Commit graph

811 commits

Author SHA1 Message Date
Gilles Peskine
3ff79066b1 Note an interrogation about integer value representation
Especially 0 values may need special treatment since they can't be
used as an array size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
6a530e8d26 Random driver: make initial_entropy_size mandatory
If a random driver has a built-in entropy source and doesn't need an
external entropy source, make the driver author declare this
explicitly, rather than it being a less secure default.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:22 +01:00
Gilles Peskine
ee914f34fa Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:14 +01:00
Gilles Peskine
609394c1cf Open question: can there be multiple RNG instances?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:06 +01:00
Gilles Peskine
8d5092c11f get_random: no output on error
The get_random entry point was allowed to return partial data on both
PSA_SUCCESS and PSA_ERROR_INSUFFICIENT_ENTROPY, but there was no
meaningful difference between the two. Keep it simple: PSA_SUCCESS is
success but can be partial, and PSA_ERROR_INSUFFICIENT_ENTROPY is an
error with no output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:56 +01:00
Gilles Peskine
1ef6ad48d1 Note that I'm not completly sure about the get_entropy flags
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
3eb65fbba6 Open question: should add_entropy take an estimated_entropy_bits parameter?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
b89b4b9025 get_entropy: recommendations on conditioning and entropy estimates
Explicitly recommend that the driver accounts for environmental
conditions that can affect the amount of entropy.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
05ab2646a3 get_entropy: recommendations on the output_size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
a14326f054 Make add_entropy optional
A random generation driver does not need to support entropy injection.
This will limit it to platforms where the RNG peripheral is the sole
entropy source and without an RNG seed saved into persistent storage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:27 +01:00
Gilles Peskine
390c5a2c6f It is not meaningful for reseed_entropy_size to be 0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:19 +01:00
Gilles Peskine
0e3b7ced4c Don't require a call to add_entropy when 0 bytes are needed
If an RNG peripheral includes an entropy source, it would presumably
declare "initial_entropy_size" and "reseed_entropy_size" to be 0. In
this case, don't require the core to call "add_entropy".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:10 +01:00
Gilles Peskine
5263e1ecdd Transparent drivers can have get_entropy as well
The `get_entropy` entry point can be provided by multiple transparent
drivers, and the core will call all of them. But apart from that,
`get_entropy` doesn't involve an opaque key or a location, so it can
be in a transparent driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:46:58 +01:00
Gilles Peskine
e80978a260 Specification for random generation and entropy drivers
Transparent drivers may provide a DRBG interface through "add_entropy"
and "get_random" entry points. This interface may also be used with a
non-deterministic generator, for chips that include a TRNG.

Opaque driver may provide a "get_entropy" entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:46:42 +01:00
Gilles Peskine
1fc4c8d11b Let get_builtin_key be called to retrieve the key's attributes
Allow the core to call the "get_builtin_key" entry point to retrieve
the attributes of a built-in key. This is useful to implement
psa_get_key_attributes(), and also when the key data buffer's size
depends on the key type and size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:41:50 +01:00
Gilles Peskine
a6454d2820 Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:52 +01:00
Gilles Peskine
48d71f2aa4 New entry point get_builtin_key for opaque drivers
Allow opaque drivers to expose keys that were not created through the
PSA API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:37 +01:00
Gilles Peskine
51977355dc Remove the time stamp
Having a time stamp identifying each revision of the document is
useful, but it's also a pain because it creates a conflict whenever
there are multiple pending changes at the same time. The gain isn't
worth the pain, so I'm removing the time stamp.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:17 +01:00
Gilles Peskine
db6b03b4f2 Remove old-style accelerator and entropy driver interfaces
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.

The partially implemented dynamic secure element interface is staying
for now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 17:37:14 +01:00
Gilles Peskine
e533ff7bb7
Merge pull request #3695 from gilles-peskine-arm/psa-unified-driver-specs-20200918
PSA unified driver specification: key validation and transparent key import
2020-11-30 15:54:45 +01:00
Gilles Peskine
f0a9721c18 Use GitHub-compatible table formatting
Also fix a stray `.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-26 10:31:32 +01:00
Gilles Peskine
4228671d0f Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:11:31 +01:00
Gilles Peskine
99e52f6313 Clarifications around key import
Rework the section describing key import, in particular to clarify key
size determination and checking. There is no intended semantic change.

Note an open question around support for implementation-specific
import formats.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:11:31 +01:00
Gilles Peskine
28b3a946e9 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:08:30 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Gilles Peskine
406a5da4ab
Merge pull request #3697 from gilles-peskine-arm/psa-conditional-inclusion-c-project
PSA C configuration: more concrete information
2020-11-19 13:28:10 +01:00
Gilles Peskine
43818f8614 Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 11:24:11 +01:00
Gilles Peskine
d8c27ccab0 Fix copypasta; minor wording improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 21:44:23 +01:00
Gilles Peskine
bb483f6af8 Improve explanations around config_psa.h
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 14:35:12 +01:00
Gilles Peskine
198024cd02 Note that application code needs PSA_WANT_xxx too
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 12:04:40 +01:00
Gilles Peskine
1b1f3fb96d Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 12:02:01 +01:00
Gilles Peskine
9e069070de Fix typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 10:26:01 +01:00
Gilles Peskine
993c249242 Add a section explaining the uses of PSA_WANT_xxx
PSA_WANT_xxx is useful regardless of how the symbols are defined:
explicitly (with MBEDTLS_PSA_CRYPTO_CONFIG) or implicitly (without
MBEDTLS_PSA_CRYPTO_CONFIG).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-13 22:45:13 +01:00
Gilles Peskine
b2679984d9 Note that crypto_sizes.h needs config_psa.h as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-13 22:37:19 +01:00
Ronald Cron
cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine
7b5e6b9dcc Typos and clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-04 18:30:01 +01:00
Gilles Peskine
ce3ec6ffd6 Unify the sections on key creation
Now that transparent drivers have an "import_key" entry point, the key
creation interfaces for transparent drivers and opaque drivers are
very similar. Unify the sections that describe their behavior,
including key validation and key size determination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 18:31:50 +01:00
Gilles Peskine
12760595e7 Replace validate_key by import_key
When importing a transparent key, the key needs to be not only
validated, but also possibly converted, if it is not already in the
canonical representation. So change the validate_key entry point to an
import_key entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-26 18:07:01 +01:00
Torstein Nesse
d9246559ca Update changelog entry, format specification, and correct test vectors
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-21 11:17:09 +02:00
Gilles Peskine
48584b589f Editorial fixes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-13 19:07:02 +02:00
Gilles Peskine
e4cbb2bb73 Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-12 23:39:18 +02:00
Gilles Peskine
55687646c8 PSA_WANT_xxx needs to be defined in the old-style config mechanism
Without MBEDTLS_PSA_CRYPTO_CONFIG, PSA_WANT_xxx needs to be defined,
for the sake of code that calls the PSA API (TLS code, tests, sample
apps).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-12 23:23:52 +02:00
Torstein Nesse
162a1104be Changes PSA key storage format to include key bits
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
  ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
  attribute.
* Removes bits storage from psa_se_key_data_storage_t.

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-07 10:54:24 +02:00
Gilles Peskine
233f91d5c1 Add bits output to validate_key and import_key
When importing a key, the code that parses the input needs to
determine the key size ("bits" attribute). This is specific to import
since other key creation methods require the caller to supply a size.
Therefore, add an extra output parameter `bits` to the "import_key"
entry point for opaque drivers. Likewise, add a `bits` output
parameter to the "validate_key" entry point for transparent drivers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-02 18:00:00 +02:00
Gilles Peskine
95434380e1 Detailed architecture of symbol definitions and header inclusion
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-21 20:08:51 +02:00
Gilles Peskine
a8fc171418 Add validate_key entry point
Validate transparent keys when they are imported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-21 13:54:00 +02:00
Gilles Peskine
27e69b59a5 Fix prototypes of opaque key creation entry points
The output length parameter was missing.

Reported by Steven Cooreman.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-19 00:35:27 +02:00
Gilles Peskine
22270b5048 Fix copypasta punctuation in some function prototypes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-19 00:35:07 +02:00
Gilles Peskine
5cb54f7b27
Merge pull request #3542 from gilles-peskine-arm/psa-unified-driver-specs-20200807
PSA unified driver specification: minor updates
2020-09-18 22:53:46 +02:00
Janos Follath
2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1
TLS 1.3: Add HKDF-based key derivation functionality
2020-09-16 11:40:06 +01:00
Gilles Peskine
dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Hanno Becker
b11c3097a5 Update state of TLS 1.3 functionality in architecture document
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-08 10:28:29 +01:00
Gilles Peskine
34b07e7f25 Add a subsection with driver interface terminology
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-07 10:28:38 +02:00
Gilles Peskine
6cf4ab8f2f Fix formatting glitch
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-07 09:43:16 +02:00
Ronald Cron
71016a9ea7 psa: Rename psa_key_file_id_t to mbedtls_svc_key_id_t
With PSA crypto v1.0.0, a volatile key identifier may
contain a owner identifier but no file is associated
to it. Thus rename the type psa_key_file_id_t to
mbedtls_svc_key_id_t to avoid a direct link with a
file when a key identifier involves an owner
identifier.

The new type name is prefixed by mbedtls to highlight
that the type is specific to Mbed TLS implementation
and not defined in the PSA Cryptography API
specification.

The svc in the type name stands for service as this
is the key identifier type from the point of view of
the service providing the Cryptography services.
The service can be completely provided by the present
library or partially in case of a multi-client service.

As a consequence rename as well:
. MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER to
  MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
. PSA_KEY_ID_INIT to MBEDTLS_SVC_KEY_ID_INIT
. PSA_KEY_FILE_GET_KEY_ID to MBEDTLS_SVC_KEY_ID_GET_KEY_ID
. psa_key_file_id_make to mbedtls_svc_key_id_make

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Gilles Peskine
2e4062ce17 First go at describing how this can be implemented
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 15:41:54 +02:00
Gilles Peskine
54a0ad2012 Note the limitation that you can't exclude multipart support
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 15:41:29 +02:00
Gilles Peskine
dbd2e3c43f Nicer time stamp format
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 15:41:10 +02:00
Gilles Peskine
b51f96a7bf Pure C configuration of PSA crypto mechanisms
Proposed specification for conditional inclusion of cryptographic
mechanism through the PSA API in Mbed TLS.

The inclusion of a mechanism is based on a declaration of boolean
symbols by the application. There is a symbol for each key type or
parametrized key type constructor, and for each algorithm or
parametrized algorithm constructor.

This is work in progress, presented for a first design discussion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 14:45:51 +02:00
Gilles Peskine
ef9874d11a Update terminology
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:55:27 +02:00
Gilles Peskine
5298f684bd Fix hyperlinks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:53:59 +02:00
Gilles Peskine
2e843aeb3e Update some open questions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:43:59 +02:00
Gilles Peskine
0dfd10d2a2 Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:41:27 +02:00
Gilles Peskine
daf017c8a2 Allow algorithm policy wildcards as algorithm specifications
I'd intended this all along but never made it explicit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:40:53 +02:00
Gilles Peskine
d89cd742eb Specify that transparent drivers are considered in order
There is little point in leaving the order in which drivers are
considered unspecified. This gives flexibility to the implementation
for a process that is generally performed at build time, not in a
constrained environment. Having a well-defined order is especially
useful with fallback.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:37:55 +02:00
Gilles Peskine
91cbf56d4c Specify what happens if multiple capabilities apply
It's ok if they map to the same function names and an error otherwise.

It's an error to have multiple opaque drivers for the same location.

If multiple transparent drivers apply, which one applies is unspecified.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:30:16 +02:00
Gilles Peskine
c7cf13356c Define the semantics of capabilities
The existing description of the syntax of capabilities also describes
the semantics of each property, but the semantics of the capability as
a whole is not immediately clear. Add a subsection that explains
precisely when a capability is applicable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:24:00 +02:00
Gilles Peskine
1bc9c4c8c8 Make entry points mandatory in capabilities
Inferring entry points from algorithms is nice in that it makes
capability specifications shorter and less redundant, but that's not
really important. It also makes capabilities more fragile: if the core
starts supporting new mechanisms based on the same algorithm (for
example, adding hash-and-sign when only sign-the-hash existed before),
a driver only supporting the old mechanisms would fail at build time.
So make entry points mandatory.

This has the benefit of making the semantics of capabilities easier to
describe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 22:47:15 +02:00
Gilles Peskine
924e273b06 Change "functions" property to "entry_points"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 13:53:16 +02:00
Gilles Peskine
c259213a01 More editorial corrections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 13:52:43 +02:00
Gilles Peskine
15319454e6 Reword the explanation of fallback
Add the rationale which I'd accidentally omitted.

No intended meaning change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:49:54 +02:00
Gilles Peskine
85b3e13cd0 Introduce "acme" as the prefix each time it's used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
daf9d82b75 Correct usage of key_derivation_output_key
Add the mention of key_derivation_output_key in the section about the
key derivation entry point family.

Rename "derive_key" to "key_derivation_output_key". At this point,
there's no reason to deviate from the naming convention.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
a58d225d62 Add deep links to the API specification in a few places
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
d4e6927614 Change "function" to "entry point" in more places
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
53ba94c968 Clarify how the headers are used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
e72e4de070 Clarify what the headers do
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
7a1e4f926a Minor wording improvements
Clarify some sentences. There is no change in intended meaning.

Fix typos. Change British spelling to American spelling.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:32 +02:00
danh-arm
0ca6d38bc3
Merge pull request #3493 from gilles-peskine-arm/psa-unified-driver-specs
PSA unified driver specification
2020-08-06 16:10:17 +01:00
Gilles Peskine
404e1dbd5a Clarify updates to the persistent state in storage
Rename psa_crypto_driver_update_persistent_state to
psa_crypto_driver_commit_persistent_state.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:37:29 +02:00
Gilles Peskine
5001da4aee With multiple applicable transparent drivers, the order is unspecified
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:32:36 +02:00
Gilles Peskine
b320d0833d Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:27:41 +02:00
Gilles Peskine
ea739f0814 Give some examples of purpsoses of pure-software transparent driver
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:27:41 +02:00
Gilles Peskine
e265b9d183 Fix typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:27:41 +02:00
Gilles Peskine
3d1bcc68cb Add a link to the PSA API specification
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:20:09 +02:00
Gilles Peskine
929ab8af2b Explain locations vs lifetimes
Locations aren't in the official PSA API specification yet (they've
only be made public in Mbed TLS). Until version 1.0.1 of the API
specification is out, this document needs to explain locations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:18:38 +02:00
Gilles Peskine
ab808e7592 Update open question section about public key storage
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-03 13:43:02 +02:00
Gilles Peskine
c93c4ed653 Remove the paragraph about declaring application needs
It's out of scope.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-03 13:38:03 +02:00
Gilles Peskine
c1d388ae54 Change driver persistent data to a callback interface
Rather than have some functions take the in-memory copy of the
persistent data as argument, allow all of them to access the
persistent data, including modifying it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-03 12:04:46 +02:00
Gilles Peskine
8d06ad0177 Rework and expand key management in opaque drivers
Opaque drivers only have a destroy function if the key is stored in
the secure element.

Expand on how key creation works. Provide more explanations of
allocate_key in drivers for secure elements with storage. Discuss key
destruction as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-03 12:04:46 +02:00
Gilles Peskine
921492625c Fix typos and copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-03 12:04:45 +02:00
Gilles Peskine
b6c43f61a4 Call driver entry point functions "entry point"
Call the functions listed in the driver description "entry points".
It's more precise than "functions", which could also mean any C
function defined in the driver code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-03 11:21:07 +02:00
Gilles Peskine
bcce2eff27 Transparent drivers may have init functions too
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-13 13:27:45 +02:00
Gilles Peskine
71db60bd11 Automatically define location/lifetime constants
PSA_KEY_LOCATION_acme, PSA_KEY_LIFETIME_acme

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-13 13:27:45 +02:00
Gilles Peskine
278e5ebf78 Start Mbed TLS guides to PSA drivers
Driver developer's guide: introduction on how to write a driver.

Driver integration guide: how to build Mbed TLS with drivers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-13 13:27:45 +02:00
Gilles Peskine
2e66aca372 PSA unified driver interface
Working draft of the PSA cryptography unified interface specification.
Eventually this document will be under Arm PSA architecture ownership,
but for the time being this draft is maintained in Mbed TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-13 13:27:45 +02:00
Gilles Peskine
abeb58e814 Add a directory for proposed specifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-13 13:27:42 +02:00
Manuel Pégourié-Gonnard
fafe8553c6
Merge pull request #3392 from paul-elliott-arm/psa_ecc_dh_macros
PSA: update EC curve and DH group family macros
2020-07-07 09:20:44 +02:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Gilles Peskine
fb4f933f8e Rename Python scripts to use '_' and not '-'
You can't import a Python script whose name includes '-'.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-06-25 14:22:06 +02:00
Janos Follath
bba4c17b7a
Merge pull request #3315 from hanno-arm/tls13-experimental-macro
Add support for TLS 1.3 record protection routines
2020-06-04 15:51:54 +01:00
Hanno Becker
5a83d29114 Mention HKDF in TLS 1.3 feature document
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 06:33:00 +01:00
Hanno Becker
0c3bebfa15 Fix typo in header of TLS 1.3 experimental features document
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-06-02 06:32:43 +01:00
Hanno Becker
9338f9f718 Add documentation on state of upstreaming of TLS 1.3 prototype
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-05-31 08:51:29 +01:00
Gilles Peskine
24ba42cef7 Fix explanation of rules for function substitution
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:07:42 +02:00
Gilles Peskine
688f6cc591 There are test programs, not just unit tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:07:40 +02:00
Gilles Peskine
5925183b8a Fix explanation of PSA_DONE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:06:37 +02:00
Gilles Peskine
2182585776 Introduction: present the top-level sections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:03:33 +02:00
Gilles Peskine
d04b9ed7dd Spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 23:03:24 +02:00
Gilles Peskine
fa51820e39 Expand the rule for internal functions exposed for tests only
Clarify that using a header in library/ rather than include/ for
internal functions is a rule, not just a possibility.

As suggested by Manuel, state a rule for functions that need to be
static for best optimization but that we want to unit-test.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:56:38 +01:00
Gilles Peskine
4b7279e5d9 Write up some solutions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:56:31 +01:00
Gilles Peskine
dff10c773b Add a note that TLS requires further consideration
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:56:22 +01:00
Gilles Peskine
ab4b9b4165 New test strategy document: invasive testing
Evaluate possible approaches for invasive testing.

State some rules.

This commit was originally written for Mbed Crypto only.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-03-24 22:56:15 +01:00
Gilles Peskine
228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine
89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine
9afbfdc833 Merge remote-tracking branch 'myfork-public/development' into merge-crypto-development-20191115
First deal with deleted files.

* Files deleted by us: keep them deleted.
* Files deleted by them, whether modified by us or not: keep our version.

```
git rm $(git status -s | sed -n 's/^DU //p')
git reset -- $(git status -s | sed -n 's/^D  //p')
git checkout -- $(git status -s | sed -n 's/^ D //p')
git add -- $(git status -s | sed -n 's/^UD //p')
```

Individual files with conflicts:

* `3rdparty/everest/library/Hacl_Curve25519_joined.c`: spurious conflict because git mistakenly identified this file as a rename. Keep our version.
* `README.md`: conflict due to their change in a paragraph that doesn't exist in our version. Keep our version of this paragraph.
* `docs/architecture/Makefile`: near-identical additions. Adapt the definition of `all_markdown` and include the clean target.
* `doxygen/input/docs_mainpage.h`: conflict in the version number. Keep our version number.
* `include/mbedtls/config.h`: two delete/modify conflicts. Keep the removed chunks out.
* `library/CMakeLists.txt`: discard all their changes as they are not relevant.
* `library/Makefile`:
    * Discard the added chunk about the crypto submodule starting with `INCLUDING_FROM_MBEDTLS:=1`.
    * delete/modify: keep the removed chunk out.
    * library build: This is almost delete/modify. Their changes are mostly not applicable. Do keep the `libmbedcrypto.$(DLEXT): | libmbedcrypto.a` order dependency.
    * `.c.o`: `-o` was added on both sides but in a different place. Change to their place.
* `library/error.c`: to be regenerated.
* `library/version_features.c`: to be regenerated.
* `programs/Makefile`: Most of the changes are not relevant. The one relevant change is in the `clean` target for Windows; adapt it by removing `/S` from our version.
* `programs/test/query_config.c`: to be regenerated.
* `scripts/config.py`: added in parallel on both sides. Keep our version.
* `scripts/footprint.sh`: parallel changes. Keep our version.
* `scripts/generate_visualc_files.pl`: one delete/modify conflict. Keep the removed chunks out.
* `tests/Makefile`: discard all of their changes.
* `tests/scripts/all.sh`:
    * `pre_initialize_variables` add `append_outcome`: add it.
    * `pre_initialize_variables` add `ASAN_CFLAGS`: already there, keep our version.
    * `pre_parse_command_line` add `--no-append-outcome`: add it.
    * `pre_parse_command_line` add `--outcome-file`: add it.
    * `pre_print_configuration`: add `MBEDTLS_TEST_OUTCOME_FILE`.
    * Several changes in SSL-specific components: keep our version without them.
    * Several changes where `config.pl` was changed to `config.py` and there was an adjacent difference: keep our version.
    * Changes regarding the inclusion of `MBEDTLS_MEMORY_xxx`: ignore them here, they will be normalized in a subsequent commit.
    * `component_test_full_cmake_gcc_asan`: add it without the TLS tests.
    * `component_test_no_use_psa_crypto_full_cmake_asan`: keep the fixed `msg`, discard other changes.
    * `component_test_memory_buffer_allocator_backtrace`, `component_test_memory_buffer_allocator`: add them without the TLS tests.
    * `component_test_m32_everest`: added in parallel on both sides. Keep our version.
* `tests/scripts/check-names.sh`, `tests/scripts/list-enum-consts.pl`, `tests/scripts/list-identifiers.sh`, ``tests/scripts/list-macros.sh`: discard all of their changes.
* `tests/scripts/test-ref-configs.pl`: the change in the conflict is not relevant, so keep our version there.
* `visualc/VS2010/*.vcxproj`: to be regenerated.

Regenerate files:

```
scripts/generate_visualc_files.pl
git add visualc/VS2010/*.vcxproj
scripts/generate_errors.pl
git add library/error.c
scripts/generate_features.pl
git add library/version_features.c
scripts/generate_query_config.pl
git add programs/test/query_config.c
```

Rejected changes in non-conflicting files:

* `CMakeLists.txt`: discard their addition which has already been side-ported.
* `doxygen/mbedtls.doxyfile`: keep the version number change. Discard the changes related to `../crypto` paths.

Keep the following changes after examination:

* `.travis.yml`: all of their changes are relevant.
* `include/mbedtls/error.h`: do keep their changes. Even though Crypto doesn't use TLS errors, it must not encroach on TLS's allocated numbers.
* `tests/scripts/check-test-cases.py`: keep the code dealing with `ssl-opt.sh`. It works correctly when the file is not present.
2019-11-15 11:47:14 +01:00
Jaeden Amero
fbdf150080 getting_started: Make it clear that keys are passed in
It was not obvious before that `AES_KEY` and `RSA_KEY` were shorthand
for key material. A user copy pasting the code snippet would run into a
compilation error if they didn't realize this. Make it more obvious that
key material must come from somewhere external by making the snippets
which use global keys into functions that take a key as a parameter.
2019-11-08 10:22:15 +00:00
Gilles Peskine
7334462278 Make hyperlink a hyperlink in every markdown flavor 2019-10-01 10:36:10 +02:00
Gilles Peskine
e94bc87ebe Document test case descriptions 2019-09-27 20:24:33 +02:00
Gilles Peskine
508caf528a Document the test outcome file 2019-09-24 19:21:19 +02:00
Gilles Peskine
d46b0869f4 Create infrastructure for architecture documents in Markdown 2019-09-24 19:21:19 +02:00
Jaeden Amero
3f20efc030
Merge pull request #246 from gilles-peskine-arm/psa-se_driver-interface_test_strategy
Secure element driver interface test strategy
2019-09-12 14:31:26 +01:00
Gilles Peskine
4b3db7382d Add "clean" rule 2019-09-09 18:26:20 +02:00
Gilles Peskine
1ff67cc65c Build the driver interface test strategy document 2019-09-09 18:25:13 +02:00
Gilles Peskine
8b193c10ca Check inputs too 2019-09-05 19:37:01 +02:00
Guy Wild
2900811b01
Update getting_started.md 2019-09-05 11:38:14 +03:00
Guy Wild
ce56077f97
Update based on Jaeden's comments. 2019-09-05 11:35:16 +03:00
Guy Wild
5b1347a59e Update getting_started.md 2019-09-05 09:46:31 +03:00
Gilles Peskine
545c28bf70 Fix URL of ATECC driver 2019-09-04 19:41:16 +02:00
Gilles Peskine
92bcfdbb66 Write secure element driver interface test strategy 2019-09-04 19:26:50 +02:00
Gilles Peskine
b26c8d8bb4 Create a driver interface test strategy document
Just the structure for now, no actual content.
2019-09-04 19:26:17 +02:00
Guy Wild
2a9e9f7d52 Update getting_started.md 2019-09-04 13:45:54 +03:00
Guy Wild
94113dbff3 Update getting_started.md 2019-09-04 09:56:51 +03:00
Guy Wild
0058ab61e7
Update docs/getting_started.md
Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-09-04 09:17:54 +03:00
Guy Wild
ad067c64f3
Update docs/getting_started.md
Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-09-04 09:17:23 +03:00
Guy Wild
eefc517b1f
Update docs/getting_started.md
Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-09-04 09:16:53 +03:00
Guy Wild
33d421dd6a
Update docs/getting_started.md
Co-Authored-By: Gilles Peskine <gilles.peskine@arm.com>
2019-09-04 09:16:14 +03:00
Guy Wild
5033fdd0e4 Update getting_started.md 2019-09-04 09:14:55 +03:00
Guy Wild
802b19f661 Update getting_started.md 2019-09-03 16:40:44 +03:00
Guy Wild
c03c0fcd93 Update getting_started.md 2019-09-03 13:18:04 +03:00
Jaeden Amero
884738a2d6 getting_started: Update for PSA Crypto API 1.0b3 2019-08-28 17:24:27 +01:00
Gilles Peskine
72c8c5b352 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801
Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
2019-07-31 17:47:49 +02:00
Gilles Peskine
831ac72338 Add transaction file and driver storage; new key file format
Update the storage architecture with the new features introduced for
secure element support:

* Lifetime field in key files.
* Slot number in key files for keys in a secure element.
* Transaction file (name and format).
* Persistent storage for secure element drivers (name and format).

The version number is not determined yet.
2019-07-23 19:32:21 +02:00
Gilles Peskine
2c8f909782 Correct version number for 1.1.0 format (formerly 1.0.1)
Update the 1.1.0 format description now that its version number has
been decided. This release turned out to be 1.1.0, not 1.0.1.
2019-07-10 17:19:46 +02:00
Gilles Peskine
2938268fb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190524
Conflicts:
* library/ssl_cli.c, library/ssl_tls.c:
  Removed on the development branch. Keep them removed.
* include/psa/crypto_extra.h, library/psa_crypto_storage.c,
  tests/suites/test_suite_psa_crypto.data,
  tests/suites/test_suite_psa_crypto.function,
  tests/suites/test_suite_psa_crypto_persistent_key.data,
  tests/suites/test_suite_psa_crypto_slot_management.data,
  tests/suites/test_suite_psa_crypto_slot_management.function:
  Modified on the development branch only to implement the enrollment
  algorithm, which has been reimplemented on the API branch.
  Keep the API branch.
2019-05-29 09:57:29 +02:00
Gilles Peskine
131aa31c82 New key file format for 1.0.1
Add alg2 field and note that some encodings have changed.
2019-05-21 18:31:59 +02:00
Gilles Peskine
640273a35e Update key file format information for 1.0.0
The storage specification described a version tentatively called
0.2.0. This was actually released as 1.0.0 with the format as
described here.
2019-05-21 18:31:59 +02:00
Gilles Peskine
35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Adrian L. Shaw
5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Gilles Peskine
e56e878207 Remove extra parameter from psa_generate_key
Read extra data from the domain parameters in the attribute structure
instead of taking an argument on the function call.

Implement this for RSA key generation, where the public exponent can
be set as a domain parameter.

Add tests that generate RSA keys with various public exponents.
2019-04-26 17:37:50 +02:00
Gilles Peskine
11eca7115e Update the encoding of owners in key file identifiers
Switch to the terminology "key file identifier", as has been done in
the code.

The owner uid is now in the upper 32 bits of the key file identifier,
which facilitates namespacing.
2019-02-20 15:44:22 +01:00
Gilles Peskine
f02fbf4bbe Don't mention "crypto service" when discussing a library integration 2019-02-13 15:43:35 +01:00
Gilles Peskine
b5a132f26c Minor clarifications 2019-02-12 16:47:20 +01:00
Gilles Peskine
0b02002fec Specification of how Mbed Crypto uses storage
Describe the storage format for keys and random seed in Mbed Crypto
0.1.0 released with Mbed OS 5.11, over C stdio and over ITS with
32-bit file identifiers.

Describe the proposed storage format for keys and random seed in the
future release of Mbed Crypto for Mbed OS 5.12, over C stdio and over
ITS with 64-bit file identifiers.
2019-02-12 14:25:57 +01:00
Gilles Peskine
4945176ebe Add framework for architecture documents in Markdown 2019-02-12 14:25:40 +01:00
Gilles Peskine
f8785f740c Remove API specification PDFs from the implementation repository 2019-01-31 11:55:46 +01:00
Jaeden Amero
70261c513a psa: Add initializers for key policies
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero
8fe3372de1 Add generated documentation for mbedcrypto-0.1.0b 2018-11-26 17:21:23 +00:00
mohammad1603
87a7eeb906 Add a getting started guide
Add a new guide intended to help users of the library quickly get going
with any of a number of tasks via code snippets and explanations.
2018-11-16 12:00:44 +00:00