Commit Graph

65 Commits

Author SHA1 Message Date
Gilles Peskine
348eeebb24 Clarify the intent of the KEEPALIVE flag
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 10:52:36 +01:00
Gilles Peskine
ae7772d0f3 Clarifications around reseed_entropy_size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:39 +01:00
Gilles Peskine
43100e3fcb Add section on combining get_entropy with add_entropy
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
32e584c38a Copyediting and minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
3ff79066b1 Note an interrogation about integer value representation
Especially 0 values may need special treatment since they can't be
used as an array size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
6a530e8d26 Random driver: make initial_entropy_size mandatory
If a random driver has a built-in entropy source and doesn't need an
external entropy source, make the driver author declare this
explicitly, rather than it being a less secure default.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:22 +01:00
Gilles Peskine
ee914f34fa Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:14 +01:00
Gilles Peskine
609394c1cf Open question: can there be multiple RNG instances?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:06 +01:00
Gilles Peskine
8d5092c11f get_random: no output on error
The get_random entry point was allowed to return partial data on both
PSA_SUCCESS and PSA_ERROR_INSUFFICIENT_ENTROPY, but there was no
meaningful difference between the two. Keep it simple: PSA_SUCCESS is
success but can be partial, and PSA_ERROR_INSUFFICIENT_ENTROPY is an
error with no output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:56 +01:00
Gilles Peskine
1ef6ad48d1 Note that I'm not completly sure about the get_entropy flags
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
3eb65fbba6 Open question: should add_entropy take an estimated_entropy_bits parameter?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
b89b4b9025 get_entropy: recommendations on conditioning and entropy estimates
Explicitly recommend that the driver accounts for environmental
conditions that can affect the amount of entropy.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
05ab2646a3 get_entropy: recommendations on the output_size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
a14326f054 Make add_entropy optional
A random generation driver does not need to support entropy injection.
This will limit it to platforms where the RNG peripheral is the sole
entropy source and without an RNG seed saved into persistent storage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:27 +01:00
Gilles Peskine
390c5a2c6f It is not meaningful for reseed_entropy_size to be 0
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:19 +01:00
Gilles Peskine
0e3b7ced4c Don't require a call to add_entropy when 0 bytes are needed
If an RNG peripheral includes an entropy source, it would presumably
declare "initial_entropy_size" and "reseed_entropy_size" to be 0. In
this case, don't require the core to call "add_entropy".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:10 +01:00
Gilles Peskine
5263e1ecdd Transparent drivers can have get_entropy as well
The `get_entropy` entry point can be provided by multiple transparent
drivers, and the core will call all of them. But apart from that,
`get_entropy` doesn't involve an opaque key or a location, so it can
be in a transparent driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:46:58 +01:00
Gilles Peskine
e80978a260 Specification for random generation and entropy drivers
Transparent drivers may provide a DRBG interface through "add_entropy"
and "get_random" entry points. This interface may also be used with a
non-deterministic generator, for chips that include a TRNG.

Opaque driver may provide a "get_entropy" entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:46:42 +01:00
Gilles Peskine
51977355dc Remove the time stamp
Having a time stamp identifying each revision of the document is
useful, but it's also a pain because it creates a conflict whenever
there are multiple pending changes at the same time. The gain isn't
worth the pain, so I'm removing the time stamp.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 17:01:17 +01:00
Gilles Peskine
e533ff7bb7
Merge pull request #3695 from gilles-peskine-arm/psa-unified-driver-specs-20200918
PSA unified driver specification: key validation and transparent key import
2020-11-30 15:54:45 +01:00
Gilles Peskine
4228671d0f Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:11:31 +01:00
Gilles Peskine
99e52f6313 Clarifications around key import
Rework the section describing key import, in particular to clarify key
size determination and checking. There is no intended semantic change.

Note an open question around support for implementation-specific
import formats.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:11:31 +01:00
Gilles Peskine
28b3a946e9 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-24 13:08:30 +01:00
Ronald Cron
cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Gilles Peskine
ce3ec6ffd6 Unify the sections on key creation
Now that transparent drivers have an "import_key" entry point, the key
creation interfaces for transparent drivers and opaque drivers are
very similar. Unify the sections that describe their behavior,
including key validation and key size determination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-27 18:31:50 +01:00
Gilles Peskine
12760595e7 Replace validate_key by import_key
When importing a transparent key, the key needs to be not only
validated, but also possibly converted, if it is not already in the
canonical representation. So change the validate_key entry point to an
import_key entry point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-26 18:07:01 +01:00
Gilles Peskine
e4cbb2bb73 Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-12 23:39:18 +02:00
Gilles Peskine
233f91d5c1 Add bits output to validate_key and import_key
When importing a key, the code that parses the input needs to
determine the key size ("bits" attribute). This is specific to import
since other key creation methods require the caller to supply a size.
Therefore, add an extra output parameter `bits` to the "import_key"
entry point for opaque drivers. Likewise, add a `bits` output
parameter to the "validate_key" entry point for transparent drivers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-02 18:00:00 +02:00
Gilles Peskine
a8fc171418 Add validate_key entry point
Validate transparent keys when they are imported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-21 13:54:00 +02:00
Gilles Peskine
27e69b59a5 Fix prototypes of opaque key creation entry points
The output length parameter was missing.

Reported by Steven Cooreman.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-19 00:35:27 +02:00
Gilles Peskine
22270b5048 Fix copypasta punctuation in some function prototypes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-19 00:35:07 +02:00
Gilles Peskine
5298f684bd Fix hyperlinks
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:53:59 +02:00
Gilles Peskine
2e843aeb3e Update some open questions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:43:59 +02:00
Gilles Peskine
0dfd10d2a2 Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-19 21:41:27 +02:00
Gilles Peskine
daf017c8a2 Allow algorithm policy wildcards as algorithm specifications
I'd intended this all along but never made it explicit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:40:53 +02:00
Gilles Peskine
d89cd742eb Specify that transparent drivers are considered in order
There is little point in leaving the order in which drivers are
considered unspecified. This gives flexibility to the implementation
for a process that is generally performed at build time, not in a
constrained environment. Having a well-defined order is especially
useful with fallback.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:37:55 +02:00
Gilles Peskine
91cbf56d4c Specify what happens if multiple capabilities apply
It's ok if they map to the same function names and an error otherwise.

It's an error to have multiple opaque drivers for the same location.

If multiple transparent drivers apply, which one applies is unspecified.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:30:16 +02:00
Gilles Peskine
c7cf13356c Define the semantics of capabilities
The existing description of the syntax of capabilities also describes
the semantics of each property, but the semantics of the capability as
a whole is not immediately clear. Add a subsection that explains
precisely when a capability is applicable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 23:24:00 +02:00
Gilles Peskine
1bc9c4c8c8 Make entry points mandatory in capabilities
Inferring entry points from algorithms is nice in that it makes
capability specifications shorter and less redundant, but that's not
really important. It also makes capabilities more fragile: if the core
starts supporting new mechanisms based on the same algorithm (for
example, adding hash-and-sign when only sign-the-hash existed before),
a driver only supporting the old mechanisms would fail at build time.
So make entry points mandatory.

This has the benefit of making the semantics of capabilities easier to
describe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 22:47:15 +02:00
Gilles Peskine
924e273b06 Change "functions" property to "entry_points"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 13:53:16 +02:00
Gilles Peskine
c259213a01 More editorial corrections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-07 13:52:43 +02:00
Gilles Peskine
15319454e6 Reword the explanation of fallback
Add the rationale which I'd accidentally omitted.

No intended meaning change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:49:54 +02:00
Gilles Peskine
85b3e13cd0 Introduce "acme" as the prefix each time it's used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
daf9d82b75 Correct usage of key_derivation_output_key
Add the mention of key_derivation_output_key in the section about the
key derivation entry point family.

Rename "derive_key" to "key_derivation_output_key". At this point,
there's no reason to deviate from the naming convention.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
a58d225d62 Add deep links to the API specification in a few places
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
d4e6927614 Change "function" to "entry point" in more places
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
53ba94c968 Clarify how the headers are used
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
e72e4de070 Clarify what the headers do
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:33 +02:00
Gilles Peskine
7a1e4f926a Minor wording improvements
Clarify some sentences. There is no change in intended meaning.

Fix typos. Change British spelling to American spelling.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-06 22:20:32 +02:00
Gilles Peskine
404e1dbd5a Clarify updates to the persistent state in storage
Rename psa_crypto_driver_update_persistent_state to
psa_crypto_driver_commit_persistent_state.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-05 22:37:29 +02:00