Gilles Peskine
43326f0d1e
Change PSA_DH_GROUP_CUSTOM to not be in the vendor-defined range
2019-10-09 16:43:39 +02:00
Andrew Thoelke
6e59505bb2
Recommend use of GREASE values for vendor defined DH groups
2019-10-07 22:27:17 +01:00
Andrew Thoelke
691ec52694
Remove over-specific RFC references
...
Rely on general reference to IANA documentation
2019-10-07 15:28:36 +01:00
Andrew Thoelke
214064ea85
Xref documentation for ECC curves and DH groups.
...
Connect the types to the key type construction macros by x-refs.
2019-09-25 22:16:21 +01:00
Andrew Thoelke
fd368e50d5
Support for vendor-defined ECC curves and DH groups
...
Define a vendor-range within the the private use ranges in the IANA
registry. Provide recommendations for how to support vendor-defined
curves and groups.
2019-09-25 22:14:29 +01:00
Andrew Thoelke
c625045da6
Tighten up language regarding direct use of the IANA registry values
2019-09-25 22:11:36 +01:00
Andrew Thoelke
c6f03ef6d4
Include IANA reference in the definition of ECC curves and DH groups
...
Fixes ARMmbed/psa-crypto#262
2019-09-24 13:19:49 +01:00
Gilles Peskine
38b7c5edeb
Merge pull request #260 from athoelke/at-operations
...
Update multipart operation documentation
2019-09-20 18:44:44 +02:00
Gilles Peskine
c893235ea1
Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases
...
Improve how generate_psa_constants handles compatibility aliases
2019-09-19 16:20:08 +02:00
Gilles Peskine
a291413a1e
Merge pull request #257 from gilles-peskine-arm/psa-remove_zero_length_keys
...
Forbid zero-length keys
2019-09-19 13:07:41 +02:00
Andrew Thoelke
51514f57e9
Resolve inconsistent descipriton of operation state after exhausting a key derivation operation
2019-09-18 17:50:01 +01:00
Andrew Thoelke
4104afb770
Clarify valid state descriptions
2019-09-18 17:47:25 +01:00
Andrew Thoelke
beb97ba066
Update documentation for multipart key derivation operations
2019-09-13 15:35:18 +01:00
Andrew Thoelke
414415a457
Update documentation for multipart aead operations
2019-09-13 15:35:18 +01:00
Andrew Thoelke
db6f44f875
Update documentation for multipart cipher operations
2019-09-13 15:35:17 +01:00
Andrew Thoelke
9f208cc8c2
Update documentation for multipart mac operations
2019-09-13 15:35:17 +01:00
Andrew Thoelke
272ba1dd96
Update documentation for multipart hash operations
2019-09-13 15:35:17 +01:00
Andrew Thoelke
340984b003
Fix PSA_ERROR_BAD_STATE messages
...
Remove some duplicated entries and added some missing ones.
2019-09-13 15:35:17 +01:00
Gilles Peskine
05c900b576
Forbid keys of size 0
...
Keys of size 0 generally don't make sense: a key is supposed to be
secret. There is one edge case which is "raw data" keys, which are
useful to store non-key objects in the same storage location as keys.
However those are also problematic because they involve a zero-length
buffer. Manipulating zero-length buffers in C requires special cases
with functions like malloc() and memcpy(). Additionally, 0 as a key
size already has a meaning "unspecified", which does not always
overlap seamlessly with the meaning "0".
Therefore, forbid keys of size 0. No implementation may accept them.
2019-09-12 18:29:43 +02:00
Gilles Peskine
a170d927dd
Clarify how key creation functions use attributes and what 0 means
...
Clarify how key creation functions use attributes. Explain the meaning
of attribute values, espcially what 0 means in each field where it has
a special meaning. Explain what an algorithm usage policy can be (an
algorithm, a wildcard with ANY_HASH, or 0).
2019-09-12 17:38:19 +02:00
Andrew Thoelke
5ae24ec7af
Add missing error case to psa_aead_verify
2019-09-12 09:44:33 +01:00
Adrian L. Shaw
4c61c1a736
Move psa_destroy_key and psa_copy_key to Key Management section
2019-09-11 14:40:51 +01:00
Jaeden Amero
4badc92438
Merge pull request #117 from gilles-peskine-arm/psa_error_code_coverage
...
PSA return status coverage script
2019-09-10 16:39:23 +01:00
Jaeden Amero
4864eb5bec
Merge pull request #247 from athoelke/at-key-handles
...
Update the behavior of key handles
2019-09-10 14:38:56 +01:00
Andrew Thoelke
970629fc9a
Fix grammar.
2019-09-09 09:56:34 +01:00
Gilles Peskine
be061337c1
Document more error codes
2019-09-06 19:29:52 +02:00
Gilles Peskine
1983512803
Add backward compatibility alias for PSA_ERROR_CORRUPTION_DETECTED
...
This was renamed from PSA_ERROR_TAMPERING_DETECTED. Add a backward
compatibility alias in case somebody was already using it.
2019-09-06 17:48:56 +02:00
Jaeden Amero
7c2cc479b0
Merge pull request #213 from adrianlshaw/psa-api-1.0-beta
...
Update function return codes
2019-09-06 08:53:29 +01:00
Adrian L. Shaw
8619f8cd07
Remove storage errors from psa_generate_random
2019-09-05 10:37:22 +01:00
Andrew Thoelke
de183416f8
Update the behavior of key handles
...
* open output distinct key handles
* each handle must be closed
* destroying a key does not invalidate other handles
* closing a key can/might fail an active operation (but not required)
2019-09-05 09:38:06 +01:00
Adrian L. Shaw
3b5975641e
Fix return code warnings
...
- Remove STORAGE_FAILURE from hash and abort functions
- Remove BUFFER_TOO_SMALL from psa_mac_verify
2019-09-04 19:20:32 +01:00
Jaeden Amero
8096969905
Merge pull request #139 from Patater/des-faster-and-typo-fix
...
Make DES self-test faster, and fix a typo
2019-09-04 12:18:39 +01:00
Adrian L. Shaw
fa2cefa001
Fix warnings
2019-09-04 11:36:15 +01:00
Adrian L. Shaw
f483973c37
Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv
2019-09-04 11:35:32 +01:00
Adrian L. Shaw
599c712668
Remove errorneous insert
2019-09-04 11:35:32 +01:00
Adrian L. Shaw
1505b2108a
Add STORAGE_FAILURE everywhere + add missing codes
2019-09-04 11:35:32 +01:00
Adrian L. Shaw
1f1e1a5253
Add storage failure to psa_mac_verify_finish
2019-09-04 11:35:32 +01:00
Adrian L. Shaw
56b32b126c
Add storage failure to psa_mac_sign_finish
2019-09-04 11:35:32 +01:00
Adrian L. Shaw
22bc8fff0c
Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions
2019-09-04 11:35:06 +01:00
Adrian L. Shaw
8f7cd1ee55
Added PSA_ERROR_BAD_STATE to functions with operations
...
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:34:22 +01:00
Adrian L. Shaw
97d3bc3674
Added extra bad state case to psa_hash_setup
2019-09-04 11:34:22 +01:00
Adrian L. Shaw
2364924619
Add missing return codes to psa_generate_key
2019-09-04 11:34:22 +01:00
Adrian L. Shaw
1f42a84a13
Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute
2019-09-04 11:33:32 +01:00
Adrian L. Shaw
650229ba38
Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
...
In case the key could not be retrieved from
storage.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
2a889781c5
Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
...
The same reason that it is included in psa_export_key
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
11638b99a0
Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
...
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
7f1863c905
Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
...
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
15731c1422
Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
...
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
23c006f45e
Added missing return codes to get_key_attributes
...
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
39797aa34c
Fix erroneous cut and paste
2019-09-04 11:30:18 +01:00