1
0
mirror of https://github.com/RIOT-OS/RIOT.git synced 2024-12-29 04:50:03 +01:00

sys/psa_crypto: Add HKDF-Extract/-Expand key derivation algorithms

The PSA crypto API specification 1.1.1 introduced two new algorithms
for HKDF. Add support for those.

Signed-off-by: Armin Wolf <W_Armin@gmx.de>
This commit is contained in:
Armin Wolf 2024-10-03 23:16:25 +02:00
parent b17402bc9f
commit e713b3d863

View File

@ -73,6 +73,28 @@ extern "C" {
#define PSA_ALG_IS_HKDF(alg) \ #define PSA_ALG_IS_HKDF(alg) \
(((alg) & ~0x000000ff) == 0x08000100) (((alg) & ~0x000000ff) == 0x08000100)
/**
* @brief Whether the specified algorithm is an HKDF-Extract algorithm.
*
* @param alg An algorithm identifier: a value of type @ref psa_algorithm_t.
*
* @return 1 if alg is an HKDF-Extract algorithm
* 0 otherwise
*/
#define PSA_ALG_IS_HKDF_EXTRACT(alg) \
(((alg) & ~0x000000ff) == 0x08000400)
/**
* @brief Whether the specified algorithm is an HKDF-Expand algorithm.
*
* @param alg An algorithm identifier: a value of type @ref psa_algorithm_t.
*
* @return 1 if alg is an HKDF-Expand algorithm
* 0 otherwise
*/
#define PSA_ALG_IS_HKDF_EXPAND(alg) \
(((alg) & ~0x000000ff) == 0x08000500)
/** /**
* @brief Whether the specified algorithm is a TLS-1.2 PRF algorithm. * @brief Whether the specified algorithm is a TLS-1.2 PRF algorithm.
* *
@ -137,6 +159,59 @@ extern "C" {
*/ */
#define PSA_ALG_HKDF(hash_alg) ((psa_algorithm_t)(0x08000100 | ((hash_alg) & 0x000000ff))) #define PSA_ALG_HKDF(hash_alg) ((psa_algorithm_t)(0x08000100 | ((hash_alg) & 0x000000ff)))
/**
* @brief Macro to build an HKDF-Extract algorithm.
*
* @details This is the Extract step of HKDF as specified by
* HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [RFC5869] §2.2.
*
* This key derivation algorithm uses the following inputs:
* - @ref PSA_KEY_DERIVATION_INPUT_SALT is the salt.
* - @ref PSA_KEY_DERIVATION_INPUT_SECRET is the input keying material used
* in the extract step.
*
* The inputs are mandatory and must be passed in the order above.
* Each input may only be passed once.
*
* @b Compatible @b key @b types
* - @ref PSA_KEY_TYPE_DERIVE (for the input keying material)
* - @ref PSA_KEY_TYPE_RAW_DATA (for the salt)
*
* @param hash_alg A hash algorithm: a value of type @ref psa_algorithm_t such that
* @ref PSA_ALG_IS_HASH(@p hash_alg) is true.
*
* @return The corresponding HKDF-Extract algorithm. For example,
* @ref PSA_ALG_HKDF_EXTRACT(@ref PSA_ALG_SHA_256) is HKDF-Extract using HMAC-SHA-256.
* Unspecified if @c hash_alg is not a supported hash algorithm.
*/
#define PSA_ALG_HKDF_EXTRACT(hash_alg) ((psa_algorithm_t)(0x08000400 | ((hash_alg) & 0x000000ff)))
/**
* @brief Macro to build an HKDF-Expand algorithm.
*
* @details This is the Expand step of HKDF as specified by
* HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [RFC5869] §2.3.
*
* This key derivation algorithm uses the following inputs:
* - @ref PSA_KEY_DERIVATION_INPUT_SECRET is the pseudoramdom key (PRK).
* - @ref PSA_KEY_DERIVATION_INPUT_INFO is the info string.
*
* The inputs are mandatory and must be passed in the order above.
* Each input may only be passed once.
*
* @b Compatible @b key @b types
* - @ref PSA_KEY_TYPE_DERIVE (for the pseudorandom key)
* - @ref PSA_KEY_TYPE_RAW_DATA (for the info string)
*
* @param hash_alg A hash algorithm: a value of type @ref psa_algorithm_t such that
* @ref PSA_ALG_IS_HASH(@p hash_alg) is true.
*
* @return The corresponding HKDF-Expand algorithm. For example,
* @ref PSA_ALG_HKDF_EXPAND(@ref PSA_ALG_SHA_256) is HKDF-Expand using HMAC-SHA-256.
* Unspecified if @c hash_alg is not a supported hash algorithm.
*/
#define PSA_ALG_HKDF_EXPAND(hash_alg) ((psa_algorithm_t)(0x08000500 | ((hash_alg) & 0x000000ff)))
/** /**
* @brief Macro to build a TLS-1.2 PRF algorithm. * @brief Macro to build a TLS-1.2 PRF algorithm.
* *