Commit graph

656 commits

Author SHA1 Message Date
Ronald Cron
72f65fc6e9 psa: Rename pss_key_owner_id_t to mbedtls_key_owner_id_t
Rename psa_key_owner_id_t to mbedtls_key_owner_id_t to
highlight that this is a Mbed TLS specific type and not
a type defined in the PSA Cryptography API specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron
fa7d7af55d psa: Don't reset the key owner id in psa_set_key_lifetime
As a volatile key identifier may have a non-zero owner
identifier, don't reset the key owner identifier (if any)
when setting a volatile lifetime for a key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron
039a98b598 Define always psa_key_id_t as defined in PSA crypto spec
Define always psa_key_id_t as defined in the PSA
Cryptography API specification independently of
whether the MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration file is set or not.

As a consequence, get rid of `psa_app_key_id_t` that is
not needed anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron
27238fcbd8 psa: Use psa_key_file_id_t as the key id type
The purpose of this commit and the following is for
psa_key_id_t to always be as defined by the PSA
Cryptography API specification.

Currently psa_key_id_t departs from its specification
definition when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
configuration flag is set. In that configuration, it is set
to be equal to psa_key_file_id_t which in that configuration
encodes an owner identifier along the key identifier.

Type psa_key_file_id_t was meant to be the key identifier type
used throughout the library code. If
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set it
includes both a key and owner identifier, otherwise it is
equal to psa_key_id_t.

It has not been the key identifier type throughout the
library so far because when the PSA Cryptography
specification was developped the library Doxygen
documentation was used to generate the PSA Cryptography API
specification thus the need to use psa_key_id_t and not
psa_key_file_id_t.

As this constraint does not hold anymore, move
to psa_key_file_id_t as the key identifier type throughout
the library code.

By the way, this commit updates the key identifier
initialization in the tests to be compatible with a
composit key identifier. A psa_key_id_make()
inline function is introduced to initialize key
identifiers (composit ot not) at runtime.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Ronald Cron
80b95101a9 psa: Move psa_key_file_id_t definition to crypto_types.h
`psa_key_file_id_t` was defined in `crypto_platform.h` and
not `crypto_types.h` even if it wasn't platform dependent
because back when the PSA Crypto Specification was put
together `crypto_types.h` was meant to contain only types
that were intended to make it to the specification. There
is not such constraint anymore thus move the definition
of `psa_key_file_id_t` to crypto_types.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-02 14:27:07 +02:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Steven Cooreman
aec44e9fe8 Merge remote-tracking branch 'mbedtls/development' into montgomery-keys-clarification 2020-07-13 11:48:21 +02:00
Steven Cooreman
6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Paul Elliott
75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott
8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Steven Cooreman
db06445ad6 Fix typo in currently unused macro constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:19:33 +02:00
Janos Follath
0af1560919
Merge pull request #3305 from gilles-peskine-arm/psa-asymmetric-adjectives
PSA: Fix copypasta and align terminology about asymmetric encryption
2020-05-29 08:15:11 +01:00
Gilles Peskine
4eb05a4edd Fix article in documentation
Co-authored-by: Andrew Thoelke <andrew.thoelke@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:51:00 +02:00
Manuel Pégourié-Gonnard
5eae4dd08e
Merge pull request #3301 from Patater/inline-mbedtls_ecc_group_to_psa
psa: Define mbedtls_ecc_group_to_psa() inline
2020-05-19 09:06:04 +02:00
Gilles Peskine
344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine
52ac958d6b Update the SE interface to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the PSA specification draft.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
4cfa443d2a Fix macros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
e3871f8ae8 Missing word
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
c4ee2f3a87 Define a macro to construct a lifetime from persistence and location
Applications need this to combine implementation-specific values of
persistence levels and location indicators.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
aff1181d67 Document PSA_KEY_PERSISTENCE_xxx and PSA_KEY_LOCATION_xxx
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
ee04e69956 Rename and clarify the default persistent location and persistence
Call persistence "default" because that is genuinely the default that
applications should use if they don't know better. It's slightly
misleading in that the default persistence when you create a key is
volatile, not this: "default" is the default persistence for
persistent keys, not the default persistence for keys in general. But
we haven't found a better name.

Introduce the term "primary local storage" to designate the default
storage location.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
5dcb74f02f PSA_KEY_LIFETIME_PERSISTENT is a lifetime, not just a storage area
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
bbb3c1815a Shorten type and value names for lifetime parts
Drop lifetime_ or LIFETIME_ to make the names shorter. They're still
unambiguous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
2d2bb1dd04 Define some structure for lifetime values
* Lower 8 bits: persistence level
    * 0: volatile
    * 1: persistent (default)
    * 2-127: persistent (reserved for future PSA specifications)
    * 128-254: persistent (reserved for vendors)
    * 255: read-only
* Upper 24 bits: location indicator
    * 0: built-in
    * 1: primary secure element
    * 2-0x7fffff: reserved for future PSA specifications
    * 0x800000-0xffffff: vendor-specific

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine
6cc0a204b9 Terminology: prefer "asymmetric" to "public-key"
Most of the documentation and some of the function names use
"asymmetric", so use "asymmetric" everywhere. Mention "public-key" in
key places to make the relevant functions easy to find if someone is
looking for that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:26 +02:00
Gilles Peskine
7668960e43 Fix copypasta: ciphertext -> plaintext
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:08 +02:00
Gilles Peskine
9ff8d1f963 Fix copypasta: signature -> encryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:08 +02:00
Darryl Green
2f0eb51aae psa: Define mbedtls_ecc_group_to_psa() inline
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.

Without this change, dual world platforms get error messages like the
following.

    [Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)

Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.

Fixes #3300

Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2020-05-05 12:41:48 +01:00
Soby Mathew
0a4270d732 Change the compatibility API to inline functions
This patch changes the compatibility API defined in crypto_compat.h
to static inline functions as the previous macro definitions were
causing issues for the C pre-processor when included in projects
which need to redefine the PSA function names. Making it static
inline function solves this problem neatly and also modern compilers
do a good job at inlining the function which makes the need for making
it a macro redundant.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2020-02-10 17:26:22 +00:00
Gilles Peskine
7cfcb3fc03 Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group
families to make the low-order bit a parity bit (with even parity).

This ensures that distinct key type values always have a Hamming
distance of at least 2, which makes it easier for implementations to
resist single bit flips.
2020-01-31 10:24:21 +01:00
Gilles Peskine
46e6f9de4a Document the vendor range for EC curve and DH group families 2020-01-31 10:24:21 +01:00
Gilles Peskine
f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Gilles Peskine
b87b719467 Remove old values of curve encodings
Remove the values of curve encodings that are based on the TLS registry
and include the curve size, keeping only the new encoding that merely
encodes a curve family in 8 bits.

Keep the old constant names as aliases for the new values and
deprecate the old names.
2020-01-31 10:24:21 +01:00
Gilles Peskine
45c29ce4c0 Move size-specific curve/group constants to crypto_compat.h 2020-01-31 10:15:32 +01:00
Gilles Peskine
228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine
025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine
5055b239bf Expose mbedtls/psa curve identifier conversions from psa_crypto.c 2020-01-31 10:15:32 +01:00
Gilles Peskine
2eea95cb5d Extract the block size from the key type encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine
7bfcfac164 Change key type encodings to avoid bit 16
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.

For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Gilles Peskine
8fe6e0de3a Symmetric key types only use the upper 16 bits of psa_key_type_t
Change the numerical encoding of values for symmetric key types to
have 0000 as the lower 16 bits. Now the lower 16 bits are only used
for key types that have a subtype (EC curve or DH group).
2020-01-31 10:15:32 +01:00
Gilles Peskine
13faa2d920 Don't declare a parameter as const
An earlier commit fixed this for psa_hash_compare. psa_mac_verify had
the same flaw.
2020-01-30 16:32:21 +01:00
Gilles Peskine
fa710f5c6a Don't declare a parameter as const
Whether a parameter should be const is an implementation detail of the
function, so don't declare a parameter of psa_hash_compare as
const. (This only applies to parameters themselves, not to objects
that pointer parameters points to.)
2020-01-30 12:27:14 +01:00
Gilles Peskine
f8210f2bd5 Test the block size for symmetric keys
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
2019-12-12 09:00:27 +01:00
Gilles Peskine
81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
2019-12-06 10:10:14 +01:00
Gilles Peskine
0168f2f2c1 Better documentation in crypto_compat.h
Note that the identifiers declared in this header are deprecated.

Indicate what API version identifiers were from.
2019-11-29 12:23:46 +01:00
Gilles Peskine
972630e240 Remove dependency of crypto_values.h on crypto_extra.h
Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h.

This is necessary for the current PSA API specification processing
scripts.
2019-11-29 11:55:48 +01:00
Gilles Peskine
4151094a52 Add backward compatibility aliases for signature-related identifiers
Define deprecated aliases for identifiers that are being renamed.
2019-11-26 19:08:55 +01:00
Gilles Peskine
89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine
7b0ab6d34a Simplify support for deprecated constants of various types
Generalize MBEDTLS_DEPRECATED_NUMERIC_CONSTANT into macros that can
accommodate types other than int.
2019-11-26 18:20:58 +01:00
Gilles Peskine
7a894f2142 Move backward compatibility aliases to their own header
Move backward compatibility aliases to a separate header. Reserve
crypto_extra.h for implementation-specific extensions that we intend
to keep supporting.

This is better documentation for users. New users should simply ignore
backward compatibility aliases, and old users can look at
crypto_compat.h to see what is deprecated without bothering about new
features appearing in crypto_extra.h.

This facilitates maintenance because scripts such as
generate_psa_constants that want to ignore backward compability
aliases can simply exclude crypto_compat.h from their parsing.
2019-11-26 18:20:58 +01:00