Merge pull request #6010 from mprse/ffdh_import_export

FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
2026-03-22 20:21:10 +01:00 · 2023-05-10 11:40:54 +02:00
parent 8d42cfddd6 837d2d1c5e
commit 1d046fa0dd
13 changed files with 882 additions and 54 deletions
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ b/tests/src/drivers/test_driver_key_agreement.c
@@ -24,6 +24,7 @@
 #include "psa/crypto.h"
 #include "psa_crypto_core.h"
 #include "psa_crypto_ecp.h"
+#include "psa_crypto_ffdh.h"

 #include "test/drivers/key_agreement.h"
 #include "test/drivers/test_driver.h"
@@ -93,6 +94,37 @@ psa_status_t mbedtls_test_transparent_key_agreement(
        (void) shared_secret_size;
        (void) shared_secret_length;
        return PSA_ERROR_NOT_SUPPORTED;
+#endif
+    }
+    if (PSA_ALG_IS_FFDH(alg)) {
+#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
+        defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH))
+        return libtestdriver1_mbedtls_psa_key_agreement_ffdh(
+            (const libtestdriver1_psa_key_attributes_t *) attributes,
+            key_buffer, key_buffer_size,
+            alg, peer_key, peer_key_length,
+            shared_secret, shared_secret_size,
+            shared_secret_length);
+#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
+        return mbedtls_psa_key_agreement_ffdh(
+            attributes,
+            peer_key,
+            peer_key_length,
+            key_buffer,
+            key_buffer_size,
+            shared_secret,
+            shared_secret_size,
+            shared_secret_length);
+#else
+        (void) attributes;
+        (void) key_buffer;
+        (void) key_buffer_size;
+        (void) peer_key;
+        (void) peer_key_length;
+        (void) shared_secret;
+        (void) shared_secret_size;
+        (void) shared_secret_length;
+        return PSA_ERROR_NOT_SUPPORTED;
 #endif
    } else {
        return PSA_ERROR_INVALID_ARGUMENT;
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -789,6 +789,12 @@ int mbedtls_test_psa_exported_key_sanity_check(
            TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
            TEST_EQUAL(exported[0], 4);
        }
+    } else
+    if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) {
+        TEST_ASSERT(exported_length ==
+                    PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
+        TEST_ASSERT(exported_length <=
+                    PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
    } else {
        (void) exported;
        TEST_ASSERT(!"Sanity check not implemented for this key type");