Commit graph

401 commits

Author SHA1 Message Date
Adrian L. Shaw
484ba88a0f Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
dc5bf5c8e7 Add storage failure to (encrypt/decrypt)_setup 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
d9e9024885 Add storage failure to psa_mac_verify_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
263223689f Add storage failure to psa_mac_sign_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
8d0bcf27ec Add PSA_ERROR_INVALID_ARGUMENT to psa_hash_compare 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
df3c7ac645 Remove trailing whitespace 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d789dc13da Added a few more return codes 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
3e41249417 Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
71b33ffcf8 Add missing error codes to psa_generate_random 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
0d280b9873 Add missing error codes for psa_raw_key_agreement 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
a3f6ba5843 Added PSA_ERROR_STORAGE_FAILURE to psa_cipher_(encrypt/decrypt) 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
320659b54c Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
e970d65273 Added extra bad state case to psa_hash_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
6e758c9bb8 Add missing return codes to psa_asymmetric_verify 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
27c121574b Add missing parameters to psa_asymmetric_sign 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d21c6e6566 Add missing return codes to psa_generate_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
c207ba376e Added missing return codes to psa_aead_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
96f31ada18 Add missing return codes to psa_asymmetric_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
f961d5c9e6 Add missing return codes to psa_asymmetric_encrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
53d90c5199 Only return PSA_ERROR_DOES_NOT_EXIST from psa_open_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
9770d0e0f8 Add PSA_ERROR_STORAGE_FAILURE to psa_mac_verify_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
2409ba0429 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
7563ed17ab Remove PSA_ERROR_DOES_NOT_EXIST from psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d5ae06b1e3 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
dec47b6f9d Added the possibility of PSA_ERROR_BAD_STATE to all functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
fa591c44af Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
f7d852a9d5 Added PSA_ERROR_BUFFER_TOO_SMALL to psa_hash_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
60b0320af0 Add PSA_ERROR_STORAGE_FAILURE to psa_copy_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
398b3c27e0 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
e926e7370f Removed PSA_DOES_NOT_EXIST from psa_export_public_key
The implementation should return PSA_ERROR_INVALID_HANDLE instead.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
88c51adfc0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
742084ea25 Removed PSA_ERROR_DOES_NOT_EXIST from psa_export_key
If the key doesn't exist by the time this call is made
then the handle is invalid,
which means that PSA_ERROR_INVALID_HANDLE should be
returned rather than "does not exist"
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
0542d595ce Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
89b7152ed0 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
29b64073af Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:30:17 +01:00
Jaeden Amero
21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Andrew Thoelke
8824daec6f Editorial fixes. 2019-08-22 15:52:32 +01:00
Andrew Thoelke
07f16b78ff Update documentation for psa_destroy_key
Define the affect on handles to the key and on active multipart 
operations.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
3daba812d7 Update documentation for psa_close_key
Adjust the wording to permit multiple handles to a single key - closing
a handle does not necessarily release volatile memory associated with
the key, that only occurs when the last handle is closed.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
9741b11440 Update psa_open_key documentation
- Describe the implementation defined behavior for opening multiple 
keys, and provide a reference to the relevant section.

- Describe the use of INSUFFICENT_MEMORY error to indicate additional 
implementation resource constaints.

- Clarify the distinction between DOES_NOT_EXIST and INVALID_HANDLE 
error conditions.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
203491c65d Remove duplicated information in psa_open_key
The information about implmementation keys is duplicated.
2019-08-22 15:52:31 +01:00
k-stachowiak
b9b4f09c47 Document new error type returned from the key derivation API 2019-08-15 19:01:59 +02:00
Gilles Peskine
adb1c52149
Merge pull request #157 from gilles-peskine-arm/psa-se_driver-create_key
Secure element key creation foundation
2019-07-26 14:39:55 +02:00
Gilles Peskine
105f67f0fa Move the definition of psa_key_attributes_t to crypto_types.h
psa_key_attributes_t is used in the SE driver HAL, so it must be
defined in a common header, not in the API-only header crypto.h.
2019-07-23 18:43:28 +02:00
Andrew Thoelke
d16bdac9b5 Use stdint.h types in multipart AEAD functions
No implementation yet.
2019-07-15 11:14:56 +02:00
Andrew Thoelke
47629d076e Use stdint.h types
Follow MISRA C 2012 rules by using exact width types from stdint.h.
2019-07-15 11:14:56 +02:00
Gilles Peskine
6a21123619 Remove obsolete mentions of PSA_ERROR_EMPTY_SLOT
There are no more "empty slots", so finish removing the corresponding
error.
2019-05-21 19:11:07 +02:00
Gilles Peskine
4754cdeef8 Improve description of psa_open_key()
Remove obsolete reference to psa_make_key_persistent().
2019-05-21 18:43:18 +02:00
Gilles Peskine
a0c0655c91 Add missing declarations to the API document
PSA_KEY_ATTRIBUTES_INIT and psa_key_attributes_init weren't declared
in the API document, only defined in our implementation, but they are
referenced in the API document.
2019-05-21 15:54:54 +02:00
Jaeden Amero
fba7539ad7
Merge pull request #269 from ARMmbed/psa-slots_to_handles
Update API documentation to refer to handles and key ids, not slots
2019-05-17 10:18:34 +01:00
Gilles Peskine
eff4942202
Merge pull request #268 from ARMmbed/psa-error_tampering_detected
Rename PSA_ERROR_TAMPERING_DETECTED to PSA_ERROR_CORRUPTION_DETECTED
2019-05-17 11:06:09 +02:00
Gilles Peskine
35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Adrian L. Shaw
0a695bd13e Simplify description of psa_copy_key 2019-05-16 22:11:18 +02:00
Adrian L. Shaw
52d83dabd6 Mention psa_close_key in the description of psa_open_key 2019-05-16 22:11:17 +02:00
Adrian L. Shaw
d56456cbe8 Improve descriptions that mention handles and fix incorrect mention of psa_create_key 2019-05-16 22:10:51 +02:00
Adrian L. Shaw
67e1c7ac80 Remove remaining mentions of slots 2019-05-16 22:10:49 +02:00
Gilles Peskine
4b3eb69271 Rename PSA_ERROR_TAMPERING_DETECTED to ..._CORRUPTION_DETECTED
“Tampering detected” was misleading because in the real world it can
also arise due to a software bug. “Corruption detected” is neutral and
more precisely reflects what can trigger the error.

perl -i -pe 's/PSA_ERROR_TAMPERING_DETECTED/PSA_ERROR_CORRUPTION_DETECTED/gi' $(git ls-files)
2019-05-16 21:35:18 +02:00
Gilles Peskine
20a77aeac7 RSA key generation: require e=65537 2019-05-16 19:51:10 +02:00
Gilles Peskine
a130219ac0 Move remaining text about DSA out of the specification 2019-05-16 19:51:10 +02:00
Gilles Peskine
dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Gilles Peskine
24f10f85e2 Remove domain parameters from the official API
Move psa_get_key_domain_parameters() and
psa_set_key_domain_parameters() out of the official API and declare
them to be implementation-specific extensions.

Expand the documentation of psa_set_key_domain_parameters() a bit to
explain how domain parameters are used.

Remove all mentions of domain parameters from the documentation of API
functions. This leaves DH and DSA effectively unusable.
2019-05-16 19:27:05 +02:00
Gilles Peskine
58fe9e8afe Correct the description of psa_raw_key_agreement
There was some copypasta from the KA+KDF function's description.
2019-05-16 18:55:25 +02:00
Gilles Peskine
be697d8324 Shorten the name of psa_key_agreement_raw_shared_secret
There is less of a risk of confusion with the KA+KDF function now.
2019-05-16 18:55:25 +02:00
Gilles Peskine
1cb9a08d6a Reorder key derivation functions in the header file
Present key derivation functions in a more logical order,
corresponding roughly to the order in which an application would call
them.
2019-05-16 18:55:25 +02:00
Gilles Peskine
cf7292e257 Wrap and reindent some lines
After renaming several identifiers, re-wrap and re-indent some lines
to make the code prettier.
2019-05-16 18:55:25 +02:00
Gilles Peskine
35675b6b26 Terminology: say "key derivation operation", not "generator"
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology.

This commit updates the function descriptions.
2019-05-16 18:55:25 +02:00
Gilles Peskine
cbe6650394 Rename generator-related internal identifiers
perl -pe 's/crypto_generator/key_derivation/gi' $(git ls-files)
    perl -pe 's/_generator/_key_derivation/gi' $(git ls-files)
2019-05-16 18:55:25 +02:00
Gilles Peskine
a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Jaeden Amero
d35249e66f
Merge pull request #109 from gilles-peskine-arm/psa-key_attributes-set_persistent
Individual setters for persistent key attributes
2019-05-16 17:28:53 +01:00
Jaeden Amero
99e8d26a75
Merge pull request #104 from gilles-peskine-arm/psa-global_key_id
Make key ids global and define their range
2019-05-16 17:11:59 +01:00
Gilles Peskine
f1b7694768 Minor documentation improvements 2019-05-16 16:10:59 +02:00
Jaeden Amero
16ab39102e
Merge pull request #102 from gilles-peskine-arm/psa-aead_multipart-delay
Multipart AEAD buffer output sizes
2019-05-16 13:34:21 +01:00
Jaeden Amero
76be7f9c70
Merge pull request #108 from gilles-peskine-arm/psa-copy_key-policy
Add policy usage flag to copy a key
2019-05-16 12:08:13 +01:00
Gilles Peskine
73676cbc50 Put handle parameter last: psa_import_key
In psa_import_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 23:16:07 +02:00
Gilles Peskine
806051f17e Update an obsolete use of psa_import_key in documentation
psa_import_key now takes an attribute structure, not a type.
2019-05-15 23:15:49 +02:00
Gilles Peskine
98dd779eb5 Put handle parameter last: psa_generate_derived_key
In psa_generate_derived_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 20:15:31 +02:00
Gilles Peskine
dc8219a10d Replace psa_make_key_persistent by id/lifetime setters
Use individual setters for the id and lifetime fields of an attribute
structure, like the other attributes.

This commit updates the specification and adds an implementation of
the new setters.
2019-05-15 19:14:05 +02:00
Gilles Peskine
d6a8f5f1b5 Improve description of PSA_KEY_USAGE_COPY
Be more clear about when EXPORT is also required.
2019-05-14 16:25:50 +02:00
Gilles Peskine
ac99e32b79 Documentation improvements 2019-05-14 16:11:07 +02:00
Gilles Peskine
8e0206aa26 New usage flag PSA_KEY_USAGE_COPY
Document the new flag and allow its use.
2019-05-14 14:24:28 +02:00
Gilles Peskine
4318dfc8ec psa_export_key, psa_export_public_key: document the EXPORT flag 2019-05-14 14:23:32 +02:00
Jaeden Amero
1fe90fab30
Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes
Check unused attributes in import and copy
2019-05-13 11:48:40 +01:00
Gilles Peskine
4a231b8d3b Break up key identifiers into user, vendor and reserved ranges
Define a range of key identifiers for use by the application
(0..2^30-1), a range for use by implementations (2^30..2^31), and a
range that is reserved for future use (2^31..2^32-1).
2019-05-06 18:56:14 +02:00
Gilles Peskine
225010fdf7 Remove lifetime parameter from psa_open_key
Change the scope of key identifiers to be global, rather than
per lifetime. As a result, you now need to specify the lifetime of a
key only when creating it.
2019-05-06 18:52:22 +02:00
Gilles Peskine
f02aec90dc Allow AEAD update output to be delayed
Do not require finish() to have empty output for any algorithm. Some
hardware does not support immediate stream processing.
2019-05-06 15:59:44 +02:00
Gilles Peskine
49dd8d8cec Add size macros for multipart AEAD
New macros PSA_AEAD_UPDATE_OUTPUT_SIZE, PSA_AEAD_FINISH_OUTPUT_SIZE
and PSA_AEAD_VERIFY_OUTPUT_SIZE to determine the output buffer sizes
for psa_aead_update(), psa_aead_finish() and psa_aead_verify().
2019-05-06 15:59:16 +02:00
Gilles Peskine
5211efb317 Add output parameter for psa_aead_verify
Like psa_aead_finish(), psa_aead_verify() needs to produce output from
the last partial block of input if psa_aead_update() cannot produce
output byte by byte.
2019-05-06 15:56:05 +02:00
Gilles Peskine
4ce2a9dcbf Check unused attributes in import and copy
In psa_import_key and psa_copy_key, some information comes from the
key data (input buffer or source key) rather than from the attributes:
key size for import, key size and type and domain parameters for copy.
If an unused attribute is nonzero in the attribute structure, check
that it matches the correct value. This protects against application
errors.
2019-05-03 16:57:15 +02:00
Adrian L. Shaw
5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Gilles Peskine
1ea5e44c93 Minor documentation improvement 2019-05-02 20:31:10 +02:00
Gilles Peskine
aa02c17dfa Add buffer size macro for psa_get_key_domain_parameters 2019-04-28 11:48:29 +02:00
Gilles Peskine
9c640f91d4 Improve documentation of key attributes 2019-04-28 11:48:26 +02:00
Gilles Peskine
06af0cd4a3 Always require reset after psa_get_key_attributes
There was a guarantee that psa_get_key_attributes() does not require a
subsequent psa_reset_key_attributes() to free resources as long as the
key was created with attributes having this property. This requirement
was hard to pin down because if a key is created with default
parameters, there are cases where it is difficult to ensure that the
domain parameters will be reported without allocating memory. So
remove this guarantee. Now the only case psa_reset_key_attributes() is
not required is if the attribute structure has only been modified with
certain specific setters.
2019-04-28 11:46:10 +02:00
Gilles Peskine
e56e878207 Remove extra parameter from psa_generate_key
Read extra data from the domain parameters in the attribute structure
instead of taking an argument on the function call.

Implement this for RSA key generation, where the public exponent can
be set as a domain parameter.

Add tests that generate RSA keys with various public exponents.
2019-04-26 17:37:50 +02:00
Gilles Peskine
b699f07af0 Switch psa_{get,set}_domain_parameters to attributes
Change psa_get_domain_parameters() and psa_set_domain_parameters() to
access a psa_key_attributes_t structure rather than a key handle.

In psa_get_key_attributes(), treat the RSA public exponent as a domain
parameter and read it out. This is in preparation for removing the
`extra` parameter of psa_generate_key() and setting the RSA public
exponent for key generation via domain parameters.

In this commit, the default public exponent 65537 is not treated
specially, which allows us to verify that test code that should be
calling psa_reset_key_attributes() after retrieving the attributes of
an RSA key is doing so properly (if it wasn't, there would be a memory
leak), even if the test data happens to use an RSA key with the
default public exponent.
2019-04-26 17:37:08 +02:00
Gilles Peskine
3a4f1f8e46 Set the key size as an attribute
Instead of passing a separate parameter for the key size to
psa_generate_key and psa_generator_import_key, set it through the
attributes, like the key type and other metadata.
2019-04-26 13:49:28 +02:00
Gilles Peskine
a3dd737be4 Move legacy definitions to crypto_extra.h
Types and functions that are not used in the attribute-based key
creation API are now implementation-specific extensions, kept around
until we finish transitioning to the new API.
2019-04-24 15:47:30 +02:00
Gilles Peskine
2062859496 Document the new functions related to key attributes
Also update the documentation of key creation functions that have been
modified to use key attributes.
2019-04-24 15:47:30 +02:00
Gilles Peskine
8c8f2ab66b Implement psa_get_key_attributes
Implement attribute querying.

Test attribute getters and setters. Use psa_get_key_attributes instead
of the deprecated functions psa_get_key_policy or
psa_get_key_information in most tests.
2019-04-24 15:46:04 +02:00