commit 8dbfca462818038190f3690ae48b5ef6173fde26
author Hanno Becker <hanno.becker@arm.com> Fri Oct 12 11:56:55 2018 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon Nov 19 11:24:21 2018 +0000
tree 2c6b0e350c475f2b288105ae91903520778298eb
parent 65b691793db3b930b679e83df98e133b4e29ed48

Add TLS-1.2 PSK-to-MS key derivation algorithm identifier to PSA API

include/psa/crypto.h

diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 15c8130..bdddeca 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1232,6 +1232,45 @@
 #define PSA_ALG_TLS12_PRF_GET_HASH(hkdf_alg)                         \
     (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
 
+#define PSA_ALG_TLS12_PSK_TO_MS_BASE ((psa_algorithm_t)0x30000300)
+/** Macro to build a TLS-1.2 PSK-to-MasterSecret algorithm.
+ *
+ * For example, `PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA256)` represents the
+ * TLS-1.2 PSK to MasterSecret derivation PRF using HMAC-SHA-256.
+ *
+ * \param hash_alg      A hash algorithm (\c PSA_ALG_XXX value such that
+ *                      #PSA_ALG_IS_HASH(\p hash_alg) is true).
+ *
+ * \return              The corresponding TLS-1.2 PSK to MS algorithm.
+ * \return              Unspecified if \p alg is not a supported
+ *                      hash algorithm.
+ */
+#define PSA_ALG_TLS12_PSK_TO_MS(hash_alg)                                  \
+    (PSA_ALG_TLS12_PSK_TO_MS_BASE | ((hash_alg) & PSA_ALG_HASH_MASK))
+
+/** Whether the specified algorithm is a TLS-1.2 PSK to MS algorithm.
+ *
+ * In a pure-PSK handshake in TLS 1.2, the master secret is derived
+ * from the PreSharedKey (PSK) through the application of padding and
+ * the TLS-1.2 PRF (see below). The latter is based on HMAC and can
+ * be used with either SHA-256 or SHA-384.
+ *
+ * For the application to TLS-1.2, the salt passed to psa_key_derivation()
+ * (and forwarded to the TLS-1.2 PRF) is the concatenation of the
+ * ClientHello.Random + ServerHello.Random, while the label is "master secret".
+ * See RFC 5246, Section 8.1, Computing the Master Secret.
+ *
+ * \param alg An algorithm identifier (value of type #psa_algorithm_t).
+ *
+ * \return 1 if \c alg is a TLS-1.2 PSK to MS algorithm, 0 otherwise.
+ *         This macro may return either 0 or 1 if \c alg is not a supported
+ *         key derivation algorithm identifier.
+ */
+#define PSA_ALG_IS_TLS12_PSK_TO_MS(alg)                                    \
+    (((alg) & ~PSA_ALG_HASH_MASK) == PSA_ALG_TLS12_PSK_TO_MS_BASE)
+#define PSA_ALG_TLS12_PSK_TO_MS_GET_HASH(hkdf_alg)                         \
+    (PSA_ALG_CATEGORY_HASH | ((hkdf_alg) & PSA_ALG_HASH_MASK))
+
 #define PSA_ALG_KEY_DERIVATION_MASK             ((psa_algorithm_t)0x010fffff)
 
 /** Use a shared secret as is.