Commit Graph

269 Commits

Author SHA1 Message Date
Gilles Peskine
5ce3e59dfe Doc: PSA_ALG_IS_HASH is unspecified if alg is not *supported* 2018-09-12 16:41:11 +03:00
Gilles Peskine
5d1888ebc5 Rename PSA_ALG_STREAM_CIPHER -> PSA_ALG_STREAM_CIPHER_BASE
Follow the usual naming convention: PSA_ALG_xxx_BASE for a constant
that isn't an algorithm, just used to build one.
2018-09-12 16:41:11 +03:00
Gilles Peskine
2853849498 Doxygen: linkify references to macro names 2018-09-12 16:41:11 +03:00
Gilles Peskine
61a60376b7 Fix misplaced Doxygen comment 2018-09-12 16:41:11 +03:00
Gilles Peskine
fe11951c16 Rename psa cipher functions to psa_cipher_xxx
Make function names for multipart operations more consistent (cipher
edition).

Rename symmetric cipher multipart operation functions so that they all
start with psa_cipher_:

* psa_encrypt_setup -> psa_cipher_encrypt_setup
* psa_decrypt_setup -> psa_cipher_decrypt_setup
* psa_encrypt_set_iv -> psa_cipher_set_iv
* psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-09-12 16:41:11 +03:00
Gilles Peskine
89167cb597 Split psa_mac_setup -> psa_mac_{sign,verify}_setup
Make function names for multipart operations more consistent (MAC
setup edition).

Split psa_mac_setup into two functions psa_mac_sign_setup and
psa_mac_verify_setup. These functions behave identically except that
they require different usage flags on the key. The goal of the split
is to enforce the key policy during setup rather than at the end of
the operation (which was a bit of a hack).

In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is
of the wrong type, abort the operation before returning BAD_STATE.
2018-09-12 16:41:11 +03:00
Gilles Peskine
acd4be36fa Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish
Make function names for multipart operations more consistent (MAC
finish edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine
da8191d1cd Rename psa_hash_start -> psa_hash_setup
Make function names for multipart operations more consistent (hash
edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine
07c91f5df3 Add notes about the purpose and usage of auxiliary header files 2018-09-12 16:41:11 +03:00
Gilles Peskine
2743e42580 Correct reference for RSA keypair export format 2018-09-12 16:41:11 +03:00
Gilles Peskine
af3baabd05 Define max sizes for MAC and signatures
This requires defining a maximum RSA key size, since the RSA key size
is the signature size. Enforce the maximum RSA key size when importing
or generating a key.
2018-09-12 16:41:11 +03:00
Gilles Peskine
49cee6c582 Move implementation-dependent size macros to crypto_sizes.h
Macros such as PSA_HASH_SIZE whose definitions can be the same
everywhere except in implementations that support non-standard
algorithms remain in crypto.h, at least for the time being.
2018-09-12 16:41:11 +03:00
Gilles Peskine
0cad07c2fb New header crypto_sizes.h
This header will contain macros that calculate buffer sizes, whose
semantics are standardized but whose definitions are
implementation-specific because they depend on the available algorithms
and on some permitted buffer size tolerances.

Move size macros from crypto_struct.h to crypto_sizes.h, because these
definitions need to be available both in the frontend and in the
backend, whereas structures have different contents.
2018-09-12 16:41:11 +03:00
Gilles Peskine
eae6eee24c Change ECDSA signature representation to r||s
Change the representation of an ECDSA signature from the ASN.1 DER
encoding used in TLS and X.509, to the concatenation of r and s
in big-endian order with a fixed size. A fixed size helps memory and
buffer management and this representation is generally easier to use
for anything that doesn't require the ASN.1 representation. This is
the same representation as PKCS#11 (Cryptoki) except that PKCS#11
allows r and s to be truncated (both to the same length), which
complicates the implementation and negates the advantage of a
fixed-size representation.
2018-09-12 16:41:11 +03:00
Gilles Peskine
a81d85b732 Sort out ECDSA mechanisms
* Distinguish randomized ECDSA from deterministic ECDSA.
* Deterministic ECDSA needs to be parametrized by a hash.
* Randomized ECDSA only uses the hash for the initial hash step,
  but add ECDSA(hash) algorithms anyway so that all the signature
  algorithms encode the initial hashing step.
* Add brief documentation for the ECDSA signature mechanisms.
* Also define DSA signature mechanisms while I'm at it. There were
  already key types for DSA.
2018-09-12 16:24:51 +03:00
Gilles Peskine
526fab0066 Fix parameter name signature_size for psa_asymmetric_verify
It should have been signature_length, following our conventions.
2018-09-12 16:24:51 +03:00
Gilles Peskine
e9191ff90b Add missing const for signature parameter of psa_asymmetric_verify 2018-09-12 16:24:51 +03:00
Gilles Peskine
08bac713df Clarify that asymmetric_{sign,verify} operate on a hash 2018-09-12 16:24:51 +03:00
Gilles Peskine
55bf3d1171 Sort out RSA mechanisms
* PSS needs to be parametrized by a hash.
* Don't use `_MGF1` in the names of macros for OAEP and PSS. No one
  ever uses anything else.
* Add brief documentation for the RSA signature mechanisms.
2018-09-12 16:24:51 +03:00
Gilles Peskine
9e73ff17d4 Add missing parameters to some documentation
tests/scripts/doxygen.sh now passes.
2018-09-12 16:24:50 +03:00
Gilles Peskine
ea4469f8d1 Fix parameter name in Doxygen documentation 2018-09-12 16:24:50 +03:00
Gilles Peskine
7ed29c56f1 Rename PSA_ALG_RSA_GET_HASH to PSA_ALG_SIGN_GET_HASH
And don't use it for HMAC when there's a perfectly serviceable
PSA_ALG_HMAC_HASH. HMAC isn't hash-and-sign.
2018-09-12 16:24:50 +03:00
Jaeden Amero
7baf0d5702 psa: doxygen: Fix parameters reference
Doxygen interprets `\param` as starting documentation for a new param, or
to extend a previously started `\param` documentation when the same
reference is used. The intention here was to reference the function
parameter, not extend the previous documentation. Use `\p` to refer to
function parameters.
2018-09-12 16:24:50 +03:00
Gilles Peskine
e584ccb6fd Merge remote-tracking branch 'psa/pr/57' into feature-psa 2018-09-12 16:24:50 +03:00
Gilles Peskine
e9a0a9d74d Update documentation of psa_success_t
Now that the type is not an enum, explain what values are valid.

Also add a comment to explain the #if defined(PSA_SUCCESS) temporary hack.
2018-09-12 16:24:50 +03:00
itayzafrir
c2a7976886 PSA Crypto error code definitions
Removed the psa_status_t enum and defined error codes as defines.
Conditionally defining PSA_SUCCESS and psa_status_t.
2018-09-12 16:24:50 +03:00
Gilles Peskine
48c0ea14c6 Remove PSA_KEY_TYPE_IS_RAW_BYTES from crypto.h
It isn't used to define other macros and it doesn't seem that useful
for users. Remove it, we can reintroduce it if needed.

Define a similar function key_type_is_raw_bytes in the implementation
with a clear semantics: it's a key that's represented as a struct
raw_data.
2018-09-12 16:24:50 +03:00
Gilles Peskine
4e69d7a9a7 psa_generate_key: pass parameters_size argument
When calling psa_generate_key, pass the size of the parameters buffer
explicitly. This makes calls more verbose but less error-prone. This
also has the benefit that in an implementation with separation, the
frontend knows how many bytes to send to the backend without needing
to know about each key type.
2018-09-12 16:22:51 +03:00
Gilles Peskine
e1fed0de18 Define elliptic curve identifiers from TLS
Instead of rolling our own list of elliptic curve identifiers, use one
from somewhere. Pick TLS because it's the right size (16 bits) and
it's as good as any.
2018-09-12 16:19:04 +03:00
Gilles Peskine
b3e6e5deeb Rename hash max sizes for consistency
Use "hash" throughout the library, not "md" as in Mbed TLS.
2018-09-12 16:19:04 +03:00
Gilles Peskine
2d2778650b Normalize whitespace
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Gilles Peskine
6de7a179c8 Fix file permissions
Some files were marked as executable but shouldn't have been.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
5ca6547b77 Renamed hmac_ctx to opad and removed null check.
this array is now part of the struct and not dynamically allocated
so it can't be null.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9e2ffe83ac change type of hash block to uint8_t 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601 change hmac context to use statically allocated memory
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f Commit changes to hmac to not use MD abstraction
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine
8605428dcf Merge remote-tracking branch 'psa/pr/27' into feature-psa 2018-09-05 12:46:19 +03:00
Gilles Peskine
625b01c9c3 Add OAEP placeholders in asymmetric encrypt/decrypt
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.

Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
723feffe15 Fix some errors in PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
A call to PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE wouldn't even have
compiled. Fix some obvious errors. This is still untested.
2018-09-05 12:44:17 +03:00
Gilles Peskine
d6125ca63b Merge remote-tracking branch 'psa/pr/24' into feature-psa 2018-09-05 12:41:53 +03:00
Gilles Peskine
3585596aec Document a few more macros 2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa 2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131 psa_destroy_key: return SUCCESS on an empty slot
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
5e39dc96e0 New macro PSA_AEAD_TAG_SIZE, use it for PSA_AEAD_xxx_OUTPUT_SIZE 2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0 Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
Gilles Peskine
212e4d8f7c Improve documentation of PSA_AEAD_xxx_OUTPUT_SIZE 2018-09-05 12:41:52 +03:00
Gilles Peskine
65eb8588fe Expand the description of error codes 2018-09-05 12:41:52 +03:00
mohammad1603
1347a73fbe fix macros documentation style. 2018-09-05 12:41:52 +03:00
mohammad1603
fb5b9cbb8d add missing documentations 2018-09-05 12:41:52 +03:00
mohammad1603
22898ba0bd remove duplicated definition 2018-09-05 12:41:51 +03:00
Gilles Peskine
36a74b71a0 Fix Doxygen comments to pass clang -Wdocumentation 2018-09-05 12:41:51 +03:00
Gilles Peskine
1e7d8f1b09 Document AEAD functions
Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define
macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE
(untested).
2018-09-05 12:41:51 +03:00
mohammad1603
dad36fa855 add Key and Algorithm validation 2018-09-05 12:38:18 +03:00
mohammad1603
579d359007 remove psa_aead_encrypt_setup from header file
remove psa_aead_encrypt_setup from header file
2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230 Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa 2018-09-05 12:38:17 +03:00
mohammad1603
39ee871d3f Change AEAD APIs to integrated AEAD APIs.
Change AEAD APIs to integrated AEAD APIs, this will allow t support CCM and
GCM algorithms.
2018-09-05 12:38:17 +03:00
Moran Peker
ad9d82cc0e add iv_required field to psa_cipher_operation_s and fix relevant functions 2018-09-05 12:14:28 +03:00
Moran Peker
bed71a2b17 fix missing check on output_size in psa_cipher_finish func 2018-09-05 12:14:28 +03:00
Moran Peker
0071b873a3 add missing parameter output_size on psa_cipher_finish 2018-09-05 12:14:28 +03:00
Moran Peker
e1210dcac3 remove unused parameter in psa_cipher_finish. 2018-09-05 12:14:28 +03:00
mohammad1603
8481e74ecc CR fixes
more fixes

Compilation fixes

Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603
efb0107fbe CR fix, remove exposing ECB 2018-09-05 12:14:27 +03:00
mohammad1603
990a18c2f0 add ecb to cipher algorithms 2018-09-05 12:14:27 +03:00
Gilles Peskine
d1e8e41737 Adapt older import_export test data to the new function signature 2018-09-05 12:13:23 +03:00
Gilles Peskine
5100318a92 Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
Export public key implementation (#18)
2018-09-05 12:13:23 +03:00
mohammad1603
8275961178 warnings fixes 2018-09-05 12:13:23 +03:00
mohammad1603
503973bdf3 initial implementation for PSA symmetric APIs - missing tests and documentations 2018-09-05 12:13:23 +03:00
Moran Peker
b4d0ddd2d3 psa_export_public_key 2018-09-05 12:13:20 +03:00
Moran Peker
dd4ea38d58 export public key 2018-09-05 12:10:47 +03:00
itayzafrir
5c7533923a ECDSA sign and verify implementation and tests
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine
a0655c3501 Merge remote-tracking branch 'psa/pr/13' into feature-psa
Conflicts:
	library/psa_crypto.c
	tests/suites/test_suite_psa_crypto.data
	tests/suites/test_suite_psa_crypto.function

All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
Gilles Peskine
f0c9dd37d2 Added possible error codes for lifetime functions 2018-09-05 12:01:38 +03:00
Gilles Peskine
9bb53d7aff Fix copypasta in lifetime function descriptions 2018-09-05 12:01:38 +03:00
Gilles Peskine
8ca560293b Whitespace fixes 2018-09-05 12:01:37 +03:00
mohammad1603
a7d245a4a2 Fix return error values description
Fix return PSA_ERROR_INVALID_ARGUMENT description for psa_set_key_lifetime()
and psa_get_key_lifetime()
2018-09-05 12:01:37 +03:00
mohammad1603
ea0500936e Change behavior of psa_get_key_lifetime()
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603
1c34545cfe Remove usage of PSA_KEY_LIFETIME_NONE
Remove usage of PSA_KEY_LIFETIME_NONE, initiate all key slot to
PSA_KEY_LIFETIME_VOLATILE ini psa_crypto_init()
2018-09-05 12:01:37 +03:00
mohammad1603
ba178511f4 Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603
804cd71bf8 initial key lifetime implementation and tests 2018-09-05 12:01:37 +03:00
Gilles Peskine
c63b6ba754 Merge remote-tracking branch 'psa/pr/14' into feature-psa
Conflict resolution:

* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14,
  rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
  was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine
f48af7fe76 psa_generate_key: specify what the extra parameters mean 2018-09-05 11:53:26 +03:00
Gilles Peskine
9e7dc717b0 New function: generate key/random 2018-09-05 11:53:26 +03:00
Gilles Peskine
06297936f2 More precise bounds for PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE 2018-09-05 11:53:26 +03:00
mohammad1603
5feda72d7a Remove usage of PSA_ERROR_INVALID_KEY_POLICY
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
Gilles Peskine
6944f9a831 New functions: asymmetric encrypt/decrypt 2018-09-05 11:53:26 +03:00
Gilles Peskine
9673cc8255 Define PSA_ALG_RSA_OAEP_MGF1(hash) 2018-09-05 11:53:26 +03:00
Gilles Peskine
8484565f85 Minor errors in documentation around asymmetric signature 2018-09-05 11:53:26 +03:00
mohammad1603
6df908f234 Add static internal MAC finish function
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine
a59262338a Rename PKCS1V15 to PKCS1V15_SIGN
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
Gilles Peskine
058e0b9963 Avoid empty unions
When no algorithms are present in a category (e.g. no AEAD algorithm),
the union in the corresponding operation structure was empty, which is
not valid C. Add a dummy field to avoid this.
2018-09-05 11:53:26 +03:00
Gilles Peskine
9a1ba0dd3f Typo in the documentation of psa_get_key_information 2018-09-05 11:53:26 +03:00
mohammad1603
8cc1ceec3e Key Policy APIs implementation 2018-09-05 11:53:26 +03:00
Gilles Peskine
1906798d4c Fix some typos and copypasta 2018-09-05 11:53:25 +03:00
Gilles Peskine
ed522974bd Clarify how multipart operations get terminated 2018-09-05 11:53:25 +03:00
Gilles Peskine
971f7064e9 More precise reference for the RSA public key format 2018-09-05 11:53:25 +03:00
Gilles Peskine
7e19853722 More documentation 2018-09-05 11:53:25 +03:00
Gilles Peskine
d393e18f90 Add psa_set_key_lifetime
It is likely that most implementations won't support this function.
But in case an implementation wants to provide it, standardize its
interface.
2018-09-05 11:53:25 +03:00
Gilles Peskine
e3f694f49a Remove non-standard hash algorithms 2018-09-05 11:53:25 +03:00
Gilles Peskine
06dc26350e Fix macro definitions for ECC keys
Public keys and key pairs have different types.
2018-09-05 11:53:25 +03:00
Gilles Peskine
03182e99b6 Fix parameter name in PSA_BLOCK_CIPHER_BLOCK_SIZE 2018-09-05 11:53:25 +03:00
Gilles Peskine
f5b9fa13e0 Documentation clarifications
Clarify or add the documentation of some functions and constants.

Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-09-05 11:53:25 +03:00
Gilles Peskine
2905a7adcc Fix namespace violation 2018-09-05 11:53:25 +03:00
Gilles Peskine
609b6a5b67 Get the lifetime of a key slot 2018-09-05 11:53:25 +03:00
Gilles Peskine
7698bcf338 Basic interface for key policies
Get/set the policy of a key slot.

Opaque structure for key policies and field access functions.
2018-09-05 11:53:25 +03:00
Gilles Peskine
92b3073e36 Minor documentation fixes 2018-09-05 11:53:25 +03:00
Gilles Peskine
3b555710e2 Prototypes for AEAD functions
This is still tentative.
2018-09-05 11:53:25 +03:00
Gilles Peskine
428dc5aef1 Prototypes for symmetric cipher functions 2018-09-05 11:53:25 +03:00
Gilles Peskine
7e4acc5ef8 Document some MAC functions: psa_mac_start
Adapt the documentation of hash functions.

State that the key object does not need to remain valid throughout the
operation.
2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.

Implement HMAC anc CMAC.

Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
308b91d7db Wrote documentation for several functions, macros and types
Document key import/export functions, hash functions, and asymmetric
sign/verify, as well as some related macros and types.

Nicer formatting for return values: use \retval.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0 Implement hash functions
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
a590529938 Greatly expanded mbedtls_to_psa_error
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine
98f0a24255 Improve key type and algorithm encodings
Refine the encoding of key types and algorithms so that ranges of bits
make more sense.

Define a few symmetric cipher algorithms.
2018-09-05 11:53:24 +03:00
Gilles Peskine
0189e7512d PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579 PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
Define hash algorithms and RSA signature algorithms.

New function psa_asymmetric_sign.

Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921 PSA key import: support RSA public keys
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad Add key management functions
Define psa_key_type_t and a first stab at a few values.

New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.

Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
62a7e7e65f Add a Doxygen-only section
This is intended to document platform-specific definitions in PSA.
2018-09-05 10:59:02 +03:00
Gilles Peskine
e59236fc17 Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.

Implement psa_crypto_init function which sets up a RNG.

Add a mbedtls_psa_crypto_free function which deinitializes the
library.

Define a first batch of error codes.
2018-09-05 10:59:00 +03:00