Commit graph

1304 commits

Author SHA1 Message Date
Przemek Stekiel
5357a7a6d9 Use PSA_MAX_OF_THREE in PSA_EXPORT_KEY_PAIR_MAX_SIZE
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:22:36 +02:00
Przemek Stekiel
654bef0be0 Fix typos, comments, style, optimize macros
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
ed23b61020 Adapt size macros for FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
84ee3e2921 Adapt config files for FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Przemek Stekiel
7921a03425 Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 12:32:06 +02:00
Valerio Setti
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Ronald Cron
789cef87f8 Fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
135f2ae312 Pacify doxygen.sh
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
f6236f032a psa: Introduce psa/build_info.h
The PSA cryptography repository is based to
start with on the PSA cryptography implementation
in Mbed TLS but with a different directority
structure, build system and build configuration.

The build-time configuration information in the
PSA cryptography repository is psa/build_info.h.
This commit introduces this file in Mbed TLS to
be used in place of mbedtls/build_info.h (but
basically just an alias to it) in PSA headers.
This is to ease the update of the PSA cryptography
repository.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
2f10fceccd psa: include: Move key derivation builtin and driver contexts
Move key derivation builtin and driver contexts
to specific header files as key derivation
contexts depend both on primitive and composite
crypto algorithms contexts.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:01:45 +02:00
Ronald Cron
e7cde181ea psa: include: Move some Mbed TLS headers
The structures related to CMAC, GCM, CCM and
CHACHAPOLY operations are defined in
crypto_builtin_composites.h not in
crypto_struct.h. Thus move the cmac.h, gcm.h,
ccm.h and chachapoly.h header inclusions from
crypto_struct.h to crypto_builtin_composites.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:01:45 +02:00
Ronald Cron
fe8e135816 psa: Remove unnecessary headers
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:01:45 +02:00
Valerio Setti
271c12e256 psa: use only PSA_WANT symbols for PSA_VENDOR_ECC_MAX_CURVE_BITS
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
8f1e98a971 psa: set PSA_VENDOR_ECC_MAX_CURVE_BITS based on both SW and accelerated support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Przemek Stekiel
b175b146a2 Remove driver_pake_get_role function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Przemek Stekiel
e80ec0a9af Adapt J-PAKE built-in impl to use user/peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:12 +01:00
Przemek Stekiel
656b2595fb psa_pake_input: validate buffer size using PSA_PAKE_INPUT_SIZE
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:05:52 +01:00
Przemek Stekiel
1f778bcfd8 EC-JPAKE: remove limitation for user/peer (alow any value)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-22 09:52:08 +01:00
Przemek Stekiel
c0e6250ff9 Fix documentation and tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 11:49:36 +01:00
Przemek Stekiel
fde112830f Code optimizations and documentation fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-13 16:28:27 +01:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
d7f6ad7bc8 Minor fixes (comments, cleanup)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
e9254a0e55 Adapt driver dispatch documentation for user/peer getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118 Add input getters for jpake user and peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587 Enable support for user/peer for JPAKE
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:02 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Przemek Stekiel
57580f2539 Use proper enum types for pake state/sequence/step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
e3ef3a15cd Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-06 17:24:32 +01:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt
Allow alternative names for overridable PSA headers
2023-03-03 12:37:51 +00:00
Gilles Peskine
802ff1b116
Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers
Remove driver entry points for psa_{get|set}_max_ops()
2023-03-01 10:46:09 +01:00
Paul Elliott
15d7d43904 Pacify Clang 15
Changes for interruptible {sign|verify} hash were not merged at the time of the
previous clang 15 /retval fixes, thus this fixes code added at that time.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-27 17:25:57 +00:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Gilles Peskine
95c915201e Move the implication of MBEDTLS_PSA_CRYPTO_CLIENT where it belongs
If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable
MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the
full PSA crypto feature set. Historically, we didn't have a good place for
configuration modification, so we did this early in the crypto.h include
tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that.

Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Gilles Peskine
361b5f992f Make sure the configuration is always included
Before, if psa/crypto_platform.h was overridden and the override didn't
include "mbedtls/build_info.h", it was possible to end up with parts of
the headers not taking the library configuration into account, if no
mbedtls header was included before "psa/crypto.h". Make sure that
the mbedtls configuration is visible from the start, no matter what is
or is not in the platform header.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Gilles Peskine
b1176f2583 Allow alternative names for overridden PSA headers
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-22 22:07:28 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ac067d779e Fix PSA_PAKE_OPERATION_INIT macro
Needs to be adapted for the clang -Wall -Wextra.
Requirea to explicitly initialize all the members of the struct that is the first member in the union.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
1c3cfb4fb0 Introduce PSA_PAKE_OPERATION_STAGE_SETUP to optimize out alg checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
dde6a910bb Optimize out psa_pake_computation_stage_t
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
38b4e1761d Remove typedef for enum
Workaround for CI error:
Parsing source code...
Compiling...
=============
All symbols in header: PASS
Naming patterns of public_macros: PASS
Naming patterns of internal_macros: PASS
Naming patterns of enum_consts: FAIL

    > include/psa/crypto_extra.h:1857: 'return' does not match the required
      pattern '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'.
      |
 1857 |     return cipher_suite->algorithm;
      |     ^^^^^^

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ca8d2b2589 Add get-data functions for inputs + tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
0f50f689b7 Remove redundant dummy fields inside unions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
7b730175b3 Simplify psa_pake_computation_stage_s structure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
5798003b99 Add enum that presents computation stage as single value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
96ae8b939d Move pake definitions to headers for composite algorithms
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93 Divide pake operation into two phases collecting inputs and computation.
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
d91bcb7673 Refactor structures for pake driver support
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Paul Elliott
21c3951139 Add reference to mbedtls_ecp_set_max_ops() to docs
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
93d9ca83ea Move num_ops ECP abstraction fully into internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
fe9e77ff7a Better formatting of include guard comments
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
84329464d5 Replace allocated hash buffer with array
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c9774411d4 Ensure that operation is put into error state if error occurs
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
f9c91a7fb5 Store the hash, rather than the pointer
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1bc59df92c Rename curve_bytes to coordinate_bytes
Also remove unneeded instance from verify operation struct.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4ca521fcdb Remove obsolete comments
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4684525ae9 Remove unrequired mpis from sign operation struct
These are only used at the output stage.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
a3a8abadff Fix operation initialisers if no algorithms defined
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1b49ef5384 Fix abort documentation.
Make it clear that these functions reset the number of ops, and remove
statements that say they have no effect.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
90a91f041c Ensure structs are not empty even if ECDSA not supported
Also make previous changes apply to both interruptible sign hash operation
structures rather than just the one as it was.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
749dec54ef Clean up structure include guards
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
296ede99c9 Fix issues with get_{sign/verify}_num_ops
Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
588f8ed498 Add internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
2d247923e5 Initial empty driver wrapper implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 12:13:17 +00:00
Paul Elliott
1265f00494 First draft of PSA interruptible ECC signing design
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 12:13:17 +00:00
Gilles Peskine
ed73355d2e Make \retval commands non-empty
Pacify Clang >=15 which complained:
```
include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation]
 * \retval #PSA_SUCCESS
   ~~~~~~~~~~~~~~~~~~~^
```

This commit performs the following systematic replacement:
```
perl -i -0777 -p -e 's/([\\@])(retval +\S+)\n(?! *\*? *([^\n \\*\/]|\\[cp]\b))/$1$2 ${1}emptydescription\n/g' $(git ls-files '*.[hc]' '*.function' '*.jinja')
```
i.e. add an `\emptydescription` argument to `\retval` commands (or
`@retval`, which we don't normally used) that are followed by a single word,
unless the next line looks like it contains text which would be the
description.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-14 19:21:09 +01:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
ecaa7ca507 Add missing supported algorithm to psa/crypto_config.h
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
a651607b37 Skip restyling of PSA macros also defined in psa-arch-tests
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

Two macros are also defined in headers in the PSA Compliance test suite, so
the test suite would fail to build if we changed the definitions. Preserve
those definitions. Technically this is a bug in the test suite, since having
extra spaces (or even a completely different constant expression with the
same value) would still be compliant. Bug reported as
https://github.com/ARM-software/psa-arch-tests/issues/337

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:55:35 +01:00
Gilles Peskine
45873ceba3 Skip restyling of PSA error code definitions
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

For PSA error code definitions, the specific expansion is mandated by the
PSA Status code specification and the PSA Crypto API specification. In
particular, there must not be a space between (psa_status_t) and the
numerical value (whereas K&R would put a space).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:50:27 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:26:44 +01:00
Przemek Stekiel
152ae07682 Change password ec j-pake operation fields to more suitable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 13:24:36 +01:00
Przemek Stekiel
348410f709 Make a copy of the key in operation while setting pake password
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 22:22:07 +01:00
Pengyu Lv
c1ecb25d8a fix PSA_XXX typos detected by check_names.py
Fix the PSA_XXX typos detected by check_names.py.
PSA_WANT is actually not typo, but would cause a false negative
result. So PSA_WANT is reworded to PSA_WANT_xxx.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-08 18:22:53 +08:00
Manuel Pégourié-Gonnard
79617d99ae Fix namespacing issue
This macro is specific to the Mbed TLS implementation and not part of
the public API, so it shouldn't used the PSA_ namespace.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard
ec7012dbc7 Fix I/O format of PSA EC J-PAKE for compliance
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.

Add some length testing as well; would have caught the issue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:52:48 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Andrzej Kurek
e09aff8f5a Add information about ECJPAKE_TO_PMS output size expectations
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:59:31 -04:00
Andrzej Kurek
96b9f23853 Adjust ECJPAKE_TO_PMS macro value
This way the low 8 bits of the identifier indicate that this algorithm is used
with SHA-256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:30:46 -04:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
1fafb1f778 Documentation clarifications for ECJPAKE-to-PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:19:49 -04:00
Andrzej Kurek
18f8e8d62c Document the input size restriction for EC J-PAKE to PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:44:34 -04:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Neil Armstrong
fb3093a9cb Use PSA_PAKE_ROLE_NONE in PSA_PAKE_OPERATION_INIT macro instead of 0
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-08 14:59:32 +02:00
Neil Armstrong
ecb221b1ff Move operation buffer in operation struct and remove dynamic allocation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-09-08 11:21:07 +02:00
Neil Armstrong
a557cb8c8b Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
7616ad28e3 Fix guard of ecjpake.h include in crypto_extra.h
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
63212ddf2f Fix formatting of PSA_PAKE_OPERATION_INIT macro
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
7aaa34a1ba Fix formatting of PSA_PAKE_OUTPUT_SIZE & PSA_PAKE_INPUT_SIZE macros
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
637d0a0290 Enable buildin PSA PAKE implementation when ECJPAKE_C is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Neil Armstrong
35269d93da Fill psa_pake_operation and INPUT/OUTPUT min/max sizes for PSA PAKE builtin implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-31 10:49:18 +02:00
Tom Cosgrove
ce7f18c00b Fix a/an typos in doxygen and other comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-28 05:50:56 +01:00
Paul Elliott
0b5f4950cc
Merge pull request #5953 from tuvshinzayaArm/update-document-PSA_ALG_RSA_PSS
Update documentation of PSA_ALG_RSA_PSS
2022-07-14 10:40:21 +01:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206
Documentation about storage format compatibility
2022-07-01 12:21:17 +02:00
Gilles Peskine
955993c4b5 For status values, the macro expansions must not change either
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-29 14:37:17 +02:00
Gilles Peskine
7973399f7b Add compatibility notes regarding values embedded in the key store
Certain numerical values are written to the key store. Changing those
numerical values would break the backward compatibility of stored keys. Add
a note to the affected types. Add comments near the definitions of affected
values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:41:20 +02:00
Gilles Peskine
f070a5e5d5 Document how PSA identifiers are generally constructed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:40:45 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Tuvshinzaya Erdenekhuu
44baacd089 Update documenation of PSA_ALG_RSA_PSS
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-06-17 12:10:35 +01:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
73f97d4841 PSA_ALG_HKDF: add salt processing warning
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:09 +02:00
Przemek Stekiel
459ee35062 Fix typo and style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-02 11:16:52 +02:00
Janos Follath
07c2e5e6d5
Merge pull request #5860 from superna9999/4745-psa-jpake-api-fixes
PSA J-PAKE API has missing elements and confusing documentation
2022-05-31 08:27:32 +01:00
Neil Armstrong
ccffab38a3 Remove linkage documentation on PAKE cipher-suite helpers
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-30 15:49:21 +02:00
Neil Armstrong
5ed8a0ec73 Overall PSA PAKE API style issues fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-27 09:47:53 +02:00
Neil Armstrong
5892aa69e3 Fix typo in PSA_ALG_JPAKE documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-27 09:44:47 +02:00
Summer Qin
f0b4253c68 Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h
Signed-off-by: Summer Qin <summer.qin@arm.com>
2022-05-26 09:38:33 +08:00
Neil Armstrong
ef15751f08 PSA PAKE API typos in documentation fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:49:45 +02:00
Neil Armstrong
72ab56a1fe Overall PSA PAKE API style issues fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:48:37 +02:00
Neil Armstrong
eb93a6f1d8 Use PSA_ALG_NONE in PSA_PAKE_OPERATION_INIT to init psa_algorithm_t
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:41:05 +02:00
Neil Armstrong
2056ce5111 Fix PSA_PAKE_OUTPUT_MAX_SIZE/PSA_PAKE_INPUT_MAX_SIZE commment about parameters to PSA_PAKE_OUTPUT_SIZE/PSA_PAKE_INPUT_SIZE
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:38:15 +02:00
Neil Armstrong
e9b4581b16 Clarify BAD_STATE return documentation on bad ordering of input and output steps for psa_pake_input() & psa_pake_output()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
0d24575ad0 Clarify BAD_STATE return documentation of psa_pake_set_peer()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
59fa8ee090 Update return documentation of psa_pake_abort()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
97d74b8abb Update return documentation of psa_pake_get_implicit_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
407b27b516 Update return documentation of psa_pake_input()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
664077e3ae Update return documentation of psa_pake_output()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
2a6dd9c2a8 Rename & update documentation of function, types, and macros for psa_pake_set_role() and associated
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
16ff788f9d Update return documentation of psa_pake_set_peer()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
3585168259 Update return documentation of psa_pake_set_user()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
71cae6121d Update return documentation of psa_pake_set_password_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
4721a6f33e Update return documentation of psa_pake_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
1614537697 Fix password wording in PSA_ALG_JPAKE documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
7bc71e9c04 Fix output_size documentation of psa_pake_output()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
cd974d590b Fix return documentation of PSA_PAKE_OUTPUT_SIZE
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
d5a4825b84 Add missing psa_pake_cs_get_bits()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
ff9cac72e7 Add missing psa_pake_cs_get_family()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
0c8ef93c8e Add missing psa_pake_abort()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
799106b441 Pass input as const reference and fix documentation of psa_pake_input()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
47e700e7de Pass cipher_suite parameter of psa_pake_setup() by const reference
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:20 +02:00
Neil Armstrong
0151c55b56 Add documentation of PSA_PAKE_OPERATION_INIT
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:58 +02:00
Neil Armstrong
5ff6a7fa97 Add missing psa_pake_cipher_suite_init()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:57 +02:00
Neil Armstrong
fb99302726 Add missing PSA_PAKE_CIPHER_SUITE_INIT
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 10:45:01 +02:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Przemek Stekiel
b398d8693f Update descryption of HKDF-Extract/Expand algs and fix comment
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-18 15:43:54 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Dave Rodgman
58f591526e
Merge pull request #5732 from daverodgman/warmsocks_spellingfixes
Fixed spelling and typographical errors found by CodeSpell
2022-05-12 09:26:29 +01:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00