yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26929 commits 1 branch 0 tags 94 MiB
Commit graph

123 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
0b6d021069 Adjust presence of warning/link. 
- the codegen migration document is already a migration document, so
doesn't need the extra warning about work in progress;
- the driver interface can use a link to the more practical guide too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-08-08 09:37:11 +02:00
Gilles Peskine
265ce7c1da
Merge pull request #5451 from gilles-peskine-arm/psa-driver-kdf-spec 
PSA drivers: specification for key derivation
 2023-06-06 11:37:28 +02:00
Gilles Peskine
f4ba0013e2 Clarify when key derivation entry points are mandatory/permitted 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-05 14:24:14 +02:00
Gilles Peskine
8dd1e623e1 Copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-05 14:14:41 +02:00
Gilles Peskine
7df8ba6a10 Rework the description of key derivation output/verify key 
Some of the fallback mechanisms between the entry points were not described
corrrectly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 18:16:02 +02:00
Gilles Peskine
dcaf104eef Note that we may want to rename derive_key 
... if we think of a better name

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 18:02:41 +02:00
Gilles Peskine
f96a18edc7 Probably resolve concern about the input size for derive_key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 18:02:15 +02:00
Gilles Peskine
1414bc34b9 Minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 17:54:32 +02:00
Gilles Peskine
24f52296f1 Key agreement needs an attribute structure for our key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:44:04 +02:00
Gilles Peskine
e52bff994c Note possible issue with derive_key: who should choose the input length? 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:43:29 +02:00
Gilles Peskine
b319ed69c4 State explicitly that cooked key derivation uses the export format 
This is the case for all key creation in a secure element, but state it
explicitly where relevant.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:42:45 +02:00
Gilles Peskine
f787879a14 Clarify sequencing of long inputs 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:42:29 +02:00
Gilles Peskine
d2fe1d5498 Rationale on key derivation inputs and buffer ownership 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:42:17 +02:00
Gilles Peskine
4e94fead86 Key derivation dispatch doesn't depend on the key type 
At least for all currently specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:40:56 +02:00
Gilles Peskine
66b96e2d87 Copyediting 
Fix some typos and copypasta. Some very minor wording improvements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-31 00:40:27 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1 
Fix the JPAKE driver interface for user+peer
 2023-05-02 20:42:25 +02:00
Przemek Stekiel
b175b146a2 Remove driver_pake_get_role function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00
Przemek Stekiel
fa1754e9ef Update documentation of psa_pake_input 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 08:06:09 +01:00
Przemek Stekiel
c0e6250ff9 Fix documentation and tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-14 11:49:36 +01:00
Przemek Stekiel
e9254a0e55 Adapt driver dispatch documentation for user/peer getters 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 09:18:03 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-08 09:54:00 +01:00
Przemek Stekiel
4dc83d40af Add check for pake operation buffer overflow 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-07 10:50:00 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
27cd488088 Update the documentation (v.3) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
33ea63d766 Minor updates of the documentation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
8c8ab26b2a Update documentation (handling inputs, function names) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
d67a5b6320 Update PAKE driver documentation (v.2) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
d6eb11007f Add draft documentation for the PAKE driver dispatch logic 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Gilles Peskine
fd094081e1 Pass attributes alongside key buffer 
This is the generic way of going adapting a psa_key_id_t argument in the
application interface to the driver interface. Thanks Hannes Lindström.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-20 20:24:17 +01:00
Gilles Peskine
635b779cfd Fix math character used in text mode 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-12 14:33:44 +01:00
Gilles Peskine
4e346bd569 Fix entry point name 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-12 14:33:22 +01:00
Gilles Peskine
eda71ce535 Key derivation: improve overview of the problem space 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-12 14:32:56 +01:00
Tom Cosgrove
0b86ac1957 Fix typographical errors in .md files found by cspell 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-29 13:44:01 +01:00
Gilles Peskine
d9645c847e Fix naming confusion with opaque key derivation 
"key_derivation_derive_key" should have been "key_derivation_output_key".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 18:19:51 +02:00
Gilles Peskine
54eb0686b3 New function psa_crypto_driver_key_derivation_get_input_type 
The new function psa_crypto_driver_key_derivation_get_input_type() allows
drivers to retrieve the effective type of each input step, and thus to call
the correct get-data function. This is simpler than the previous scheme
which required a somewhat contrived dance with get_key() and get_bytes() for
inputs that can be passed either as a key or as a byte buffer at the
application's choice.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 18:13:31 +02:00
Gilles Peskine
3fc9e04bc4 Be more consistent with raw/cooked key derivation terminology 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-03 17:48:46 +02:00
Gilles Peskine
1a5b83007c Fix typos and copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-03 17:47:40 +02:00
Gilles Peskine
c2e29108f0 Fix internal links 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-03 17:07:19 +02:00
Gilles Peskine
08fb89d251 Require a driver prefix to be non-empty 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:30:16 +01:00
Gilles Peskine
272ff9c309 Open a namespace for implementation-specific properties 
"IMPLEMENTATION/PROPERTY"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:29:18 +01:00
Gilles Peskine
6c3b1a760a Allow comments in driver descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-07 16:29:04 +01:00
Gilles Peskine
220bda7f76 Rename a function parameter to avoid confusion 
Don't use “output” for an input of the KDF. It's correct in context (it's
the output of a function that copies the input of the KDF from core-owned
memory to driver-owned memory) but confusing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 12:03:34 +01:00
Gilles Peskine
a2b41598d6 Draft specification for key derivation 
Pass all the initial inputs in a single structure. It's impossible to pass
the inputs as soon as the application makes them available because the core
cannot know which driver to call until it receives the SECRET input.

Do support hiding the key material inside a secure element if the relevant
driver has all the requisite entry points.

Do cooked key derivation (i.e. derivation of non-raw keys) and key agreement
separately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-24 14:52:59 +01:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api 
PSA API for PBKDF2-HMAC
 2021-05-12 18:00:30 +02:00
Manuel Pégourié-Gonnard
f9a68ad62a Fix typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-05-07 12:11:38 +02:00
Manuel Pégourié-Gonnard
421390f52f Fix driver interface for key derivation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-04-30 12:38:12 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs 
Merge development_3.0 into development
 2021-04-26 19:48:16 +01:00
Manuel Pégourié-Gonnard
351a2576f5 PSA PBKDF2: extend key derivation driver interface 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-04-20 13:11:17 +02:00
Steven Cooreman
31e27af0cc Reword the builtin key language on persistency declaration 
Specifically allow the driver to override the persistency level of a
builtin key in cases where the driver is persistency-aware.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-04-16 11:25:18 +02:00