Commit Graph

703 Commits

Author SHA1 Message Date
Gilles Peskine
36029387de
Merge pull request #285 from gilles-peskine-arm/psa-se_driver-validate_save_persistent
SE driver: make persistent data work
2019-10-09 18:35:33 +02:00
Gilles Peskine
1bbe284d63
Merge pull request #272 from adrianlshaw/document_old_algs
Insert doxygen comments on old algorithms so they appear in PSA documentation
2019-10-09 17:18:11 +02:00
Gilles Peskine
43326f0d1e Change PSA_DH_GROUP_CUSTOM to not be in the vendor-defined range 2019-10-09 16:43:39 +02:00
Gilles Peskine
2493401af4 Document that psa_close_key(0) and psa_destroy_key(0) succeed
Document that passing 0 to a close/destroy function does nothing and
returns PSA_SUCCESS.

Although this was not written explicitly, the specification strongly
suggested that this would return PSA_ERROR_INVALID_HANDLE. While
returning INVALID_HANDLE makes sense, it was awkward for a very common
programming style where applications can store 0 in a handle variable
to indicate that the handle has been closed or has never been open:
applications had to either check if (handle != 0) before calling
psa_close_key(handle) or psa_destroy_key(handle), or ignore errors
from the close/destroy function. Now applications following this style
can just call psa_close_key(handle) or psa_destroy_key(handle).
2019-10-08 15:43:13 +02:00
Andrew Thoelke
6e59505bb2 Recommend use of GREASE values for vendor defined DH groups 2019-10-07 22:27:17 +01:00
Andrew Thoelke
691ec52694 Remove over-specific RFC references
Rely on general reference to IANA documentation
2019-10-07 15:28:36 +01:00
Andrew Thoelke
02b372b7b2 Fix defgroup syntax for API version section 2019-10-02 09:32:21 +01:00
Gilles Peskine
5ec3a30edb SE driver: validate_slot_number: support changing persistent data
Add a parameter to the p_validate_slot_number method to allow the
driver to modify the persistent data.

With the current structure of the core, the persistent data is already
updated. All it took was adding a way to modify it.
2019-10-01 14:27:23 +02:00
Gilles Peskine
3efcebbc5e SE support: Use a transaction when registering a key
When registering a key in a secure element, go through the transaction
mechanism. This makes the code simpler, at the expense of a few extra
storage operations. Given that registering a key is typically very
rare over the lifetime of a device, this is an acceptable loss.

Drivers must now have a p_validate_slot_number method, otherwise
registering a key is not possible. This reduces the risk that due to a
mistake during the integration of a device, an application might claim
a slot in a way that is not supported by the driver.
2019-10-01 14:18:35 +02:00
Gilles Peskine
a990c49caf
Merge pull request #269 from adrianlshaw/version
Add PSA API versioning
2019-09-30 15:59:21 +02:00
Andrew Thoelke
214064ea85 Xref documentation for ECC curves and DH groups.
Connect the types to the key type construction macros by x-refs.
2019-09-25 22:16:21 +01:00
Andrew Thoelke
fd368e50d5 Support for vendor-defined ECC curves and DH groups
Define a vendor-range within the the private use ranges in the IANA 
registry. Provide recommendations for how to support vendor-defined 
curves and groups.
2019-09-25 22:14:29 +01:00
Andrew Thoelke
c625045da6 Tighten up language regarding direct use of the IANA registry values 2019-09-25 22:11:36 +01:00
Gilles Peskine
178c9aa966 Key derivation: forbid output_key without input_key
If none of the inputs to a key derivation is a
PSA_KEY_DERIVATION_INPUT_SECRET passed with
psa_key_derivation_input_key(), forbid
psa_key_derivation_output_key(). It usually doesn't make sense to
derive a key object if the secret isn't itself a proper key.
2019-09-24 18:39:03 +02:00
Gilles Peskine
7ebd4dcf57 Key derivation: allow both keys and direct inputs (function doc)
Update the documentation of psa_key_derivation_input_key() and
psa_key_derivation_input_bytes() now that the key/buffer distinction
is not mandatory.
2019-09-24 18:39:03 +02:00
Gilles Peskine
224b0d656a Key derivation: allow both keys and direct inputs
Allow a direct input as the SECRET input step in a key derivation, in
addition to allowing DERIVE keys. This makes it easier for
applications to run a key derivation where the "secret" input is
obtained from somewhere else. This makes it possible for the "secret"
input to be empty (keys cannot be empty), which some protocols do (for
example the IV derivation in EAP-TLS).

Conversely, allow a RAW_DATA key as the INFO/LABEL/SALT/SEED input to a key
derivation, in addition to allowing direct inputs. This doesn't
improve security, but removes a step when a personalization parameter
is stored in the key store, and allows this personalization parameter
to remain opaque.

Add test cases that explore step/key-type-and-keyhood combinations.
2019-09-24 18:39:03 +02:00
Andrew Thoelke
c6f03ef6d4 Include IANA reference in the definition of ECC curves and DH groups
Fixes ARMmbed/psa-crypto#262
2019-09-24 13:19:49 +01:00
Andrew Thoelke
dd49cf984b Include vendor-defined algorithm macros
Fixes ARMmbed/psa-crypto#264
2019-09-24 13:11:49 +01:00
Gilles Peskine
38b7c5edeb
Merge pull request #260 from athoelke/at-operations
Update multipart operation documentation
2019-09-20 18:44:44 +02:00
Adrian L. Shaw
21e7145f46 Insert doxygen comments on old algorithms so they appear in PSA documentation 2019-09-20 16:01:11 +01:00
Gilles Peskine
c893235ea1
Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases
Improve how generate_psa_constants handles compatibility aliases
2019-09-19 16:20:08 +02:00
Adrian L. Shaw
429fff487a Remove whitespace 2019-09-19 14:03:49 +01:00
Adrian L. Shaw
d89338ac47 Add API versioning 2019-09-19 13:32:57 +01:00
Gilles Peskine
a291413a1e
Merge pull request #257 from gilles-peskine-arm/psa-remove_zero_length_keys
Forbid zero-length keys
2019-09-19 13:07:41 +02:00
Andrew Thoelke
51514f57e9 Resolve inconsistent descipriton of operation state after exhausting a key derivation operation 2019-09-18 17:50:01 +01:00
Andrew Thoelke
4104afb770 Clarify valid state descriptions 2019-09-18 17:47:25 +01:00
Andrew Thoelke
beb97ba066 Update documentation for multipart key derivation operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke
414415a457 Update documentation for multipart aead operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke
db6f44f875 Update documentation for multipart cipher operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
9f208cc8c2 Update documentation for multipart mac operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
272ba1dd96 Update documentation for multipart hash operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke
340984b003 Fix PSA_ERROR_BAD_STATE messages
Remove some duplicated entries and added some missing ones.
2019-09-13 15:35:17 +01:00
Gilles Peskine
05c900b576 Forbid keys of size 0
Keys of size 0 generally don't make sense: a key is supposed to be
secret. There is one edge case which is "raw data" keys, which are
useful to store non-key objects in the same storage location as keys.
However those are also problematic because they involve a zero-length
buffer. Manipulating zero-length buffers in C requires special cases
with functions like malloc() and memcpy(). Additionally, 0 as a key
size already has a meaning "unspecified", which does not always
overlap seamlessly with the meaning "0".

Therefore, forbid keys of size 0. No implementation may accept them.
2019-09-12 18:29:43 +02:00
Gilles Peskine
a170d927dd Clarify how key creation functions use attributes and what 0 means
Clarify how key creation functions use attributes. Explain the meaning
of attribute values, espcially what 0 means in each field where it has
a special meaning. Explain what an algorithm usage policy can be (an
algorithm, a wildcard with ANY_HASH, or 0).
2019-09-12 17:38:19 +02:00
Andrew Thoelke
5ae24ec7af Add missing error case to psa_aead_verify 2019-09-12 09:44:33 +01:00
Adrian L. Shaw
4c61c1a736 Move psa_destroy_key and psa_copy_key to Key Management section 2019-09-11 14:40:51 +01:00
Jaeden Amero
4badc92438
Merge pull request #117 from gilles-peskine-arm/psa_error_code_coverage
PSA return status coverage script
2019-09-10 16:39:23 +01:00
Jaeden Amero
4864eb5bec
Merge pull request #247 from athoelke/at-key-handles
Update the behavior of key handles
2019-09-10 14:38:56 +01:00
Andrew Thoelke
970629fc9a Fix grammar. 2019-09-09 09:56:34 +01:00
Gilles Peskine
be061337c1 Document more error codes 2019-09-06 19:29:52 +02:00
Gilles Peskine
1983512803 Add backward compatibility alias for PSA_ERROR_CORRUPTION_DETECTED
This was renamed from PSA_ERROR_TAMPERING_DETECTED. Add a backward
compatibility alias in case somebody was already using it.
2019-09-06 17:48:56 +02:00
Jaeden Amero
7c2cc479b0
Merge pull request #213 from adrianlshaw/psa-api-1.0-beta
Update function return codes
2019-09-06 08:53:29 +01:00
Adrian L. Shaw
8619f8cd07 Remove storage errors from psa_generate_random 2019-09-05 10:37:22 +01:00
Andrew Thoelke
de183416f8 Update the behavior of key handles
* open output distinct key handles
* each handle must be closed
* destroying a key does not invalidate other handles
* closing a key can/might fail an active operation (but not required)
2019-09-05 09:38:06 +01:00
Adrian L. Shaw
3b5975641e Fix return code warnings
- Remove STORAGE_FAILURE from hash and abort functions
- Remove BUFFER_TOO_SMALL from psa_mac_verify
2019-09-04 19:20:32 +01:00
Jaeden Amero
8096969905
Merge pull request #139 from Patater/des-faster-and-typo-fix
Make DES self-test faster, and fix a typo
2019-09-04 12:18:39 +01:00
Adrian L. Shaw
fa2cefa001 Fix warnings 2019-09-04 11:36:15 +01:00
Adrian L. Shaw
f483973c37 Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
599c712668 Remove errorneous insert 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
1505b2108a Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
1f1e1a5253 Add storage failure to psa_mac_verify_finish 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
56b32b126c Add storage failure to psa_mac_sign_finish 2019-09-04 11:35:32 +01:00
Adrian L. Shaw
22bc8fff0c Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:35:06 +01:00
Adrian L. Shaw
8f7cd1ee55 Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:34:22 +01:00
Adrian L. Shaw
97d3bc3674 Added extra bad state case to psa_hash_setup 2019-09-04 11:34:22 +01:00
Adrian L. Shaw
2364924619 Add missing return codes to psa_generate_key 2019-09-04 11:34:22 +01:00
Adrian L. Shaw
1f42a84a13 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:33:32 +01:00
Adrian L. Shaw
650229ba38 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
2a889781c5 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
11638b99a0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
7f1863c905 Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
15731c1422 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
23c006f45e Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:31:14 +01:00
Adrian L. Shaw
39797aa34c Fix erroneous cut and paste 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
fbf7f121f9 Separate return codes for unsupported and invalid algorithms 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
66200c4e98 Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
f97c8523ee Add CORRUPTION_DETECTED to psa_close_key 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
6725757cec Remove errorneous insert 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
484ba88a0f Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
dc5bf5c8e7 Add storage failure to (encrypt/decrypt)_setup 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
d9e9024885 Add storage failure to psa_mac_verify_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
263223689f Add storage failure to psa_mac_sign_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw
8d0bcf27ec Add PSA_ERROR_INVALID_ARGUMENT to psa_hash_compare 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
df3c7ac645 Remove trailing whitespace 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d789dc13da Added a few more return codes 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
3e41249417 Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
71b33ffcf8 Add missing error codes to psa_generate_random 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
0d280b9873 Add missing error codes for psa_raw_key_agreement 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
a3f6ba5843 Added PSA_ERROR_STORAGE_FAILURE to psa_cipher_(encrypt/decrypt) 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
320659b54c Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
e970d65273 Added extra bad state case to psa_hash_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
6e758c9bb8 Add missing return codes to psa_asymmetric_verify 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
27c121574b Add missing parameters to psa_asymmetric_sign 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d21c6e6566 Add missing return codes to psa_generate_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
c207ba376e Added missing return codes to psa_aead_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
96f31ada18 Add missing return codes to psa_asymmetric_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
f961d5c9e6 Add missing return codes to psa_asymmetric_encrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
53d90c5199 Only return PSA_ERROR_DOES_NOT_EXIST from psa_open_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
9770d0e0f8 Add PSA_ERROR_STORAGE_FAILURE to psa_mac_verify_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
2409ba0429 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
7563ed17ab Remove PSA_ERROR_DOES_NOT_EXIST from psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
d5ae06b1e3 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
dec47b6f9d Added the possibility of PSA_ERROR_BAD_STATE to all functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
fa591c44af Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
f7d852a9d5 Added PSA_ERROR_BUFFER_TOO_SMALL to psa_hash_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
60b0320af0 Add PSA_ERROR_STORAGE_FAILURE to psa_copy_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw
398b3c27e0 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
e926e7370f Removed PSA_DOES_NOT_EXIST from psa_export_public_key
The implementation should return PSA_ERROR_INVALID_HANDLE instead.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
88c51adfc0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
742084ea25 Removed PSA_ERROR_DOES_NOT_EXIST from psa_export_key
If the key doesn't exist by the time this call is made
then the handle is invalid,
which means that PSA_ERROR_INVALID_HANDLE should be
returned rather than "does not exist"
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
0542d595ce Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
89b7152ed0 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw
29b64073af Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:30:17 +01:00
Jaeden Amero
95d8438138 crypto_platform: Fix typo 2019-09-04 10:11:45 +01:00
Jaeden Amero
98d5685b70
Merge pull request #232 from Patater/psa-crypto-api-1.0b3
Make fixes related to using Mbed Crypto as a service
2019-08-29 13:50:10 +01:00
Jaeden Amero
21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Jaeden Amero
6fa62a5b8f psa: Use application key ID where necessary
Avoid compiler errors when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
is set by using the application ID type.

    [Error] psa_crypto_slot_management.c@175,9: used type 'psa_key_id_t' (aka 'psa_key_file_id_t') where arithmetic or pointer type is required
2019-08-28 17:24:27 +01:00
Jaeden Amero
e3cdf284b2 psa: Adapt set_key_id() for when owner is included 2019-08-28 17:24:27 +01:00
Jaeden Amero
39f03fcf1a psa: Add PSA_KEY_ID_INIT
A macro useful for initializing psa_key_id_t, whether
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set or not. Without this
macro, it is necessary to know if
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER as with it the key ID is
non-scalar and needs to be initialized with {0, 0}, and 0 otherwise when
key ID is scalar.
2019-08-28 17:24:27 +01:00
Jaeden Amero
f89cc69660 psa: Don't duplicate policy initializer
Use the PSA_KEY_POLICY_INIT macro in the definition of
PSA_CORE_KEY_ATTRIBUTES_INIT in order to avoid duplicating the key
policy initializer.
2019-08-28 17:24:27 +01:00
Jaeden Amero
c7529c910b crypto_extra: Use const seed for entropy injection
The crypto.c implementation of psa_inject_entropy() didn't match the
declaration in crypto_extra.h. Use a const seed in both files.
2019-08-28 17:24:27 +01:00
Andrew Thoelke
8824daec6f Editorial fixes. 2019-08-22 15:52:32 +01:00
Andrew Thoelke
3c2b80377b Cross reference 'key handles' from INVALID_HANDLE 2019-08-22 15:52:32 +01:00
Andrew Thoelke
07f16b78ff Update documentation for psa_destroy_key
Define the affect on handles to the key and on active multipart 
operations.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
3daba812d7 Update documentation for psa_close_key
Adjust the wording to permit multiple handles to a single key - closing
a handle does not necessarily release volatile memory associated with
the key, that only occurs when the last handle is closed.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
9741b11440 Update psa_open_key documentation
- Describe the implementation defined behavior for opening multiple 
keys, and provide a reference to the relevant section.

- Describe the use of INSUFFICENT_MEMORY error to indicate additional 
implementation resource constaints.

- Clarify the distinction between DOES_NOT_EXIST and INVALID_HANDLE 
error conditions.
2019-08-22 15:52:32 +01:00
Andrew Thoelke
203491c65d Remove duplicated information in psa_open_key
The information about implmementation keys is duplicated.
2019-08-22 15:52:31 +01:00
Jaeden Amero
8013f44e1a Make crypto_struct C++ compatible
Avoid an error with differing linkages being expressed for
psa_set_key_domain_parameters() between crypto_extra.h and
crypto_struct.h in C++ builds.

    [Error] crypto_extra.h@456,14: conflicting declaration of 'psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t*, psa_key_type_t, const uint8_t *, size_t)' with 'C' linkage
2019-08-21 12:24:40 +01:00
Jaeden Amero
b090d5dc2a
Merge pull request #231 from dgreen-arm/api-to-development
Merge psa api branch into development
2019-08-21 11:50:57 +01:00
Unknown
e2e19959d7 Rename AEAD macro to not use double underscores
This pattern (identifiers containing a double underscore anywhere in them)
is reserved.
2019-08-21 03:33:04 -04:00
k-stachowiak
b9b4f09c47 Document new error type returned from the key derivation API 2019-08-15 19:01:59 +02:00
k-stachowiak
012dcc4b87 Remove PSA_PRE_1_0_KEY_DERIVATION and the corresponding code 2019-08-13 18:42:40 +02:00
k-stachowiak
0b74cf85ea Remove psa_key_derivation() and associated static functions 2019-08-13 18:42:27 +02:00
Gilles Peskine
b4e73e9747 Add some design notes about multipart operation structures 2019-08-13 15:00:57 +02:00
Gilles Peskine
f3801fff77 Update import_key and generate_key SE methods to the current API
The methods to import and generate a key in a secure element drivers
were written for an earlier version of the application-side interface.
Now that there is a psa_key_attributes_t structure that combines all
key metadata including its lifetime (location), type, size, policy and
extra type-specific data (domain parameters), pass that to drivers
instead of separate arguments for each piece of metadata. This makes
the interface less cluttered.

Update parameter names and descriptions to follow general conventions.

Document the public-key output on key generation more precisely.
Explain that it is optional in a driver, and when a driver would
implement it. Declare that it is optional in the core, too (which
means that a crypto core might not support drivers for secure elements
that do need this feature).

Update the implementation and the tests accordingly.
2019-08-09 16:43:35 +02:00
Gilles Peskine
a5f8749812 SE key registration: call p_validate_slot_number
When registering a key in a secure element, if the driver has a
p_validate_slot_number method, call it.
2019-08-09 15:05:32 +02:00
Gilles Peskine
d772958ffc New function mbedtls_psa_register_se_key
Register an existing key in a secure element.

Minimal implementation that doesn't call any driver method and just
lets the application declare whatever it wants.
2019-08-09 15:05:21 +02:00
Gilles Peskine
e88c2c1338 Pass the key creation method to drivers
Pass the key creation method (import/generate/derive/copy) to the
driver methods to allocate or validate a slot number. This allows
drivers to enforce policies such as "this key slot can only be used
for keys generated inside the secure element".
2019-08-09 14:59:31 +02:00
Gilles Peskine
9d75202efb Clarify and expand the documentation of the allocate/create sequence 2019-08-09 11:33:48 +02:00
Gilles Peskine
ae9964d3ef Add validate_slot_number method to SE drivers
Pave the way for allowing the application to choose the slot number in
a secure element, rather than always letting the driver choose.
2019-08-08 11:02:30 +02:00
Gilles Peskine
0a23322431 Improve documentation of the allocate method 2019-08-08 11:02:30 +02:00
Gilles Peskine
5fe5e27591 Test slot_number attribute
Test the behavior of the getter/setter functions.

Test that psa_get_key_slot_number() reports a slot number for a key in
a secure element, and doesn't report a slot number for a key that is
not in a secure element.

Test that psa_get_key_slot_number() reports the correct slot number
for a key in a secure element.
2019-08-08 10:58:09 +02:00
Gilles Peskine
c8000c005a Add slot_number attribute
Add a slot_number field to psa_key_attributes_t and getter/setter
functions. Since slot numbers can have the value 0, indicate the
presence of the field via a separate flag.

In psa_get_key_attributes(), report the slot number if the key is in a
secure element.

When creating a key, for now, applications cannot choose a slot
number. A subsequent commit will add this capability in the secure
element HAL.
2019-08-08 10:58:09 +02:00
Gilles Peskine
91e8c33f48 Add infrastructure for key attribute flags
Add infrastructure for internal, external and dual-use flags, with a
compile-time check (if static_assert is available) to ensure that the
same numerical value doesn't get declared for two different purposes
in crypto_struct.h (external or dual-use) and
psa_crypto_core.h (internal).
2019-08-08 10:58:09 +02:00
Gilles Peskine
0c77b0e2f9
Merge pull request #198 from gilles-peskine-arm/psa-api-1.0-beta-merge_development_20190801
Merge mbed-crypto/development into psa-api-1.0-beta
2019-08-08 10:24:53 +02:00
Gilles Peskine
72c8c5b352 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801
Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
2019-07-31 17:47:49 +02:00
Gilles Peskine
68cc433b5b Store key sizes in 16 bits in attributes
This is larger than the maximum key size introduced in the previous
commit, by design.

Make some room for flags (not used yet).
2019-07-30 21:08:38 +02:00
Gilles Peskine
c744d99386 Limit keys to 65528 bits
65528 bits is more than any reasonable key until we start supporting
post-quantum cryptography.

This limit is chosen to allow bit-sizes to be stored in 16 bits, with
65535 left to indicate an invalid value. It's a whole number of bytes,
which facilitates some calculations, in particular allowing a key of
exactly PSA_CRYPTO_MAX_STORAGE_SIZE to be created but not one bit
more.

As a resource usage limit, this is arguably too large, but that's out
of scope of the current commit.

Test that key import, generation and derivation reject overly large
sizes.
2019-07-30 20:58:33 +02:00
Gilles Peskine
7e0cff90b9 Move attribute fields to a substructure
Move the "core attributes" to a substructure of psa_key_attribute_t.
The motivation is to be able to use the new structure
psa_core_key_attributes_t internally.
2019-07-30 20:58:27 +02:00
Gilles Peskine
1801740a7c SE driver: report the bit size on key import
Add a parameter to the key import method of a secure element driver to
make it report the key size in bits. This is necessary (otherwise the
core has no idea what the bit-size is), and making import report it is
easier than adding a separate method (for other key creation methods,
this information is an input, not an output).
2019-07-29 18:07:09 +02:00
Gilles Peskine
adb1c52149
Merge pull request #157 from gilles-peskine-arm/psa-se_driver-create_key
Secure element key creation foundation
2019-07-26 14:39:55 +02:00
Gilles Peskine
0c3ae1f0b4 Improve documentation of SE driver persistent state
Explain what it can be used for and when it is saved to storage.
2019-07-25 14:04:38 +02:00
Gilles Peskine
6a3dd89a64 Improve alignment in comments 2019-07-25 10:56:39 +02:00
Gilles Peskine
105f67f0fa Move the definition of psa_key_attributes_t to crypto_types.h
psa_key_attributes_t is used in the SE driver HAL, so it must be
defined in a common header, not in the API-only header crypto.h.
2019-07-23 18:43:28 +02:00
Gilles Peskine
9dd125d8bb Fix overly complex Doxygen markup 2019-07-23 18:43:28 +02:00
Gilles Peskine
6032673b39 Fix Doxygen reference
Pass doxygen.sh
2019-07-22 20:10:36 +02:00
Gilles Peskine
c11c4dcf95 Favor stdint.h types in internal types
Use uint8_t for PSA buffers. Keep unsigned char for generic libc
buffers and for mbedtls buffers.
2019-07-15 11:17:53 +02:00
Gilles Peskine
7228da25f9 Favor stdint.h types in implementation-specific API 2019-07-15 11:16:18 +02:00
Gilles Peskine
f82088a5f4 Favor stdint.h types in example code 2019-07-15 11:16:18 +02:00
Andrew Thoelke
d16bdac9b5 Use stdint.h types in multipart AEAD functions
No implementation yet.
2019-07-15 11:14:56 +02:00