Commit graph

492 commits

Author SHA1 Message Date
Andrew Thoelke
51514f57e9 Resolve inconsistent descipriton of operation state after exhausting a key derivation operation 2019-09-18 17:50:01 +01:00
Andrew Thoelke
4104afb770 Clarify valid state descriptions 2019-09-18 17:47:25 +01:00
Andrew Thoelke
beb97ba066 Update documentation for multipart key derivation operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke
414415a457 Update documentation for multipart aead operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke
db6f44f875 Update documentation for multipart cipher operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
9f208cc8c2 Update documentation for multipart mac operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
272ba1dd96 Update documentation for multipart hash operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
340984b003 Fix PSA_ERROR_BAD_STATE messages
Remove some duplicated entries and added some missing ones.
2019-09-13 15:35:17 +01:00
Gilles Peskine
05c900b576 Forbid keys of size 0
Keys of size 0 generally don't make sense: a key is supposed to be
secret. There is one edge case which is "raw data" keys, which are
useful to store non-key objects in the same storage location as keys.
However those are also problematic because they involve a zero-length
buffer. Manipulating zero-length buffers in C requires special cases
with functions like malloc() and memcpy(). Additionally, 0 as a key
size already has a meaning "unspecified", which does not always
overlap seamlessly with the meaning "0".

Therefore, forbid keys of size 0. No implementation may accept them.
2019-09-12 18:29:43 +02:00
Gilles Peskine
a170d927dd Clarify how key creation functions use attributes and what 0 means
Clarify how key creation functions use attributes. Explain the meaning
of attribute values, espcially what 0 means in each field where it has
a special meaning. Explain what an algorithm usage policy can be (an
algorithm, a wildcard with ANY_HASH, or 0).
2019-09-12 17:38:19 +02:00
Andrew Thoelke
5ae24ec7af Add missing error case to psa_aead_verify 2019-09-12 09:44:33 +01:00
Adrian L. Shaw
4c61c1a736 Move psa_destroy_key and psa_copy_key to Key Management section 2019-09-11 14:40:51 +01:00
Jaeden Amero
4badc92438
Merge pull request #117 from gilles-peskine-arm/psa_error_code_coverage
PSA return status coverage script
2019-09-10 16:39:23 +01:00
Jaeden Amero
4864eb5bec
Merge pull request #247 from athoelke/at-key-handles
Update the behavior of key handles
2019-09-10 14:38:56 +01:00
Andrew Thoelke
970629fc9a Fix grammar. 2019-09-09 09:56:34 +01:00
Gilles Peskine
be061337c1 Document more error codes 2019-09-06 19:29:52 +02:00
Adrian L. Shaw
8619f8cd07 Remove storage errors from psa_generate_random 2019-09-05 10:37:22 +01:00
Andrew Thoelke
de183416f8 Update the behavior of key handles
* open output distinct key handles
* each handle must be closed
* destroying a key does not invalidate other handles
* closing a key can/might fail an active operation (but not required)
2019-09-05 09:38:06 +01:00
Adrian L. Shaw
3b5975641e Fix return code warnings
- Remove STORAGE_FAILURE from hash and abort functions
- Remove BUFFER_TOO_SMALL from psa_mac_verify
2019-09-04 19:20:32 +01:00
Adrian L. Shaw
fa2cefa001 Fix warnings 2019-09-04 11:36:15 +01:00
Adrian L. Shaw
f483973c37 Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
599c712668 Remove errorneous insert 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
1505b2108a Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
1f1e1a5253 Add storage failure to psa_mac_verify_finish 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
56b32b126c Add storage failure to psa_mac_sign_finish 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
22bc8fff0c Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:35:06 +01:00
Adrian L. Shaw
8f7cd1ee55 Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:34:22 +01:00
Adrian L. Shaw
97d3bc3674 Added extra bad state case to psa_hash_setup 2019-09-04 11:34:22 +01:00
Adrian L. Shaw
2364924619 Add missing return codes to psa_generate_key 2019-09-04 11:34:22 +01:00
Adrian L. Shaw
1f42a84a13 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:33:32 +01:00
Adrian L. Shaw
650229ba38 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
2a889781c5 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
11638b99a0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
7f1863c905 Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
15731c1422 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
23c006f45e Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
39797aa34c Fix erroneous cut and paste 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
fbf7f121f9 Separate return codes for unsupported and invalid algorithms 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
66200c4e98 Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
f97c8523ee Add CORRUPTION_DETECTED to psa_close_key 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
6725757cec Remove errorneous insert 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
484ba88a0f Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
dc5bf5c8e7 Add storage failure to (encrypt/decrypt)_setup 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
d9e9024885 Add storage failure to psa_mac_verify_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
263223689f Add storage failure to psa_mac_sign_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
8d0bcf27ec Add PSA_ERROR_INVALID_ARGUMENT to psa_hash_compare 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
df3c7ac645 Remove trailing whitespace 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d789dc13da Added a few more return codes 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
3e41249417 Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
71b33ffcf8 Add missing error codes to psa_generate_random 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
0d280b9873 Add missing error codes for psa_raw_key_agreement 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
a3f6ba5843 Added PSA_ERROR_STORAGE_FAILURE to psa_cipher_(encrypt/decrypt) 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
320659b54c Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
e970d65273 Added extra bad state case to psa_hash_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
6e758c9bb8 Add missing return codes to psa_asymmetric_verify 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
27c121574b Add missing parameters to psa_asymmetric_sign 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d21c6e6566 Add missing return codes to psa_generate_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
c207ba376e Added missing return codes to psa_aead_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
96f31ada18 Add missing return codes to psa_asymmetric_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
f961d5c9e6 Add missing return codes to psa_asymmetric_encrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
53d90c5199 Only return PSA_ERROR_DOES_NOT_EXIST from psa_open_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
9770d0e0f8 Add PSA_ERROR_STORAGE_FAILURE to psa_mac_verify_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
2409ba0429 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
7563ed17ab Remove PSA_ERROR_DOES_NOT_EXIST from psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d5ae06b1e3 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
dec47b6f9d Added the possibility of PSA_ERROR_BAD_STATE to all functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
fa591c44af Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
f7d852a9d5 Added PSA_ERROR_BUFFER_TOO_SMALL to psa_hash_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
60b0320af0 Add PSA_ERROR_STORAGE_FAILURE to psa_copy_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
398b3c27e0 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
e926e7370f Removed PSA_DOES_NOT_EXIST from psa_export_public_key
The implementation should return PSA_ERROR_INVALID_HANDLE instead.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
88c51adfc0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
742084ea25 Removed PSA_ERROR_DOES_NOT_EXIST from psa_export_key
If the key doesn't exist by the time this call is made
then the handle is invalid,
which means that PSA_ERROR_INVALID_HANDLE should be
returned rather than "does not exist"
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
0542d595ce Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
89b7152ed0 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
29b64073af Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:30:17 +01:00
Jaeden Amero
21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Andrew Thoelke
8824daec6f Editorial fixes. 2019-08-22 15:52:32 +01:00
Andrew Thoelke
07f16b78ff Update documentation for psa_destroy_key
Define the affect on handles to the key and on active multipart 
operations.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
3daba812d7 Update documentation for psa_close_key
Adjust the wording to permit multiple handles to a single key - closing
a handle does not necessarily release volatile memory associated with
the key, that only occurs when the last handle is closed.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
9741b11440 Update psa_open_key documentation
- Describe the implementation defined behavior for opening multiple 
keys, and provide a reference to the relevant section.

- Describe the use of INSUFFICENT_MEMORY error to indicate additional 
implementation resource constaints.

- Clarify the distinction between DOES_NOT_EXIST and INVALID_HANDLE 
error conditions.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
203491c65d Remove duplicated information in psa_open_key
The information about implmementation keys is duplicated.
2019-08-22 15:52:31 +01:00
k-stachowiak
b9b4f09c47 Document new error type returned from the key derivation API 2019-08-15 19:01:59 +02:00
Gilles Peskine
adb1c52149
Merge pull request #157 from gilles-peskine-arm/psa-se_driver-create_key
Secure element key creation foundation
2019-07-26 14:39:55 +02:00
Gilles Peskine
105f67f0fa Move the definition of psa_key_attributes_t to crypto_types.h
psa_key_attributes_t is used in the SE driver HAL, so it must be
defined in a common header, not in the API-only header crypto.h.
2019-07-23 18:43:28 +02:00
Andrew Thoelke
d16bdac9b5 Use stdint.h types in multipart AEAD functions
No implementation yet.
2019-07-15 11:14:56 +02:00
Andrew Thoelke
47629d076e Use stdint.h types
Follow MISRA C 2012 rules by using exact width types from stdint.h.
2019-07-15 11:14:56 +02:00
Gilles Peskine
6a21123619 Remove obsolete mentions of PSA_ERROR_EMPTY_SLOT
There are no more "empty slots", so finish removing the corresponding
error.
2019-05-21 19:11:07 +02:00
Gilles Peskine
4754cdeef8 Improve description of psa_open_key()
Remove obsolete reference to psa_make_key_persistent().
2019-05-21 18:43:18 +02:00
Gilles Peskine
a0c0655c91 Add missing declarations to the API document
PSA_KEY_ATTRIBUTES_INIT and psa_key_attributes_init weren't declared
in the API document, only defined in our implementation, but they are
referenced in the API document.
2019-05-21 15:54:54 +02:00
Jaeden Amero
fba7539ad7
Merge pull request #269 from ARMmbed/psa-slots_to_handles
Update API documentation to refer to handles and key ids, not slots
2019-05-17 10:18:34 +01:00
Gilles Peskine
eff4942202
Merge pull request #268 from ARMmbed/psa-error_tampering_detected
Rename PSA_ERROR_TAMPERING_DETECTED to PSA_ERROR_CORRUPTION_DETECTED
2019-05-17 11:06:09 +02:00
Gilles Peskine
35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine
c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Adrian L. Shaw
0a695bd13e Simplify description of psa_copy_key 2019-05-16 22:11:18 +02:00
Adrian L. Shaw
52d83dabd6 Mention psa_close_key in the description of psa_open_key 2019-05-16 22:11:17 +02:00
Adrian L. Shaw
d56456cbe8 Improve descriptions that mention handles and fix incorrect mention of psa_create_key 2019-05-16 22:10:51 +02:00
Adrian L. Shaw
67e1c7ac80 Remove remaining mentions of slots 2019-05-16 22:10:49 +02:00
Gilles Peskine
4b3eb69271 Rename PSA_ERROR_TAMPERING_DETECTED to ..._CORRUPTION_DETECTED
“Tampering detected” was misleading because in the real world it can
also arise due to a software bug. “Corruption detected” is neutral and
more precisely reflects what can trigger the error.

perl -i -pe 's/PSA_ERROR_TAMPERING_DETECTED/PSA_ERROR_CORRUPTION_DETECTED/gi' $(git ls-files)
2019-05-16 21:35:18 +02:00
Gilles Peskine
20a77aeac7 RSA key generation: require e=65537 2019-05-16 19:51:10 +02:00
Gilles Peskine
a130219ac0 Move remaining text about DSA out of the specification 2019-05-16 19:51:10 +02:00
Gilles Peskine
dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Gilles Peskine
24f10f85e2 Remove domain parameters from the official API
Move psa_get_key_domain_parameters() and
psa_set_key_domain_parameters() out of the official API and declare
them to be implementation-specific extensions.

Expand the documentation of psa_set_key_domain_parameters() a bit to
explain how domain parameters are used.

Remove all mentions of domain parameters from the documentation of API
functions. This leaves DH and DSA effectively unusable.
2019-05-16 19:27:05 +02:00
Gilles Peskine
58fe9e8afe Correct the description of psa_raw_key_agreement
There was some copypasta from the KA+KDF function's description.
2019-05-16 18:55:25 +02:00
Gilles Peskine
be697d8324 Shorten the name of psa_key_agreement_raw_shared_secret
There is less of a risk of confusion with the KA+KDF function now.
2019-05-16 18:55:25 +02:00
Gilles Peskine
1cb9a08d6a Reorder key derivation functions in the header file
Present key derivation functions in a more logical order,
corresponding roughly to the order in which an application would call
them.
2019-05-16 18:55:25 +02:00
Gilles Peskine
cf7292e257 Wrap and reindent some lines
After renaming several identifiers, re-wrap and re-indent some lines
to make the code prettier.
2019-05-16 18:55:25 +02:00
Gilles Peskine
35675b6b26 Terminology: say "key derivation operation", not "generator"
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology.

This commit updates the function descriptions.
2019-05-16 18:55:25 +02:00
Gilles Peskine
cbe6650394 Rename generator-related internal identifiers
perl -pe 's/crypto_generator/key_derivation/gi' $(git ls-files)
    perl -pe 's/_generator/_key_derivation/gi' $(git ls-files)
2019-05-16 18:55:25 +02:00
Gilles Peskine
a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Jaeden Amero
d35249e66f
Merge pull request #109 from gilles-peskine-arm/psa-key_attributes-set_persistent
Individual setters for persistent key attributes
2019-05-16 17:28:53 +01:00
Jaeden Amero
99e8d26a75
Merge pull request #104 from gilles-peskine-arm/psa-global_key_id
Make key ids global and define their range
2019-05-16 17:11:59 +01:00
Gilles Peskine
f1b7694768 Minor documentation improvements 2019-05-16 16:10:59 +02:00
Jaeden Amero
16ab39102e
Merge pull request #102 from gilles-peskine-arm/psa-aead_multipart-delay
Multipart AEAD buffer output sizes
2019-05-16 13:34:21 +01:00
Jaeden Amero
76be7f9c70
Merge pull request #108 from gilles-peskine-arm/psa-copy_key-policy
Add policy usage flag to copy a key
2019-05-16 12:08:13 +01:00
Gilles Peskine
73676cbc50 Put handle parameter last: psa_import_key
In psa_import_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 23:16:07 +02:00
Gilles Peskine
806051f17e Update an obsolete use of psa_import_key in documentation
psa_import_key now takes an attribute structure, not a type.
2019-05-15 23:15:49 +02:00
Gilles Peskine
98dd779eb5 Put handle parameter last: psa_generate_derived_key
In psa_generate_derived_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 20:15:31 +02:00
Gilles Peskine
dc8219a10d Replace psa_make_key_persistent by id/lifetime setters
Use individual setters for the id and lifetime fields of an attribute
structure, like the other attributes.

This commit updates the specification and adds an implementation of
the new setters.
2019-05-15 19:14:05 +02:00
Gilles Peskine
d6a8f5f1b5 Improve description of PSA_KEY_USAGE_COPY
Be more clear about when EXPORT is also required.
2019-05-14 16:25:50 +02:00
Gilles Peskine
ac99e32b79 Documentation improvements 2019-05-14 16:11:07 +02:00
Gilles Peskine
8e0206aa26 New usage flag PSA_KEY_USAGE_COPY
Document the new flag and allow its use.
2019-05-14 14:24:28 +02:00
Gilles Peskine
4318dfc8ec psa_export_key, psa_export_public_key: document the EXPORT flag 2019-05-14 14:23:32 +02:00
Jaeden Amero
1fe90fab30
Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes
Check unused attributes in import and copy
2019-05-13 11:48:40 +01:00
Gilles Peskine
4a231b8d3b Break up key identifiers into user, vendor and reserved ranges
Define a range of key identifiers for use by the application
(0..2^30-1), a range for use by implementations (2^30..2^31), and a
range that is reserved for future use (2^31..2^32-1).
2019-05-06 18:56:14 +02:00
Gilles Peskine
225010fdf7 Remove lifetime parameter from psa_open_key
Change the scope of key identifiers to be global, rather than
per lifetime. As a result, you now need to specify the lifetime of a
key only when creating it.
2019-05-06 18:52:22 +02:00
Gilles Peskine
f02aec90dc Allow AEAD update output to be delayed
Do not require finish() to have empty output for any algorithm. Some
hardware does not support immediate stream processing.
2019-05-06 15:59:44 +02:00
Gilles Peskine
49dd8d8cec Add size macros for multipart AEAD
New macros PSA_AEAD_UPDATE_OUTPUT_SIZE, PSA_AEAD_FINISH_OUTPUT_SIZE
and PSA_AEAD_VERIFY_OUTPUT_SIZE to determine the output buffer sizes
for psa_aead_update(), psa_aead_finish() and psa_aead_verify().
2019-05-06 15:59:16 +02:00
Gilles Peskine
5211efb317 Add output parameter for psa_aead_verify
Like psa_aead_finish(), psa_aead_verify() needs to produce output from
the last partial block of input if psa_aead_update() cannot produce
output byte by byte.
2019-05-06 15:56:05 +02:00
Gilles Peskine
4ce2a9dcbf Check unused attributes in import and copy
In psa_import_key and psa_copy_key, some information comes from the
key data (input buffer or source key) rather than from the attributes:
key size for import, key size and type and domain parameters for copy.
If an unused attribute is nonzero in the attribute structure, check
that it matches the correct value. This protects against application
errors.
2019-05-03 16:57:15 +02:00
Adrian L. Shaw
5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Gilles Peskine
1ea5e44c93 Minor documentation improvement 2019-05-02 20:31:10 +02:00
Gilles Peskine
aa02c17dfa Add buffer size macro for psa_get_key_domain_parameters 2019-04-28 11:48:29 +02:00
Gilles Peskine
9c640f91d4 Improve documentation of key attributes 2019-04-28 11:48:26 +02:00
Gilles Peskine
06af0cd4a3 Always require reset after psa_get_key_attributes
There was a guarantee that psa_get_key_attributes() does not require a
subsequent psa_reset_key_attributes() to free resources as long as the
key was created with attributes having this property. This requirement
was hard to pin down because if a key is created with default
parameters, there are cases where it is difficult to ensure that the
domain parameters will be reported without allocating memory. So
remove this guarantee. Now the only case psa_reset_key_attributes() is
not required is if the attribute structure has only been modified with
certain specific setters.
2019-04-28 11:46:10 +02:00
Gilles Peskine
e56e878207 Remove extra parameter from psa_generate_key
Read extra data from the domain parameters in the attribute structure
instead of taking an argument on the function call.

Implement this for RSA key generation, where the public exponent can
be set as a domain parameter.

Add tests that generate RSA keys with various public exponents.
2019-04-26 17:37:50 +02:00
Gilles Peskine
b699f07af0 Switch psa_{get,set}_domain_parameters to attributes
Change psa_get_domain_parameters() and psa_set_domain_parameters() to
access a psa_key_attributes_t structure rather than a key handle.

In psa_get_key_attributes(), treat the RSA public exponent as a domain
parameter and read it out. This is in preparation for removing the
`extra` parameter of psa_generate_key() and setting the RSA public
exponent for key generation via domain parameters.

In this commit, the default public exponent 65537 is not treated
specially, which allows us to verify that test code that should be
calling psa_reset_key_attributes() after retrieving the attributes of
an RSA key is doing so properly (if it wasn't, there would be a memory
leak), even if the test data happens to use an RSA key with the
default public exponent.
2019-04-26 17:37:08 +02:00
Gilles Peskine
3a4f1f8e46 Set the key size as an attribute
Instead of passing a separate parameter for the key size to
psa_generate_key and psa_generator_import_key, set it through the
attributes, like the key type and other metadata.
2019-04-26 13:49:28 +02:00
Gilles Peskine
a3dd737be4 Move legacy definitions to crypto_extra.h
Types and functions that are not used in the attribute-based key
creation API are now implementation-specific extensions, kept around
until we finish transitioning to the new API.
2019-04-24 15:47:30 +02:00
Gilles Peskine
2062859496 Document the new functions related to key attributes
Also update the documentation of key creation functions that have been
modified to use key attributes.
2019-04-24 15:47:30 +02:00
Gilles Peskine
8c8f2ab66b Implement psa_get_key_attributes
Implement attribute querying.

Test attribute getters and setters. Use psa_get_key_attributes instead
of the deprecated functions psa_get_key_policy or
psa_get_key_information in most tests.
2019-04-24 15:46:04 +02:00
Gilles Peskine
4747d19d18 Implement atomic-creation psa_import_key
Implement the new, attribute-based psa_import_key and some basic
functions to access psa_key_attributes_t. Replace
psa_import_key_to_handle by psa_import_key in a few test functions.

This commit does not handle persistence attributes yet.
2019-04-24 15:45:50 +02:00
Gilles Peskine
87a5e565f4 Rename functions that inject key material to an allocated handle
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.

This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running

    perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
    perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c

Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.

All functional tests should still pass. The documentation may have
some broken links.
2019-04-24 15:24:45 +02:00
Gilles Peskine
3135184cfc Merge remote-tracking branch 'upstream-crypto/development' into psa-api-beta2-merge-development
Merge the Mbed Crypto development branch a little after
mbedcrypto-1.0.0 into the PSA Crypto API 1.0 beta branch a little
after beta 2.

Summary of merge conflicts:

* Some features (psa_copy_key, public key format without
  SubjectPublicKeyInfo wrapping) went into both sides, but with a few
  improvements on the implementation side. For those, take the
  implementation side.
* The key derivation API changed considerably on the API side. This
  merge commit generally goes with the updated API except in the tests
  where it keeps some aspects of the implementation.

Due to the divergence between the two branches on key derivation and
key agreement, test_suite_psa_crypto does not compile. This will be
resolved in subsequent commits.
2019-04-09 12:00:00 +02:00
Gilles Peskine
ee67dd61bc Fix Doxygen warnings 2019-03-12 13:23:17 +01:00
Gilles Peskine
5579971cb1 psa_generator_import_key (ECC): minor corrections 2019-03-12 11:55:43 +01:00
Gilles Peskine
2de2c0d9ce Clarify deterministic generation by re-drawing
For DH, ECC (Weierstrass curves) and DSA, specify that the re-drawing
method is the one defined by NIST as
"key-pair generation by testing candidates", and describe it
unambiguously.

Also specify DES explicitly.
2019-03-11 18:10:07 +01:00
Gilles Peskine
fa4486d7ec Specify psa_generator_import_key for each key type
psa_generator_import_key() was only specified for "symmetric keys",
and there were some mistakes in the specification. Rewrite the
specification and extend it to other key types.

* For most private key types, specify that the function draws a byte
  string repeatedly until the byte string is suitable.
* For DES, despite being a symmetric key type, re-drawing is
  necessary.
* For Montgomery curves, despite being asymmetric, no re-drawing is
  necessary.
* Specify the behavior for every standard key type other than RSA.
  An implementation doesn't have to support all key types, but if it
  does, it's better to have a standard.
2019-03-11 17:30:31 +01:00
Gilles Peskine
3be6b7f553 Fix some copypasta in references to parameter names
Validated by

perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-11 15:11:31 +01:00
Gilles Peskine
ae2e5e0806 Remove copypasta'ed error reason in psa_aead_finish 2019-03-11 15:11:31 +01:00