Identifier value was not consistent with PSA conventions (last byte is
reserved for hash algorithms or used in algorithms parametrized by
a hash).
Signed-off-by: Janos Follath <janos.follath@arm.com>
The cipher suite now defines the algorithm itself as well. Passing the
algorithm separately is redundant and error prone.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Making the cipher suite struct internal made a number of types and
macros in the interface unused.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Hiding the structure of the cipher suite implementation allows for
greater flexibility.
To preserve maximum flexibility, the constructor is replaced by
individual setter/getter functions.
Convenience macros and or functions can be added later.
Signed-off-by: Janos Follath <janos.follath@arm.com>
In the key types API, PSA Crypto uses ECC to denote Elliptic curve
cryptography and DH to denote Finite Field Diffie-Hellman.
Change PSA_PAKE_PRIMITIVE_TYPE_XXX macros to be aligned.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The macro PSA_PAKE_KEY_SHARE_SIZE has been removed, we need to remove
references to it from the documentation as well.
Signed-off-by: Janos Follath <janos.follath@arm.com>
There were remnants of the PSA specification wording in the
documentation that can be confusing in Mbed TLS.
We need to make it clear what the consequences of being implementation
defined are in Mbed TLS.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The main purpose of psa_pake_get_key_share() is to provide a more
straightforward and convenient call flow for regular PAKEs. Most PAKEs
have a single key share and need a flow like this:
op=PSA_PAKE_OPERATION_INIT;
psa_pake_setup();
psa_pake_get_key_share();
psa_pake_set_key_share();
psa_pake_get_implicit_key();
Adding psa_pake_get/set_key_share() functions cuts out the
psa_pake_data_t constants from the users vision, hiding complexity that
exists only for unrelated PAKEs that aren't relevant for the user.
This comes with the cost of the two additional API functions that we need
to maintain.
Since the current stream of work focuses on enabling J-PAKE, there are
no benefits to these functions for now.
Once algorithms that can benefit from this simplification are added,
adding back these functions can be reconsidered.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The documentation is calling PAKEs protocols but it has an
psa_algorithm_t identifier. To align the terminology, the documentation
should call them algorithms as well.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Fix the typo in the macro definition and more specific parameter names
allow for future scripts to check validity of arguments.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The PSA_KEY_TYPE_PASSWORD key type to which this documentation change
refers to is not yet present in the code and will be introduced by a
parallel line of work.
Signed-off-by: Janos Follath <janos.follath@arm.com>
PAKE protocols make use of a range of cryptographic schemes and
primitives. Standards allow for several options to use for each of them.
They call the combination of specific algorithms cipher suites,
configurations or options.
Cipher suites are represented by a separate data type for several
reasons:
1. To allow for individual PAKE protocols to provide pre-defined cipher
suites.
2. To organise cipher suites into a unit that can be handled separately
from the operation context. The PAKE operation flow is already
complex, will be even more so when key confirmation is added.
Handling them separately should reduce the surface of the interface
the application developer needs to pay attention at any given time.
Signed-off-by: Janos Follath <janos.follath@arm.com>
In most of the PAKEs the primitives are prime order groups, but some of
them might need the ring structure or just are using completely different
algebraic structures (eg. SRP or PQC schemes).
Signed-off-by: Janos Follath <janos.follath@arm.com>
Commit adds the conditional definition of
MBEDTLS_ECDH_LEGACY_CONTEXT to ecdh.h.
MBEDTLS_ECDH_LEGACY_CONTEXT is only defined
if MBEDTLS_ECP_RESTARTABLE is definied.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the definition of
MBEDTLS_ECDH_LEGACY_CONTEXT from config.h.
Additionally removes the unset calls to
MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
When mbedtls_nist_kw_wrap was called with output=NULL and out_size=0, it
performed arithmetic on the null pointer before detecting that the output
buffer is too small and returning an error code. This was unlikely to have
consequences on real-world hardware today, but it is undefined behavior and
UBSan with Clang 10 flagged it. So fix it (fix#4025).
Fix a similar-looking pattern in unwrap, though I haven't verified that it's
reachable there.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Split operation start and the declaration of data lengths
to better align with the PSA Cryptography multipart AEAD
APIs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove the change log as the changes in this PR only
affect CCM alternative implementation developers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
