Commit Graph

179 Commits

Author SHA1 Message Date
Gilles Peskine
6d72ff9e79 Document that the minimum truncated MAC length is implementation-defined 2018-10-17 13:54:47 +02:00
Gilles Peskine
e1f2d7d1ac Document and check the consistency of truncated MAC encodings
Add comments noting that the maximum length of a MAC must fit in
PSA_ALG_MAC_TRUNCATION_MASK. Add a unit test that verifies that the
maximum MAC size fits.
2018-10-17 13:54:47 +02:00
Gilles Peskine
3111981d94 Fix parameter name in Doxygen documentation 2018-10-08 14:45:35 +02:00
Gilles Peskine
70f46e17e8 New macro PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH
Useful to analyze algorithm values.
2018-10-08 14:45:35 +02:00
Gilles Peskine
23cc2ff9a8 Add support for non-default-tag-size AEAD (CCM and GCM) 2018-10-08 14:42:11 +02:00
Gilles Peskine
d911eb7915 Add support for truncated MAC algorithms 2018-10-08 14:42:11 +02:00
Gilles Peskine
159ebf3b8e
Merge pull request #142 from ARMmbed/psa-metadata_validation
Algorithm and key type encoding validation
2018-09-24 10:38:39 +02:00
Jaeden Amero
40363fe3f5
Merge pull request #139 from ARMmbed/psa-PSA_ALG-block_cipher_padding
Correct and simplify block-based cipher modes
2018-09-21 09:38:27 +01:00
Gilles Peskine
3052f53c37 Add block sizes to HMAC metadata validation tests 2018-09-20 12:00:21 +02:00
Gilles Peskine
35fe2034c1 PSA_MAC_FINAL_SIZE: we don't use key_bits at the moment
None of the currently defined MAC algorithms have a MAC size that
depends on the key size, so the key_bits parameter is unused. The
key_type parameter may be unused on an implementation where there is
no block cipher MAC. Declare the key_type and key_bits parameters as
used so that callers who define a variable just for this don't risk
getting "unused variable" warnings.
2018-09-20 12:00:21 +02:00
Gilles Peskine
00709fafb8 Rename PSA_ALG_HMAC_HASH to PSA_ALG_HMAC_GET_HASH
Be consistent with other GET_HASH macros.
2018-09-20 12:00:21 +02:00
Gilles Peskine
9df2dc87ab Fix name of PSA_ALG_IS_BLOCK_CIPHER_MAC
The macro was used under the name PSA_ALG_IS_BLOCK_CIPHER_MAC but
defined as PSA_ALG_IS_CIPHER_MAC. That wouldn't have worked if we used
this macro (we currently don't but it may become useful).
2018-09-20 12:00:21 +02:00
Gilles Peskine
70ce2c6170 FFDHE groups are not elliptic curves
TLS now defines named curves in the "TLS Supported Groups registry",
but we're using the encoding only for elliptic curves, so don't
include values that aren't named curve.

While we're at it, upgrade the reference to the shiny new RFC 8422.
2018-09-20 12:00:21 +02:00
Gilles Peskine
583b55d97d Add PSA_KEY_TYPE_IS_DSA to go with PSA_KEY_TYPE_IS_RSA
Also move PSA_KEY_TYPE_IS_RSA to a more logical location.
2018-09-20 12:00:21 +02:00
Gilles Peskine
daea26f70f Correct and simplify block-based cipher modes
OFB and CFB are streaming modes. XTS is a not a cipher mode but it
doesn't use a separate padding step. This leaves only CBC as a block
cipher mode that needs a padding step.

Since CBC is the only mode that uses a separate padding step, and is
likely to remain the only mode in the future, encode the padding mode
directly in the algorithm constant, rather than building up an
algorithm value from a chaining mode and a padding mode. This greatly
simplifies the interface as well as some parts of the implementation.
2018-09-20 11:58:22 +02:00
itayzafrir
1861709e5c Add documentation describing behavior of not calling psa_crypto_init 2018-09-16 12:42:53 +03:00
itayzafrir
90d8c7a728 Ensure the module is initialized in key based functions 2018-09-16 12:15:47 +03:00
itayzafrir
0adf0fc31c Ensure the module is initialized in psa_generate_random 2018-09-16 12:15:46 +03:00
Gilles Peskine
c6290c043e Minor documentation improvements 2018-09-14 10:02:29 +01:00
Gilles Peskine
6ef7983208 Fix copypasta in PSA_KEY_EXPORT_MAX_SIZE documentation 2018-09-14 10:02:29 +01:00
Gilles Peskine
cb6adbb750 fixup sizes 2018-09-14 10:02:29 +01:00
Gilles Peskine
4f6c77b0a9 fixup format spec 2018-09-14 10:02:29 +01:00
Gilles Peskine
1be949b846 New macro PSA_KEY_EXPORT_MAX_SIZE
Sufficient buffer size for psa_export_key() and psa_export_public_key().
2018-09-14 10:02:29 +01:00
Gilles Peskine
4e1e9beb56 Define the encoding of ECC and DSA keys 2018-09-14 10:02:29 +01:00
Gilles Peskine
e877974794 Move key type feature test macros to a more logical place 2018-09-14 10:02:29 +01:00
Gilles Peskine
78b3bb670d Change the bitwise encoding of key type categories
There were only 5 categories (now 4). Reduce the category mask from 7
bits to 3.

Combine unformatted, not-necessarily-uniform keys (HMAC, derivation)
with raw data.

Reintroduce a KEY_TYPE_IS_UNSTRUCTURED macro (which used to exist
under the name KEY_TYPE_IS_RAW_DATA macro) for key types that don't
have any structure, including both should-be-uniform keys (such as
block cipher and stream cipher keys) and not-necessarily-uniform
keys (such as HMAC keys and secrets for key derivation).
2018-09-14 10:02:29 +01:00
Jaeden Amero
5ac5cec9a2 Merge pull request #127 from ARMmbed/documentation-update
Update documentation due to function renaming
2018-09-14 10:02:29 +01:00
itayzafrir
ed7382f6a7 Update documentation due to function renaming 2018-09-14 10:02:29 +01:00
mohammad1603
13f43948f3 typo fix 2018-09-14 10:02:29 +01:00
itayzafrir
f26dbfc096 Rearrange PSA_ERROR_XXX error codes
Set PSA_ERROR_UNKNOWN_ERROR as the first error code to prevent the
need to change its value whenever a new error code is added.
2018-09-14 10:02:29 +01:00
Darryl Green
80bed236de Change psa_structs to use unsigned ints
These structs are using bitfields of length one, which can only represent 0 and -1 for signed ints.
Changing these to unsigned int lets them represent 0 and 1, which is what we want.
2018-09-14 10:02:28 +01:00
Darryl Green
9e2d7a09f1 Add ifdefs for psa_internal_export_key function
MBEDTLS_PK_WRITE_C only requires either MBEDTLS_RSA_C or MBEDTLS_ECP_C to be defined.
Added wrappers to handle the cases where only one has been defined.
Moved mbedtls_pk_init to be within the ifdefs, so it's only called if appropriate.
2018-09-14 10:02:28 +01:00
Darryl Green
8800136156 Fix key parameter in psa_key_derivation to use correct type 2018-09-14 10:02:28 +01:00
Jaeden Amero
cab5494b12 psa: Add license header to crypto.h 2018-09-14 10:02:28 +01:00
Gilles Peskine
edd768775f Fix doxygen warnings
* Broken link #PSA_ALG_SHA_256
* Duplicate group name "generators"
* Missing documentation in psa_generate_key_extra_rsa due to bad magic
  comment marker
2018-09-12 16:50:07 +03:00
Gilles Peskine
9f900a8b25 Merge pull request #105 from ARMmbed/psa-derive_hkdf
PSA key derivation: simple-ish interface, HKDF
2018-09-12 16:50:07 +03:00
Gilles Peskine
9fb0e01177 Fix nonstandard whitespace 2018-09-12 16:50:07 +03:00
Gilles Peskine
bef7f14f8e Implement HKDF 2018-09-12 16:44:05 +03:00
Gilles Peskine
ea0fb4975c Add framework for simple key derivation
New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE.
New function psa_key_derivation.

No key derivation algorithm is implemented yet. The code may not
compile with -Wunused.

Write some unit test code for psa_key_derivation. Most of it cannot be
used yet due to the lack of a key derivation algorithm.
2018-09-12 16:44:04 +03:00
Gilles Peskine
eab56e4159 Add generator API
Add an API for byte generators: psa_crypto_generator_t,
PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init,
psa_get_generator_capacity, psa_generator_read,
psa_generator_import_key, psa_generator_abort.

This commit does not yet implement any generator algorithm, it only
provides the framework. This code may not compile with -Wunused.
2018-09-12 16:41:12 +03:00
Gilles Peskine
55728b0e70 Add a few key type and algorithm test macros
These new PSA_xxx_IS_yyy macros fill a few missing gaps.
2018-09-12 16:41:12 +03:00
Gilles Peskine
3bd1a42203 Remove duplicate definition of PSA_KEY_TYPE_IS_RSA 2018-09-12 16:41:12 +03:00
Gilles Peskine
072ac56a03 Implement OAEP
Implement RSAES-OAEP encryption and decryption.

Test it to the same level as PKCS#1 v1.5.
2018-09-12 16:41:12 +03:00
Gilles Peskine
a4d20bd387 For RSA PSS, document that salt length = hash length
This is the most common mode and the only mode that Mbed TLS functions
fully supports (mbedtls_rsa_rsassa_pss_verify_ext can verify
signatures with a different salt length).
2018-09-12 16:41:12 +03:00
Gilles Peskine
b82ab6f402 Improve documentation of abort functions
Explicitly state that calling abort is safe after initializing to
zero.

Explicitly state that calling abort on an inactive operation is safe,
and replace "active" by "initialized" in the description of the
parameter.

Get rid of the recommendation for implementers to try to handle
uninitialized structures safely. It's good advice in principle but
cannot be achieved in a robust way and the wording was confusing.
2018-09-12 16:41:11 +03:00
Gilles Peskine
54622aec80 Fix PSA_ALG_SIGN_GET_HASH for PSA_ALG_SIGN_xxx_RAW 2018-09-12 16:41:11 +03:00
Gilles Peskine
be42f312a8 Doxygen: use \c foo in preference to foo for consistency 2018-09-12 16:41:11 +03:00
Gilles Peskine
9ac9426731 Doc: clarify the preconditions for psa_cipher_update 2018-09-12 16:41:11 +03:00
Gilles Peskine
6ac73a912b Doc: add some missing documentation of function and macro parameters 2018-09-12 16:41:11 +03:00
Gilles Peskine
dda3bd344d Doc: Minor formatting and copy fixes 2018-09-12 16:41:11 +03:00