Commit Graph

10739 Commits

Author SHA1 Message Date
Gilles Peskine
70e085a7d9 Simplify psa_open_key
Simplify psa_open_key now that the old method for key creation
(returning a handle to a slot with no key material) no longer exists.
2019-06-05 11:34:54 +02:00
Gilles Peskine
267c65666a Simplify key slot allocation
Now that psa_allocate_key() is no longer a public function, expose
psa_internal_allocate_key_slot() instead, which provides a pointer to
the slot to its caller.
2019-06-05 11:34:54 +02:00
Gilles Peskine
1139249bfa Don't refer to PSA keys as slots anymore
The PSA documentation no longer uses the word "slot", so using it in
the Mbed Crypto documentation would be misleading.
2019-06-05 11:34:54 +02:00
Gilles Peskine
d2d45c1738 Convert cipher and pk to PSA attribute-based key creation
This fixes the build under MBEDTLS_USE_PSA_CRYPTO.
2019-06-05 11:34:54 +02:00
Gilles Peskine
f46f81ceb5 Remove obsolete key creation functions
Remove the key creation functions from before the attribute-based API,
i.e. the key creation functions that worked by allocating a slot, then
setting metadata through the handle and finally creating key material.
2019-06-05 11:34:54 +02:00
Gilles Peskine
baea7aac89 Convert remaining obsolete function call 2019-06-05 11:34:54 +02:00
Gilles Peskine
5163a92965 Remove spurious obsolete function call 2019-06-05 11:34:54 +02:00
Gilles Peskine
c143b31d13
Merge pull request #130 from gilles-peskine-arm/psa-api-1.0-beta-merge_development_20190524
Merge development into psa-api-1.0-beta
2019-06-05 10:45:29 +02:00
Gilles Peskine
a3b93ff893 Make docstring style consistent
Use PEP 257 indented docstring style, mostly: always with """, with the
terminating """ on a separate line if the docstring is more than one
line, and with all lines indented to the opening """.

This commit does not change the text to keep the first paragraph single-line.
2019-06-03 11:23:56 +02:00
Gilles Peskine
54f544581a Pacify Pylint
Pass Pylint by cleaning up the code where possible and silencing
Pylint where I know better.

No behavior change.
2019-05-29 09:58:59 +02:00
Gilles Peskine
42a0a0aeea Obey Python naming and method structure conventions
* Rename internal methods and fields to start with an underscore.
* Rename global constants to uppercase.
* Change methods that don't use self to be class methods or static
  methods as appropriate.

No behavior change in this commit.
2019-05-29 09:58:59 +02:00
Gilles Peskine
9d4d750041 Add a bit of documentation 2019-05-29 09:58:59 +02:00
Gilles Peskine
0bbad741f4 Switch script to Python3
generate_psa_constants.py was accidentally declared with an
implicitly-Python2 shebang.
2019-05-29 09:58:59 +02:00
Gilles Peskine
6f3c30e9db Merge follow-up: remove unused code from the development branch 2019-05-29 09:58:59 +02:00
Gilles Peskine
2938268fb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190524
Conflicts:
* library/ssl_cli.c, library/ssl_tls.c:
  Removed on the development branch. Keep them removed.
* include/psa/crypto_extra.h, library/psa_crypto_storage.c,
  tests/suites/test_suite_psa_crypto.data,
  tests/suites/test_suite_psa_crypto.function,
  tests/suites/test_suite_psa_crypto_persistent_key.data,
  tests/suites/test_suite_psa_crypto_slot_management.data,
  tests/suites/test_suite_psa_crypto_slot_management.function:
  Modified on the development branch only to implement the enrollment
  algorithm, which has been reimplemented on the API branch.
  Keep the API branch.
2019-05-29 09:57:29 +02:00
Gilles Peskine
6562dd32ee
Merge pull request #128 from gilles-peskine-arm/psa-policy_alg2-api
Implementation-specific extension: Keys may allow a second algorithm

Implemented over API 1.0 beta3.
2019-05-29 09:45:53 +02:00
Gilles Peskine
3027ba6429 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-27 14:08:28 +02:00
Gilles Peskine
bcdd44b9be Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-27 14:08:28 +02:00
Gilles Peskine
b4e0cda8db Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-27 14:08:28 +02:00
Gilles Peskine
110aff4c38 Enrollment algorithm in policy: implement persistent keys 2019-05-27 14:08:28 +02:00
Gilles Peskine
183442c854 Enrollment algorithm in policy: test persistent keys 2019-05-27 14:08:27 +02:00
Gilles Peskine
f25c9ec02e Minor documentation improvements 2019-05-27 14:08:27 +02:00
Gilles Peskine
96f0b3b1d3 Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-27 14:08:27 +02:00
Gilles Peskine
d3bb7bb2f2 Persistent key reload: test more metadata
In the tests for opening a persistent key after closing it, also read
back and check the key data if permitted by policy, and the key
policy.
2019-05-24 17:02:25 +02:00
Gilles Peskine
1ecf92c2f8 Align test functions to usage/alg parameter order
Manually cherry-picked from ca5bed742f
by taking that patch, replacing KEYPAIR by KEY_PAIR
throughout (renaming applied in this branch), and discarding parts
about import_twice in test_suite_psa_crypto (this test function was
removed from this branch).
2019-05-24 16:38:14 +02:00
Jaeden Amero
f479aaef9b
Merge pull request #125 from gilles-peskine-arm/readme-fix-api-links
Fix PSA Crypto API links in README
2019-05-24 11:15:40 +01:00
Gilles Peskine
f81f87f4cc API spec HTML: Use Github Pages rather than htmlpreview
htmlpreview.github.io breaks some links: in index.html viewed through
this service, the links that should go to from_doxygen.html are shown
as internal links, so the meat of the document is invisible.

Link to Github pages instead. This relies on the documentation being
available on the `master` branch of the mbed-crypto repository.

This has the added benefit of not depending on a third-party service.
2019-05-23 19:34:06 +02:00
Gilles Peskine
58501e5ecc API spec PDF: link to the actual PDF
Link to the PDF file, not to a page with an embedded PDF reader
2019-05-23 19:33:45 +02:00
Jaeden Amero
8907b019e7
Merge pull request #124 from Patater/full-parent-paths
Makefile: Use full paths to refer to parent files
2019-05-22 15:08:52 +01:00
Jaeden Amero
8d4d4f55f0 Makefile: Use full paths to refer to parent files
When running lcov, files can't be found relative to the parent project
(Mbed TLS) root. Use full, non-relative paths to refer to files used in
building Mbed Crypto from Mbed TLS in order to enable lcov to locate the
files properly.
2019-05-22 13:54:52 +01:00
Jaeden Amero
0cad4bac30
Merge pull request #123 from gilles-peskine-arm/api-link-index
Update link to PSA Crypto API HTML
2019-05-22 12:40:03 +01:00
Jaeden Amero
496c176d90
Merge pull request #266 from ARMmbed/psa-policy_alg2-poc
Keys may allow a second algorithm
2019-05-22 11:55:01 +01:00
Gilles Peskine
549ea8676a Minor documentation improvements 2019-05-22 11:45:59 +02:00
Gilles Peskine
7a91ece3be Update link to PSA Crypto API HTML
Now that we aren't using Doxygen directly any longer, there is no
longer a modules.html. Link to index.html instead.
2019-05-21 20:05:34 +02:00
Jaeden Amero
4719db39b7
Merge pull request #121 from gilles-peskine-arm/psa-api-1.0-beta-beta3_fix_unlinked_macros
Fix unlinked macros in API spec
2019-05-21 18:41:03 +01:00
Gilles Peskine
a9b9cf7d1e Document macros that are referenced
Without documentation, Doxygen does not generate hyperlinks when the
macro is referenced and prints out #PSA_xxx instead.
2019-05-21 19:18:33 +02:00
Gilles Peskine
6a21123619 Remove obsolete mentions of PSA_ERROR_EMPTY_SLOT
There are no more "empty slots", so finish removing the corresponding
error.
2019-05-21 19:11:07 +02:00
Jaeden Amero
5b93990fc1
Merge pull request #119 from gilles-peskine-arm/psa-api-1.0-beta-beta3_minor_fixes
PSA 1.0 beta3 minor fixes
2019-05-21 17:52:57 +01:00
Gilles Peskine
a741d39893 State that all error codes are negative 2019-05-21 18:43:27 +02:00
Gilles Peskine
737c6bef6a Fix grammar 2019-05-21 18:43:24 +02:00
Gilles Peskine
56e2dc8010 Use "sufficient buffer size" in buffer size macros
Don't use "safe buffer size", because this it's somewhat misleading to
make it about safety: a buffer size that's too small will lead to a
runtime error, not to undefined behavior.
2019-05-21 18:43:19 +02:00
Gilles Peskine
2cb9e39b50 Convert TLS1.2 KDF descriptions to multistep key derivation
Convert the description of PSA_ALG_TLS12_PRF and
PSA_ALG_TLS12_PSK_TO_MS to the key derivation API that takes one input
at a time rather than the old {secret,salt,label} interface.

Define a new input category "seed".
2019-05-21 18:43:19 +02:00
Gilles Peskine
6c6195d7ba Remove implementation comment from API specification 2019-05-21 18:43:19 +02:00
Gilles Peskine
4754cdeef8 Improve description of psa_open_key()
Remove obsolete reference to psa_make_key_persistent().
2019-05-21 18:43:18 +02:00
Gilles Peskine
52315e4c16 Enrollment algorithm in policy: add tests of psa_copy_key 2019-05-21 18:31:59 +02:00
Gilles Peskine
705cbfd802 Enrollment algorithm in policy: add support in psa_copy_key tests
Add parameters to psa_copy_key tests for the enrollment algorithm (alg2).

This commit only tests with alg2=0, which is equivalent to not setting
an enrollment algorithm.
2019-05-21 18:31:59 +02:00
Gilles Peskine
131aa31c82 New key file format for 1.0.1
Add alg2 field and note that some encodings have changed.
2019-05-21 18:31:59 +02:00
Gilles Peskine
640273a35e Update key file format information for 1.0.0
The storage specification described a version tentatively called
0.2.0. This was actually released as 1.0.0 with the format as
described here.
2019-05-21 18:31:59 +02:00
Gilles Peskine
468c96cccc Enrollment algorithm in policy: update persistent key tests
The storage format has changed, so update the test data accordingly.
2019-05-21 17:06:35 +02:00
Gilles Peskine
81efb391eb Enrollment algorithm in policy: implement persistent keys 2019-05-21 17:06:35 +02:00