot->key.bytes, + &bits); + if (bits != slot->attr.bits) { + status = PSA_ERROR_INVALID_ARGUMENT; } - - // increment data (to be compatible with PSA API spec) - c = 1; i = bytes; - do { - c += data[--i]; - data[i] = (uint8_t)c; - c >>= 8; - } while (i > 0); } -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ - - status = psa_driver_wrapper_import_key( - &attributes, - data, bytes, - slot->key.data, slot->key.bytes, &slot->key.bytes, - &bits); - } while (status == PSA_ERROR_INVALID_ARGUMENT && calculate_key); - - if (bits != slot->attr.bits) { - status = PSA_ERROR_INVALID_ARGUMENT; - } + } while (status == PSA_ERROR_INSUFFICIENT_DATA); exit: mbedtls_zeroize_and_free(data, bytes); @@ -4019,7 +4038,7 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation, operation->alg = alg; if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) { operation->capacity = 255 * PSA_HASH_LENGTH(kdf_alg); - } else if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) { + } else if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) || PSA_ALG_IS_SRP_PASSWORD_HASH(kdf_alg)) { operation->capacity = PSA_HASH_LENGTH(kdf_alg); } else if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) { operation->capacity = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE; @@ -4342,24 +4361,98 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, /****************************************************************/ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password_key, const psa_pake_cipher_suite_t *cipher_suite) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_algorithm_t alg = psa_pake_cs_get_algorithm(cipher_suite); + psa_pake_primitive_t primitive = psa_pake_cs_get_primitive(cipher_suite); + psa_pake_primitive_t ptype = PSA_PAKE_PRIMITIVE_GET_TYPE(primitive); + psa_ecc_family_t family = PSA_PAKE_PRIMITIVE_GET_FAMILY(primitive); + size_t bits = PSA_PAKE_PRIMITIVE_GET_BITS(primitive); + psa_key_attributes_t attributes; + psa_key_slot_t *slot = NULL; + psa_key_type_t ktype; + if (operation->alg) { return PSA_ERROR_BAD_STATE; } - if (!PSA_ALG_IS_PAKE(cipher_suite->algorithm) || - !PSA_ALG_IS_HASH(cipher_suite->hash) || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH)) { + if (!PSA_ALG_IS_PAKE(alg) || + (ptype != PSA_PAKE_PRIMITIVE_TYPE_ECC && ptype != PSA_PAKE_PRIMITIVE_TYPE_DH)) { return PSA_ERROR_INVALID_ARGUMENT; } - operation->alg = cipher_suite->algorithm; + status = psa_get_and_lock_key_slot_with_policy( + password_key, &slot, PSA_KEY_USAGE_DERIVE, alg); + if (status != PSA_SUCCESS) goto exit; + ktype = slot->attr.type; + + if (PSA_ALG_IS_JPAKE(alg)) { + if ((ktype != PSA_KEY_TYPE_PASSWORD && ktype != PSA_KEY_TYPE_PASSWORD_HASH) || + psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_UNCONFIRMED_KEY) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + if (ptype == PSA_PAKE_PRIMITIVE_TYPE_ECC) { + operation->secret_size = PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(bits); + } else if (ptype == PSA_PAKE_PRIMITIVE_TYPE_DH) { + operation->secret_size = PSA_BITS_TO_BYTES(bits); + } else { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else { + if (PSA_ALG_IS_SPAKE2P(alg)) { + if (!PSA_KEY_TYPE_IS_SPAKE2P(ktype) || ptype != PSA_PAKE_PRIMITIVE_TYPE_ECC || + family != PSA_KEY_TYPE_SPAKE2P_GET_FAMILY(ktype)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else if (PSA_ALG_IS_SRP_6(alg)) { + if (!PSA_KEY_TYPE_IS_SRP(ktype) || ptype != PSA_PAKE_PRIMITIVE_TYPE_DH || + family != PSA_KEY_TYPE_SRP_GET_FAMILY(ktype)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; + } + if (psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_CONFIRMED_KEY || + bits != slot->attr.bits) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + operation->secret_size = PSA_HASH_LENGTH(alg); + if (alg == PSA_ALG_SPAKE2P_MATTER) operation->secret_size >>= 1; + } + + attributes = (psa_key_attributes_t) { + .core = slot->attr + }; + + status = psa_driver_wrapper_pake_setup( + operation, &attributes, + slot->key.data, slot->key.bytes, + cipher_suite); + + operation->alg = alg; + operation->started = 0; operation->sequence = 0; - operation->inputs.cipher_suite = *cipher_suite; - return PSA_SUCCESS; +exit: + unlock_status = psa_unlock_key_slot(slot); + + if (status == PSA_SUCCESS) { + status = unlock_status; + } else { + psa_pake_abort(operation); + } + + return status; } psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, @@ -4372,24 +4465,25 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, goto exit; } - switch (operation->alg) { #ifdef PSA_WANT_ALG_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { if (role > PSA_PAKE_ROLE_SECOND) return PSA_ERROR_INVALID_ARGUMENT; - break; + } else #endif -#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6) - case PSA_ALG_SPAKE2P: - case PSA_ALG_SRP_6: +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || \ + defined(PSA_WANT_ALG_SPAKE2P_MATTER) || defined(PSA_WANT_ALG_SRP_6) + if (PSA_ALG_IS_SPAKE2P(operation->alg) || PSA_ALG_IS_SRP_6(operation->alg)) { if (role == PSA_PAKE_ROLE_SERVER) operation->is_second = 1; else if (role != PSA_PAKE_ROLE_CLIENT) return PSA_ERROR_INVALID_ARGUMENT; - break; + } else #endif - default: + { return PSA_ERROR_INVALID_ARGUMENT; } - operation->inputs.role = role; + status = psa_driver_wrapper_pake_set_role(operation, role); + if (status != PSA_SUCCESS) goto exit; + operation->role_set = 1; return PSA_SUCCESS; @@ -4409,39 +4503,45 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, goto exit; } -#ifdef PSA_WANT_ALG_SPAKE2P - if (operation->alg == PSA_ALG_SPAKE2P) { - if (user_id == NULL && user_id_len != 0) { +#ifdef PSA_WANT_ALG_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (user_id == NULL || user_id_len == 0) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } } else #endif - { - if (user_id == NULL || user_id_len == 0) { +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (!operation->role_set) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + if (user_id == NULL && user_id_len != 0) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - } - -#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6) - if (operation->alg == PSA_ALG_SPAKE2P || operation->alg == PSA_ALG_SRP_6) { + } else +#endif +#ifdef PSA_WANT_ALG_SRP_6 + if (PSA_ALG_IS_SRP_6(operation->alg)) { if (!operation->role_set) { status = PSA_ERROR_BAD_STATE; goto exit; } - } + if (user_id == NULL || user_id_len == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else #endif + { + return PSA_ERROR_INVALID_ARGUMENT; + } + + status = psa_driver_wrapper_pake_set_user(operation, user_id, user_id_len); + if (status != PSA_SUCCESS) goto exit; - if(user_id_len != 0) { - operation->inputs.user = mbedtls_calloc(1, user_id_len); - if (operation->inputs.user == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto exit; - } - memcpy(operation->inputs.user, user_id, user_id_len); - } - operation->inputs.user_len = user_id_len; operation->user_set = 1; return PSA_SUCCESS; @@ -4461,40 +4561,38 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, goto exit; } -#ifdef PSA_WANT_ALG_SPAKE2P - if (operation->alg == PSA_ALG_SPAKE2P) { - if (peer_id == NULL && peer_id_len != 0) { - status = PSA_ERROR_INVALID_ARGUMENT; +#ifdef PSA_WANT_ALG_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (!operation->user_set) { + status = PSA_ERROR_BAD_STATE; goto exit; } - } else -#endif - { if (peer_id == NULL || peer_id_len == 0) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } - } - -#if defined(PSA_WANT_ALG_SPAKE2P) || defined(PSA_WANT_ALG_SRP_6) - if (operation->alg == PSA_ALG_SPAKE2P || operation->alg == PSA_ALG_SRP_6) { + } else +#endif +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { if (!operation->role_set) { status = PSA_ERROR_BAD_STATE; goto exit; } - } + if (peer_id == NULL && peer_id_len != 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else #endif + { + status = PSA_ERROR_BAD_STATE; + goto exit; + } - if(peer_id_len != 0) { - operation->inputs.peer = mbedtls_calloc(1, peer_id_len); - if (operation->inputs.peer == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto exit; - } - memcpy(operation->inputs.peer, peer_id, peer_id_len); - } + status = psa_driver_wrapper_pake_set_peer(operation, peer_id, peer_id_len); + if (status != PSA_SUCCESS) goto exit; - operation->inputs.peer_len = peer_id_len; operation->peer_set = 1; return PSA_SUCCESS; @@ -4503,64 +4601,42 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, return status; } -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password) +psa_status_t psa_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, + size_t context_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot = NULL; - psa_key_attributes_t attributes; - psa_key_type_t type; - if (operation->alg == 0 || operation->passw_set || operation->started) { + if (operation->alg == 0 || operation->context_set || !operation->role_set || operation->started) { status = PSA_ERROR_BAD_STATE; goto exit; } -#ifdef PSA_WANT_ALG_SPAKE2P - if (operation->alg == PSA_ALG_SPAKE2P && - (!operation->role_set || !operation->user_set || !operation->peer_set)) { +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (context == NULL && context_len != 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + } else +#endif + { status = PSA_ERROR_BAD_STATE; goto exit; } -#endif - status = psa_get_and_lock_key_slot_with_policy( - password, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); + status = psa_driver_wrapper_pake_set_context(operation, context, context_len); if (status != PSA_SUCCESS) goto exit; - attributes = (psa_key_attributes_t) { - .core = slot->attr - }; - - type = psa_get_key_type( &attributes ); - if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - operation->inputs.password = mbedtls_calloc(1, slot->key.bytes); - if (operation->inputs.password == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto exit; - } - memcpy(operation->inputs.password, slot->key.data, slot->key.bytes); - operation->inputs.password_len = slot->key.bytes; - operation->inputs.attributes = attributes; - operation->passw_set = 1; + operation->context_set = 1; + return PSA_SUCCESS; exit: - unlock_status = psa_unlock_key_slot( slot ); - - if (status == PSA_SUCCESS) { - status = unlock_status; - } else { - psa_pake_abort( operation ); - } - + psa_pake_abort(operation); return status; } + #ifdef PSA_WANT_ALG_JPAKE /* JPAKE sequence numbers: * first second @@ -4570,14 +4646,13 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * 9-11: input SHARE,PUBLIC,PROOF output SHARE,PUBLIC,PROOF * 12-14: output SHARE,PUBLIC,PROOF input SHARE,PUBLIC,PROOF * 15-17: input SHARE,PUBLIC,PROOF output SHARE,PUBLIC,PROOF - * 18: get_implicit_key get_implicit_key */ static psa_status_t psa_check_jpake_sequence(psa_pake_operation_t *operation, psa_pake_step_t step, unsigned int first) { - if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { // ??? + if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -4614,36 +4689,35 @@ static psa_status_t psa_check_jpake_sequence(psa_pake_operation_t *operation, } #endif -#ifdef PSA_WANT_ALG_SPAKE2P +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) /* SPAKE2+ sequence numbers: * prover (client) verifier (server) * 0: output shareP input shareP * 1: input shareV output shareV * 2: input confirmV output confirmV * 3: output confirmP input confirmP - * 4: get_implicit_key get_implicit_key */ static psa_status_t psa_check_spake2p_sequence(psa_pake_operation_t *operation, psa_pake_step_t step, unsigned int first) { + if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_CONFIRM) { + return PSA_ERROR_INVALID_ARGUMENT; + } + switch (operation->sequence) { case 0: // shareP - if (!first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_INVALID_ARGUMENT; + if (!first || step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_BAD_STATE; break; case 1: // shareV - if (first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_INVALID_ARGUMENT; + if (first || step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_BAD_STATE; break; case 2: // confirmV - if (first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; + if (first || step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_BAD_STATE; break; case 3: // confirmP - if (!first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; + if (!first || step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_BAD_STATE; operation->done = 1; break; default: @@ -4656,66 +4730,49 @@ static psa_status_t psa_check_spake2p_sequence(psa_pake_operation_t *operation, #ifdef PSA_WANT_ALG_SRP_6 /* SRP sequence numbers: + * (salt and share can be used in any order) * client server - * 012: input salt input salt - * 012: output client key input client key - * 012: input server key output server key - * 3: output proof1 input proof1 - * 4: input proof2 output proof2 - * 5: get_implicit_key get_implicit_key + * ~1: input salt input salt + * ~2: output client share input client share + * ~4: input server share output server share + * 7: output proof1 input proof1 + * 15: input proof2 output proof2 */ static psa_status_t psa_check_srp_sequence(psa_pake_operation_t *operation, psa_pake_step_t step, unsigned int first) { - switch (operation->sequence) { - case 0: - case 1: - case 2: // salt or key - if (step != PSA_PAKE_STEP_SALT && step != PSA_PAKE_STEP_KEY_SHARE) return PSA_ERROR_INVALID_ARGUMENT; + switch (step) { + case PSA_PAKE_STEP_SALT: + if (operation->sequence & 1) return PSA_ERROR_BAD_STATE; break; - case 3: // proof1 - if (!first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; + case PSA_PAKE_STEP_KEY_SHARE: + if (first) { + if (operation->sequence & 2) return PSA_ERROR_BAD_STATE; + operation->sequence += 1; + } else { + if (operation->sequence & 4) return PSA_ERROR_BAD_STATE; + operation->sequence += 3; + } break; - case 4: // proof2 - if (first) return PSA_ERROR_BAD_STATE; - if (step != PSA_PAKE_STEP_CONFIRM) return PSA_ERROR_INVALID_ARGUMENT; - operation->done = 1; + case PSA_PAKE_STEP_CONFIRM: + if (first) { + if (operation->sequence != 7) return PSA_ERROR_BAD_STATE; + operation->sequence += 7; + } else { + if (operation->sequence != 15) return PSA_ERROR_BAD_STATE; + operation->done = 1; + } break; default: - return PSA_ERROR_BAD_STATE; + return PSA_ERROR_INVALID_ARGUMENT; } return PSA_SUCCESS; } #endif -psa_status_t psa_pake_start_input_output(psa_pake_operation_t *operation) -{ - psa_status_t status; - psa_crypto_driver_pake_inputs_t *inputs = &operation->inputs; - - status = psa_driver_wrapper_pake_setup( - operation, - &inputs->cipher_suite, - &inputs->attributes, - inputs->password, inputs->password_len, - inputs->user, inputs->user_len, - inputs->peer, inputs->peer_len, - inputs->role); - mbedtls_zeroize_and_free(inputs->password, inputs->password_len); - mbedtls_free(inputs->user); - mbedtls_free(inputs->peer); - if (status != PSA_SUCCESS) { - psa_pake_abort(operation); - return status; - } - operation->started = 1; - return PSA_SUCCESS; -} - psa_status_t psa_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, @@ -4724,42 +4781,38 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == 0 || !operation->passw_set) { + if (operation->alg == 0) { return PSA_ERROR_BAD_STATE; } - switch (operation->alg) { - case PSA_ALG_JPAKE: #ifdef PSA_WANT_ALG_JPAKE - if (!operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (!operation->peer_set) return PSA_ERROR_BAD_STATE; if (operation->sequence == 0 || operation->sequence == 12) operation->is_second = 0; status = psa_check_jpake_sequence(operation, step, 1 - operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif -#ifdef PSA_WANT_ALG_SPAKE2P - case PSA_ALG_SPAKE2P: - if (!operation->role_set || !operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (!operation->role_set) return PSA_ERROR_BAD_STATE; status = psa_check_spake2p_sequence(operation, step, 1 - operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif #ifdef PSA_WANT_ALG_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { if (!operation->role_set || !operation->user_set) return PSA_ERROR_BAD_STATE; if (step == PSA_PAKE_STEP_SALT) return PSA_ERROR_INVALID_ARGUMENT; status = psa_check_srp_sequence(operation, step, 1 - operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif - default: + { return PSA_ERROR_NOT_SUPPORTED; } - if (operation->started == 0) { - status = psa_pake_start_input_output(operation); - if (status) return status; - } + operation->started = 1; operation->sequence++; status = psa_driver_wrapper_pake_output( @@ -4780,55 +4833,40 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == 0 || !operation->passw_set) { + if (operation->alg == 0) { return PSA_ERROR_BAD_STATE; } if (input == NULL || input_length == 0) return PSA_ERROR_INVALID_ARGUMENT; - switch (operation->alg) { #ifdef PSA_WANT_ALG_JPAKE - case PSA_ALG_JPAKE: - if (!operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; + if (PSA_ALG_IS_JPAKE(operation->alg)) { + if (!operation->peer_set) return PSA_ERROR_BAD_STATE; if (operation->sequence == 0 || operation->sequence == 12) operation->is_second = 1; status = psa_check_jpake_sequence(operation, step, operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif -#ifdef PSA_WANT_ALG_SPAKE2P - case PSA_ALG_SPAKE2P: - if (!operation->role_set || !operation->user_set || !operation->peer_set) return PSA_ERROR_BAD_STATE; - if (step == PSA_PAKE_STEP_CONTEXT) { - if (operation->sequence != 0 || operation->started) return PSA_ERROR_BAD_STATE; - } else { - status = psa_check_spake2p_sequence(operation, step, operation->is_second); - if (status != PSA_SUCCESS) return status; - } - break; +#if defined(PSA_WANT_ALG_SPAKE2P_HMAC) || defined(PSA_WANT_ALG_SPAKE2P_CMAC) || defined(PSA_WANT_ALG_SPAKE2P_MATTER) + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + if (!operation->role_set) return PSA_ERROR_BAD_STATE; + status = psa_check_spake2p_sequence(operation, step, operation->is_second); + if (status != PSA_SUCCESS) return status; + } else #endif #ifdef PSA_WANT_ALG_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { if (!operation->role_set || !operation->user_set) return PSA_ERROR_BAD_STATE; status = psa_check_srp_sequence(operation, step, operation->is_second); if (status != PSA_SUCCESS) return status; - break; + } else #endif - default: + { return PSA_ERROR_NOT_SUPPORTED; } - if (operation->started == 0) { - status = psa_pake_start_input_output(operation); - if (status) return status; - } - -#ifdef PSA_WANT_ALG_SPAKE2P - if (step != PSA_PAKE_STEP_CONTEXT) { -#endif - operation->sequence++; -#ifdef PSA_WANT_ALG_SPAKE2P - } -#endif + operation->started = 1; + operation->sequence++; status = psa_driver_wrapper_pake_input( operation, step, @@ -4841,38 +4879,61 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, return status; } -psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output) +psa_status_t psa_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + mbedtls_svc_key_id_t *key) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#if defined(PSA_WANT_ALG_JPAKE) && PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE > PSA_HASH_MAX_SIZE - uint8_t data[PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE]; -#else - uint8_t data[PSA_HASH_MAX_SIZE]; -#endif - size_t data_length = 0; + psa_key_slot_t *slot = NULL; + psa_se_drv_table_entry_t *driver = NULL; + psa_key_type_t type; + size_t storage_size; if (operation->alg == 0 || operation->done == 0) { return PSA_ERROR_BAD_STATE; } - status = psa_driver_wrapper_pake_get_implicit_key( - operation, - data, sizeof data, &data_length); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(output); - goto exit; + if (psa_get_key_bits(attributes) != 0) { + return PSA_ERROR_INVALID_ARGUMENT; } - // forward common secret to key derivation function - output->can_output_key = 1; - status = psa_key_derivation_input_internal( - output, - PSA_KEY_DERIVATION_INPUT_SECRET, - PSA_KEY_TYPE_DERIVE, - data, data_length); + type = psa_get_key_type(attributes); + if (type != PSA_KEY_TYPE_DERIVE && type != PSA_KEY_TYPE_HMAC) { + if (PSA_ALG_IS_SPAKE2P(operation->alg) || PSA_ALG_IS_SRP_6(operation->alg)) { + // the SPAKE2+ and SRP secret can be used directly for symmetric crypto + if ((type & PSA_KEY_TYPE_CATEGORY_MASK) != PSA_KEY_TYPE_CATEGORY_SYMMETRIC) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + } + + status = psa_start_key_creation( + PSA_KEY_CREATION_DERIVE, attributes, &slot, &driver); + if (status != PSA_SUCCESS) goto exit; + + storage_size = operation->secret_size; + if (psa_key_lifetime_is_external(attributes->core.lifetime)) { + status = psa_driver_wrapper_get_key_buffer_size(attributes, &storage_size); + if (status != PSA_SUCCESS) goto exit; + } + status = psa_allocate_buffer_to_slot(slot, storage_size); + if (status != PSA_SUCCESS) goto exit; + + status = psa_driver_wrapper_pake_get_shared_key( + operation, attributes, + slot->key.data, slot->key.bytes, &slot->key.bytes); + if (status == PSA_SUCCESS) { + status = psa_finish_key_creation(slot, driver, key); + } exit: + if (status != PSA_SUCCESS) { + psa_fail_key_creation(slot, driver); + *key = MBEDTLS_SVC_KEY_ID_INIT; + } + psa_pake_abort(operation); return status; } diff --git a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h index c8346d6643bf..12bf0fc5bf19 100644 --- a/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h +++ b/ext/oberon/psa/core/library/psa_crypto_driver_wrappers.h @@ -147,6 +147,12 @@ psa_status_t psa_driver_wrapper_copy_key( const uint8_t *source_key, size_t source_key_length, uint8_t *target_key_buffer, size_t target_key_buffer_size, size_t *target_key_buffer_length); + +psa_status_t psa_driver_wrapper_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); + /* * Cipher functions */ @@ -441,13 +447,26 @@ psa_status_t psa_driver_wrapper_key_derivation_abort( */ psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t psa_driver_wrapper_pake_set_role( + psa_pake_operation_t *operation, psa_pake_role_t role); +psa_status_t psa_driver_wrapper_pake_set_user( + psa_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_length); + +psa_status_t psa_driver_wrapper_pake_set_peer( + psa_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_length); + +psa_status_t psa_driver_wrapper_pake_set_context( + psa_pake_operation_t *operation, + const uint8_t *context, size_t context_length); + psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -461,10 +480,10 @@ psa_status_t psa_driver_wrapper_pake_input( const uint8_t *input, size_t input_length); -psa_status_t psa_driver_wrapper_pake_get_implicit_key( +psa_status_t psa_driver_wrapper_pake_get_shared_key( psa_pake_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length); + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length); psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t *operation); diff --git a/ext/oberon/psa/drivers/oberon_ec_keys.c b/ext/oberon/psa/drivers/oberon_ec_keys.c index 057a809672fc..b225b467dc66 100644 --- a/ext/oberon/psa/drivers/oberon_ec_keys.c +++ b/ext/oberon/psa/drivers/oberon_ec_keys.c @@ -162,30 +162,36 @@ psa_status_t oberon_export_ec_public_key( } #if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY) || \ - defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) || \ + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY) static void oberon_set_forced_bits(uint8_t *key, size_t bits) { switch (bits) { #if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) || \ - defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255) + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255) || \ + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255) case 255: key[0] = (uint8_t)(key[0] & 0xF8); key[31] = (uint8_t)((key[31] & 0x7F) | 0x40); break; #endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 || - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 */ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 || + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 */ #if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) || \ - defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448) + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448) || \ + defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448) case 448: key[0] = (uint8_t)(key[0] & 0xFC); key[55] = (uint8_t)(key[55] | 0x80); break; #endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 || - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 */ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 || + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 */ } } #endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY || - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY */ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY || + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY */ psa_status_t oberon_import_ec_key( const psa_key_attributes_t *attributes, @@ -387,7 +393,7 @@ psa_status_t oberon_generate_ec_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length) { - int res = 0; + int res; psa_status_t status; size_t bits = psa_get_key_bits(attributes); psa_key_type_t type = psa_get_key_type(attributes); @@ -476,3 +482,101 @@ psa_status_t oberon_generate_ec_key( *key_length = length; return PSA_SUCCESS; } + +psa_status_t oberon_derive_ec_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length) +{ + int res; + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP + uint32_t c; + size_t i; +#endif + + if (key_size < input_length) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(key, input, input_length); + *key_length = input_length; + + // check and preprocess key data + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP + case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + + // increment key data + c = 1; i = input_length; + do { + c += key[--i]; + key[i] = (uint8_t)c; + c >>= 8; + } while (i > 0); + + switch (bits) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 + case 224: + res = ocrypto_ecdh_p224_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 + case 256: + res = ocrypto_ecdh_p256_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 + case 384: + res = ocrypto_ecdh_p384_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + case 521: + key[0] &= 0x01; // truncate to 521 bits + res = ocrypto_ecdh_p521_secret_key_check(key); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 */ + default: + return PSA_ERROR_INVALID_ARGUMENT; + } + // repeat if input out of range + if (res || !oberon_ct_compare_zero(key, input_length)) return PSA_ERROR_INSUFFICIENT_DATA; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY + case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY): + switch (bits) { +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255) + case 255: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 */ +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448) + case 448: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 */ + default: return PSA_ERROR_INVALID_ARGUMENT; + } + oberon_set_forced_bits(key, bits); + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS + case PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_TWISTED_EDWARDS): + switch (bits) { +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255) + case 255: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 */ +#if defined(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448) + case 448: break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 */ + default: return PSA_ERROR_INVALID_ARGUMENT; + } + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS */ + + default: + (void)res; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} diff --git a/ext/oberon/psa/drivers/oberon_ec_keys.h b/ext/oberon/psa/drivers/oberon_ec_keys.h index 65fb2c23bdc0..046930897c11 100644 --- a/ext/oberon/psa/drivers/oberon_ec_keys.h +++ b/ext/oberon/psa/drivers/oberon_ec_keys.h @@ -34,6 +34,11 @@ psa_status_t oberon_generate_ec_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); +psa_status_t oberon_derive_ec_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length); + #ifdef __cplusplus } diff --git a/ext/oberon/psa/drivers/oberon_jpake.c b/ext/oberon/psa/drivers/oberon_jpake.c index edcd7e79efc1..84ec46f333d0 100644 --- a/ext/oberon/psa/drivers/oberon_jpake.c +++ b/ext/oberon/psa/drivers/oberon_jpake.c @@ -12,6 +12,7 @@ #include "psa/crypto.h" #include "oberon_jpake.h" +#include "oberon_helpers.h" #include "psa_crypto_driver_wrappers.h" #include "ocrypto_ecjpake_p256.h" @@ -186,7 +187,7 @@ static psa_status_t oberon_read_zk_proof( uint8_t h[PSA_HASH_MAX_SIZE]; size_t h_len; - if (input_length > sizeof op->r) return PSA_ERROR_INVALID_ARGUMENT; + if (input_length > sizeof op->r) return PSA_ERROR_INVALID_SIGNATURE; if (input_length < sizeof op->r) { memset(rp, 0, sizeof op->r - input_length); rp += sizeof op->r - input_length; @@ -210,41 +211,57 @@ static psa_status_t oberon_read_zk_proof( psa_status_t oberon_jpake_setup( oberon_jpake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - (void)role; - if (cipher_suite->algorithm != PSA_ALG_JPAKE || - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite->bits != 256 || - cipher_suite->hash != PSA_ALG_SHA_256) { + (void)attributes; + + if (psa_pake_cs_get_primitive(cipher_suite) != + PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256)) { return PSA_ERROR_NOT_SUPPORTED; } - operation->hash_alg = cipher_suite->hash; + operation->hash_alg = PSA_ALG_GET_HASH(psa_pake_cs_get_algorithm(cipher_suite)); + if (operation->hash_alg != PSA_ALG_SHA_256) return PSA_ERROR_NOT_SUPPORTED; + operation->rd_idx = 0; operation->wr_idx = 0; - if (user_id_length == peer_id_length) { - if (memcmp(user_id, peer_id, user_id_length) == 0) { + // store reduced password + ocrypto_ecjpake_read_shared_secret(operation->secret, password, password_length); + + if (oberon_ct_compare_zero(operation->secret, sizeof operation->secret) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + return PSA_SUCCESS; +} + +psa_status_t oberon_jpake_set_user( + oberon_jpake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ + if (user_id_len > sizeof operation->user_id) return PSA_ERROR_NOT_SUPPORTED; + memcpy(operation->user_id, user_id, user_id_len); + operation->user_id_length = (uint8_t)user_id_len; + + return PSA_SUCCESS; +} + +psa_status_t oberon_jpake_set_peer( + oberon_jpake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len) +{ + if (peer_id_len == operation->user_id_length) { + if (memcmp(peer_id, operation->user_id, peer_id_len) == 0) { // user and peer ids must not be equal return PSA_ERROR_INVALID_ARGUMENT; } } - // store reduced password - ocrypto_ecjpake_read_shared_secret(operation->secret, password, password_length); - - if (user_id_length > sizeof operation->user_id) return PSA_ERROR_NOT_SUPPORTED; - memcpy(operation->user_id, user_id, user_id_length); - operation->user_id_length = (uint8_t)user_id_length; - - if (peer_id_length > sizeof operation->peer_id) return PSA_ERROR_NOT_SUPPORTED; - memcpy(operation->peer_id, peer_id, peer_id_length); - operation->peer_id_length = (uint8_t)peer_id_length; + if (peer_id_len > sizeof operation->peer_id) return PSA_ERROR_NOT_SUPPORTED; + memcpy(operation->peer_id, peer_id, peer_id_len); + operation->peer_id_length = (uint8_t)peer_id_len; return PSA_SUCCESS; } @@ -295,7 +312,7 @@ psa_status_t oberon_jpake_input( } } -psa_status_t oberon_jpake_get_implicit_key( +psa_status_t oberon_jpake_get_shared_key( oberon_jpake_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { diff --git a/ext/oberon/psa/drivers/oberon_jpake.h b/ext/oberon/psa/drivers/oberon_jpake.h index be42993ba9ae..0274f545df87 100644 --- a/ext/oberon/psa/drivers/oberon_jpake.h +++ b/ext/oberon/psa/drivers/oberon_jpake.h @@ -39,11 +39,17 @@ typedef struct { psa_status_t oberon_jpake_setup( oberon_jpake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role); + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_jpake_set_user( + oberon_jpake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + +psa_status_t oberon_jpake_set_peer( + oberon_jpake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len); psa_status_t oberon_jpake_output( oberon_jpake_operation_t *operation, @@ -55,7 +61,7 @@ psa_status_t oberon_jpake_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_jpake_get_implicit_key( +psa_status_t oberon_jpake_get_shared_key( oberon_jpake_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); diff --git a/ext/oberon/psa/drivers/oberon_key_derivation.c b/ext/oberon/psa/drivers/oberon_key_derivation.c index 97fb0b8a48f0..f22ea33b0176 100644 --- a/ext/oberon/psa/drivers/oberon_key_derivation.c +++ b/ext/oberon/psa/drivers/oberon_key_derivation.c @@ -66,7 +66,7 @@ static psa_status_t oberon_hash_key( size_t length; memset(&operation->hash_op, 0, sizeof operation->hash_op); - status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_HMAC_GET_HASH(operation->mac_alg)); + status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->mac_alg)); if (status) goto exit; status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); if (status) goto exit; @@ -104,6 +104,13 @@ psa_status_t oberon_key_derivation_setup( } else #endif /* PSA_NEED_OBERON_SP800_108_COUNTER_CMAC */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + if (PSA_ALG_IS_SRP_PASSWORD_HASH(alg)) { + operation->alg = OBERON_SRP_PASSWORD_HASH_ALG; + operation->mac_alg = PSA_ALG_HKDF_GET_HASH(alg); + } else +#endif /* PSA_NEED_OBERON_SRP_PASSWORD_HASH */ + { // all olthers are HMAC based psa_algorithm_t hash = PSA_ALG_HKDF_GET_HASH(alg); @@ -215,6 +222,17 @@ psa_status_t oberon_key_derivation_input_bytes( if (status) goto exit; operation->salt_length = (uint16_t)data_length; #endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + } else if (operation->alg == OBERON_SRP_PASSWORD_HASH_ALG) { + status = psa_driver_wrapper_hash_finish(&operation->hash_op, operation->data, sizeof operation->data, &length); + if (status) goto exit; + status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->mac_alg)); + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); // salt + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, operation->data, length); // H(u, ":", pw) + if (status) goto exit; +#endif /* PSA_NEED_OBERON_SRP_PASSWORD_HASH */ } else { #if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) length = operation->salt_length + data_length; @@ -301,25 +319,41 @@ psa_status_t oberon_key_derivation_input_bytes( status = psa_driver_wrapper_mac_update(&operation->mac_op, data, data_length); if (status) goto exit; // HKDF extract - status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, operation->key, operation->block_length, &length); + status = psa_driver_wrapper_mac_sign_finish(&operation->mac_op, + operation->key, operation->block_length, &length); if (status) goto exit; #endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT */ return PSA_SUCCESS; } #endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT || PSA_NEED_OBERON_HKDF_EXPAND || PSA_NEED_OBERON_TLS12 */ -#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || defined(PSA_NEED_OBERON_HKDF_EXPAND) +#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || defined(PSA_NEED_OBERON_HKDF_EXPAND) || \ + defined(PSA_NEED_OBERON_SRP_PASSWORD_HASH) case PSA_KEY_DERIVATION_INPUT_INFO: - if (data_length > sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY; - memcpy(operation->info, data, data_length); - operation->info_length = (uint16_t)data_length; - return PSA_SUCCESS; -#endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT || PSA_NEED_OBERON_HKDF_EXPAND */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + if (operation->alg == OBERON_SRP_PASSWORD_HASH_ALG) { + status = psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->mac_alg)); + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); // user id + if (status) goto exit; + return PSA_SUCCESS; + } else +#endif + { + if (data_length > sizeof operation->info) return PSA_ERROR_INSUFFICIENT_MEMORY; + memcpy(operation->info, data, data_length); + operation->info_length = (uint16_t)data_length; + return PSA_SUCCESS; + } +#endif /* PSA_NEED_OBERON_HKDF || PSA_NEED_OBERON_HKDF_EXTRACT || PSA_NEED_OBERON_HKDF_EXPAND || + PSA_NEED_OBERON_SRP_PASSWORD_HASH */ -#if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) +#if defined(PSA_NEED_OBERON_PBKDF2_HMAC) || defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || \ + defined(PSA_NEED_OBERON_SRP_PASSWORD_HASH) case PSA_KEY_DERIVATION_INPUT_PASSWORD: - if (operation->alg == OBERON_PBKDF2_HMAC_ALG) { + switch (operation->alg) { #ifdef PSA_NEED_OBERON_PBKDF2_HMAC + case OBERON_PBKDF2_HMAC_ALG: if (data_length > PSA_HASH_BLOCK_LENGTH(operation->mac_alg)) { // key = H(password) status = oberon_hash_key(operation, data, data_length); @@ -329,9 +363,10 @@ psa_status_t oberon_key_derivation_input_bytes( memcpy(operation->key, data, data_length); operation->key_length = (uint16_t)data_length; } + break; #endif /* PSA_NEED_OBERON_PBKDF2_HMAC */ - } else { #ifdef PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 + case OBERON_PBKDF2_CMAC_ALG: if (data_length == 16) { memcpy(operation->key, data, 16); } else { @@ -344,10 +379,21 @@ psa_status_t oberon_key_derivation_input_bytes( if (status) goto exit; } operation->key_length = 16; + break; #endif /* PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + case OBERON_SRP_PASSWORD_HASH_ALG: + status = psa_driver_wrapper_hash_update(&operation->hash_op, (const uint8_t *)":", 1); // ":" + if (status) goto exit; + status = psa_driver_wrapper_hash_update(&operation->hash_op, data, data_length); // pw + if (status) goto exit; + break; +#endif /* PSA_NEED_OBERON_SRP_PASSWORD_HASH */ + default: + break; } return PSA_SUCCESS; -#endif /* PSA_NEED_OBERON_PBKDF2_HMAC || PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_NEED_OBERON_PBKDF2_HMAC || PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 || PSA_NEED_OBERON_SRP_PASSWORD_HASH */ #if defined(PSA_NEED_OBERON_TLS12_PRF) || defined(PSA_NEED_OBERON_TLS12_PSK_TO_MS) case PSA_KEY_DERIVATION_INPUT_SEED: @@ -407,9 +453,16 @@ psa_status_t oberon_key_derivation_input_bytes( } #if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) || \ - defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) + defined(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) || defined(PSA_NEED_OBERON_SRP_PASSWORD_HASH) exit: - psa_driver_wrapper_mac_abort(&operation->mac_op); +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + if (operation->alg == OBERON_PBKDF2_HMAC_ALG) { + psa_driver_wrapper_hash_abort(&operation->hash_op); + } else +#endif + { + psa_driver_wrapper_mac_abort(&operation->mac_op); + } return status; #endif } @@ -570,6 +623,14 @@ psa_status_t oberon_key_derivation_output_bytes( return psa_driver_wrapper_hash_compute(PSA_ALG_SHA_256, operation->key, 32, output, output_length, &length); #endif /* PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS */ +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + case OBERON_SRP_PASSWORD_HASH_ALG: + status = psa_driver_wrapper_hash_finish(&operation->hash_op, output, output_length, &length); + if (status != PSA_SUCCESS) psa_driver_wrapper_hash_abort(&operation->hash_op); + if (output_length != length) return PSA_ERROR_INVALID_ARGUMENT; + return status; +#endif + #if defined(PSA_NEED_OBERON_SP800_108_COUNTER_HMAC) || defined(PSA_NEED_OBERON_SP800_108_COUNTER_CMAC) case OBERON_SP800_108_COUNTER_ALG: // key @@ -631,9 +692,15 @@ psa_status_t oberon_key_derivation_abort( oberon_key_derivation_operation_t *operation ) { switch (operation->alg) { +#if defined(PSA_NEED_OBERON_HKDF) || defined(PSA_NEED_OBERON_HKDF_EXTRACT) case OBERON_HKDF_ALG: case OBERON_HKDF_EXTRACT_ALG: return psa_driver_wrapper_mac_abort(&operation->mac_op); +#endif +#ifdef PSA_NEED_OBERON_SRP_PASSWORD_HASH + case OBERON_SRP_PASSWORD_HASH_ALG: + return psa_driver_wrapper_hash_abort(&operation->hash_op); +#endif default: return PSA_SUCCESS; } diff --git a/ext/oberon/psa/drivers/oberon_key_derivation.h b/ext/oberon/psa/drivers/oberon_key_derivation.h index 44604b2b84ac..0890936fbbac 100644 --- a/ext/oberon/psa/drivers/oberon_key_derivation.h +++ b/ext/oberon/psa/drivers/oberon_key_derivation.h @@ -34,6 +34,7 @@ typedef enum { OBERON_TLS12_PSK_TO_MS_ALG = 7, OBERON_ECJPAKE_TO_PMS_ALG = 8, OBERON_SP800_108_COUNTER_ALG = 9, + OBERON_SRP_PASSWORD_HASH_ALG = 10, } oberon_kdf_alg; typedef struct { diff --git a/ext/oberon/psa/drivers/oberon_key_management.c b/ext/oberon/psa/drivers/oberon_key_management.c index 20bb9793e04c..7845af623fa3 100644 --- a/ext/oberon/psa/drivers/oberon_key_management.c +++ b/ext/oberon/psa/drivers/oberon_key_management.c @@ -12,6 +12,8 @@ #include "oberon_key_management.h" #include "oberon_ec_keys.h" #include "oberon_rsa.h" +#include "oberon_spake2p.h" +#include "oberon_srp.h" psa_status_t oberon_export_public_key( @@ -37,6 +39,22 @@ psa_status_t oberon_export_public_key( } else #endif /* PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT + if (PSA_KEY_TYPE_IS_SPAKE2P(type)) { + return oberon_export_spake2p_public_key( + attributes, key, key_length, + data, data_size, data_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT + if (PSA_KEY_TYPE_IS_SRP(type)) { + return oberon_export_srp_public_key( + attributes, key, key_length, + data, data_size, data_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT */ + { (void)key; (void)key_length; @@ -72,6 +90,22 @@ psa_status_t oberon_import_key( } else #endif /* PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT */ +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT + if (PSA_KEY_TYPE_IS_SPAKE2P(type)) { + return oberon_import_spake2p_key( + attributes, data, data_length, + key, key_size, key_length, key_bits); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT + if (PSA_KEY_TYPE_IS_SRP(type)) { + return oberon_import_srp_key( + attributes, data, data_length, + key, key_size, key_length, key_bits); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT */ + { (void)data; (void)data_length; @@ -91,7 +125,7 @@ psa_status_t oberon_generate_key( psa_key_type_t type = psa_get_key_type(attributes); #ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE - if (PSA_KEY_TYPE_IS_ECC(type)) { + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { return oberon_generate_ec_key( attributes, key, key_size, key_length); @@ -106,3 +140,37 @@ psa_status_t oberon_generate_key( return PSA_ERROR_NOT_SUPPORTED; } } + +psa_status_t oberon_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length) +{ + psa_key_type_t type = psa_get_key_type(attributes); + +#ifdef PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE + if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { + return oberon_derive_ec_key( + attributes, input, input_length, + key, key_size, key_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE + if (PSA_KEY_TYPE_IS_SPAKE2P_KEY_PAIR(type)) { + return oberon_derive_spake2p_key( + attributes, input, input_length, + key, key_size, key_length); + } else +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE */ + + { + (void)input; + (void)input_length; + (void)key; + (void)key_size; + (void)key_length; + (void)type; + return PSA_ERROR_NOT_SUPPORTED; + } +} diff --git a/ext/oberon/psa/drivers/oberon_key_management.h b/ext/oberon/psa/drivers/oberon_key_management.h index d1c6b643c747..75c7444de881 100644 --- a/ext/oberon/psa/drivers/oberon_key_management.h +++ b/ext/oberon/psa/drivers/oberon_key_management.h @@ -34,6 +34,11 @@ psa_status_t oberon_generate_key( const psa_key_attributes_t *attributes, uint8_t *key, size_t key_size, size_t *key_length); +psa_status_t oberon_derive_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length); + #ifdef __cplusplus } diff --git a/ext/oberon/psa/drivers/oberon_pake.c b/ext/oberon/psa/drivers/oberon_pake.c index 46c1bdae876c..dbbd259fe568 100644 --- a/ext/oberon/psa/drivers/oberon_pake.c +++ b/ext/oberon/psa/drivers/oberon_pake.c @@ -16,53 +16,141 @@ psa_status_t oberon_pake_setup( oberon_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - operation->alg = cipher_suite->algorithm; + operation->alg = psa_pake_cs_get_algorithm(cipher_suite); - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_setup( - &operation->ctx.oberon_jpake_ctx, cipher_suite, - password, password_length, - user_id, user_id_length, - peer_id, peer_id_length, - role); + &operation->ctx.oberon_jpake_ctx, + attributes, password, password_length, + cipher_suite); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_setup( - &operation->ctx.oberon_spake2p_ctx, cipher_suite, - password, password_length, - user_id, user_id_length, - peer_id, peer_id_length, - role); + &operation->ctx.oberon_spake2p_ctx, + attributes, password, password_length, + cipher_suite); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_setup( - &operation->ctx.oberon_srp_ctx, cipher_suite, - password, password_length, - user_id, user_id_length, - peer_id, peer_id_length, - role); + &operation->ctx.oberon_srp_ctx, + attributes, password, password_length, + cipher_suite); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { (void)attributes; (void)password; (void)password_length; + return PSA_ERROR_NOT_SUPPORTED; + } +} + +psa_status_t oberon_pake_set_role( + oberon_pake_operation_t *operation, + psa_pake_role_t role) +{ +#ifdef PSA_NEED_OBERON_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return PSA_SUCCESS; + } else +#endif /* PSA_NEED_OBERON_JPAKE */ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_role( + &operation->ctx.oberon_spake2p_ctx, role); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ +#ifdef PSA_NEED_OBERON_SRP_6 + if (PSA_ALG_IS_SRP_6(operation->alg)) { + return oberon_srp_set_role( + &operation->ctx.oberon_srp_ctx, role); + } else +#endif /* PSA_NEED_OBERON_SRP_6 */ + { + (void)operation; + (void)role; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t oberon_pake_set_user( + oberon_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ +#ifdef PSA_NEED_OBERON_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return oberon_jpake_set_user( + &operation->ctx.oberon_jpake_ctx, user_id, user_id_len); + } else +#endif /* PSA_NEED_OBERON_JPAKE */ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_user( + &operation->ctx.oberon_spake2p_ctx, user_id, user_id_len); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ +#ifdef PSA_NEED_OBERON_SRP_6 + if (PSA_ALG_IS_SRP_6(operation->alg)) { + return oberon_srp_set_user( + &operation->ctx.oberon_srp_ctx, user_id, user_id_len); + } else +#endif /* PSA_NEED_OBERON_SRP_6 */ + { + (void)operation; (void)user_id; - (void)user_id_length; + (void)user_id_len; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t oberon_pake_set_peer( + oberon_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len) +{ +#ifdef PSA_NEED_OBERON_JPAKE + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return oberon_jpake_set_peer( + &operation->ctx.oberon_jpake_ctx, peer_id, peer_id_len); + } else +#endif /* PSA_NEED_OBERON_JPAKE */ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_peer( + &operation->ctx.oberon_spake2p_ctx, peer_id, peer_id_len); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ + { + (void)operation; (void)peer_id; - (void)peer_id_length; - (void)role; - return PSA_ERROR_NOT_SUPPORTED; + (void)peer_id_len; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t oberon_pake_set_context( + oberon_pake_operation_t *operation, + const uint8_t *context, size_t context_len) +{ +#ifdef PSA_NEED_OBERON_SPAKE2P + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_set_context( + &operation->ctx.oberon_spake2p_ctx, context, context_len); + } else +#endif /* PSA_NEED_OBERON_SPAKE2P */ + { + (void)operation; + (void)context; + (void)context_len; + return PSA_ERROR_BAD_STATE; } } @@ -71,23 +159,26 @@ psa_status_t oberon_pake_output( psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_output( &operation->ctx.oberon_jpake_ctx, step, output, output_size, output_length); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_output( &operation->ctx.oberon_spake2p_ctx, step, output, output_size, output_length); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_output( &operation->ctx.oberon_srp_ctx, step, output, output_size, output_length); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { + (void)operation; (void)step; (void)output; (void)output_size; @@ -101,23 +192,26 @@ psa_status_t oberon_pake_input( psa_pake_step_t step, const uint8_t *input, size_t input_length) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_input( &operation->ctx.oberon_jpake_ctx, step, input, input_length); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_input( &operation->ctx.oberon_spake2p_ctx, step, input, input_length); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_input( &operation->ctx.oberon_srp_ctx, step, input, input_length); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { + (void)operation; (void)step; (void)input; (void)input_length; @@ -125,30 +219,35 @@ psa_status_t oberon_pake_input( } } -psa_status_t oberon_pake_get_implicit_key( +psa_status_t oberon_pake_get_shared_key( oberon_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length) + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: - return oberon_jpake_get_implicit_key( - &operation->ctx.oberon_jpake_ctx, output, output_size, output_length); + if (PSA_ALG_IS_JPAKE(operation->alg)) { + return oberon_jpake_get_shared_key( + &operation->ctx.oberon_jpake_ctx, key, key_size, key_length); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: - return oberon_spake2p_get_implicit_key( - &operation->ctx.oberon_spake2p_ctx, output, output_size, output_length); + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { + return oberon_spake2p_get_shared_key( + &operation->ctx.oberon_spake2p_ctx, key, key_size, key_length); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: - return oberon_srp_get_implicit_key( - &operation->ctx.oberon_srp_ctx, output, output_size, output_length); + if (PSA_ALG_IS_SRP_6(operation->alg)) { + return oberon_srp_get_shared_key( + &operation->ctx.oberon_srp_ctx, key, key_size, key_length); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: - (void)output; - (void)output_size; - (void)output_length; + { + (void)operation; + (void)attributes; + (void)key; + (void)key_size; + (void)key_length; return PSA_ERROR_BAD_STATE; } } @@ -156,23 +255,26 @@ psa_status_t oberon_pake_get_implicit_key( psa_status_t oberon_pake_abort( oberon_pake_operation_t *operation) { - switch (operation->alg) { #ifdef PSA_NEED_OBERON_JPAKE - case PSA_ALG_JPAKE: + if (PSA_ALG_IS_JPAKE(operation->alg)) { return oberon_jpake_abort( &operation->ctx.oberon_jpake_ctx); + } else #endif /* PSA_NEED_OBERON_JPAKE */ #ifdef PSA_NEED_OBERON_SPAKE2P - case PSA_ALG_SPAKE2P: + if (PSA_ALG_IS_SPAKE2P(operation->alg)) { return oberon_spake2p_abort( &operation->ctx.oberon_spake2p_ctx); + } else #endif /* PSA_NEED_OBERON_SPAKE2P */ #ifdef PSA_NEED_OBERON_SRP_6 - case PSA_ALG_SRP_6: + if (PSA_ALG_IS_SRP_6(operation->alg)) { return oberon_srp_abort( &operation->ctx.oberon_srp_ctx); + } else #endif /* PSA_NEED_OBERON_SRP_6 */ - default: + { + (void)operation; return PSA_ERROR_BAD_STATE; } } diff --git a/ext/oberon/psa/drivers/oberon_pake.h b/ext/oberon/psa/drivers/oberon_pake.h index 41984d2c24d6..ded1acb8cc4a 100644 --- a/ext/oberon/psa/drivers/oberon_pake.h +++ b/ext/oberon/psa/drivers/oberon_pake.h @@ -48,13 +48,26 @@ typedef struct { psa_status_t oberon_pake_setup( oberon_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_pake_set_role( + oberon_pake_operation_t *operation, psa_pake_role_t role); +psa_status_t oberon_pake_set_user( + oberon_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + +psa_status_t oberon_pake_set_peer( + oberon_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len); + +psa_status_t oberon_pake_set_context( + oberon_pake_operation_t *operation, + const uint8_t *context, size_t context_len); + psa_status_t oberon_pake_output( oberon_pake_operation_t *operation, psa_pake_step_t step, @@ -65,9 +78,10 @@ psa_status_t oberon_pake_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_pake_get_implicit_key( +psa_status_t oberon_pake_get_shared_key( oberon_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); + const psa_key_attributes_t *attributes, + uint8_t *key, size_t key_size, size_t *key_length); psa_status_t oberon_pake_abort( oberon_pake_operation_t *operation); diff --git a/ext/oberon/psa/drivers/oberon_spake2p.c b/ext/oberon/psa/drivers/oberon_spake2p.c index eca0364897e2..4d4ff39e680d 100644 --- a/ext/oberon/psa/drivers/oberon_spake2p.c +++ b/ext/oberon/psa/drivers/oberon_spake2p.c @@ -17,13 +17,10 @@ #include "oberon_helpers.h" #include "psa_crypto_driver_wrappers.h" +#include "ocrypto_ecdh_p256.h" #include "ocrypto_spake2p_p256.h" -// up to version 04 the K_main, K_confirmP, and K_confirmV values were calculated differently -//#define SPAKE2P_USE_VERSION_04 - - #define P256_KEY_SIZE 32 #define P256_POINT_SIZE 65 @@ -84,14 +81,15 @@ static psa_status_t oberon_write_key_share( { int res; psa_status_t status; - uint8_t xs[40]; + const uint8_t *mn; // random secret key - status = psa_generate_random(xs, sizeof xs); + status = psa_generate_random(op->XY, 40); if (status != PSA_SUCCESS) return status; - ocrypto_spake2p_p256_reduce(op->xy, xs, sizeof xs); + ocrypto_spake2p_p256_reduce(op->xy, op->XY, 40); - res = ocrypto_spake2p_p256_get_key_share(op->XY, op->w0, op->xy, op->MN); + mn = op->role == PSA_PAKE_ROLE_CLIENT ? M : N; + res = ocrypto_spake2p_p256_get_key_share(op->XY, op->w0, op->xy, mn); if (res) return PSA_ERROR_INVALID_ARGUMENT; if (output_size < P256_POINT_SIZE) return PSA_ERROR_BUFFER_TOO_SMALL; @@ -132,16 +130,17 @@ static psa_status_t oberon_get_confirmation_keys( uint8_t *KconfP, uint8_t *KconfV) { psa_status_t status; + psa_algorithm_t hkdf_alg = PSA_ALG_HKDF(PSA_ALG_GET_HASH(op->alg)); psa_key_derivation_operation_t kdf_op = PSA_KEY_DERIVATION_OPERATION_INIT; uint8_t Z[P256_POINT_SIZE]; uint8_t V[P256_POINT_SIZE]; - size_t hash_len; + size_t hash_len, conf_len = 0, shared_len = 0, mac_len = 0; // add Z, V, and w0 to TT if (op->role == PSA_PAKE_ROLE_CLIENT) { - ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, op->w1, op->xy, op->YX, op->NM, NULL); + ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, &op->w1L[1], op->xy, op->YX, N, NULL); } else { - ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, NULL, op->xy, op->YX, op->NM, op->L); + ocrypto_spake2p_p256_get_ZV(Z, V, op->w0, NULL, op->xy, op->YX, M, op->w1L); } status = oberon_update_hash_with_prefix(&op->hash_op, Z, P256_POINT_SIZE); if (status) return status; @@ -156,37 +155,67 @@ static psa_status_t oberon_get_confirmation_keys( psa_driver_wrapper_hash_abort(&op->hash_op); return status; } - op->hash_len = hash_len; // get K_shared -#ifdef SPAKE2P_USE_VERSION_04 - hash_len >>= 1; // K_confirm and confirm size is hash_len / 2 - memcpy(op->shared, V + hash_len, hash_len); -#else - status = psa_driver_wrapper_key_derivation_setup(&kdf_op, PSA_ALG_HKDF(op->hash_alg)); - if (status) goto exit; - status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t *)"SharedKey", 9); - if (status) goto exit; - status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, hash_len); - if (status) goto exit; - status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, op->shared, hash_len); - if (status) goto exit; - psa_key_derivation_abort(&kdf_op); +#ifdef PSA_NEED_OBERON_SPAKE2P_MATTER + if (op->alg == PSA_ALG_SPAKE2P_MATTER) { + // Spake2+ draft version 2 + conf_len = hash_len >> 1; // K_confirm is hash_len / 2 + shared_len = hash_len >> 1; // shared key size is hash_len / 2 + mac_len = hash_len; // mac size is hash_len + memcpy(op->shared, V + conf_len, shared_len); + } else +#endif + { +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + shared_len = hash_len; +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) && defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + if (PSA_ALG_IS_SPAKE2P_CMAC(op->alg)) { #endif +#ifdef PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 + mac_len = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128, PSA_ALG_CMAC); +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) && defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + } else { +#endif +#ifdef PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 + mac_len = hash_len; +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) && defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) + } +#endif + conf_len = mac_len; + status = psa_driver_wrapper_key_derivation_setup(&kdf_op, hkdf_alg); + if (status) goto exit; + status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t *)"SharedKey", 9); + if (status) goto exit; + status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, hash_len); + if (status) goto exit; + status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, op->shared, shared_len); + if (status) goto exit; + psa_key_derivation_abort(&kdf_op); +#endif /* PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 || PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 */ + } + + op->conf_len = (uint8_t)conf_len; + op->shared_len = (uint8_t)shared_len; + op->mac_len = (uint8_t)mac_len; // get K_confirmP & K_confirmV - status = psa_driver_wrapper_key_derivation_setup(&kdf_op, PSA_ALG_HKDF(op->hash_alg)); + status = psa_driver_wrapper_key_derivation_setup(&kdf_op, hkdf_alg); if (status) goto exit; status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_INFO, (uint8_t *)"ConfirmationKeys", 16); if (status) goto exit; - status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, hash_len); + status = psa_driver_wrapper_key_derivation_input_bytes(&kdf_op, PSA_KEY_DERIVATION_INPUT_SECRET, V, conf_len); if (status) goto exit; - status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfP, hash_len); + status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfP, conf_len); if (status) goto exit; - status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfV, hash_len); + status = psa_driver_wrapper_key_derivation_output_bytes(&kdf_op, KconfV, conf_len); exit: psa_driver_wrapper_key_derivation_abort(&kdf_op); + memset(Z, 0, sizeof Z); + memset(V, 0, sizeof V); return status; } @@ -198,19 +227,37 @@ static psa_status_t oberon_get_confirmation( { size_t length; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_algorithm_t mac_alg = 0; + +#if defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) && \ + (defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER)) + if (PSA_ALG_IS_SPAKE2P_CMAC(op->alg)) { +#endif +#ifdef PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 + mac_alg = PSA_ALG_CMAC; + psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) && \ + (defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER)) + } else { +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER) + mac_alg = PSA_ALG_HMAC(PSA_ALG_GET_HASH(op->alg)); + psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); +#endif +#if defined(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) && \ + (defined(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) || defined(PSA_NEED_OBERON_SPAKE2P_MATTER)) + } +#endif + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); - psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(op->hash_alg)); - psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC); + psa_set_key_algorithm(&attributes, mac_alg); return psa_driver_wrapper_mac_compute( -#ifdef SPAKE2P_USE_VERSION_04 - &attributes, kconf, op->hash_len >> 1, -#else - &attributes, kconf, op->hash_len, -#endif - PSA_ALG_HMAC(op->hash_alg), + &attributes, kconf, op->conf_len, + mac_alg, share, P256_POINT_SIZE, - conf, op->hash_len, &length); + conf, op->mac_len, &length); } static psa_status_t oberon_write_confirm( @@ -224,10 +271,10 @@ static psa_status_t oberon_write_confirm( if (status) return status; } - if (output_size < op->hash_len) return PSA_ERROR_BUFFER_TOO_SMALL; + if (output_size < op->mac_len) return PSA_ERROR_BUFFER_TOO_SMALL; status = oberon_get_confirmation(op, op->KconfPV, op->YX, output); if (status) return status; - *output_length = op->hash_len; + *output_length = op->mac_len; return PSA_SUCCESS; } @@ -247,8 +294,8 @@ static psa_status_t oberon_read_confirm( status = oberon_get_confirmation(op, op->KconfVP, op->XY, conf); if (status) return status; - if (input_length != op->hash_len) return PSA_ERROR_INVALID_SIGNATURE; - if (oberon_ct_compare(input, conf, op->hash_len)) return PSA_ERROR_INVALID_SIGNATURE; + if (input_length != op->mac_len) return PSA_ERROR_INVALID_SIGNATURE; + if (oberon_ct_compare(input, conf, op->mac_len)) return PSA_ERROR_INVALID_SIGNATURE; return PSA_SUCCESS; } @@ -256,66 +303,110 @@ static psa_status_t oberon_read_confirm( psa_status_t oberon_spake2p_setup( oberon_spake2p_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - psa_status_t status; - int res; + (void)attributes; - if (cipher_suite->algorithm != PSA_ALG_SPAKE2P || - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite->bits != 256) { + if (psa_pake_cs_get_primitive(cipher_suite) != + PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256) || + psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_CONFIRMED_KEY) { return PSA_ERROR_NOT_SUPPORTED; } + if (password_length == 2 * P256_KEY_SIZE) { + // password = w0:w1 + memcpy(operation->w0, password, P256_KEY_SIZE); + password += P256_KEY_SIZE; + operation->w1L[0] = 0; // w1L is 0x00:w1 + ocrypto_spake2p_p256_reduce(&operation->w1L[1], password, P256_KEY_SIZE); + } else if (password_length == P256_KEY_SIZE + P256_POINT_SIZE) { + // password = w0:L + memcpy(operation->w0, password, P256_KEY_SIZE); + password += P256_KEY_SIZE; + memcpy(operation->w1L, password, P256_POINT_SIZE); // w1L is L = 0x04:x:y + } else { + return PSA_ERROR_INVALID_ARGUMENT; + } + // prepare TT calculation - operation->hash_alg = cipher_suite->hash; - operation->role = role; - status = psa_driver_wrapper_hash_setup(&operation->hash_op, cipher_suite->hash); - if (status) return status; + operation->alg = psa_pake_cs_get_algorithm(cipher_suite); + return psa_driver_wrapper_hash_setup(&operation->hash_op, PSA_ALG_GET_HASH(operation->alg)); +} +psa_status_t oberon_spake2p_set_role( + oberon_spake2p_operation_t *operation, + psa_pake_role_t role) +{ if (role == PSA_PAKE_ROLE_CLIENT) { - operation->MN = M; - operation->NM = N; + if (operation->w1L[0] == 0x04) return PSA_ERROR_INVALID_ARGUMENT; + } else { + if (operation->w1L[0] != 0x04) { // secret key -> public key + operation->w1L[0] = 0x04; + ocrypto_ecdh_p256_public_key(&operation->w1L[1], &operation->w1L[1]); + } + } + operation->role = role; + return PSA_SUCCESS; +} + +psa_status_t oberon_spake2p_set_user( + oberon_spake2p_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ + if (operation->role == PSA_PAKE_ROLE_CLIENT) { // prover = user; verifier = peer - if (user_id_length > sizeof operation->prover || peer_id_length > sizeof operation->verifier) { + if (user_id_len > sizeof operation->prover) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(operation->prover, user_id, user_id_length); - operation->prover_len = (uint8_t)user_id_length; - memcpy(operation->verifier, peer_id, peer_id_length); - operation->verifier_len = (uint8_t)peer_id_length; - // password = w0s:w1s - if (password_length < 2 * P256_KEY_SIZE) return PSA_ERROR_INVALID_ARGUMENT; - ocrypto_spake2p_p256_reduce(operation->w0, password, password_length >> 1); - password += password_length >> 1; - ocrypto_spake2p_p256_reduce(operation->w1, password, password_length >> 1); + memcpy(operation->prover, user_id, user_id_len); + operation->prover_len = (uint8_t)user_id_len; } else { /* role == PSA_PAKE_ROLE_SERVER */ - operation->MN = N; - operation->NM = M; // prover = peer; verifier = user - if (peer_id_length > sizeof operation->prover || user_id_length > sizeof operation->verifier) { + if (user_id_len > sizeof operation->verifier) { return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(operation->prover, peer_id, peer_id_length); - operation->prover_len = (uint8_t)peer_id_length; - memcpy(operation->verifier, user_id, user_id_length); - operation->verifier_len = (uint8_t)user_id_length; - // password = w0s:L - if (password_length < P256_KEY_SIZE + P256_POINT_SIZE) return PSA_ERROR_INVALID_ARGUMENT; - ocrypto_spake2p_p256_reduce(operation->w0, password, password_length - P256_POINT_SIZE); - password += password_length - P256_POINT_SIZE; - res = ocrypto_spake2p_p256_check_key(password); - if (res) return PSA_ERROR_INVALID_ARGUMENT; - memcpy(operation->L, password, P256_POINT_SIZE); + memcpy(operation->verifier, user_id, user_id_len); + operation->verifier_len = (uint8_t)user_id_len; + } + return PSA_SUCCESS; +} + +psa_status_t oberon_spake2p_set_peer( + oberon_spake2p_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len) +{ + if (operation->role == PSA_PAKE_ROLE_CLIENT) { + // prover = user; verifier = peer + if (peer_id_len > sizeof operation->verifier) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + memcpy(operation->verifier, peer_id, peer_id_len); + operation->verifier_len = (uint8_t)peer_id_len; + } else { /* role == PSA_PAKE_ROLE_SERVER */ + // prover = peer; verifier = user + if (peer_id_len > sizeof operation->prover) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + memcpy(operation->prover, peer_id, peer_id_len); + operation->prover_len = (uint8_t)peer_id_len; } return PSA_SUCCESS; } +psa_status_t oberon_spake2p_set_context( + oberon_spake2p_operation_t *operation, + const uint8_t *context, size_t context_len) +{ + if (context_len == 0) return PSA_SUCCESS; + + // add context to TT + return oberon_update_hash_with_prefix( + &operation->hash_op, + context, context_len); +} + psa_status_t oberon_spake2p_output( oberon_spake2p_operation_t *operation, psa_pake_step_t step, @@ -341,11 +432,6 @@ psa_status_t oberon_spake2p_input( const uint8_t *input, size_t input_length) { switch (step) { - case PSA_PAKE_STEP_CONTEXT: - // add context to TT - return oberon_update_hash_with_prefix( - &operation->hash_op, - input, input_length); case PSA_PAKE_STEP_KEY_SHARE: return oberon_read_key_share( operation, @@ -359,19 +445,14 @@ psa_status_t oberon_spake2p_input( } } -psa_status_t oberon_spake2p_get_implicit_key( +psa_status_t oberon_spake2p_get_shared_key( oberon_spake2p_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { -#ifdef SPAKE2P_USE_VERSION_04 - if (output_size < operation->hash_len >> 1) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, operation->shared, operation->hash_len >> 1); - *output_length = operation->hash_len >> 1; -#else - if (output_size < operation->hash_len) return PSA_ERROR_BUFFER_TOO_SMALL; - memcpy(output, operation->shared, operation->hash_len); - *output_length = operation->hash_len; -#endif + size_t shared_len = operation->shared_len; + if (output_size < shared_len) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(output, operation->shared, shared_len); + *output_length = shared_len; return PSA_SUCCESS; } @@ -380,3 +461,129 @@ psa_status_t oberon_spake2p_abort( { return psa_driver_wrapper_hash_abort(&operation->hash_op); } + + +// key management + +psa_status_t oberon_derive_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length) +{ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + if (bits != 256) return PSA_ERROR_NOT_SUPPORTED; + if (input_length != 80) return PSA_ERROR_INVALID_ARGUMENT; + if (key_size < 64) return PSA_ERROR_BUFFER_TOO_SMALL; + ocrypto_spake2p_p256_reduce(key, input, 40); // w0s -> w0 + if (!oberon_ct_compare_zero(key, 32)) return PSA_ERROR_INVALID_ARGUMENT; + ocrypto_spake2p_p256_reduce(key + 32, input + 40, 40); // w1s -> w1 + if (!oberon_ct_compare_zero(key + 32, 32)) return PSA_ERROR_INVALID_ARGUMENT; + *key_length = 64; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 */ + + default: + (void)input; + (void)input_length; + (void)key; + (void)key_size; + (void)key_length; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} + +psa_status_t oberon_import_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *key_bits) +{ + int res; + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + if (data_length != 64) return PSA_ERROR_NOT_SUPPORTED; + if (bits != 0 && (bits != 256)) return PSA_ERROR_INVALID_ARGUMENT; + if (!oberon_ct_compare_zero(data, 32)) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_secret_key_check(data); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range + if (!oberon_ct_compare_zero(data + 32, 32)) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_secret_key_check(data + 32); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1): + if (data_length != 32 + 65) return PSA_ERROR_NOT_SUPPORTED; + if (bits != 0 && (bits != 256)) return PSA_ERROR_INVALID_ARGUMENT; + if (!oberon_ct_compare_zero(data, 32)) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_secret_key_check(data); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // out of range + if (data[32] != 0x04) return PSA_ERROR_INVALID_ARGUMENT; + res = ocrypto_ecdh_p256_public_key_check(&data[33]); + if (res) return PSA_ERROR_INVALID_ARGUMENT; // point not on curve + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 */ + + default: + (void)res; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + if (key_size < data_length) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(key, data, data_length); + *key_length = data_length; + *key_bits = 256; + return PSA_SUCCESS; +} + +psa_status_t oberon_export_spake2p_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length) +{ + int res; + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_length > data_size) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(data, key, key_length); + *data_length = key_length; + return PSA_SUCCESS; + } + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + case PSA_KEY_TYPE_SPAKE2P_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1): + if (bits != 256) return PSA_ERROR_NOT_SUPPORTED; + if (key_length != 64) return PSA_ERROR_INVALID_ARGUMENT; + if (data_size < 32 + 65) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(data, key, 32); // w0 + data[32] = 0x04; + res = ocrypto_ecdh_p256_public_key(&data[33], &key[32]); // w1 -> L + if (res) return PSA_ERROR_INVALID_ARGUMENT; + *data_length = 32 + 65; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 */ + default: + (void)res; + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} diff --git a/ext/oberon/psa/drivers/oberon_spake2p.h b/ext/oberon/psa/drivers/oberon_spake2p.h index 98c22468877c..916123500257 100644 --- a/ext/oberon/psa/drivers/oberon_spake2p.h +++ b/ext/oberon/psa/drivers/oberon_spake2p.h @@ -24,11 +24,9 @@ extern "C" { typedef struct { psa_hash_operation_t hash_op; // TT - psa_algorithm_t hash_alg; - size_t hash_len; + psa_algorithm_t alg; uint8_t w0[32]; - uint8_t w1[32]; - uint8_t L[65]; + uint8_t w1L[65]; uint8_t xy[32]; uint8_t XY[65]; uint8_t YX[65]; @@ -39,20 +37,35 @@ typedef struct { uint8_t verifier[32]; uint8_t prover_len; uint8_t verifier_len; - const uint8_t *MN; - const uint8_t *NM; + uint8_t shared_len; + uint8_t conf_len; + uint8_t mac_len; psa_pake_role_t role; } oberon_spake2p_operation_t; psa_status_t oberon_spake2p_setup( oberon_spake2p_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_spake2p_set_role( + oberon_spake2p_operation_t *operation, psa_pake_role_t role); +psa_status_t oberon_spake2p_set_user( + oberon_spake2p_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + +psa_status_t oberon_spake2p_set_peer( + oberon_spake2p_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_len); + +psa_status_t oberon_spake2p_set_context( + oberon_spake2p_operation_t *operation, + const uint8_t *context, size_t context_len); + psa_status_t oberon_spake2p_output( oberon_spake2p_operation_t *operation, psa_pake_step_t step, @@ -63,7 +76,7 @@ psa_status_t oberon_spake2p_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_spake2p_get_implicit_key( +psa_status_t oberon_spake2p_get_shared_key( oberon_spake2p_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); @@ -71,6 +84,22 @@ psa_status_t oberon_spake2p_abort( oberon_spake2p_operation_t *operation); +psa_status_t oberon_derive_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key, size_t key_size, size_t *key_length); + +psa_status_t oberon_import_spake2p_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *bits); + +psa_status_t oberon_export_spake2p_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length); + #ifdef __cplusplus } #endif diff --git a/ext/oberon/psa/drivers/oberon_srp.c b/ext/oberon/psa/drivers/oberon_srp.c index c01d886891ee..b6a7dffcea62 100644 --- a/ext/oberon/psa/drivers/oberon_srp.c +++ b/ext/oberon/psa/drivers/oberon_srp.c @@ -19,11 +19,11 @@ #include "ocrypto_srp.h" -#define SRP_KEY_SIZE (256/8) -#define SRP_FIELD_SIZE (3072/8) +#define SRP_FIELD_BITS 3072 +#define SRP_FIELD_SIZE PSA_BITS_TO_BYTES(SRP_FIELD_BITS) -static const uint8_t oberon_P3072[] = { +static const uint8_t oberon_P3072[SRP_FIELD_SIZE] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, @@ -136,20 +136,12 @@ static psa_status_t oberon_get_proof(oberon_srp_operation_t *op) // H(p) ^ H(g) oberon_xor(op->m2, op->m2, op->m1, hash_len); - // H(user) - status = psa_driver_wrapper_hash_setup(&hash_op, op->hash_alg); - if (status) goto exit; - status = psa_driver_wrapper_hash_update(&hash_op, op->user, op->user_len); - if (status) goto exit; - status = psa_driver_wrapper_hash_finish(&hash_op, op->m1, sizeof op->m1, &hash_len); - if (status) goto exit; - // m1 = H(H(p) ^ H(g) | H(user) | salt | A | B | k) status = psa_driver_wrapper_hash_setup(&hash_op, op->hash_alg); if (status) goto exit; status = psa_driver_wrapper_hash_update(&hash_op, op->m2, hash_len); // H(p) ^ H(g) if (status) goto exit; - status = psa_driver_wrapper_hash_update(&hash_op, op->m1, hash_len); // H(user) + status = psa_driver_wrapper_hash_update(&hash_op, op->user, hash_len); // H(user) if (status) goto exit; status = psa_driver_wrapper_hash_update(&hash_op, op->salt, op->salt_len); if (status) goto exit; @@ -177,17 +169,16 @@ static psa_status_t oberon_get_proof(oberon_srp_operation_t *op) return PSA_SUCCESS; exit: psa_hash_abort(&hash_op); + memset(s, 0, sizeof s); return status; } - static psa_status_t oberon_write_key_share( oberon_srp_operation_t *op, uint8_t *output, size_t output_size, size_t *output_length) { psa_status_t status; psa_hash_operation_t hash_op = PSA_HASH_OPERATION_INIT; - uint8_t k[SRP_FIELD_SIZE]; // random secret key status = psa_generate_random(op->ab, sizeof op->ab); @@ -201,10 +192,10 @@ static psa_status_t oberon_write_key_share( memcpy(output, op->A, SRP_FIELD_SIZE); } else { // k = H(p | g) - status = oberon_get_multiplier(op, &hash_op, k); + status = oberon_get_multiplier(op, &hash_op, op->B); if (status) return status; // B = k*v + g^b - ocrypto_srp_server_public_key(op->B, op->ab, k, op->password); + ocrypto_srp_server_public_key(op->B, op->ab, op->B, op->password); memcpy(output, op->B, SRP_FIELD_SIZE); } @@ -265,43 +256,55 @@ static psa_status_t oberon_read_confirm( psa_status_t oberon_srp_setup( oberon_srp_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { - (void)peer_id; - (void)peer_id_length; + (void)attributes; - if (cipher_suite->algorithm != PSA_ALG_SRP_6 || - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH || - cipher_suite->family != PSA_DH_FAMILY_RFC3526 || - cipher_suite->bits != 3072) { + if (psa_pake_cs_get_primitive(cipher_suite) != + PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_DH_FAMILY_RFC3526, SRP_FIELD_BITS) || + psa_pake_cs_get_key_confirmation(cipher_suite) != PSA_PAKE_CONFIRMED_KEY) { return PSA_ERROR_NOT_SUPPORTED; } - operation->hash_alg = cipher_suite->hash; - operation->hash_len = PSA_HASH_LENGTH(cipher_suite->hash); - operation->role = role; + operation->hash_alg = PSA_ALG_GET_HASH(psa_pake_cs_get_algorithm(cipher_suite)); + operation->hash_len = PSA_HASH_LENGTH(operation->hash_alg); - if (user_id_length > sizeof operation->user) return PSA_ERROR_NOT_SUPPORTED; - memcpy(operation->user, user_id, user_id_length); - operation->user_len = user_id_length; - - if (operation->role == PSA_PAKE_ROLE_CLIENT) { - // password hash - if (password_length != operation->hash_len) return PSA_ERROR_INVALID_ARGUMENT; - memcpy(operation->password, password, operation->hash_len); - } else { /* role == PSA_PAKE_ROLE_SERVER */ - // password verifier - if (password_length != SRP_FIELD_SIZE) return PSA_ERROR_INVALID_ARGUMENT; - memcpy(operation->password, password, SRP_FIELD_SIZE); - } + if (password_length != operation->hash_len && password_length != SRP_FIELD_SIZE) return PSA_ERROR_INVALID_ARGUMENT; + memcpy(operation->password, password, password_length); + operation->pw_len = (uint16_t)password_length; + + return PSA_SUCCESS; +} +psa_status_t oberon_srp_set_role( + oberon_srp_operation_t *operation, + psa_pake_role_t role) +{ + if (role == PSA_PAKE_ROLE_CLIENT) { + if (operation->pw_len != operation->hash_len) return PSA_ERROR_INVALID_ARGUMENT; + } else { + if (operation->pw_len != SRP_FIELD_SIZE) { + ocrypto_srp_client_public_key(operation->password, operation->password, operation->pw_len); + } + } + operation->role = role; return PSA_SUCCESS; } +psa_status_t oberon_srp_set_user( + oberon_srp_operation_t *operation, + const uint8_t *user_id, size_t user_id_len) +{ + size_t length; + + // store H(user) + return psa_driver_wrapper_hash_compute(operation->hash_alg, + user_id, user_id_len, + operation->user, sizeof operation->user, &length); +} + psa_status_t oberon_srp_output( oberon_srp_operation_t *operation, psa_pake_step_t step, @@ -330,7 +333,7 @@ psa_status_t oberon_srp_input( case PSA_PAKE_STEP_SALT: if (input_length > sizeof operation->salt) return PSA_ERROR_NOT_SUPPORTED; memcpy(operation->salt, input, input_length); - operation->salt_len = input_length; + operation->salt_len = (uint8_t)input_length; return PSA_SUCCESS; case PSA_PAKE_STEP_KEY_SHARE: return oberon_read_key_share( @@ -345,7 +348,7 @@ psa_status_t oberon_srp_input( } } -psa_status_t oberon_srp_get_implicit_key( +psa_status_t oberon_srp_get_shared_key( oberon_srp_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { @@ -361,3 +364,89 @@ psa_status_t oberon_srp_abort( (void)operation; return PSA_SUCCESS; } + + +// key management + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 +// constant-time big endian byte stream compare less than +static int less_than(const uint8_t *a, const uint8_t *b, size_t len) +{ + int i, c = 0; + for (i = len - 1; i >= 0; i--) { + c = (c + (int)a[i] - (int)b[i]) >> 8; + } + return c; +} +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 */ + +psa_status_t oberon_import_srp_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *key_bits) +{ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + case PSA_KEY_TYPE_SRP_KEY_PAIR(PSA_DH_FAMILY_RFC3526): + if (bits != SRP_FIELD_BITS) return PSA_ERROR_NOT_SUPPORTED; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 */ + +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + case PSA_KEY_TYPE_SRP_PUBLIC_KEY(PSA_DH_FAMILY_RFC3526): + if (data_length != SRP_FIELD_SIZE) return PSA_ERROR_NOT_SUPPORTED; + if (bits != 0 && (bits != SRP_FIELD_BITS)) return PSA_ERROR_INVALID_ARGUMENT; + // check key < P + if (!less_than(data, oberon_P3072, SRP_FIELD_SIZE)) return PSA_ERROR_INVALID_ARGUMENT; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 */ + + default: + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + // check key > 0 + if (oberon_ct_compare_zero(data, data_length) == 0) return PSA_ERROR_INVALID_ARGUMENT; + if (key_size < data_length) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(key, data, data_length); + *key_length = data_length; + *key_bits = SRP_FIELD_BITS; + return PSA_SUCCESS; +} + +psa_status_t oberon_export_srp_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length) +{ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + + if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) { + if (key_length > data_size) return PSA_ERROR_BUFFER_TOO_SMALL; + memcpy(data, key, key_length); + *data_length = key_length; + return PSA_SUCCESS; + } + + switch (type) { +#ifdef PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + case PSA_KEY_TYPE_SRP_KEY_PAIR(PSA_DH_FAMILY_RFC3526): + if (bits != SRP_FIELD_BITS) return PSA_ERROR_NOT_SUPPORTED; + if (data_size < SRP_FIELD_SIZE) return PSA_ERROR_BUFFER_TOO_SMALL; + ocrypto_srp_client_public_key(data, key, key_length); // hash -> verifier + *data_length = SRP_FIELD_SIZE; + break; +#endif /* PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 */ + default: + (void)bits; + return PSA_ERROR_NOT_SUPPORTED; + } + + return PSA_SUCCESS; +} diff --git a/ext/oberon/psa/drivers/oberon_srp.h b/ext/oberon/psa/drivers/oberon_srp.h index ec6eab47bcc3..eaf931bc18f0 100644 --- a/ext/oberon/psa/drivers/oberon_srp.h +++ b/ext/oberon/psa/drivers/oberon_srp.h @@ -32,22 +32,28 @@ typedef struct { uint8_t m1[PSA_HASH_MAX_SIZE]; uint8_t m2[PSA_HASH_MAX_SIZE]; uint8_t k[PSA_HASH_MAX_SIZE]; - uint8_t user[256]; - size_t user_len; + uint8_t user[PSA_HASH_MAX_SIZE]; uint8_t salt[64]; - size_t salt_len; + uint8_t salt_len; + uint16_t pw_len; psa_pake_role_t role; } oberon_srp_operation_t; psa_status_t oberon_srp_setup( oberon_srp_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, + const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t oberon_srp_set_role( + oberon_srp_operation_t *operation, psa_pake_role_t role); +psa_status_t oberon_srp_set_user( + oberon_srp_operation_t *operation, + const uint8_t *user_id, size_t user_id_len); + psa_status_t oberon_srp_output( oberon_srp_operation_t *operation, psa_pake_step_t step, @@ -58,7 +64,7 @@ psa_status_t oberon_srp_input( psa_pake_step_t step, const uint8_t *input, size_t input_length); -psa_status_t oberon_srp_get_implicit_key( +psa_status_t oberon_srp_get_shared_key( oberon_srp_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length); @@ -66,6 +72,18 @@ psa_status_t oberon_srp_abort( oberon_srp_operation_t *operation); +psa_status_t oberon_import_srp_key( + const psa_key_attributes_t *attributes, + const uint8_t *data, size_t data_length, + uint8_t *key, size_t key_size, size_t *key_length, + size_t *bits); + +psa_status_t oberon_export_srp_public_key( + const psa_key_attributes_t *attributes, + const uint8_t *key, size_t key_length, + uint8_t *data, size_t data_size, size_t *data_length); + + #ifdef __cplusplus } #endif From cd21b10e57098d43569426c25e92a012d452d321 Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Wed, 21 Feb 2024 17:26:09 +0100 Subject: [PATCH 2/6] nrf_security: Adapt to Oberon PSA core v1.2.1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adapt nrf security to the new Oberon PSA core v1.2.1.1. Signed-off-by: Georgios Vasilakis Signed-off-by: Markus Swarowsky Signed-off-by: Frank Audun Kvamtrø --- .../nrf_security/doc/driver_config.rst | 24 +- .../cmake/psa_crypto_config.cmake | 227 +++++++------ .../cmake/psa_crypto_want_config.cmake | 277 ++++++++-------- .../configs/psa_crypto_config.h.template | 304 ++++++++++-------- .../configs/psa_crypto_want_config.h.template | 278 ++++++++-------- subsys/nrf_security/src/drivers/Kconfig | 7 - .../src/drivers/Kconfig.psa_accel | 72 ++++- .../src/drivers/nrf_oberon/Kconfig | 234 +++++++++++++- .../src/psa_crypto_driver_wrappers.c | 144 +++++++-- 9 files changed, 1005 insertions(+), 562 deletions(-) diff --git a/doc/nrf/libraries/nrf_security/doc/driver_config.rst b/doc/nrf/libraries/nrf_security/doc/driver_config.rst index 9263e1ad0259..c5ec673bdce4 100644 --- a/doc/nrf/libraries/nrf_security/doc/driver_config.rst +++ b/doc/nrf/libraries/nrf_security/doc/driver_config.rst @@ -727,15 +727,21 @@ Password-authenticated key exchange configurations To enable password-authenticated key exchange (PAKE) support, set one or more of the Kconfig options in the following table: -+-----------------------+-----------------------------------------------+ -| PAKE algorithm | Configuration option | -+=======================+===============================================+ -| EC J-PAKE | :kconfig:option:`CONFIG_PSA_WANT_ALG_JPAKE` | -+-----------------------+-----------------------------------------------+ -| SPAKE2+ | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P` | -+-----------------------+-----------------------------------------------+ -| SRP-6 | :kconfig:option:`CONFIG_PSA_WANT_ALG_SRP_6` | -+-----------------------+-----------------------------------------------+ ++------------------------+------------------------------------------------------+ +| PAKE algorithm | Configuration option | ++========================+======================================================+ +| EC J-PAKE | :kconfig:option:`CONFIG_PSA_WANT_ALG_JPAKE` | ++------------------------+------------------------------------------------------+ +| SPAKE2+ with HMAC | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P_HMAC` | ++------------------------+------------------------------------------------------+ +| SPAKE2+ with CMAC | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P_CMAC` | ++------------------------+------------------------------------------------------+ +| SPAKE2+ for Matter | :kconfig:option:`CONFIG_PSA_WANT_ALG_SPAKE2P_MATTER` | ++------------------------+------------------------------------------------------+ +| SRP-6 | :kconfig:option:`CONFIG_PSA_WANT_ALG_SRP_6` | ++------------------------+------------------------------------------------------+ +| SRP-6 password hashing | :kconfig:option:`CONFIG_PSA_WANT_ALG_SRP_6` | ++------------------------+------------------------------------------------------+ .. note:: * The provided support is experimental. diff --git a/subsys/nrf_security/cmake/psa_crypto_config.cmake b/subsys/nrf_security/cmake/psa_crypto_config.cmake index b7526e5cd8aa..5a2dc9652b9c 100644 --- a/subsys/nrf_security/cmake/psa_crypto_config.cmake +++ b/subsys/nrf_security/cmake/psa_crypto_config.cmake @@ -24,121 +24,139 @@ kconfig_check_and_set_base_to_one(PSA_NEED_CC3XX_ASYMMETRIC_SIGNATURE_DRIVER) # Convert nrf_oberon driver configurations -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_GCM_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_AEAD_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ANY_RSA_KEY_SIZE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CBC_NO_PADDING_AES) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CBC_PKCS7_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECB_NO_PADDING_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_AES) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CHACHA20_POLY1305) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CIPHER_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECB_NO_PADDING_AES) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_224) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_384) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDH) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_DETERMINISTIC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_RANDOMIZED) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_224) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_384) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_VERIFY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECJPAKE_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ED25519PH) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ED448PH) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_VERIFY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_SIGN) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_DETERMINISTIC) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECDSA_RANDOMIZED) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_512) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE256_512) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_GCM_AES) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HASH_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_JPAKE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_DERIVATION_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_MAC_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXTRACT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HKDF_EXPAND) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_KEY_DERIVATION_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ECJPAKE_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_JPAKE) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_SECP_R1_256) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6_3072) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PAKE_DRIVER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PBKDF2_HMAC) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_CRYPT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_VERIFY) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1024) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_1536) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_2048) @@ -146,19 +164,34 @@ kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_3072) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_4096) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_6144) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_KEY_SIZE_8192) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ANY_RSA_KEY_SIZE) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PSS) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_VERIFY) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_SIGN) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT) kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_OAEP) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_ANY_CRYPT) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_CTR_DRBG_DRIVER) -kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_HMAC_DRBG_DRIVER) -set(SPAKE2P_USE_VERSION_04 ${CONFIG_PSA_CRYPTO_SPAKE2P_USE_VERSION_04}) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PKCS1V15_SIGN) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_RSA_PSS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA3_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHAKE256_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_1) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_224) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_384) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SHA_512) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SPAKE2P_MATTER) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_6_3072) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_SRP_PASSWORD_HASH) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PRF) +kconfig_check_and_set_base_to_one(PSA_NEED_OBERON_TLS12_PSK_TO_MS) + # Convert NRF_RNG driver configuration kconfig_check_and_set_base_to_one(PSA_NEED_NRF_RNG_ENTROPY_DRIVER) diff --git a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake index 75e451a988f6..3938fb5165c3 100644 --- a/subsys/nrf_security/cmake/psa_crypto_want_config.cmake +++ b/subsys/nrf_security/cmake/psa_crypto_want_config.cmake @@ -7,137 +7,152 @@ # All PSA_WANT_ symbols in alphabetical order */ -kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_128) -kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_192) -kconfig_check_and_set_base_int(PSA_WANT_AES_KEY_SIZE_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_MAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_NO_PADDING) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CBC_PKCS7) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CCM) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CCM_STAR_NO_TAG) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CFB) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CHACHA20_POLY1305) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CMAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CTR) -kconfig_check_and_set_base_int(PSA_WANT_ALG_CTR_DRBG) -kconfig_check_and_set_base_int(PSA_WANT_ALG_DETERMINISTIC_ECDSA) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECB_NO_PADDING) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDSA) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ECDSA_ANY) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ED25519PH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_ED448PH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_FFDH) -kconfig_check_and_set_base_int(PSA_WANT_ALG_GCM) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF_EXPAND) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HKDF_EXTRACT) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HMAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_HMAC_DRBG) -kconfig_check_and_set_base_int(PSA_WANT_ALG_JPAKE) -kconfig_check_and_set_base_int(PSA_WANT_ALG_MD2) -kconfig_check_and_set_base_int(PSA_WANT_ALG_MD4) -kconfig_check_and_set_base_int(PSA_WANT_ALG_MD5) -kconfig_check_and_set_base_int(PSA_WANT_ALG_OFB) -kconfig_check_and_set_base_int(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) -kconfig_check_and_set_base_int(PSA_WANT_ALG_PBKDF2_HMAC) -kconfig_check_and_set_base_int(PSA_WANT_ALG_PURE_EDDSA) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RIPEMD160) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_OAEP) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PSS) -kconfig_check_and_set_base_int(PSA_WANT_ALG_RSA_PSS_ANY_SALT) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_224) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_384) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA3_512) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHAKE256_512) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_1) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_224) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_384) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512_224) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SHA_512_256) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SM3) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SPAKE2P) -kconfig_check_and_set_base_int(PSA_WANT_ALG_SRP_6) -kconfig_check_and_set_base_int(PSA_WANT_ALG_STREAM_CIPHER) -kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) -kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_PRF) -kconfig_check_and_set_base_int(PSA_WANT_ALG_TLS12_PSK_TO_MS) -kconfig_check_and_set_base_int(PSA_WANT_ALG_XTS) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_160) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_192) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_224) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_320) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -kconfig_check_and_set_base_int(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -kconfig_check_and_set_base_int(PSA_WANT_ECC_FRP_V1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_MONTGOMERY_255) -kconfig_check_and_set_base_int(PSA_WANT_ECC_MONTGOMERY_448) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_192) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_224) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_K1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_192) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_224) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_256) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_384) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R1_521) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECP_R2_160) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_163) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_233) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_239) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_283) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_409) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_K1_571) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_163) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_233) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_283) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_409) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R1_571) -kconfig_check_and_set_base_int(PSA_WANT_ECC_SECT_R2_163) -kconfig_check_and_set_base_int(PSA_WANT_ECC_TWISTED_EDWARDS_255) -kconfig_check_and_set_base_int(PSA_WANT_ECC_TWISTED_EDWARDS_448) -kconfig_check_and_set_base_int(PSA_WANT_GENERATE_RANDOM) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_AES) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ARC4) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ARIA) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_CAMELLIA) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_CHACHA20) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DERIVE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DES) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_HMAC) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PASSWORD) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PASSWORD_HASH) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_PEPPER) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RAW_DATA) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -kconfig_check_and_set_base_int(PSA_WANT_KEY_TYPE_SM4) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_1024) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_1536) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_2048) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_3072) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_4096) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_6144) -kconfig_check_and_set_base_int(PSA_WANT_RSA_KEY_SIZE_8192) +kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_128) +kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_192) +kconfig_check_and_set_base_to_one(PSA_WANT_AES_KEY_SIZE_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_MAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_NO_PADDING) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CBC_PKCS7) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CCM) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CCM_STAR_NO_TAG) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CFB) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CHACHA20_POLY1305) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CTR) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_CTR_DRBG) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECB_NO_PADDING) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDSA) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ECDSA_ANY) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ED25519PH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_ED448PH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_FFDH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_GCM) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF_EXPAND) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HKDF_EXTRACT) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_HMAC_DRBG) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_JPAKE) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD2) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD4) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_MD5) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_OFB) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PBKDF2_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_PURE_EDDSA) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RIPEMD160) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_OAEP) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PSS) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_RSA_PSS_ANY_SALT) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA3_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHAKE256_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_1) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SHA_512_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SM3) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P_CMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SPAKE2P_MATTER) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SRP_6) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_SRP_PASSWORD_HASH) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_STREAM_CIPHER) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_PRF) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_TLS12_PSK_TO_MS) +kconfig_check_and_set_base_to_one(PSA_WANT_ALG_XTS) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_160) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_192) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_320) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_FRP_V1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_MONTGOMERY_255) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_MONTGOMERY_448) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_192) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_K1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_192) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_224) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_256) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_384) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R1_521) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECP_R2_160) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_163) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_233) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_239) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_283) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_409) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_K1_571) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_163) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_233) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_283) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_409) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R1_571) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_SECT_R2_163) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_TWISTED_EDWARDS_255) +kconfig_check_and_set_base_to_one(PSA_WANT_ECC_TWISTED_EDWARDS_448) +kconfig_check_and_set_base_to_one(PSA_WANT_GENERATE_RANDOM) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_AES) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ARC4) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ARIA) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_CAMELLIA) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_CHACHA20) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DES) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DH_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_HMAC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PASSWORD) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PASSWORD_HASH) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_PEPPER) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RAW_DATA) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SM4) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT) +kconfig_check_and_set_base_to_one(PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_1024) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_1536) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_2048) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_3072) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_4096) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_6144) +kconfig_check_and_set_base_to_one(PSA_WANT_RSA_KEY_SIZE_8192) kconfig_check_and_set_base_int(PSA_MAX_RSA_KEY_BITS) diff --git a/subsys/nrf_security/configs/psa_crypto_config.h.template b/subsys/nrf_security/configs/psa_crypto_config.h.template index 40d64ab84f9f..079eaffc993d 100644 --- a/subsys/nrf_security/configs/psa_crypto_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_config.h.template @@ -34,143 +34,173 @@ /* * nrf_oberon driver configurations */ -#cmakedefine PSA_NEED_OBERON_CCM_AES @PSA_NEED_OBERON_CCM_AES@ -#cmakedefine PSA_NEED_OBERON_GCM_AES @PSA_NEED_OBERON_GCM_AES@ -#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@ -#cmakedefine PSA_NEED_OBERON_AEAD_DRIVER @PSA_NEED_OBERON_AEAD_DRIVER@ -#cmakedefine PSA_NEED_OBERON_CTR_AES @PSA_NEED_OBERON_CTR_AES@ -#cmakedefine PSA_NEED_OBERON_CBC_NO_PADDING_AES @PSA_NEED_OBERON_CBC_NO_PADDING_AES@ -#cmakedefine PSA_NEED_OBERON_CBC_PKCS7_AES @PSA_NEED_OBERON_CBC_PKCS7_AES@ -#cmakedefine PSA_NEED_OBERON_ECB_NO_PADDING_AES @PSA_NEED_OBERON_ECB_NO_PADDING_AES@ -#cmakedefine PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES @PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES@ -#cmakedefine PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20 @PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20@ -#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_224 @PSA_NEED_OBERON_ECDH_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_256 @PSA_NEED_OBERON_ECDH_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_384 @PSA_NEED_OBERON_ECDH_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_521 @PSA_NEED_OBERON_ECDH_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_255 @PSA_NEED_OBERON_ECDH_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_448 @PSA_NEED_OBERON_ECDH_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_ECDH @PSA_NEED_OBERON_ECDH@ -#cmakedefine PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER @PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_224 @PSA_NEED_OBERON_ECDSA_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_256 @PSA_NEED_OBERON_ECDSA_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_384 @PSA_NEED_OBERON_ECDSA_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_521 @PSA_NEED_OBERON_ECDSA_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_ED25519PH @PSA_NEED_OBERON_ED25519PH@ -#cmakedefine PSA_NEED_OBERON_ED448PH @PSA_NEED_OBERON_ED448PH@ -#cmakedefine PSA_NEED_OBERON_ECDSA_VERIFY @PSA_NEED_OBERON_ECDSA_VERIFY@ -#cmakedefine PSA_NEED_OBERON_ECDSA_SIGN @PSA_NEED_OBERON_ECDSA_SIGN@ -#cmakedefine PSA_NEED_OBERON_ECDSA_DETERMINISTIC @PSA_NEED_OBERON_ECDSA_DETERMINISTIC@ -#cmakedefine PSA_NEED_OBERON_ECDSA_RANDOMIZED @PSA_NEED_OBERON_ECDSA_RANDOMIZED@ -#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@ -#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@ -#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@ -#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@ -#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@ -#cmakedefine PSA_NEED_OBERON_SHA3_224 @PSA_NEED_OBERON_SHA3_224@ -#cmakedefine PSA_NEED_OBERON_SHA3_256 @PSA_NEED_OBERON_SHA3_256@ -#cmakedefine PSA_NEED_OBERON_SHA3_384 @PSA_NEED_OBERON_SHA3_384@ -#cmakedefine PSA_NEED_OBERON_SHA3_512 @PSA_NEED_OBERON_SHA3_512@ -#cmakedefine PSA_NEED_OBERON_SHA3 @PSA_NEED_OBERON_SHA3@ -#cmakedefine PSA_NEED_OBERON_SHAKE256_512 @PSA_NEED_OBERON_SHAKE256_512@ -#cmakedefine PSA_NEED_OBERON_SHAKE @PSA_NEED_OBERON_SHAKE@ -#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ -#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER @PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER@ -#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@ -#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@ -#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@ -#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@ -#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@ -#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@ -#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@ -#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@ -#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@ -#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@ -#cmakedefine PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS@ -#cmakedefine PSA_NEED_OBERON_KEY_DERIVATION_DRIVER @PSA_NEED_OBERON_KEY_DERIVATION_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 @PSA_NEED_OBERON_ECJPAKE_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_JPAKE @PSA_NEED_OBERON_JPAKE@ -#cmakedefine PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_SECP_R1_256@ -#cmakedefine PSA_NEED_OBERON_SPAKE2P @PSA_NEED_OBERON_SPAKE2P@ -#cmakedefine PSA_NEED_OBERON_SRP_6_3072 @PSA_NEED_OBERON_SRP_6_3072@ -#cmakedefine PSA_NEED_OBERON_SRP_6 @PSA_NEED_OBERON_SRP_6@ -#cmakedefine PSA_NEED_OBERON_PAKE_DRIVER @PSA_NEED_OBERON_PAKE_DRIVER@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1024 @PSA_NEED_OBERON_RSA_KEY_SIZE_1024@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1536 @PSA_NEED_OBERON_RSA_KEY_SIZE_1536@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_2048 @PSA_NEED_OBERON_RSA_KEY_SIZE_2048@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_3072 @PSA_NEED_OBERON_RSA_KEY_SIZE_3072@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_4096 @PSA_NEED_OBERON_RSA_KEY_SIZE_4096@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_6144 @PSA_NEED_OBERON_RSA_KEY_SIZE_6144@ -#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_8192 @PSA_NEED_OBERON_RSA_KEY_SIZE_8192@ -#cmakedefine PSA_NEED_OBERON_ANY_RSA_KEY_SIZE @PSA_NEED_OBERON_ANY_RSA_KEY_SIZE@ -#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@ -#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_SIGN @PSA_NEED_OBERON_RSA_PKCS1V15_SIGN@ -#cmakedefine PSA_NEED_OBERON_RSA_ANY_VERIFY @PSA_NEED_OBERON_RSA_ANY_VERIFY@ -#cmakedefine PSA_NEED_OBERON_RSA_ANY_SIGN @PSA_NEED_OBERON_RSA_ANY_SIGN@ -#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@ -#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@ -#cmakedefine PSA_NEED_OBERON_RSA_ANY_CRYPT @PSA_NEED_OBERON_RSA_ANY_CRYPT@ -#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER@ -#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER@ -#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@ -#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@ - -/* Use Matter compatible version of Spake2+ in Oberon code. */ -#cmakedefine SPAKE2P_USE_VERSION_04 @SPAKE2_USE_VERSION_04@ +#cmakedefine PSA_NEED_OBERON_AEAD_DRIVER @PSA_NEED_OBERON_AEAD_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ANY_RSA_KEY_SIZE @PSA_NEED_OBERON_ANY_RSA_KEY_SIZE@ +#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_ENCRYPTION_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER @PSA_NEED_OBERON_ASYMMETRIC_SIGNATURE_DRIVER@ +#cmakedefine PSA_NEED_OBERON_CBC_NO_PADDING_AES @PSA_NEED_OBERON_CBC_NO_PADDING_AES@ +#cmakedefine PSA_NEED_OBERON_CBC_PKCS7_AES @PSA_NEED_OBERON_CBC_PKCS7_AES@ +#cmakedefine PSA_NEED_OBERON_CCM_AES @PSA_NEED_OBERON_CCM_AES@ +#cmakedefine PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES @PSA_NEED_OBERON_CCM_STAR_NO_TAG_AES@ +#cmakedefine PSA_NEED_OBERON_CHACHA20_POLY1305 @PSA_NEED_OBERON_CHACHA20_POLY1305@ +#cmakedefine PSA_NEED_OBERON_CIPHER_DRIVER @PSA_NEED_OBERON_CIPHER_DRIVER@ +#cmakedefine PSA_NEED_OBERON_CMAC @PSA_NEED_OBERON_CMAC@ +#cmakedefine PSA_NEED_OBERON_CTR_AES @PSA_NEED_OBERON_CTR_AES@ +#cmakedefine PSA_NEED_OBERON_CTR_DRBG_DRIVER @PSA_NEED_OBERON_CTR_DRBG_DRIVER@ +#cmakedefine PSA_NEED_OBERON_ECB_NO_PADDING_AES @PSA_NEED_OBERON_ECB_NO_PADDING_AES@ +#cmakedefine PSA_NEED_OBERON_ECDH @PSA_NEED_OBERON_ECDH@ +#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_255 @PSA_NEED_OBERON_ECDH_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_ECDH_MONTGOMERY_448 @PSA_NEED_OBERON_ECDH_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_224 @PSA_NEED_OBERON_ECDH_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_256 @PSA_NEED_OBERON_ECDH_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_384 @PSA_NEED_OBERON_ECDH_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_ECDH_SECP_R1_521 @PSA_NEED_OBERON_ECDH_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_ECDSA_DETERMINISTIC @PSA_NEED_OBERON_ECDSA_DETERMINISTIC@ +#cmakedefine PSA_NEED_OBERON_ECDSA_RANDOMIZED @PSA_NEED_OBERON_ECDSA_RANDOMIZED@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_224 @PSA_NEED_OBERON_ECDSA_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_256 @PSA_NEED_OBERON_ECDSA_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_384 @PSA_NEED_OBERON_ECDSA_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SECP_R1_521 @PSA_NEED_OBERON_ECDSA_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_ECDSA_SIGN @PSA_NEED_OBERON_ECDSA_SIGN@ +#cmakedefine PSA_NEED_OBERON_ECDSA_VERIFY @PSA_NEED_OBERON_ECDSA_VERIFY@ +#cmakedefine PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 @PSA_NEED_OBERON_ECJPAKE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_ED25519PH @PSA_NEED_OBERON_ED25519PH@ +#cmakedefine PSA_NEED_OBERON_ED448PH @PSA_NEED_OBERON_ED448PH@ +#cmakedefine PSA_NEED_OBERON_GCM_AES @PSA_NEED_OBERON_GCM_AES@ +#cmakedefine PSA_NEED_OBERON_HASH_DRIVER @PSA_NEED_OBERON_HASH_DRIVER@ +#cmakedefine PSA_NEED_OBERON_HKDF @PSA_NEED_OBERON_HKDF@ +#cmakedefine PSA_NEED_OBERON_HKDF_EXPAND @PSA_NEED_OBERON_HKDF_EXPAND@ +#cmakedefine PSA_NEED_OBERON_HKDF_EXTRACT @PSA_NEED_OBERON_HKDF_EXTRACT@ +#cmakedefine PSA_NEED_OBERON_HMAC @PSA_NEED_OBERON_HMAC@ +#cmakedefine PSA_NEED_OBERON_HMAC_DRBG_DRIVER @PSA_NEED_OBERON_HMAC_DRBG_DRIVER@ +#cmakedefine PSA_NEED_OBERON_JPAKE @PSA_NEED_OBERON_JPAKE@ +#cmakedefine PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER @PSA_NEED_OBERON_KEY_AGREEMENT_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_DERIVATION_DRIVER @PSA_NEED_OBERON_KEY_DERIVATION_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER @PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_224@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 @PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 @PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY @PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY@ +#cmakedefine PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 @PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072@ +#cmakedefine PSA_NEED_OBERON_MAC_DRIVER @PSA_NEED_OBERON_MAC_DRIVER@ +#cmakedefine PSA_NEED_OBERON_PAKE_DRIVER @PSA_NEED_OBERON_PAKE_DRIVER@ +#cmakedefine PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 @PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128@ +#cmakedefine PSA_NEED_OBERON_PBKDF2_HMAC @PSA_NEED_OBERON_PBKDF2_HMAC@ +#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_255@ +#cmakedefine PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448 @PSA_NEED_OBERON_PURE_EDDSA_TWISTED_EDWARDS_448@ +#cmakedefine PSA_NEED_OBERON_RSA_ANY_CRYPT @PSA_NEED_OBERON_RSA_ANY_CRYPT@ +#cmakedefine PSA_NEED_OBERON_RSA_ANY_SIGN @PSA_NEED_OBERON_RSA_ANY_SIGN@ +#cmakedefine PSA_NEED_OBERON_RSA_ANY_VERIFY @PSA_NEED_OBERON_RSA_ANY_VERIFY@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1024 @PSA_NEED_OBERON_RSA_KEY_SIZE_1024@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_1536 @PSA_NEED_OBERON_RSA_KEY_SIZE_1536@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_2048 @PSA_NEED_OBERON_RSA_KEY_SIZE_2048@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_3072 @PSA_NEED_OBERON_RSA_KEY_SIZE_3072@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_4096 @PSA_NEED_OBERON_RSA_KEY_SIZE_4096@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_6144 @PSA_NEED_OBERON_RSA_KEY_SIZE_6144@ +#cmakedefine PSA_NEED_OBERON_RSA_KEY_SIZE_8192 @PSA_NEED_OBERON_RSA_KEY_SIZE_8192@ +#cmakedefine PSA_NEED_OBERON_RSA_OAEP @PSA_NEED_OBERON_RSA_OAEP@ +#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT @PSA_NEED_OBERON_RSA_PKCS1V15_CRYPT@ +#cmakedefine PSA_NEED_OBERON_RSA_PKCS1V15_SIGN @PSA_NEED_OBERON_RSA_PKCS1V15_SIGN@ +#cmakedefine PSA_NEED_OBERON_RSA_PSS @PSA_NEED_OBERON_RSA_PSS@ +#cmakedefine PSA_NEED_OBERON_SHA3 @PSA_NEED_OBERON_SHA3@ +#cmakedefine PSA_NEED_OBERON_SHA3_224 @PSA_NEED_OBERON_SHA3_224@ +#cmakedefine PSA_NEED_OBERON_SHA3_256 @PSA_NEED_OBERON_SHA3_256@ +#cmakedefine PSA_NEED_OBERON_SHA3_384 @PSA_NEED_OBERON_SHA3_384@ +#cmakedefine PSA_NEED_OBERON_SHA3_512 @PSA_NEED_OBERON_SHA3_512@ +#cmakedefine PSA_NEED_OBERON_SHAKE @PSA_NEED_OBERON_SHAKE@ +#cmakedefine PSA_NEED_OBERON_SHAKE256_512 @PSA_NEED_OBERON_SHAKE256_512@ +#cmakedefine PSA_NEED_OBERON_SHA_1 @PSA_NEED_OBERON_SHA_1@ +#cmakedefine PSA_NEED_OBERON_SHA_224 @PSA_NEED_OBERON_SHA_224@ +#cmakedefine PSA_NEED_OBERON_SHA_256 @PSA_NEED_OBERON_SHA_256@ +#cmakedefine PSA_NEED_OBERON_SHA_384 @PSA_NEED_OBERON_SHA_384@ +#cmakedefine PSA_NEED_OBERON_SHA_512 @PSA_NEED_OBERON_SHA_512@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P @PSA_NEED_OBERON_SPAKE2P@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 @PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256@ +#cmakedefine PSA_NEED_OBERON_SPAKE2P_MATTER @PSA_NEED_OBERON_SPAKE2P_MATTER@ +#cmakedefine PSA_NEED_OBERON_SRP_6 @PSA_NEED_OBERON_SRP_6@ +#cmakedefine PSA_NEED_OBERON_SRP_6_3072 @PSA_NEED_OBERON_SRP_6_3072@ +#cmakedefine PSA_NEED_OBERON_SRP_PASSWORD_HASH @PSA_NEED_OBERON_SRP_PASSWORD_HASH@ +#cmakedefine PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20 @PSA_NEED_OBERON_STREAM_CIPHER_CHACHA20@ +#cmakedefine PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS@ +#cmakedefine PSA_NEED_OBERON_TLS12_PRF @PSA_NEED_OBERON_TLS12_PRF@ +#cmakedefine PSA_NEED_OBERON_TLS12_PSK_TO_MS @PSA_NEED_OBERON_TLS12_PSK_TO_MS@ #cmakedefine PSA_NEED_NRF_RNG_ENTROPY_DRIVER @PSA_NEED_NRF_RNG_ENTROPY_DRIVER@ diff --git a/subsys/nrf_security/configs/psa_crypto_want_config.h.template b/subsys/nrf_security/configs/psa_crypto_want_config.h.template index 9b0dcb7eb4f4..2e924ba9af25 100644 --- a/subsys/nrf_security/configs/psa_crypto_want_config.h.template +++ b/subsys/nrf_security/configs/psa_crypto_want_config.h.template @@ -16,138 +16,152 @@ /* * All PSA_WANT_ symbols in alphabetical order */ -#cmakedefine PSA_WANT_AES_KEY_SIZE_128 @PSA_WANT_AES_KEY_SIZE_128@ -#cmakedefine PSA_WANT_AES_KEY_SIZE_192 @PSA_WANT_AES_KEY_SIZE_192@ -#cmakedefine PSA_WANT_AES_KEY_SIZE_256 @PSA_WANT_AES_KEY_SIZE_256@ -#cmakedefine PSA_WANT_ALG_CBC_MAC @PSA_WANT_ALG_CBC_MAC@ -#cmakedefine PSA_WANT_ALG_CBC_NO_PADDING @PSA_WANT_ALG_CBC_NO_PADDING@ -#cmakedefine PSA_WANT_ALG_CBC_PKCS7 @PSA_WANT_ALG_CBC_PKCS7@ -#cmakedefine PSA_WANT_ALG_CCM @PSA_WANT_ALG_CCM@ -#cmakedefine PSA_WANT_ALG_CCM_STAR_NO_TAG @PSA_WANT_ALG_CCM_STAR_NO_TAG@ -#cmakedefine PSA_WANT_ALG_CFB @PSA_WANT_ALG_CFB@ -#cmakedefine PSA_WANT_ALG_CHACHA20_POLY1305 @PSA_WANT_ALG_CHACHA20_POLY1305@ -#cmakedefine PSA_WANT_ALG_CMAC @PSA_WANT_ALG_CMAC@ -#cmakedefine PSA_WANT_ALG_CTR @PSA_WANT_ALG_CTR@ -#cmakedefine PSA_WANT_ALG_CTR_DRBG @PSA_WANT_ALG_CTR_DRBG@ -#cmakedefine PSA_WANT_ALG_DETERMINISTIC_ECDSA @PSA_WANT_ALG_DETERMINISTIC_ECDSA@ -#cmakedefine PSA_WANT_ALG_ECB_NO_PADDING @PSA_WANT_ALG_ECB_NO_PADDING@ -#cmakedefine PSA_WANT_ALG_ECDH @PSA_WANT_ALG_ECDH@ -#cmakedefine PSA_WANT_ALG_ECDSA @PSA_WANT_ALG_ECDSA@ -#cmakedefine PSA_WANT_ALG_ECDSA_ANY @PSA_WANT_ALG_ECDSA_ANY@ -#cmakedefine PSA_WANT_ALG_ED25519PH @PSA_WANT_ALG_ED25519PH@ -#cmakedefine PSA_WANT_ALG_ED448PH @PSA_WANT_ALG_ED448PH@ -#cmakedefine PSA_WANT_ALG_FFDH @PSA_WANT_ALG_FFDH@ -#cmakedefine PSA_WANT_ALG_GCM @PSA_WANT_ALG_GCM@ -#cmakedefine PSA_WANT_ALG_HKDF @PSA_WANT_ALG_HKDF@ -#cmakedefine PSA_WANT_ALG_HKDF_EXPAND @PSA_WANT_ALG_HKDF_EXPAND@ -#cmakedefine PSA_WANT_ALG_HKDF_EXTRACT @PSA_WANT_ALG_HKDF_EXTRACT@ -#cmakedefine PSA_WANT_ALG_HMAC @PSA_WANT_ALG_HMAC@ -#cmakedefine PSA_WANT_ALG_HMAC_DRBG @PSA_WANT_ALG_HMAC_DRBG@ -#cmakedefine PSA_WANT_ALG_JPAKE @PSA_WANT_ALG_JPAKE@ -#cmakedefine PSA_WANT_ALG_MD2 @PSA_WANT_ALG_MD2@ -#cmakedefine PSA_WANT_ALG_MD4 @PSA_WANT_ALG_MD4@ -#cmakedefine PSA_WANT_ALG_MD5 @PSA_WANT_ALG_MD5@ -#cmakedefine PSA_WANT_ALG_OFB @PSA_WANT_ALG_OFB@ -#cmakedefine PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 @PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128@ -#cmakedefine PSA_WANT_ALG_PBKDF2_HMAC @PSA_WANT_ALG_PBKDF2_HMAC@ -#cmakedefine PSA_WANT_ALG_PURE_EDDSA @PSA_WANT_ALG_PURE_EDDSA@ -#cmakedefine PSA_WANT_ALG_RIPEMD160 @PSA_WANT_ALG_RIPEMD160@ -#cmakedefine PSA_WANT_ALG_RSA_OAEP @PSA_WANT_ALG_RSA_OAEP@ -#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_CRYPT @PSA_WANT_ALG_RSA_PKCS1V15_CRYPT@ -#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN @PSA_WANT_ALG_RSA_PKCS1V15_SIGN@ -#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW @PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW@ -#cmakedefine PSA_WANT_ALG_RSA_PSS @PSA_WANT_ALG_RSA_PSS@ -#cmakedefine PSA_WANT_ALG_RSA_PSS_ANY_SALT @PSA_WANT_ALG_RSA_PSS_ANY_SALT@ -#cmakedefine PSA_WANT_ALG_SHA3_224 @PSA_WANT_ALG_SHA3_224@ -#cmakedefine PSA_WANT_ALG_SHA3_256 @PSA_WANT_ALG_SHA3_256@ -#cmakedefine PSA_WANT_ALG_SHA3_384 @PSA_WANT_ALG_SHA3_384@ -#cmakedefine PSA_WANT_ALG_SHA3_512 @PSA_WANT_ALG_SHA3_512@ -#cmakedefine PSA_WANT_ALG_SHAKE256_512 @PSA_WANT_ALG_SHAKE256_512@ -#cmakedefine PSA_WANT_ALG_SHA_1 @PSA_WANT_ALG_SHA_1@ -#cmakedefine PSA_WANT_ALG_SHA_224 @PSA_WANT_ALG_SHA_224@ -#cmakedefine PSA_WANT_ALG_SHA_256 @PSA_WANT_ALG_SHA_256@ -#cmakedefine PSA_WANT_ALG_SHA_384 @PSA_WANT_ALG_SHA_384@ -#cmakedefine PSA_WANT_ALG_SHA_512 @PSA_WANT_ALG_SHA_512@ -#cmakedefine PSA_WANT_ALG_SHA_512_224 @PSA_WANT_ALG_SHA_512_224@ -#cmakedefine PSA_WANT_ALG_SHA_512_256 @PSA_WANT_ALG_SHA_512_256@ -#cmakedefine PSA_WANT_ALG_SM3 @PSA_WANT_ALG_SM3@ -#cmakedefine PSA_WANT_ALG_SPAKE2P @PSA_WANT_ALG_SPAKE2P@ -#cmakedefine PSA_WANT_ALG_SRP_6 @PSA_WANT_ALG_SRP_6@ -#cmakedefine PSA_WANT_ALG_STREAM_CIPHER @PSA_WANT_ALG_STREAM_CIPHER@ -#cmakedefine PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS @PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS@ -#cmakedefine PSA_WANT_ALG_TLS12_PRF @PSA_WANT_ALG_TLS12_PRF@ -#cmakedefine PSA_WANT_ALG_TLS12_PSK_TO_MS @PSA_WANT_ALG_TLS12_PSK_TO_MS@ -#cmakedefine PSA_WANT_ALG_XTS @PSA_WANT_ALG_XTS@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_160 @PSA_WANT_ECC_BRAINPOOL_P_R1_160@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_192 @PSA_WANT_ECC_BRAINPOOL_P_R1_192@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_224 @PSA_WANT_ECC_BRAINPOOL_P_R1_224@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_256 @PSA_WANT_ECC_BRAINPOOL_P_R1_256@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_320 @PSA_WANT_ECC_BRAINPOOL_P_R1_320@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_384 @PSA_WANT_ECC_BRAINPOOL_P_R1_384@ -#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_512 @PSA_WANT_ECC_BRAINPOOL_P_R1_512@ -#cmakedefine PSA_WANT_ECC_FRP_V1_256 @PSA_WANT_ECC_FRP_V1_256@ -#cmakedefine PSA_WANT_ECC_MONTGOMERY_255 @PSA_WANT_ECC_MONTGOMERY_255@ -#cmakedefine PSA_WANT_ECC_MONTGOMERY_448 @PSA_WANT_ECC_MONTGOMERY_448@ -#cmakedefine PSA_WANT_ECC_SECP_K1_192 @PSA_WANT_ECC_SECP_K1_192@ -#cmakedefine PSA_WANT_ECC_SECP_K1_224 @PSA_WANT_ECC_SECP_K1_224@ -#cmakedefine PSA_WANT_ECC_SECP_K1_256 @PSA_WANT_ECC_SECP_K1_256@ -#cmakedefine PSA_WANT_ECC_SECP_R1_192 @PSA_WANT_ECC_SECP_R1_192@ -#cmakedefine PSA_WANT_ECC_SECP_R1_224 @PSA_WANT_ECC_SECP_R1_224@ -#cmakedefine PSA_WANT_ECC_SECP_R1_256 @PSA_WANT_ECC_SECP_R1_256@ -#cmakedefine PSA_WANT_ECC_SECP_R1_384 @PSA_WANT_ECC_SECP_R1_384@ -#cmakedefine PSA_WANT_ECC_SECP_R1_521 @PSA_WANT_ECC_SECP_R1_521@ -#cmakedefine PSA_WANT_ECC_SECP_R2_160 @PSA_WANT_ECC_SECP_R2_160@ -#cmakedefine PSA_WANT_ECC_SECT_K1_163 @PSA_WANT_ECC_SECT_K1_163@ -#cmakedefine PSA_WANT_ECC_SECT_K1_233 @PSA_WANT_ECC_SECT_K1_233@ -#cmakedefine PSA_WANT_ECC_SECT_K1_239 @PSA_WANT_ECC_SECT_K1_239@ -#cmakedefine PSA_WANT_ECC_SECT_K1_283 @PSA_WANT_ECC_SECT_K1_283@ -#cmakedefine PSA_WANT_ECC_SECT_K1_409 @PSA_WANT_ECC_SECT_K1_409@ -#cmakedefine PSA_WANT_ECC_SECT_K1_571 @PSA_WANT_ECC_SECT_K1_571@ -#cmakedefine PSA_WANT_ECC_SECT_R1_163 @PSA_WANT_ECC_SECT_R1_163@ -#cmakedefine PSA_WANT_ECC_SECT_R1_233 @PSA_WANT_ECC_SECT_R1_233@ -#cmakedefine PSA_WANT_ECC_SECT_R1_283 @PSA_WANT_ECC_SECT_R1_283@ -#cmakedefine PSA_WANT_ECC_SECT_R1_409 @PSA_WANT_ECC_SECT_R1_409@ -#cmakedefine PSA_WANT_ECC_SECT_R1_571 @PSA_WANT_ECC_SECT_R1_571@ -#cmakedefine PSA_WANT_ECC_SECT_R2_163 @PSA_WANT_ECC_SECT_R2_163@ -#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_255 @PSA_WANT_ECC_TWISTED_EDWARDS_255@ -#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_448 @PSA_WANT_ECC_TWISTED_EDWARDS_448@ -#cmakedefine PSA_WANT_GENERATE_RANDOM @PSA_WANT_GENERATE_RANDOM@ -#cmakedefine PSA_WANT_KEY_TYPE_AES @PSA_WANT_KEY_TYPE_AES@ -#cmakedefine PSA_WANT_KEY_TYPE_ARC4 @PSA_WANT_KEY_TYPE_ARC4@ -#cmakedefine PSA_WANT_KEY_TYPE_ARIA @PSA_WANT_KEY_TYPE_ARIA@ -#cmakedefine PSA_WANT_KEY_TYPE_CAMELLIA @PSA_WANT_KEY_TYPE_CAMELLIA@ -#cmakedefine PSA_WANT_KEY_TYPE_CHACHA20 @PSA_WANT_KEY_TYPE_CHACHA20@ -#cmakedefine PSA_WANT_KEY_TYPE_DERIVE @PSA_WANT_KEY_TYPE_DERIVE@ -#cmakedefine PSA_WANT_KEY_TYPE_DES @PSA_WANT_KEY_TYPE_DES@ -#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR @PSA_WANT_KEY_TYPE_DH_KEY_PAIR@ -#cmakedefine PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY @PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY @PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY@ -#cmakedefine PSA_WANT_KEY_TYPE_HMAC @PSA_WANT_KEY_TYPE_HMAC@ -#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD @PSA_WANT_KEY_TYPE_PASSWORD@ -#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD_HASH @PSA_WANT_KEY_TYPE_PASSWORD_HASH@ -#cmakedefine PSA_WANT_KEY_TYPE_PEPPER @PSA_WANT_KEY_TYPE_PEPPER@ -#cmakedefine PSA_WANT_KEY_TYPE_RAW_DATA @PSA_WANT_KEY_TYPE_RAW_DATA@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ -#cmakedefine PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY@ -#cmakedefine PSA_WANT_KEY_TYPE_SM4 @PSA_WANT_KEY_TYPE_SM4@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_1024 @PSA_WANT_RSA_KEY_SIZE_1024@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_1536 @PSA_WANT_RSA_KEY_SIZE_1536@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_2048 @PSA_WANT_RSA_KEY_SIZE_2048@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_3072 @PSA_WANT_RSA_KEY_SIZE_3072@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_4096 @PSA_WANT_RSA_KEY_SIZE_4096@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_6144 @PSA_WANT_RSA_KEY_SIZE_6144@ -#cmakedefine PSA_WANT_RSA_KEY_SIZE_8192 @PSA_WANT_RSA_KEY_SIZE_8192@ -#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_AES_KEY_SIZE_128 @PSA_WANT_AES_KEY_SIZE_128@ +#cmakedefine PSA_WANT_AES_KEY_SIZE_192 @PSA_WANT_AES_KEY_SIZE_192@ +#cmakedefine PSA_WANT_AES_KEY_SIZE_256 @PSA_WANT_AES_KEY_SIZE_256@ +#cmakedefine PSA_WANT_ALG_CBC_MAC @PSA_WANT_ALG_CBC_MAC@ +#cmakedefine PSA_WANT_ALG_CBC_NO_PADDING @PSA_WANT_ALG_CBC_NO_PADDING@ +#cmakedefine PSA_WANT_ALG_CBC_PKCS7 @PSA_WANT_ALG_CBC_PKCS7@ +#cmakedefine PSA_WANT_ALG_CCM @PSA_WANT_ALG_CCM@ +#cmakedefine PSA_WANT_ALG_CCM_STAR_NO_TAG @PSA_WANT_ALG_CCM_STAR_NO_TAG@ +#cmakedefine PSA_WANT_ALG_CFB @PSA_WANT_ALG_CFB@ +#cmakedefine PSA_WANT_ALG_CHACHA20_POLY1305 @PSA_WANT_ALG_CHACHA20_POLY1305@ +#cmakedefine PSA_WANT_ALG_CMAC @PSA_WANT_ALG_CMAC@ +#cmakedefine PSA_WANT_ALG_CTR @PSA_WANT_ALG_CTR@ +#cmakedefine PSA_WANT_ALG_CTR_DRBG @PSA_WANT_ALG_CTR_DRBG@ +#cmakedefine PSA_WANT_ALG_DETERMINISTIC_ECDSA @PSA_WANT_ALG_DETERMINISTIC_ECDSA@ +#cmakedefine PSA_WANT_ALG_ECB_NO_PADDING @PSA_WANT_ALG_ECB_NO_PADDING@ +#cmakedefine PSA_WANT_ALG_ECDH @PSA_WANT_ALG_ECDH@ +#cmakedefine PSA_WANT_ALG_ECDSA @PSA_WANT_ALG_ECDSA@ +#cmakedefine PSA_WANT_ALG_ECDSA_ANY @PSA_WANT_ALG_ECDSA_ANY@ +#cmakedefine PSA_WANT_ALG_ED25519PH @PSA_WANT_ALG_ED25519PH@ +#cmakedefine PSA_WANT_ALG_ED448PH @PSA_WANT_ALG_ED448PH@ +#cmakedefine PSA_WANT_ALG_FFDH @PSA_WANT_ALG_FFDH@ +#cmakedefine PSA_WANT_ALG_GCM @PSA_WANT_ALG_GCM@ +#cmakedefine PSA_WANT_ALG_HKDF @PSA_WANT_ALG_HKDF@ +#cmakedefine PSA_WANT_ALG_HKDF_EXPAND @PSA_WANT_ALG_HKDF_EXPAND@ +#cmakedefine PSA_WANT_ALG_HKDF_EXTRACT @PSA_WANT_ALG_HKDF_EXTRACT@ +#cmakedefine PSA_WANT_ALG_HMAC @PSA_WANT_ALG_HMAC@ +#cmakedefine PSA_WANT_ALG_HMAC_DRBG @PSA_WANT_ALG_HMAC_DRBG@ +#cmakedefine PSA_WANT_ALG_JPAKE @PSA_WANT_ALG_JPAKE@ +#cmakedefine PSA_WANT_ALG_MD2 @PSA_WANT_ALG_MD2@ +#cmakedefine PSA_WANT_ALG_MD4 @PSA_WANT_ALG_MD4@ +#cmakedefine PSA_WANT_ALG_MD5 @PSA_WANT_ALG_MD5@ +#cmakedefine PSA_WANT_ALG_OFB @PSA_WANT_ALG_OFB@ +#cmakedefine PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 @PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128@ +#cmakedefine PSA_WANT_ALG_PBKDF2_HMAC @PSA_WANT_ALG_PBKDF2_HMAC@ +#cmakedefine PSA_WANT_ALG_PURE_EDDSA @PSA_WANT_ALG_PURE_EDDSA@ +#cmakedefine PSA_WANT_ALG_RIPEMD160 @PSA_WANT_ALG_RIPEMD160@ +#cmakedefine PSA_WANT_ALG_RSA_OAEP @PSA_WANT_ALG_RSA_OAEP@ +#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_CRYPT @PSA_WANT_ALG_RSA_PKCS1V15_CRYPT@ +#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN @PSA_WANT_ALG_RSA_PKCS1V15_SIGN@ +#cmakedefine PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW @PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW@ +#cmakedefine PSA_WANT_ALG_RSA_PSS @PSA_WANT_ALG_RSA_PSS@ +#cmakedefine PSA_WANT_ALG_RSA_PSS_ANY_SALT @PSA_WANT_ALG_RSA_PSS_ANY_SALT@ +#cmakedefine PSA_WANT_ALG_SHA3_224 @PSA_WANT_ALG_SHA3_224@ +#cmakedefine PSA_WANT_ALG_SHA3_256 @PSA_WANT_ALG_SHA3_256@ +#cmakedefine PSA_WANT_ALG_SHA3_384 @PSA_WANT_ALG_SHA3_384@ +#cmakedefine PSA_WANT_ALG_SHA3_512 @PSA_WANT_ALG_SHA3_512@ +#cmakedefine PSA_WANT_ALG_SHAKE256_512 @PSA_WANT_ALG_SHAKE256_512@ +#cmakedefine PSA_WANT_ALG_SHA_1 @PSA_WANT_ALG_SHA_1@ +#cmakedefine PSA_WANT_ALG_SHA_224 @PSA_WANT_ALG_SHA_224@ +#cmakedefine PSA_WANT_ALG_SHA_256 @PSA_WANT_ALG_SHA_256@ +#cmakedefine PSA_WANT_ALG_SHA_384 @PSA_WANT_ALG_SHA_384@ +#cmakedefine PSA_WANT_ALG_SHA_512 @PSA_WANT_ALG_SHA_512@ +#cmakedefine PSA_WANT_ALG_SHA_512_224 @PSA_WANT_ALG_SHA_512_224@ +#cmakedefine PSA_WANT_ALG_SHA_512_256 @PSA_WANT_ALG_SHA_512_256@ +#cmakedefine PSA_WANT_ALG_SM3 @PSA_WANT_ALG_SM3@ +#cmakedefine PSA_WANT_ALG_SPAKE2P_CMAC @PSA_WANT_ALG_SPAKE2P_CMAC@ +#cmakedefine PSA_WANT_ALG_SPAKE2P_HMAC @PSA_WANT_ALG_SPAKE2P_HMAC@ +#cmakedefine PSA_WANT_ALG_SPAKE2P_MATTER @PSA_WANT_ALG_SPAKE2P_MATTER@ +#cmakedefine PSA_WANT_ALG_SRP_6 @PSA_WANT_ALG_SRP_6@ +#cmakedefine PSA_WANT_ALG_SRP_PASSWORD_HASH @PSA_WANT_ALG_SRP_PASSWORD_HASH@ +#cmakedefine PSA_WANT_ALG_STREAM_CIPHER @PSA_WANT_ALG_STREAM_CIPHER@ +#cmakedefine PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS @PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS@ +#cmakedefine PSA_WANT_ALG_TLS12_PRF @PSA_WANT_ALG_TLS12_PRF@ +#cmakedefine PSA_WANT_ALG_TLS12_PSK_TO_MS @PSA_WANT_ALG_TLS12_PSK_TO_MS@ +#cmakedefine PSA_WANT_ALG_XTS @PSA_WANT_ALG_XTS@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_160 @PSA_WANT_ECC_BRAINPOOL_P_R1_160@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_192 @PSA_WANT_ECC_BRAINPOOL_P_R1_192@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_224 @PSA_WANT_ECC_BRAINPOOL_P_R1_224@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_256 @PSA_WANT_ECC_BRAINPOOL_P_R1_256@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_320 @PSA_WANT_ECC_BRAINPOOL_P_R1_320@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_384 @PSA_WANT_ECC_BRAINPOOL_P_R1_384@ +#cmakedefine PSA_WANT_ECC_BRAINPOOL_P_R1_512 @PSA_WANT_ECC_BRAINPOOL_P_R1_512@ +#cmakedefine PSA_WANT_ECC_FRP_V1_256 @PSA_WANT_ECC_FRP_V1_256@ +#cmakedefine PSA_WANT_ECC_MONTGOMERY_255 @PSA_WANT_ECC_MONTGOMERY_255@ +#cmakedefine PSA_WANT_ECC_MONTGOMERY_448 @PSA_WANT_ECC_MONTGOMERY_448@ +#cmakedefine PSA_WANT_ECC_SECP_K1_192 @PSA_WANT_ECC_SECP_K1_192@ +#cmakedefine PSA_WANT_ECC_SECP_K1_224 @PSA_WANT_ECC_SECP_K1_224@ +#cmakedefine PSA_WANT_ECC_SECP_K1_256 @PSA_WANT_ECC_SECP_K1_256@ +#cmakedefine PSA_WANT_ECC_SECP_R1_192 @PSA_WANT_ECC_SECP_R1_192@ +#cmakedefine PSA_WANT_ECC_SECP_R1_224 @PSA_WANT_ECC_SECP_R1_224@ +#cmakedefine PSA_WANT_ECC_SECP_R1_256 @PSA_WANT_ECC_SECP_R1_256@ +#cmakedefine PSA_WANT_ECC_SECP_R1_384 @PSA_WANT_ECC_SECP_R1_384@ +#cmakedefine PSA_WANT_ECC_SECP_R1_521 @PSA_WANT_ECC_SECP_R1_521@ +#cmakedefine PSA_WANT_ECC_SECP_R2_160 @PSA_WANT_ECC_SECP_R2_160@ +#cmakedefine PSA_WANT_ECC_SECT_K1_163 @PSA_WANT_ECC_SECT_K1_163@ +#cmakedefine PSA_WANT_ECC_SECT_K1_233 @PSA_WANT_ECC_SECT_K1_233@ +#cmakedefine PSA_WANT_ECC_SECT_K1_239 @PSA_WANT_ECC_SECT_K1_239@ +#cmakedefine PSA_WANT_ECC_SECT_K1_283 @PSA_WANT_ECC_SECT_K1_283@ +#cmakedefine PSA_WANT_ECC_SECT_K1_409 @PSA_WANT_ECC_SECT_K1_409@ +#cmakedefine PSA_WANT_ECC_SECT_K1_571 @PSA_WANT_ECC_SECT_K1_571@ +#cmakedefine PSA_WANT_ECC_SECT_R1_163 @PSA_WANT_ECC_SECT_R1_163@ +#cmakedefine PSA_WANT_ECC_SECT_R1_233 @PSA_WANT_ECC_SECT_R1_233@ +#cmakedefine PSA_WANT_ECC_SECT_R1_283 @PSA_WANT_ECC_SECT_R1_283@ +#cmakedefine PSA_WANT_ECC_SECT_R1_409 @PSA_WANT_ECC_SECT_R1_409@ +#cmakedefine PSA_WANT_ECC_SECT_R1_571 @PSA_WANT_ECC_SECT_R1_571@ +#cmakedefine PSA_WANT_ECC_SECT_R2_163 @PSA_WANT_ECC_SECT_R2_163@ +#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_255 @PSA_WANT_ECC_TWISTED_EDWARDS_255@ +#cmakedefine PSA_WANT_ECC_TWISTED_EDWARDS_448 @PSA_WANT_ECC_TWISTED_EDWARDS_448@ +#cmakedefine PSA_WANT_GENERATE_RANDOM @PSA_WANT_GENERATE_RANDOM@ +#cmakedefine PSA_WANT_KEY_TYPE_AES @PSA_WANT_KEY_TYPE_AES@ +#cmakedefine PSA_WANT_KEY_TYPE_ARC4 @PSA_WANT_KEY_TYPE_ARC4@ +#cmakedefine PSA_WANT_KEY_TYPE_ARIA @PSA_WANT_KEY_TYPE_ARIA@ +#cmakedefine PSA_WANT_KEY_TYPE_CAMELLIA @PSA_WANT_KEY_TYPE_CAMELLIA@ +#cmakedefine PSA_WANT_KEY_TYPE_CHACHA20 @PSA_WANT_KEY_TYPE_CHACHA20@ +#cmakedefine PSA_WANT_KEY_TYPE_DERIVE @PSA_WANT_KEY_TYPE_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_DES @PSA_WANT_KEY_TYPE_DES@ +#cmakedefine PSA_WANT_KEY_TYPE_DH_KEY_PAIR @PSA_WANT_KEY_TYPE_DH_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY @PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY @PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_HMAC @PSA_WANT_KEY_TYPE_HMAC@ +#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD @PSA_WANT_KEY_TYPE_PASSWORD@ +#cmakedefine PSA_WANT_KEY_TYPE_PASSWORD_HASH @PSA_WANT_KEY_TYPE_PASSWORD_HASH@ +#cmakedefine PSA_WANT_KEY_TYPE_PEPPER @PSA_WANT_KEY_TYPE_PEPPER@ +#cmakedefine PSA_WANT_KEY_TYPE_RAW_DATA @PSA_WANT_KEY_TYPE_RAW_DATA@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY @PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_SM4 @PSA_WANT_KEY_TYPE_SM4@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY @PSA_WANT_KEY_TYPE_SPAKE2P_PUBLIC_KEY@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_BASIC@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_DERIVE@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT @PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT@ +#cmakedefine PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY @PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_1024 @PSA_WANT_RSA_KEY_SIZE_1024@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_1536 @PSA_WANT_RSA_KEY_SIZE_1536@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_2048 @PSA_WANT_RSA_KEY_SIZE_2048@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_3072 @PSA_WANT_RSA_KEY_SIZE_3072@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_4096 @PSA_WANT_RSA_KEY_SIZE_4096@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_6144 @PSA_WANT_RSA_KEY_SIZE_6144@ +#cmakedefine PSA_WANT_RSA_KEY_SIZE_8192 @PSA_WANT_RSA_KEY_SIZE_8192@ /* The Adjusting is done in this file */ #define PSA_CRYPTO_ADJUST_KEYPAIR_TYPES_H diff --git a/subsys/nrf_security/src/drivers/Kconfig b/subsys/nrf_security/src/drivers/Kconfig index 84ed98cebd35..544a358f34f5 100644 --- a/subsys/nrf_security/src/drivers/Kconfig +++ b/subsys/nrf_security/src/drivers/Kconfig @@ -204,13 +204,6 @@ config PSA_MAX_RSA_KEY_BITS endmenu -# Temporary configuration of SPAKE2+ version -config PSA_CRYPTO_SPAKE2P_USE_VERSION_04 - bool - prompt "Use SPAKE2P Version 04" - depends on PSA_CRYPTO_DRIVER_OBERON - depends on PSA_WANT_ALG_SPAKE2P - rsource "Kconfig.psa_accel" rsource "nrf_cc3xx/Kconfig" diff --git a/subsys/nrf_security/src/drivers/Kconfig.psa_accel b/subsys/nrf_security/src/drivers/Kconfig.psa_accel index 1cab025141b7..d1a19d88d470 100644 --- a/subsys/nrf_security/src/drivers/Kconfig.psa_accel +++ b/subsys/nrf_security/src/drivers/Kconfig.psa_accel @@ -1,9 +1,4 @@ -# -# Copyright (c) 2023-2024 Nordic Semiconductor -# -# SPDX-License-Identifier: LicenseRef-Nordic-5-Clause -# - +# from menuconfig even when show-all mode is enabled # This invisible menu helps hiding these not user selectable options # from menuconfig even when show-all mode is enabled menu "PSA ACCEL - invisible" @@ -427,10 +422,10 @@ config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_384 config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_BRAINPOOL_P_R1_512 bool -config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 bool -config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 bool config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_K1_192 @@ -454,6 +449,9 @@ config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 bool +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + bool + config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_K1_163 bool @@ -487,6 +485,12 @@ config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_409 config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECT_R1_571 bool +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 + bool + +config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + bool + config PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT_BRAINPOOL_P_R1_160 bool @@ -892,6 +896,27 @@ config PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT config PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY bool +config PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + bool + +config PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + bool + +config PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + bool + +config PSA_ACCEL_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + bool + config PSA_ACCEL_MD5 bool @@ -1582,19 +1607,37 @@ config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_384 config PSA_ACCEL_SP800_108_COUNTER_HMA_SHA_512 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_1 +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_1 + bool + +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_224 + bool + +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_256 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_224 +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_384 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_256 +config PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_512 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_384 +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_1 bool -config PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_512 +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_224 + bool + +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_256 + bool + +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_384 + bool + +config PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_512 + bool + +config PSA_ACCEL_SPAKE2P_MATTER bool config PSA_ACCEL_SRP_6_3072_SHA_1 @@ -1612,6 +1655,9 @@ config PSA_ACCEL_SRP_6_3072_SHA_384 config PSA_ACCEL_SRP_6_3072_SHA_512 bool +config PSA_ACCEL_SRP_PASSWORD_HASH + bool + config PSA_ACCEL_STREAM_CIPHER_CHACHA20 bool diff --git a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig index 0ca282424db0..2032fae76c96 100644 --- a/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig +++ b/subsys/nrf_security/src/drivers/nrf_oberon/Kconfig @@ -377,6 +377,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 depends on PSA_WANT_ECC_SECP_R1_224 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_224 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_224 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 + # SECP_R1_256 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_256 bool @@ -402,6 +408,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 depends on PSA_WANT_ECC_SECP_R1_256 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_256 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 + # SECP_R1_384 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_384 bool @@ -427,6 +439,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 depends on PSA_WANT_ECC_SECP_R1_384 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_384 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 + # SECP_R1_521 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP_R1_521 bool @@ -452,6 +470,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 depends on PSA_WANT_ECC_SECP_R1_521 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_521 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + # MONTGOMERY_255 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_255 bool @@ -477,6 +501,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 depends on PSA_WANT_ECC_MONTGOMERY_255 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 + bool + default y + depends on PSA_WANT_ECC_MONTGOMERY_255 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 + # MONTGOMERY_448 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY_448 bool @@ -502,6 +532,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 depends on PSA_WANT_ECC_MONTGOMERY_448 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 + bool + default y + depends on PSA_WANT_ECC_MONTGOMERY_448 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 + # TWISTED_EDWARDS_255 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_255 bool @@ -527,6 +563,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 + bool + default y + depends on PSA_WANT_ECC_TWISTED_EDWARDS_255 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 + # TWISTED_EDWARDS_448 config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS_448 bool @@ -552,6 +594,53 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 depends on PSA_WANT_ECC_TWISTED_EDWARDS_448 depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + bool + default y + depends on PSA_WANT_ECC_TWISTED_EDWARDS_448 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + +#SPAKE2P +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + bool + default y + depends on PSA_WANT_ECC_SECP_R1_256 + depends on PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE && !PSA_ACCEL_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + +# SRP6 +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + bool + default y + depends on PSA_WANT_KEY_TYPE_SRP_PUBLIC_KEY && !PSA_ACCEL_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + bool + default y + depends on PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_IMPORT && !PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + bool + default y + depends on PSA_WANT_KEY_TYPE_SRP_KEY_PAIR_EXPORT && !PSA_ACCEL_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + # Key management grouping configs # SECP config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_SECP @@ -586,6 +675,14 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_384 || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_SECP_R1_521 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_224 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_256 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_384 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP_R1_521 + # MONTGOMERY config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_MONTGOMERY bool @@ -611,6 +708,12 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_255 || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_255 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY_448 + # TWISTED_EDWARDS config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY_TWISTED_EDWARDS bool @@ -636,6 +739,49 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_255 || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS_448 +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_255 || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS_448 + +# SPAKE2P +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP_R1_256 + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP_R1_256 + +# SRP6 +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT_3072 + +config PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT_3072 + # Combined ECC keys config PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY bool @@ -665,6 +811,34 @@ config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_MONTGOMERY || \ PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE_TWISTED_EDWARDS +config PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_SECP || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_MONTGOMERY || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE_TWISTED_EDWARDS + +# SPAKE2P +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY_SECP + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT_SECP + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT_SECP + +config PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE + bool + default y + depends on PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE_SECP + # RSA key types config PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY bool @@ -706,12 +880,20 @@ config PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT config PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER bool default y - depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY || \ - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT || \ - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT || \ - PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE || \ - PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY || \ - PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT || \ + depends on PSA_NEED_OBERON_KEY_TYPE_ECC_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_IMPORT || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_EXPORT || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_GENERATE || \ + PSA_NEED_OBERON_KEY_TYPE_ECC_KEY_PAIR_DERIVE || \ + PSA_NEED_OBERON_KEY_TYPE_RSA_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_IMPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_EXPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_KEY_PAIR_DERIVE || \ + PSA_NEED_OBERON_KEY_TYPE_SRP_6_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_IMPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SRP_6_KEY_PAIR_EXPORT || \ + PSA_NEED_OBERON_KEY_TYPE_SPAKE2P_PUBLIC_KEY || \ + PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_IMPORT || \ PSA_NEED_OBERON_KEY_TYPE_RSA_KEY_PAIR_EXPORT # Oberon MAC Driver @@ -806,6 +988,11 @@ config PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS default y depends on PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS && !PSA_ACCEL_TLS12_ECJPAKE_TO_PMS +config PSA_NEED_OBERON_SRP_PASSWORD_HASH + bool + default y + depends on PSA_WANT_ALG_SRP_PASSWORD_HASH && !PSA_ACCEL_SRP_PASSWORD_HASH + config PSA_NEED_OBERON_KEY_DERIVATION_DRIVER bool default y @@ -816,6 +1003,7 @@ config PSA_NEED_OBERON_KEY_DERIVATION_DRIVER PSA_NEED_OBERON_TLS12_PSK_TO_MS || \ PSA_NEED_OBERON_PBKDF2_HMAC || \ PSA_NEED_OBERON_PBKDF2_AES_CMAC_PRF_128 || \ + PSA_NEED_OBERON_SRP_PASSWORD_HASH || \ PSA_NEED_OBERON_TLS12_ECJPAKE_TO_PMS @@ -836,20 +1024,38 @@ config PSA_NEED_OBERON_JPAKE default y depends on PSA_NEED_OBERON_ECJPAKE_SECP_R1_256 -config PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 +config PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 + bool + default y + depends on PSA_WANT_ALG_SPAKE2P_HMAC + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_HMAC_SECP_R1_256_SHA_512) + +config PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 + bool + default y + depends on PSA_WANT_ALG_SPAKE2P_CMAC + depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_1) || \ + (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_224) || \ + (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_256) || \ + (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_384) || \ + (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_CMAC_SECP_R1_256_SHA_512) + +config PSA_NEED_OBERON_SPAKE2P_MATTER bool default y - depends on PSA_WANT_ALG_SPAKE2P - depends on (PSA_WANT_ALG_SHA_1 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_1) || \ - (PSA_WANT_ALG_SHA_224 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_224) || \ - (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_256) || \ - (PSA_WANT_ALG_SHA_384 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_384) || \ - (PSA_WANT_ALG_SHA_512 && !PSA_ACCEL_SPAKE2P_SECP_R1_256_SHA_512) + depends on PSA_WANT_ALG_SPAKE2P_MATTER + depends on (PSA_WANT_ALG_SHA_256 && !PSA_ACCEL_SPAKE2P_MATTER) config PSA_NEED_OBERON_SPAKE2P bool default y - depends on PSA_NEED_OBERON_SPAKE2P_SECP_R1_256 + depends on PSA_NEED_OBERON_SPAKE2P_HMAC_SECP_R1_256 || \ + PSA_NEED_OBERON_SPAKE2P_CMAC_SECP_R1_256 || \ + PSA_NEED_OBERON_SPAKE2P_MATTER config PSA_NEED_OBERON_SRP_6_3072 bool diff --git a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c index cf618c16307b..2d5debedc012 100644 --- a/subsys/nrf_security/src/psa_crypto_driver_wrappers.c +++ b/subsys/nrf_security/src/psa_crypto_driver_wrappers.c @@ -624,6 +624,33 @@ psa_status_t psa_driver_wrapper_copy_key(psa_key_attributes_t *attributes, return status; } +psa_status_t psa_driver_wrapper_derive_key(const psa_key_attributes_t *attributes, + const uint8_t *input, size_t input_length, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length) +{ + switch (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime)) { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Add cases for transparent drivers here */ +#ifdef PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER + return oberon_derive_key(attributes, input, input_length, key_buffer, + key_buffer_size, key_buffer_length); +#endif /* PSA_NEED_OBERON_KEY_MANAGEMENT_DRIVER */ + break; + + /* Add cases for opaque drivers here */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)input; + (void)input_length; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; + } + return PSA_ERROR_INVALID_ARGUMENT; +} + /* * Cipher functions */ @@ -1920,29 +1947,100 @@ psa_status_t psa_driver_wrapper_key_agreement(const psa_key_attributes_t *attrib * These APIs are not standardized and should be considered experimental. */ psa_status_t psa_driver_wrapper_pake_setup(psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite, const psa_key_attributes_t *attributes, const uint8_t *password, size_t password_length, - const uint8_t *user_id, size_t user_id_length, - const uint8_t *peer_id, size_t peer_id_length, - psa_pake_role_t role) + const psa_pake_cipher_suite_t *cipher_suite) { psa_status_t status; + switch (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime)) { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Add cases for transparent drivers here */ #ifdef PSA_NEED_OBERON_PAKE_DRIVER - status = oberon_pake_setup(&operation->ctx.oberon_pake_ctx, cipher_suite, attributes, - password, password_length, user_id, user_id_length, peer_id, - peer_id_length, role); - if (status == PSA_SUCCESS) { - operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; + status = oberon_pake_setup(&operation->ctx.oberon_pake_ctx, attributes, password, + password_length, cipher_suite); + if (status == PSA_SUCCESS) { + operation->id = PSA_CRYPTO_OBERON_DRIVER_ID; + } + return status; +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + return PSA_ERROR_NOT_SUPPORTED; + + /* Add cases for opaque driver here */ + + default: + (void)status; + (void)operation; + (void)password; + (void)password_length; + (void)cipher_suite; + return PSA_ERROR_INVALID_ARGUMENT; } - return status; +} + +psa_status_t psa_driver_wrapper_pake_set_role(psa_pake_operation_t *operation, psa_pake_role_t role) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_role(&operation->ctx.oberon_pake_ctx, role); #endif /* PSA_NEED_OBERON_PAKE_DRIVER */ - (void)status; - (void)operation; - (void)cipher_suite; - return PSA_ERROR_NOT_SUPPORTED; + default: + (void)role; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t psa_driver_wrapper_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, size_t user_id_length) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_user(&operation->ctx.oberon_pake_ctx, user_id, + user_id_length); +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + + default: + (void)user_id; + (void)user_id_length; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t psa_driver_wrapper_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, size_t peer_id_length) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_peer(&operation->ctx.oberon_pake_ctx, peer_id, + peer_id_length); +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + + default: + (void)peer_id; + (void)peer_id_length; + return PSA_ERROR_BAD_STATE; + } +} + +psa_status_t psa_driver_wrapper_pake_set_context(psa_pake_operation_t *operation, + const uint8_t *context, size_t context_length) +{ + switch (operation->id) { +#ifdef PSA_NEED_OBERON_PAKE_DRIVER + case PSA_CRYPTO_OBERON_DRIVER_ID: + return oberon_pake_set_context(&operation->ctx.oberon_pake_ctx, context, + context_length); +#endif /* PSA_NEED_OBERON_PAKE_DRIVER */ + + default: + (void)context; + (void)context_length; + return PSA_ERROR_BAD_STATE; + } } psa_status_t psa_driver_wrapper_pake_output(psa_pake_operation_t *operation, psa_pake_step_t step, @@ -1983,21 +2081,23 @@ psa_status_t psa_driver_wrapper_pake_input(psa_pake_operation_t *operation, psa_ } } -psa_status_t psa_driver_wrapper_pake_get_implicit_key(psa_pake_operation_t *operation, - uint8_t *output, size_t output_size, - size_t *output_length) +psa_status_t psa_driver_wrapper_pake_get_shared_key(psa_pake_operation_t *operation, + const psa_key_attributes_t *attributes, + uint8_t *key_buffer, size_t key_buffer_size, + size_t *key_buffer_length) { switch (operation->id) { #ifdef PSA_NEED_OBERON_PAKE_DRIVER case PSA_CRYPTO_OBERON_DRIVER_ID: - return oberon_pake_get_implicit_key(&operation->ctx.oberon_pake_ctx, output, - output_size, output_length); + return oberon_pake_get_shared_key(&operation->ctx.oberon_pake_ctx, attributes, + key_buffer, key_buffer_size, key_buffer_length); #endif /* PSA_NEED_OBERON_PAKE_DRIVER */ default: - (void)output; - (void)output_size; - (void)output_length; + (void)attributes; + (void)key_buffer; + (void)key_buffer_size; + (void)key_buffer_length; return PSA_ERROR_BAD_STATE; } } From 542b72320aa061417bc356d0962e8077d373301b Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Thu, 22 Feb 2024 13:03:21 +0100 Subject: [PATCH 3/6] manifest: Bring Zephyr changes for Oberon PSA core Bring required Zephyr changes for the new Oberon PSA core v1.2.1.1 Signed-off-by: Georgios Vasilakis Signed-off-by: Markus Swarowsky --- west.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/west.yml b/west.yml index e734ab5d71bc..efc768938848 100644 --- a/west.yml +++ b/west.yml @@ -61,7 +61,7 @@ manifest: # https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html - name: zephyr repo-path: sdk-zephyr - revision: ab0d6af736b634de495b9e599f46ccfa272b85bb + revision: 0a1854bb2c1eba17490d1c82ba1f749a5745fc1e import: # In addition to the zephyr repository itself, NCS also # imports the contents of zephyr/west.yml at the above From 83f429f3a9284fb447052c336ebfb77971354449 Mon Sep 17 00:00:00 2001 From: Markus Swarowsky Date: Thu, 22 Feb 2024 17:13:57 +0100 Subject: [PATCH 4/6] samples: ecjpake: Adapt to PSA crypto spec 1.2 PAKE APIs Change to the final PAKE API's that are in the PSA crypto Spec 1.2 that got introduced with oberon PSA core 1.2.1.1 Signed-off-by: Markus Swarowsky --- samples/crypto/ecjpake/src/main.c | 40 +++++++++++++++++-------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/samples/crypto/ecjpake/src/main.c b/samples/crypto/ecjpake/src/main.c index 5ab7ae9dcf4d..8c026122427f 100644 --- a/samples/crypto/ecjpake/src/main.c +++ b/samples/crypto/ecjpake/src/main.c @@ -101,9 +101,9 @@ psa_status_t do_rounds(psa_pake_operation_t *server, psa_pake_operation_t *clien } psa_status_t pake_setup(psa_pake_operation_t *op, psa_pake_cipher_suite_t *cs, const char *user, - const char *peer, psa_key_id_t *password) + const char *peer, psa_key_id_t password) { - psa_status_t status = psa_pake_setup(op, cs); + psa_status_t status = psa_pake_setup(op, password, cs); if (status != PSA_SUCCESS) { LOG_INF("psa_pake_setup failed. (Error: %d)", status); @@ -122,30 +122,36 @@ psa_status_t pake_setup(psa_pake_operation_t *op, psa_pake_cipher_suite_t *cs, c return status; } - status = psa_pake_set_password_key(op, *password); - if (status != PSA_SUCCESS) { - LOG_INF("psa_pake_set_password_key failed. (Error: %d)", status); - return status; - } - return PSA_SUCCESS; } psa_status_t do_key_derivation(psa_pake_operation_t *op, uint8_t *key_buffer, size_t key_buffer_size) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_id_t key; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_derivation_operation_t kdf = PSA_KEY_DERIVATION_OPERATION_INIT; - psa_status_t status = psa_key_derivation_setup(&kdf, PSA_ALG_TLS12_ECJPAKE_TO_PMS); + psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_TLS12_ECJPAKE_TO_PMS); + status = psa_pake_get_shared_key(op, &attributes, &key); + if (status != PSA_SUCCESS) { + LOG_INF("psa_pake_get_shared_key failed. (Error: %d)", status); + return status; + } + + status = psa_key_derivation_setup(&kdf, PSA_ALG_TLS12_ECJPAKE_TO_PMS); if (status != PSA_SUCCESS) { LOG_INF("psa_key_derivation_setup failed. (Error: %d)", status); return status; } - status = psa_pake_get_implicit_key(op, &kdf); + status = psa_key_derivation_input_key(&kdf, PSA_KEY_DERIVATION_INPUT_SECRET, key); if (status != PSA_SUCCESS) { - LOG_INF("psa_pake_get_implicit_key failed. (Error: %d)", status); + LOG_INF("psa_key_derivation_input_key failed. (Error: %d)", status); psa_key_derivation_abort(&kdf); return status; } @@ -169,16 +175,14 @@ int main(void) } psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT; - - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_pake_cs_set_primitive(&cipher_suite, PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256)); - psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + psa_pake_cs_set_key_confirmation(&cipher_suite, PSA_PAKE_UNCONFIRMED_KEY); psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&key_attributes, PSA_ALG_JPAKE); + psa_set_key_algorithm(&key_attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256)); psa_set_key_type(&key_attributes, PSA_KEY_TYPE_PASSWORD); psa_key_id_t key; @@ -192,7 +196,7 @@ int main(void) /* Initialize PAKE operation object for the client.*/ psa_pake_operation_t client = PSA_PAKE_OPERATION_INIT; - status = pake_setup(&client, &cipher_suite, "client", "server", &key); + status = pake_setup(&client, &cipher_suite, "client", "server", key); if (status != PSA_SUCCESS) { goto error; } @@ -200,7 +204,7 @@ int main(void) /* Initialize PAKE operation object for the server. */ psa_pake_operation_t server = PSA_PAKE_OPERATION_INIT; - status = pake_setup(&server, &cipher_suite, "server", "client", &key); + status = pake_setup(&server, &cipher_suite, "server", "client", key); if (status != PSA_SUCCESS) { goto error; } From 1739cf5157d6af7e9c14c30bbe30a85621cdbd80 Mon Sep 17 00:00:00 2001 From: Markus Swarowsky Date: Fri, 23 Feb 2024 10:29:06 +0100 Subject: [PATCH 5/6] manifest: mbedtls: Adapt to final PAKE APIs Change TLS to final PAKE APIs from PSA crypto spec 1.2 Signed-off-by: Markus Swarowsky --- west.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/west.yml b/west.yml index efc768938848..534fd736a8b6 100644 --- a/west.yml +++ b/west.yml @@ -138,7 +138,7 @@ manifest: - name: mbedtls path: modules/crypto/mbedtls repo-path: sdk-mbedtls - revision: 31eb94eca87e4b65e5b1ce662126de2dbfd4f314 + revision: 4625a6097993a0bae01f809aacd48ee2c9cb1d0b - name: nrfxlib repo-path: sdk-nrfxlib path: nrfxlib From f8d882a817f9b92e1575a2b2773b0e4075b1255b Mon Sep 17 00:00:00 2001 From: Georgios Vasilakis Date: Mon, 26 Feb 2024 12:33:30 +0100 Subject: [PATCH 6/6] manifest: Bring Matter with new PAKE APIs Brings Matter which uses the final PAKE APIs from PSA crypto spec 1.2. Signed-off-by: Georgios Vasilakis --- west.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/west.yml b/west.yml index 534fd736a8b6..aff9ca22ea6b 100644 --- a/west.yml +++ b/west.yml @@ -154,7 +154,7 @@ manifest: - name: matter repo-path: sdk-connectedhomeip path: modules/lib/matter - revision: b745cdf7098a417de5e24bd2256d983f8377af12 + revision: efdae04affa42dc81d51f6473fc0e148115e90b3 submodules: - name: nlio path: third_party/nlio/repo