PSA PAKE: reintroduce psa_pake_primitive_t

If PSA_PAKE_OUTPUT_SIZE takes cipher_suite as a parameter and it is a
structure it can't be a compile-time constant anymore.

Reintroducing psa_pake_primitive_t, because it can be constructed as an
integral type and holds enough information to allow PSA_PAKE_OUTPUT_SIZE
calculating accurate estimates on the output size in compile time.

Signed-off-by: Janos Follath <janos.follath@arm.com>
This commit is contained in:
Janos Follath 2021-05-13 11:45:14 +01:00
parent a86c3131a8
commit 78b9e40662
5 changed files with 55 additions and 125 deletions

View file

@ -4145,107 +4145,30 @@ static void psa_pake_cs_set_algorithm(
* This function may be provided as a function-like macro, but in this case it * This function may be provided as a function-like macro, but in this case it
* must evaluate its argument exactly once. * must evaluate its argument exactly once.
* *
* Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX`
* values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true)
* for more information.
*
* \param[in] cipher_suite The cipher suite structure to query. * \param[in] cipher_suite The cipher suite structure to query.
* *
* \return The primitive type stored in the cipher suite structure. * \return The primitive stored in the cipher suite structure.
*/ */
static psa_pake_primitive_type_t psa_pake_cs_get_type( static psa_pake_primitive_t psa_pake_cs_get_primitive(
const psa_pake_cipher_suite_t* cipher_suite const psa_pake_cipher_suite_t* cipher_suite
); );
/** Declare the primitive type for a PAKE cipher suite. /** Declare the primitive type for a PAKE cipher suite.
* *
* This function overwrites any primitive type * This function overwrites any primitive previously set in \p cipher_suite.
* previously set in \p cipher_suite.
* *
* This function may be declared as `static` (i.e. without external * This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro, * linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once. * but in this case it must evaluate each of its arguments exactly once.
* *
* \param[out] cipher_suite The cipher suite structure to write to. * \param[out] cipher_suite The cipher suite structure to write to.
* \param type The primitive type to write. * \param primitive The primitive to write. If this is 0, the
* If this is 0, the primitive type in * primitive type in \p cipher_suite becomes
* \p cipher_suite becomes unspecified. * unspecified.
*/ */
static void psa_pake_cs_set_type( static void psa_pake_cs_set_primitive(
psa_pake_cipher_suite_t* cipher_suite, psa_pake_cipher_suite_t* cipher_suite,
psa_pake_primitive_type_t type psa_pake_primitive_t primitive
);
/** Retrieve the primitive family from a PAKE cipher suite.
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate its argument exactly once.
*
* \param[in] cipher_suite The cipher suite structure to query.
*
* \return The primitive family stored in the cipher suite structure.
*/
static psa_pake_family_t psa_pake_cs_get_family(
const psa_pake_cipher_suite_t* cipher_suite
);
/** Declare the primitive family for a PAKE cipher suite.
*
* This function overwrites any primitive family
* previously set in \p cipher_suite.
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once.
*
* \param[out] cipher_suite The cipher suite structure to write to.
* \param family The primitive family to write.
* If this is 0, the primitive family in
* \p cipher_suite becomes unspecified. The
* interpretation of this parameter depends on
* the primitive type. For more information
* consult the documentation of individual
* ::psa_pake_primitive_type_t constants).
*/
static void psa_pake_cs_set_family(
psa_pake_cipher_suite_t* cipher_suite,
psa_pake_family_t family
);
/** Retrieve the size associated with the primitive from a PAKE cipher suite.
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate its argument exactly once.
*
* \param[in] cipher_suite The cipher suite structure to query.
*
* \return The primitive bits stored in the cipher suite structure.
*/
static size_t psa_pake_cs_get_bits(const psa_pake_cipher_suite_t* cipher_suite);
/** Declare the primitive bits for a PAKE cipher suite.
*
* This function overwrites any primitive bits
* previously set in \p cipher_suite.
*
* This function may be declared as `static` (i.e. without external
* linkage). This function may be provided as a function-like macro,
* but in this case it must evaluate each of its arguments exactly once.
*
* \param[out] cipher_suite The cipher suite structure to write to.
* \param bits The primitive bits to write.
* If this is 0, the primitive bits in
* \p cipher_suite becomes unspecified. The
* interpretation of this parameter depends on
* the family, for more information consult the
* documentation of individual
* ::psa_pake_primitive_type_t constants).
*/
static void psa_pake_cs_set_bits(
psa_pake_cipher_suite_t* cipher_suite,
size_t bits
); );
/** Retrieve the hash algorithm from a PAKE cipher suite. /** Retrieve the hash algorithm from a PAKE cipher suite.

View file

@ -1143,7 +1143,7 @@
* *
* \param alg A PAKE algorithm (PSA_ALG_XXX value such that * \param alg A PAKE algorithm (PSA_ALG_XXX value such that
* #PSA_ALG_IS_PAKE(\p alg) is true). * #PSA_ALG_IS_PAKE(\p alg) is true).
* \param cipher_suite A cipher suite that is compatible with algorithm \p alg. * \param primitive A primitive that is compatible with algorithm \p alg.
* \param output_step A value of type ::psa_pake_step_t that is valid for the * \param output_step A value of type ::psa_pake_step_t that is valid for the
* algorithm \p alg. * algorithm \p alg.
* \return A sufficient output buffer size for the specified * \return A sufficient output buffer size for the specified
@ -1151,7 +1151,7 @@
* the output type or PAKE algorithm is not recognized, or * the output type or PAKE algorithm is not recognized, or
* the parameters are incompatible, return 0. * the parameters are incompatible, return 0.
*/ */
#define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output_step) #define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step)
/** Output buffer size for psa_pake_output() for any of the supported cipher /** Output buffer size for psa_pake_output() for any of the supported cipher
* suites and PAKE algorithms. * suites and PAKE algorithms.

View file

@ -466,10 +466,16 @@ struct psa_pake_cipher_suite_s
psa_algorithm_t algorithm; psa_algorithm_t algorithm;
psa_pake_primitive_type_t type; psa_pake_primitive_type_t type;
psa_pake_family_t family; psa_pake_family_t family;
size_t bits; uint16_t bits;
psa_algorithm_t hash; psa_algorithm_t hash;
}; };
static inline psa_algorithm_t psa_pake_cs_get_algorithm(
const psa_pake_cipher_suite_t *cipher_suite)
{
return( cipher_suite->algorithm );
}
static inline void psa_pake_cs_set_algorithm( static inline void psa_pake_cs_set_algorithm(
psa_pake_cipher_suite_t *cipher_suite, psa_pake_cipher_suite_t *cipher_suite,
psa_algorithm_t algorithm) psa_algorithm_t algorithm)
@ -480,49 +486,20 @@ static inline void psa_pake_cs_set_algorithm(
cipher_suite->algorithm = algorithm; cipher_suite->algorithm = algorithm;
} }
static inline psa_algorithm_t psa_pake_cs_get_algorithm( static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
const psa_pake_cipher_suite_t *cipher_suite) const psa_pake_cipher_suite_t *cipher_suite)
{ {
return( cipher_suite->algorithm ); return( PSA_PAKE_PRIMITIVE( cipher_suite->type, cipher_suite->family,
cipher_suite->bits) );
} }
static inline psa_pake_primitive_type_t psa_pake_cs_get_type( static inline void psa_pake_cs_set_primitive(
const psa_pake_cipher_suite_t *cipher_suite)
{
return( cipher_suite->type );
}
static inline void psa_pake_cs_set_type(
psa_pake_cipher_suite_t *cipher_suite, psa_pake_cipher_suite_t *cipher_suite,
psa_pake_primitive_type_t type) psa_pake_primitive_t primitive)
{ {
cipher_suite->type = type; cipher_suite->type = (psa_pake_primitive_type_t) primitive >> 24;
} cipher_suite->family = (psa_pake_family_t) ( 0xFF & (primitive >> 16) );
cipher_suite->bits = (uint16_t) ( 0xFFFF & primitive );
static inline psa_pake_family_t psa_pake_cs_get_family(
const psa_pake_cipher_suite_t *cipher_suite)
{
return( cipher_suite->family );
}
static inline void psa_pake_cs_set_family(
psa_pake_cipher_suite_t *cipher_suite,
psa_pake_family_t family)
{
cipher_suite->family = family;
}
static inline size_t psa_pake_cs_get_bits(
const psa_pake_cipher_suite_t *cipher_suite)
{
return( cipher_suite->bits );
}
static inline void psa_pake_cs_set_bits(
psa_pake_cipher_suite_t *cipher_suite,
size_t bits)
{
cipher_suite->bits = bits;
} }
static inline psa_algorithm_t psa_pake_cs_get_hash( static inline psa_algorithm_t psa_pake_cs_get_hash(

View file

@ -415,5 +415,11 @@ typedef uint8_t psa_pake_primitive_type_t;
* PSA_PAKE_PRIMITIVE_TYPE_XXX constants. * PSA_PAKE_PRIMITIVE_TYPE_XXX constants.
*/ */
typedef uint8_t psa_pake_family_t; typedef uint8_t psa_pake_family_t;
/** \brief Encoding of the primitive associated with the PAKE.
*
* For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro.
*/
typedef uint32_t psa_pake_primitive_t;
/**@}*/ /**@}*/
#endif /* PSA_CRYPTO_TYPES_H */ #endif /* PSA_CRYPTO_TYPES_H */

View file

@ -2546,6 +2546,30 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
*/ */
#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) #define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02)
/** Construct a PAKE primitive from type, family and bitsize.
*
* \param pake_type The type of the primitive
* (value of type ::psa_pake_primitive_type_t).
* \param pake_family The family of the primitive
* (the type and interpretation of this parameter depends
* on \p type, for more information consult the
* documentation of individual ::psa_pake_primitive_type_t
* constants).
* \param pake_bits The bitsize of the primitive
* (Value of type \c size_t. The interpretation
* of this parameter depends on \p family, for more
* information consult the documentation of individual
* ::psa_pake_primitive_type_t constants).
*
* \return The constructed primitive value of type ::psa_pake_primitive_t.
* Return 0 if the requested primitive can't be encoded as
* ::psa_pake_primitive_t.
*/
#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \
(pake_bits > 0xFFFF) ? 0 : \
((psa_pake_primitive_t) (((pake_type) << 24 | \
(pake_family) << 16) | (pake_bits)))
/** The key share being sent to or received from the peer. /** The key share being sent to or received from the peer.
* *
* Unless the documentation of the PAKE algorithm says otherwise this is a * Unless the documentation of the PAKE algorithm says otherwise this is a