Commit graph

1101 commits

Author SHA1 Message Date
Janos Follath
a71811aa4c Fix typo
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
78b9e40662 PSA PAKE: reintroduce psa_pake_primitive_t
If PSA_PAKE_OUTPUT_SIZE takes cipher_suite as a parameter and it is a
structure it can't be a compile-time constant anymore.

Reintroducing psa_pake_primitive_t, because it can be constructed as an
integral type and holds enough information to allow PSA_PAKE_OUTPUT_SIZE
calculating accurate estimates on the output size in compile time.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
a86c3131a8 PSA PAKE: divide setup into several steps
There are too many parameters to the setup function. This makes it hard
to figure out how to call the function and read code that calls the
function. This also opens the suspicion that there's yet another
parameter that we're missing.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
beb78d4d41 Rename psa_pake_data_t
"Data" is too vague, renaming it to psa_pake_step_t. It is still
somewhat vague, but at least consistent with the naming used in key
derivation.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
57cfc407e0 Remove obsolete __DOXYGEN_ONLY__ blocks
__DOXYGEN_ONLY__ blocks were only used to typeset the PSA specification
back when it was extracted from Mbed TLS headers. They are no longer
used and should be removed.

The PSA Crypto Driver API is still under development and might be
extracted from Mbed TLS headers, leaving them there for now.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
f53c7af916 PSA PAKE: introduce psa_pake_family_t
It is the size of something that has no a priori reason to consist of 8
bits.  This should be psa_pake_family_t, both for documentation (and
possibly static analysis) and in case 8 bits turn out not to be enough.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
1459aa5656 PSA PAKE: improve documentation
Minor documentation improvement and fixes.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
f75be64ef5 PSA PAKE: fix identifier value
Identifier value was not consistent with PSA conventions (last byte is
reserved for hash algorithms or used in algorithms parametrized by
a hash).

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:31 +01:00
Janos Follath
5b44cfd430 PSA PAKE: remove alg parameter from setup
The cipher suite now defines the algorithm itself as well. Passing the
algorithm separately is redundant and error prone.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:30 +01:00
Janos Follath
684da03532 PSA PAKE: remove obsolete types and macros
Making the cipher suite struct internal made a number of types and
macros in the interface unused.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:30 +01:00
Janos Follath
cd56ff9c59 PSA PAKE: make cipher suite opaque
Hiding the structure of the cipher suite implementation allows for
greater flexibility.

To preserve maximum flexibility, the constructor is replaced by
individual setter/getter functions.

Convenience macros and or functions can be added later.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:30 +01:00
Janos Follath
82b54b96d3 PSA PAKE: Align macro names
In the key types API, PSA Crypto uses ECC to denote Elliptic curve
cryptography and DH to denote Finite Field Diffie-Hellman.

Change PSA_PAKE_PRIMITIVE_TYPE_XXX macros to be aligned.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:30 +01:00
Janos Follath
fc3577daae Remove reference to PSA_PAKE_KEY_SHARE_SIZE
The macro PSA_PAKE_KEY_SHARE_SIZE has been removed, we need to remove
references to it from the documentation as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:30 +01:00
Janos Follath
2ba6079d47 PSA: fix wording for implementation defined types
There were remnants of the PSA specification wording in the
documentation that can be confusing in Mbed TLS.

We need to make it clear what the consequences of being implementation
defined are in Mbed TLS.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:30 +01:00
Janos Follath
8005e8a167 Shrink psa_pake_side_t to uint8_t
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:12:08 +01:00
Janos Follath
ef1b8c9a76 PSA PAKE: Relate JPAKE documentation to RFC8236
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:12:08 +01:00
Janos Follath
7ebcbf34f9 Remove psa_pake_get/set_key_share() functions
The main purpose of psa_pake_get_key_share() is to provide a more
straightforward and convenient call flow for regular PAKEs. Most PAKEs
have a single key share and need a flow like this:

op=PSA_PAKE_OPERATION_INIT;
psa_pake_setup();
psa_pake_get_key_share();
psa_pake_set_key_share();
psa_pake_get_implicit_key();

Adding psa_pake_get/set_key_share() functions cuts out the
psa_pake_data_t constants from the users vision, hiding complexity that
exists only for unrelated PAKEs that aren't relevant for the user.

This comes with the cost of the two additional API functions that we need
to maintain.

Since the current stream of work focuses on enabling J-PAKE, there are
no benefits to these functions for now.

Once algorithms that can benefit from this simplification are added,
adding back these functions can be reconsidered.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:12:08 +01:00
Janos Follath
fb4203dcff PSA PAKE: Call the scheme algorithm
The documentation is calling PAKEs protocols but it has an
psa_algorithm_t identifier. To align the terminology, the documentation
should call them algorithms as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:12:08 +01:00
Janos Follath
020da462d2 Fix PSA_PAKE_PRIMITIVE macro
Fix the typo in the macro definition and more specific parameter names
allow for future scripts to check validity of arguments.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:12:08 +01:00
Janos Follath
1101edb948 PSA PAKE: typo fixes in documentation
Also removes the mention of THREAD as we can't give a publicly available
reference for it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:12:08 +01:00
Janos Follath
ca2c167dcb PSA PAKE: fix doxygen warnings
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
7f1e81a98d PSA PAKE: specify key type and usage
The PSA_KEY_TYPE_PASSWORD key type to which this documentation change
refers to is not yet present in the code and will be introduced by a
parallel line of work.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
b378d57840 PSA PAKE: add output size macros
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
9c6b147d98 PSA PAKE: Add J-PAKE to the interface
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
8a09ca9d94 PSA PAKE: Add dummy operation context
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
508afeca67 PSA PAKE: Add cipher suite structure
PAKE protocols make use of a range of cryptographic schemes and
primitives. Standards allow for several options to use for each of them.
They call the combination of specific algorithms cipher suites,
configurations or options.

Cipher suites are represented by a separate data type for several
reasons:
1. To allow for individual PAKE protocols to provide pre-defined cipher
   suites.
2. To organise cipher suites into a unit that can be handled separately
   from the operation context. The PAKE operation flow is already
   complex, will be even more so when key confirmation is added.
   Handling them separately should reduce the surface of the interface
   the application developer needs to pay attention at any given time.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
38a5d35646 PSA PAKE: Add type for representing primitives
In most of the PAKEs the primitives are prime order groups, but some of
them might need the ring structure or just are using completely different
algebraic structures (eg. SRP or PQC schemes).

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
b86273a6dc PSA PAKE: Add integral types
Add integral types for the draft version of PSA Crypto API PAKE
interface.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Janos Follath
5e5dcaced3 PSA PAKE: Add function declarations
Add function declarations for the draft version of PSA Crypto API PAKE
interface.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:07:47 +01:00
Paul Elliott
83f09ef056 Proper multipart AEAD GCM Implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-01 17:17:47 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
Paul Elliott
e95259f833 Remove some CCM leftovers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Mateusz Starzyk
363eb29d4b Fix MBEDTLS_PRIVATE wrapping in the library's headers.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:10:44 +02:00
Mateusz Starzyk
846f021de2 Run MBEDTLS_PRIVATE wrapping script on the library.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:10:44 +02:00
Paul Elliott
3dc1c242b4 Move AEAD contexts from primitives to composites
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
1a98acac1c Properly handle GCM's range of nonce sizes
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
ee4ffe0079 Move AEAD length checks to PSA core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
a559b3ce56 Remove key_set and use id instead
In keeping with the other PSA multipart operations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
cbbde5f28c Split multipart AEAD contexts into two parts
Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
d4e99ed40c Fix mistyped buffer size variable
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
fd3ca24e56 Move CCM ouput to update step.
Move CCM to update all data at update step, as final step can only
output at most a block length, so outputting all data at this step
significantly breaks the tests. Had to add unpleasant workaround for the
validate stage, but this is the only way I can do things without
breaking CCM Alt implementations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
6504aa6451 First pass addition of driver wrappers
Transparent driver test functions not yet implemented.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
adb8b16b16 Add internal implementation of multipart AEAD
For the time being CCM and GCM are not entirely implemented correctly
due to issues with their underlying implentations, which would be
difficult to fix in 2.x, and thus require all the AD and data to be
passed in in one go.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
07a30c4c00 Convert oneshot AEAD over to multipart struct
Multipart AEAD operation struct has to be public as it's allocated by
the caller, so to save duplication of code, switch oneshot AEAD over to
using the multipart operation struct.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
gabor-mezei-arm
4a6fcda031
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
12b4f34fff
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
38cbaf2881
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
36658e46ba
Update PSA_ALG_IS_SIGN_MESSAGE
Add missing algorithm for PSA_ALG_IS_SIGN_MESSAGE and update documentation.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
4a21019653 Implement psa_sign_message and psa_verify_message functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:49 +02:00
Ronald Cron
e0f06c624c
Merge pull request #4473 from tniessen/typos-in-header-files
Fix typos in C header files
2021-05-12 18:23:48 +02:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
Manuel Pégourié-Gonnard
4e02f01815 Fix key type that wasn't updated earlier
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-12 10:05:45 +02:00
Tobias Nießen
1e8ca122f4 Fix typos in C header files
Signed-off-by: Tobias Nießen <tniessen@tnie.de>
2021-05-10 19:54:11 +02:00
Manuel Pégourié-Gonnard
2c44daf0bc Add restriction on output_key alg for password hash
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-10 12:53:30 +02:00
Steven Cooreman
72f736a191 Move is_sign and mac_size checking back to PSA core scope
It makes sense to do the length checking in the core rather than expect
each driver to deal with it themselves. This puts the onus on the core to
dictate which algorithm/key combinations are valid before calling a driver.

Additionally, this commit also updates the psa_mac_sign_finish function
to better deal with output buffer sanitation, as per the review comments
on #4247.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:13 +02:00
Steven Cooreman
8f37004bd7 Remove unused variable from MAC driver structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
a6df6040ee Base the PSA implementation of TLS 1.2 PRF on the MAC API
This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1ed1d935f Make HKDF use the generic MAC API
Such that the underlying HMAC can be accelerated if such a driver is present

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
ac8d82a6f8 Use the correct guards on the context structures for MAC/HKDF/PRF
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
dd1a915c0f Rename HMAC operation structure
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
a4638e708e Remove redundant key_set from MAC operation structure
The purpose of key_set was to guard the operation structure from being
used for update/finish before a key was set. Now that the implementation
fully adheres to the PSA API, that function is covered by the `alg`
variable instead. It's set to the algorithm in use when a key is set, and
is zero when the operation is reset/invalid.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
02fc62a6fa Remove unused items from MAC operation context structure
Apparently it was at some point assumed that there would be
support for MAC algorithms with IV, but that hasn't been
implemented yet. Until that time, these context structure
members are superfluous and can be removed.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
939102e7a3 Add CMAC to standard PSA config
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
d1955af5df Rename internal HMAC structure type to match convention
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
4fdf060a81 Complete, document and fully use internal HMAC API
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
77e2cc5661 Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
d13a70f2dc Add boilerplate for dispatching MAC operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
3c8dd634dd Add include headers for composite operation contexts and move hmac
Modeled after the include chain of the primitive operation contexts.
Also moved the HMAC context structure to the builtin composites file,
since that is where it conceptually belongs. This is a preparatory
step for implementing driver dispatch of MAC multipart operations.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
61398ec5dc Move the cipher operation structure declaration for grouping
Cipher and Hash are grouped, since they are 'primitive' operations.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
f4248f2e1b Remove inclusion of top-level crypto.h from the driver context header
This was probably included by mistake, because the file itself is part
of the inclusion chain starting with crypto.h.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
675501d9db Rename the PSA driver context structure headers to _primitives
This is a preparatory step in order to be able to organize the include
chain from crypto_struct in such a way that the MAC operation structure
for the PSA 'software' driver can make use of the hash operation structure.

Conceptually:
* Primitives:
  * Hash
  * Cipher
* Composites:
  * AEAD (can use cipher)
  * MAC (can use cipher and/or hash)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Manuel Pégourié-Gonnard
4feb611a49 Lift a restriction on usage of verify_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:22:21 +02:00
Manuel Pégourié-Gonnard
e88511d7fe Try making one condition more readable
No semantic change intended.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:19:03 +02:00
Manuel Pégourié-Gonnard
f0c28eff09 Avoid introducing PSA_ALG_NONE for now
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:13:48 +02:00
Manuel Pégourié-Gonnard
f9a68ad62a Fix typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:11:38 +02:00
Manuel Pégourié-Gonnard
ece9087b93 Clarify requirement on usage flags
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-05 10:26:29 +02:00
Manuel Pégourié-Gonnard
730f62a80a Clarify the case of direct inputs
Now use the same description for INPUT_SECRET and INPUT_PASSWORD too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-05 10:05:06 +02:00
Manuel Pégourié-Gonnard
acfde465f0 Mention USAGE_VERIFY_DERIVATION in input_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-05 09:54:22 +02:00
Manuel Pégourié-Gonnard
5b79ee252e Fix typo in doxygen reference
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:36:48 +02:00
Manuel Pégourié-Gonnard
71d955a79d Introduce PSA_ALG_NONE
It is required by the standard definition of PSA_ALG_GET_HASH.

Documentation and definition from:
https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_NONE

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:36:48 +02:00
Manuel Pégourié-Gonnard
06638ae3e8 Update "key stretching" flag
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:19:37 +02:00
Manuel Pégourié-Gonnard
40b81bf8f7 Introduce PSA_ALG_GET_HASH()
No need to introduce a specific macro for PBKDF2-HMAC when the PSA spec
already has a generic one.

Documentation from:
https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_GET_HASH
Implementation from:
https://armmbed.github.io/mbed-crypto/html/appendix/specdef_values.html

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 11:53:40 +02:00
Manuel Pégourié-Gonnard
6983b4fffc Add identifier for PBKDF2 with AES-CMAC-PRF-128
This algorithm is used for example by the Thread 1.1.1 specification,
which is not public but can be obtained free of charge at
https://www.threadgroup.org/ThreadSpec

Here it doesn't really make sense to define a parametrised family, as
this really seems to be the only use of PBKDF2 with a CMAC-based PRF (or
with any PRF other than HMAC with SHA1 or SHA2, for that matter).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 11:42:22 +02:00
Manuel Pégourié-Gonnard
2171e421c6 Add new key type PASSWORD_HASH
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:49:54 +02:00
Manuel Pégourié-Gonnard
88658becd4 Clarify algorithm constraint for verification
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:28:57 +02:00
Manuel Pégourié-Gonnard
9023cacf15 Merge verification policies together
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:27:27 +02:00
Manuel Pégourié-Gonnard
d307f63597 Rename verify_output_xxx() to verify_xxx()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:12:06 +02:00
Manuel Pégourié-Gonnard
3d72267db5 Specify the order of PBKDF2 inputs
Might make the implementer's life a bit simpler, and is not a big
constraint on applications.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:42:36 +02:00
Manuel Pégourié-Gonnard
c16033e0a3 Fix the encodings of the new key types
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:26:41 +02:00
Manuel Pégourié-Gonnard
ffc86ce8d6 Improve or expand several descriptions.
No change of behaviour, encoding or naming intended in this commit: just
describe the same behaviour, but in a way that's hopefully clearer and
more complete.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:26:41 +02:00
Manuel Pégourié-Gonnard
dc1b4e42e9 Fix a few typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 10:41:07 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 13:30:40 +02:00
Bence Szépkúti
da95ef9ae0 Remove PSA AEAD output size compatibility macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-28 10:01:20 +02:00
Bence Szépkúti
bd98df7715 Update documentation of AEAD output size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-27 04:37:18 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Bence Szépkúti
1dda21c4a4 Make sure we don't underflow in the size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:09:50 +02:00
Bence Szépkúti
b639d43538 Move and rename PSA_ALG_AEAD_IS_BASE_EQUAL
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:06:00 +02:00
Bence Szépkúti
f5a1fe9392 Explicitly check non-boolean values against zero
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:05:56 +02:00
Manuel Pégourié-Gonnard
7a366f7f97 PSA PBKDF2: add config option
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 13:23:03 +02:00
Manuel Pégourié-Gonnard
234b1ecace PSA PBKDF2: add "stretching" sub-category of key derivation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 13:07:21 +02:00
Manuel Pégourié-Gonnard
7da5791451 PSA PBKDF2: add algorithm macros + description
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 12:53:07 +02:00
Manuel Pégourié-Gonnard
49325d3bcf PSA PBKDF2: add verify-output functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 12:16:17 +02:00
Manuel Pégourié-Gonnard
22f08bcc00 PSA PBKDF2: add new input function
Note on naming: previously considered input_numeric but then thought the
other two input function are "input <name>" not "input <adjective>" so
decided to follow that pattern. input_int would be shorter but sounds
too much like the C type, which could be confusing as that's not the
type of the parameter; IMO "integer" avoids that problem.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:57:34 +02:00
Manuel Pégourié-Gonnard
5a67992a61 PSA PBKDF2: add/update input types
For the numeric values, I followed the apparent existing convention:
- first byte is 01 for secret inputs, 02 for non-secret inputs
- then second by is just incremented for each new input type

The documentation references a function that will be introduced in the
next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:34:03 +02:00
Manuel Pégourié-Gonnard
759438cfce PSA PBKDF2: add new policies
The documentation references functions that will be introduced in later
commits, but hopefully from the naming it's already clear what those
function will do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:34:03 +02:00
Manuel Pégourié-Gonnard
31cbbefde8 PSA PBKDF2: add new key types
Question to reviewers: regarding the numeric values, I'm not sure I've
incremented the right byte/nibble. Should this be 0x1201, 0x1202
instead, or something else? Is there a convention I should be aware of?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:32:28 +02:00
Manuel Pégourié-Gonnard
1cc91e7475
Merge pull request #4366 from gilles-peskine-arm/development_3.0-merge_2.x-20210419
Merge development 2.x into 3.0 (Apr 19)
2021-04-19 13:08:48 +02:00
Manuel Pégourié-Gonnard
16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h
Remove deprecated things from crypto_compat.h and dependent tests.
2021-04-19 10:55:21 +02:00
Gilles Peskine
ee259130e4 Merge branch 'development' into development_3.0
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
2021-04-19 10:51:59 +02:00
Bence Szépkúti
359411fd07 Adjust documentation of PSA_ALG_AEAD_IS_BASE_EQUAL
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-16 12:04:44 +02:00
Steven Cooreman
31e27af0cc Reword the builtin key language on persistency declaration
Specifically allow the driver to override the persistency level of a
builtin key in cases where the driver is persistency-aware.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-16 11:25:18 +02:00
Bence Szépkúti
607c0af246 Simplify PSA AEAD output size compatibility macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:17 +02:00
Bence Szépkúti
7e31009bdb Further reduce macro expansion
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Bence Szépkúti
598e92991a Rework PSA_AEAD_NONCE_LENGTH to reduce expansion
Due to repeated calls to PSA_AEAD_NONCE_LENGTH, which in turn calls
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG several times, some macros updated
in this PR expanded to over 6000 characters, more than the 4095 that ISO
C99 compilers are guaranteed to support.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Bence Szépkúti
0d8da39703 Mark unused macro argument as unused
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Steven Cooreman
b938b0bb03 Documentation clarification after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
c8b9534378 Change signature of mbedtls_psa_platform_get_builtin_key
Instead of the full attributes struct, it now only takes/returns what it
actually needs to.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
203bcbbc47 Style fixes (typos, whitespace, 80 column limit)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
6801f08973 Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Bence Szépkúti
eb1a301321 Update documentation references to the AEAD macros
Where a change was necessary, the new documentation was copied from the
PSA Crypto API spec exactly, with the exception of PSA_AEAD_TAG_LENGTH,
which needed some adjustment.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:17 +02:00
Bence Szépkúti
12116bc3bb Update the AEAD output size macros
This brings them in line with PSA Crypto API version 1.0.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:17 +02:00
Bence Szépkúti
f7b6b4e591 Align code style with the rest of the file
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti
30f91a4bca Mark AEAD compatibility macros as deprecated
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti
670df7a41d Rename AEAD output size macros in crypto_compat.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti
8810fd3250 Copy AEAD output size macros to crypto_compat.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
TRodziewicz
2a1a67300d Remove deprecated things from crypto_compat.h and dependent tests.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 23:12:42 +02:00
Bence Szépkúti
3b1cba82c8 Fix reference to deprecated macro in documentation
The reference was introduced in #4174.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-08 16:10:05 +02:00
Ronald Cron
df2e4f22a8
Merge pull request #4290 from ronald-cron-arm/hash-dispatch-follow-up
Hash dispatch follow up
2021-04-08 09:13:19 +02:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Ronald Cron
980230e965 psa: include: Update and improve multipart-op struct design notes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron
dd3b539573 psa: include: Clarify scope of crypto_builtin/driver_contexts.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron
06c84ca5f8 psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:30 +02:00
Ronald Cron
e31fd11ab3 psa: include: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 15:59:57 +02:00
Ronald Cron
d3b458c452 tests: psa: Fix expected error code
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:54:50 +02:00
Gilles Peskine
e5fde54337 Remove incorrect definitions of the dom2() and dom4() prefixes
Implementers and users would have to refer to the RFC for the detailed
specification of the algorithm anyway.

Keep a mention of the curves and hashes involved for avoidance of doubt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 15:08:10 +02:00
Gilles Peskine
a00abc6b65 Consistently describe Ed25519 as a 255-bit curve
The coordinates are over $F_{2^{255}-19}$, so by the general
definition of the bit size associated with the curve in the
specification, the value for size attribute of keys is 255.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
7e54a29bea Express DES key sizes in bits
The size attribute of a key is expressed in bits, so use bits in the
documentation. (The documentation of psa_export_key() describes the
export format, so it counts in bytes.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
6a427bf306 Document the general definition of bit sizes for asymmetric keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
27354690cb Use a bit-size in the algorithm name
Call it “SHAKE256-512”, just like SHA3-512 has 512 bits of output.
SHAKE256-64 looks like it's 64 bits of output, but this is 64 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
da7305e472 Avoid collision with SM3 in API specification 1.0.1
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
b13ead816c Make the hash-and-sign nature of Ed25519ph and Ed448ph explicit
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
e36f8aa1b0 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
7962284f78 Mention psa_hash_compute in the documentation of psa_{sign,verify}_hash
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
6d40085177 Don't duplicate the definition of PSA_ALG_IS_HASH_AND_SIGN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Ronald Cron
5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
6ad554cb83 psa: cipher: Prefer length rather than size for IV/block length
Prefer length rather than size for IV/block length as
per the PSA specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
02d68b2b8e psa: cipher: Fix comment type
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
9198e8c259 psa: driver contexts: Fix include order and wrapping
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
5d9b00dddb psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:07 +01:00
Ronald Cron
7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
d85e98d6f1 psa: config: Add CBC-MAC
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:26 +01:00
Ronald Cron
e1f5516025 psa: config: Improve handling of not supported ECC curves
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:19 +01:00
Ronald Cron
3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine
398413024d SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine
8276986c3e Curve448 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron
63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine
d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Ronald Cron
da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
David Brown
3298851d05 Fix alignment of PSA defines
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Steven Cooreman
f8e45a4e98 Simplify compilation guards around hash driver testing
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Gilles Peskine
01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length
Correct the maximum generated nonce length for CCM
2021-03-16 10:10:41 +01:00
David Brown
110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Steven Cooreman
0f8ffa806b Rename and retype hash test driver context structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
a85e2f835e Guard hash test functions as a block
Replicate the way the internal hash functions are guarded

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
830aff2a98 Restructure the way driver contexts are declared
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:32 +01:00
Bence Szépkúti
437035bfe3 Fix revert of PSA_AEAD_UPDATE_OUTPUT_SIZE
Both the original change, and its incomplete revert were introduced in
#3386.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 17:58:26 +01:00
Chris Jones
3848e31eac Fix internal references in public documentation
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-11 16:17:59 +00:00
Bence Szépkúti
0153c9436b Correct the maximum generated nonce length for CCM
psa_aead_generate_nonce() could generate a nonce of up to 13 bytes,
depending on the inputs to psa_aead_set_lengths().

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 15:45:17 +01:00
Ronald Cron
fc86f3f147
Merge pull request #3386 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size
Add new support macros for output buffer sizes since PSA API 1.0 beta 3
2021-03-11 13:30:42 +01:00
gabor-mezei-arm
5699101ac9
Update PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-11 11:55:03 +01:00
David Brown
3353f81694 Update psa/crypto_config.h to new names
An earlier commit fixes the names of the PSA_WANT_ECC_ macros.  Update
the crypto_config.h file to match these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown
20a8c4305a Define PSA_WANT definitions for all ECC curves
Mirror the default non-PSA configuration by enabling all supported ECC
curves.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
gabor-mezei-arm
9c3b5077e6
Update PSA_CIPHER_ENCRYPT_OUTPUT_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-10 15:57:44 +01:00
Chris Jones
1508fd1064 Remove broken doxygen link to internal macro
Removes a broken doxygen link to a macro that is now internal and
cannot be seen from the public API anymore.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Steven Cooreman
b1777312da Make the driver context union a defined type
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
dbf8ceda54 Change the way driver context structures are used
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.

This change defines & implements for hashing operations how the context
structures get defined.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
0e307647e6 Split hashing operations out into an mbedTLS hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Gilles Peskine
7ef23bee0e Documentation: fix \p names that diverged from the code
Fix places where Doxygen documentation uses \p to refer to a parameter
name and where the name used did not match the actual parameter name.

I used the following script to detect problematic cases:
```
perl -w -ne 'if (eof) { $. = 0; } if (m!^/\*\*!) { $in_doc = 1; %param = (); %p = (); } if (m!\*/!) { foreach $name (keys %p) { if (!$param{$name}) { foreach $line (@{$p{$name}}) { print "$ARGV:$line: $name\n" } } } $in_doc = 0; } if ($in_doc) { if (/\\param(?: *\[[^\[\]]*\])? +(\w+)/) { $param{$1} = 1; } foreach (/\\p +\*?(\w+)/) { push @{$p{$1}}, $.; } }' include/psa/*.h
```

This commits fixes all the remaining occurrences under include/psa,
which were just trivial name mismatches.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:31 +01:00
Gilles Peskine
364d12cfab Documentation: fix \p used for non-parameters
In Doxygen documentation, use \c rather than \p when discussing
something that isn't a parameter of the current macro or function.
Where needed, explain what the thing is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:15 +01:00
Gilles Peskine
8735343575 Fix copypasta in documentation of an error case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:08 +01:00
gabor-mezei-arm
286a36e17d
Fix size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-05 15:59:57 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
37389c768d Update validity domain of min_tag_length / min_mac_length
Review indicated explicit validity domain should be [1, max_alg_length]

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm
c6f2480854
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
gabor-mezei-arm
e86bdcaa11
Fix size macros and its documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm
fbd9f1e683
Add and update macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm
ee6bb560a6
Remove out of scope macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm
8809fb64eb
Add and update size macros for ciphers and keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00