Gilles Peskine
eae6eee24c
Change ECDSA signature representation to r||s
...
Change the representation of an ECDSA signature from the ASN.1 DER
encoding used in TLS and X.509, to the concatenation of r and s
in big-endian order with a fixed size. A fixed size helps memory and
buffer management and this representation is generally easier to use
for anything that doesn't require the ASN.1 representation. This is
the same representation as PKCS#11 (Cryptoki) except that PKCS#11
allows r and s to be truncated (both to the same length), which
complicates the implementation and negates the advantage of a
fixed-size representation.
2018-09-12 16:41:11 +03:00
Gilles Peskine
a81d85b732
Sort out ECDSA mechanisms
...
* Distinguish randomized ECDSA from deterministic ECDSA.
* Deterministic ECDSA needs to be parametrized by a hash.
* Randomized ECDSA only uses the hash for the initial hash step,
but add ECDSA(hash) algorithms anyway so that all the signature
algorithms encode the initial hashing step.
* Add brief documentation for the ECDSA signature mechanisms.
* Also define DSA signature mechanisms while I'm at it. There were
already key types for DSA.
2018-09-12 16:24:51 +03:00
Gilles Peskine
526fab0066
Fix parameter name signature_size for psa_asymmetric_verify
...
It should have been signature_length, following our conventions.
2018-09-12 16:24:51 +03:00
Gilles Peskine
e9191ff90b
Add missing const for signature parameter of psa_asymmetric_verify
2018-09-12 16:24:51 +03:00
Gilles Peskine
08bac713df
Clarify that asymmetric_{sign,verify} operate on a hash
2018-09-12 16:24:51 +03:00
Gilles Peskine
55bf3d1171
Sort out RSA mechanisms
...
* PSS needs to be parametrized by a hash.
* Don't use `_MGF1` in the names of macros for OAEP and PSS. No one
ever uses anything else.
* Add brief documentation for the RSA signature mechanisms.
2018-09-12 16:24:51 +03:00
Gilles Peskine
9e73ff17d4
Add missing parameters to some documentation
...
tests/scripts/doxygen.sh now passes.
2018-09-12 16:24:50 +03:00
Gilles Peskine
ea4469f8d1
Fix parameter name in Doxygen documentation
2018-09-12 16:24:50 +03:00
Gilles Peskine
7ed29c56f1
Rename PSA_ALG_RSA_GET_HASH to PSA_ALG_SIGN_GET_HASH
...
And don't use it for HMAC when there's a perfectly serviceable
PSA_ALG_HMAC_HASH. HMAC isn't hash-and-sign.
2018-09-12 16:24:50 +03:00
Jaeden Amero
7baf0d5702
psa: doxygen: Fix parameters reference
...
Doxygen interprets `\param` as starting documentation for a new param, or
to extend a previously started `\param` documentation when the same
reference is used. The intention here was to reference the function
parameter, not extend the previous documentation. Use `\p` to refer to
function parameters.
2018-09-12 16:24:50 +03:00
Gilles Peskine
e584ccb6fd
Merge remote-tracking branch 'psa/pr/57' into feature-psa
2018-09-12 16:24:50 +03:00
Gilles Peskine
e9a0a9d74d
Update documentation of psa_success_t
...
Now that the type is not an enum, explain what values are valid.
Also add a comment to explain the #if defined(PSA_SUCCESS) temporary hack.
2018-09-12 16:24:50 +03:00
itayzafrir
c2a7976886
PSA Crypto error code definitions
...
Removed the psa_status_t enum and defined error codes as defines.
Conditionally defining PSA_SUCCESS and psa_status_t.
2018-09-12 16:24:50 +03:00
Gilles Peskine
48c0ea14c6
Remove PSA_KEY_TYPE_IS_RAW_BYTES from crypto.h
...
It isn't used to define other macros and it doesn't seem that useful
for users. Remove it, we can reintroduce it if needed.
Define a similar function key_type_is_raw_bytes in the implementation
with a clear semantics: it's a key that's represented as a struct
raw_data.
2018-09-12 16:24:50 +03:00
Gilles Peskine
4e69d7a9a7
psa_generate_key: pass parameters_size argument
...
When calling psa_generate_key, pass the size of the parameters buffer
explicitly. This makes calls more verbose but less error-prone. This
also has the benefit that in an implementation with separation, the
frontend knows how many bytes to send to the backend without needing
to know about each key type.
2018-09-12 16:22:51 +03:00
Gilles Peskine
e1fed0de18
Define elliptic curve identifiers from TLS
...
Instead of rolling our own list of elliptic curve identifiers, use one
from somewhere. Pick TLS because it's the right size (16 bits) and
it's as good as any.
2018-09-12 16:19:04 +03:00
Gilles Peskine
b3e6e5deeb
Rename hash max sizes for consistency
...
Use "hash" throughout the library, not "md" as in Mbed TLS.
2018-09-12 16:19:04 +03:00
Gilles Peskine
2d2778650b
Normalize whitespace
...
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Gilles Peskine
6de7a179c8
Fix file permissions
...
Some files were marked as executable but shouldn't have been.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
5ca6547b77
Renamed hmac_ctx to opad and removed null check.
...
this array is now part of the struct and not dynamically allocated
so it can't be null.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9e2ffe83ac
change type of hash block to uint8_t
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601
change hmac context to use statically allocated memory
...
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f
Commit changes to hmac to not use MD abstraction
...
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine
8605428dcf
Merge remote-tracking branch 'psa/pr/27' into feature-psa
2018-09-05 12:46:19 +03:00
Gilles Peskine
625b01c9c3
Add OAEP placeholders in asymmetric encrypt/decrypt
...
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.
Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
723feffe15
Fix some errors in PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
...
A call to PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE wouldn't even have
compiled. Fix some obvious errors. This is still untested.
2018-09-05 12:44:17 +03:00
Gilles Peskine
d6125ca63b
Merge remote-tracking branch 'psa/pr/24' into feature-psa
2018-09-05 12:41:53 +03:00
Gilles Peskine
3585596aec
Document a few more macros
2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca
Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa
2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131
psa_destroy_key: return SUCCESS on an empty slot
...
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
5e39dc96e0
New macro PSA_AEAD_TAG_SIZE, use it for PSA_AEAD_xxx_OUTPUT_SIZE
2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0
Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
...
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
Gilles Peskine
212e4d8f7c
Improve documentation of PSA_AEAD_xxx_OUTPUT_SIZE
2018-09-05 12:41:52 +03:00
Gilles Peskine
65eb8588fe
Expand the description of error codes
2018-09-05 12:41:52 +03:00
mohammad1603
1347a73fbe
fix macros documentation style.
2018-09-05 12:41:52 +03:00
mohammad1603
fb5b9cbb8d
add missing documentations
2018-09-05 12:41:52 +03:00
mohammad1603
22898ba0bd
remove duplicated definition
2018-09-05 12:41:51 +03:00
Gilles Peskine
36a74b71a0
Fix Doxygen comments to pass clang -Wdocumentation
2018-09-05 12:41:51 +03:00
Gilles Peskine
1e7d8f1b09
Document AEAD functions
...
Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define
macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE
(untested).
2018-09-05 12:41:51 +03:00
mohammad1603
dad36fa855
add Key and Algorithm validation
2018-09-05 12:38:18 +03:00
mohammad1603
579d359007
remove psa_aead_encrypt_setup from header file
...
remove psa_aead_encrypt_setup from header file
2018-09-05 12:38:18 +03:00
Gilles Peskine
3aa8efb230
Merge remote-tracking branch 'psa/psa-wrapper-apis-march-12' into feature-psa
2018-09-05 12:38:17 +03:00
mohammad1603
39ee871d3f
Change AEAD APIs to integrated AEAD APIs.
...
Change AEAD APIs to integrated AEAD APIs, this will allow t support CCM and
GCM algorithms.
2018-09-05 12:38:17 +03:00
Moran Peker
ad9d82cc0e
add iv_required field to psa_cipher_operation_s and fix relevant functions
2018-09-05 12:14:28 +03:00
Moran Peker
bed71a2b17
fix missing check on output_size in psa_cipher_finish func
2018-09-05 12:14:28 +03:00
Moran Peker
0071b873a3
add missing parameter output_size on psa_cipher_finish
2018-09-05 12:14:28 +03:00
Moran Peker
e1210dcac3
remove unused parameter in psa_cipher_finish.
2018-09-05 12:14:28 +03:00
mohammad1603
8481e74ecc
CR fixes
...
more fixes
Compilation fixes
Compilation fixes for PSA crypto code and tests
2018-09-05 12:14:28 +03:00
mohammad1603
efb0107fbe
CR fix, remove exposing ECB
2018-09-05 12:14:27 +03:00
mohammad1603
990a18c2f0
add ecb to cipher algorithms
2018-09-05 12:14:27 +03:00
Gilles Peskine
d1e8e41737
Adapt older import_export test data to the new function signature
2018-09-05 12:13:23 +03:00
Gilles Peskine
5100318a92
Merge pull request #18 from ARMmbed/psa-wrapper-apis-export-publickey
...
Export public key implementation (#18 )
2018-09-05 12:13:23 +03:00
mohammad1603
8275961178
warnings fixes
2018-09-05 12:13:23 +03:00
mohammad1603
503973bdf3
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-09-05 12:13:23 +03:00
Moran Peker
b4d0ddd2d3
psa_export_public_key
2018-09-05 12:13:20 +03:00
Moran Peker
dd4ea38d58
export public key
2018-09-05 12:10:47 +03:00
itayzafrir
5c7533923a
ECDSA sign and verify implementation and tests
...
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine
a0655c3501
Merge remote-tracking branch 'psa/pr/13' into feature-psa
...
Conflicts:
library/psa_crypto.c
tests/suites/test_suite_psa_crypto.data
tests/suites/test_suite_psa_crypto.function
All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
Gilles Peskine
f0c9dd37d2
Added possible error codes for lifetime functions
2018-09-05 12:01:38 +03:00
Gilles Peskine
9bb53d7aff
Fix copypasta in lifetime function descriptions
2018-09-05 12:01:38 +03:00
Gilles Peskine
8ca560293b
Whitespace fixes
2018-09-05 12:01:37 +03:00
mohammad1603
a7d245a4a2
Fix return error values description
...
Fix return PSA_ERROR_INVALID_ARGUMENT description for psa_set_key_lifetime()
and psa_get_key_lifetime()
2018-09-05 12:01:37 +03:00
mohammad1603
ea0500936e
Change behavior of psa_get_key_lifetime()
...
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603
1c34545cfe
Remove usage of PSA_KEY_LIFETIME_NONE
...
Remove usage of PSA_KEY_LIFETIME_NONE, initiate all key slot to
PSA_KEY_LIFETIME_VOLATILE ini psa_crypto_init()
2018-09-05 12:01:37 +03:00
mohammad1603
ba178511f4
Remove unused and duplicated erros, fix documentation and tests
...
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603
804cd71bf8
initial key lifetime implementation and tests
2018-09-05 12:01:37 +03:00
Gilles Peskine
c63b6ba754
Merge remote-tracking branch 'psa/pr/14' into feature-psa
...
Conflict resolution:
* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14 ,
rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine
f48af7fe76
psa_generate_key: specify what the extra parameters mean
2018-09-05 11:53:26 +03:00
Gilles Peskine
9e7dc717b0
New function: generate key/random
2018-09-05 11:53:26 +03:00
Gilles Peskine
06297936f2
More precise bounds for PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
2018-09-05 11:53:26 +03:00
mohammad1603
5feda72d7a
Remove usage of PSA_ERROR_INVALID_KEY_POLICY
...
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
Gilles Peskine
6944f9a831
New functions: asymmetric encrypt/decrypt
2018-09-05 11:53:26 +03:00
Gilles Peskine
9673cc8255
Define PSA_ALG_RSA_OAEP_MGF1(hash)
2018-09-05 11:53:26 +03:00
Gilles Peskine
8484565f85
Minor errors in documentation around asymmetric signature
2018-09-05 11:53:26 +03:00
mohammad1603
6df908f234
Add static internal MAC finish function
...
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine
a59262338a
Rename PKCS1V15 to PKCS1V15_SIGN
...
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
Gilles Peskine
058e0b9963
Avoid empty unions
...
When no algorithms are present in a category (e.g. no AEAD algorithm),
the union in the corresponding operation structure was empty, which is
not valid C. Add a dummy field to avoid this.
2018-09-05 11:53:26 +03:00
Gilles Peskine
9a1ba0dd3f
Typo in the documentation of psa_get_key_information
2018-09-05 11:53:26 +03:00
mohammad1603
8cc1ceec3e
Key Policy APIs implementation
2018-09-05 11:53:26 +03:00
Gilles Peskine
1906798d4c
Fix some typos and copypasta
2018-09-05 11:53:25 +03:00
Gilles Peskine
ed522974bd
Clarify how multipart operations get terminated
2018-09-05 11:53:25 +03:00
Gilles Peskine
971f7064e9
More precise reference for the RSA public key format
2018-09-05 11:53:25 +03:00
Gilles Peskine
7e19853722
More documentation
2018-09-05 11:53:25 +03:00
Gilles Peskine
d393e18f90
Add psa_set_key_lifetime
...
It is likely that most implementations won't support this function.
But in case an implementation wants to provide it, standardize its
interface.
2018-09-05 11:53:25 +03:00
Gilles Peskine
e3f694f49a
Remove non-standard hash algorithms
2018-09-05 11:53:25 +03:00
Gilles Peskine
06dc26350e
Fix macro definitions for ECC keys
...
Public keys and key pairs have different types.
2018-09-05 11:53:25 +03:00
Gilles Peskine
03182e99b6
Fix parameter name in PSA_BLOCK_CIPHER_BLOCK_SIZE
2018-09-05 11:53:25 +03:00
Gilles Peskine
f5b9fa13e0
Documentation clarifications
...
Clarify or add the documentation of some functions and constants.
Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-09-05 11:53:25 +03:00
Gilles Peskine
2905a7adcc
Fix namespace violation
2018-09-05 11:53:25 +03:00
Gilles Peskine
609b6a5b67
Get the lifetime of a key slot
2018-09-05 11:53:25 +03:00
Gilles Peskine
7698bcf338
Basic interface for key policies
...
Get/set the policy of a key slot.
Opaque structure for key policies and field access functions.
2018-09-05 11:53:25 +03:00
Gilles Peskine
92b3073e36
Minor documentation fixes
2018-09-05 11:53:25 +03:00
Gilles Peskine
3b555710e2
Prototypes for AEAD functions
...
This is still tentative.
2018-09-05 11:53:25 +03:00
Gilles Peskine
428dc5aef1
Prototypes for symmetric cipher functions
2018-09-05 11:53:25 +03:00
Gilles Peskine
7e4acc5ef8
Document some MAC functions: psa_mac_start
...
Adapt the documentation of hash functions.
State that the key object does not need to remain valid throughout the
operation.
2018-09-05 11:53:25 +03:00
Gilles Peskine
8c9def3e7f
PSA: Implement MAC functions
...
Implement psa_mac_start, psa_mac_update and psa_mac_final.
Implement HMAC anc CMAC.
Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine
308b91d7db
Wrote documentation for several functions, macros and types
...
Document key import/export functions, hash functions, and asymmetric
sign/verify, as well as some related macros and types.
Nicer formatting for return values: use \retval.
2018-09-05 11:53:25 +03:00
Gilles Peskine
9ef733faa0
Implement hash functions
...
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.
Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine
a590529938
Greatly expanded mbedtls_to_psa_error
...
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine
98f0a24255
Improve key type and algorithm encodings
...
Refine the encoding of key types and algorithms so that ranges of bits
make more sense.
Define a few symmetric cipher algorithms.
2018-09-05 11:53:24 +03:00
Gilles Peskine
0189e7512d
PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
...
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine
20035e3579
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
...
Define hash algorithms and RSA signature algorithms.
New function psa_asymmetric_sign.
Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine
c66ea6a921
PSA key import: support RSA public keys
...
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
2f9c4dc5ad
Add key management functions
...
Define psa_key_type_t and a first stab at a few values.
New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.
Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine
62a7e7e65f
Add a Doxygen-only section
...
This is intended to document platform-specific definitions in PSA.
2018-09-05 10:59:02 +03:00
Gilles Peskine
e59236fc17
Add PSA crypto module
...
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.
Implement psa_crypto_init function which sets up a RNG.
Add a mbedtls_psa_crypto_free function which deinitializes the
library.
Define a first batch of error codes.
2018-09-05 10:59:00 +03:00