Commit Graph

211 Commits

Author SHA1 Message Date
Jaeden Amero
7e2cda1d67
Merge pull request #11 from gilles-peskine-arm/psa-setup_bad_state-document
Document that multipart operation setup can return BAD_STATE
2019-02-19 10:24:23 +00:00
David Saada
b4ecc27629 Replace PSA error code definitions with the ones defined in PSA spec 2019-02-18 13:53:13 +02:00
Gilles Peskine
aec5a7fd49 psa_copy_key: minor documentation clarification 2019-02-05 20:26:09 +01:00
Gilles Peskine
f603c718c9 New function psa_copy_key
Copy a key from one slot to another.

Implemented and smoke-tested.
2019-01-28 14:41:11 +01:00
Jaeden Amero
4d69cf1a84
Merge pull request #13 from Patater/pubkey-format
Simplify RSA and EC public key formats
2019-01-25 10:09:40 +00:00
Jaeden Amero
21fec0c1c5 psa: Expand documentation for psa_key_agreement()
Document `peer_key` parameter requirements, including an explanation of
how the peer key is used and an example for EC keys.
2019-01-23 17:39:46 +00:00
Jaeden Amero
ccdce90adb psa: Simplify EC public key format
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.

As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
2019-01-23 17:39:46 +00:00
Jaeden Amero
25384a236e psa: Simplify RSA public key format
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
2019-01-23 17:31:50 +00:00
Jaeden Amero
494624d299
Merge pull request #18 from gilles-peskine-arm/psa-hash_clone
New function psa_hash_clone
2019-01-22 17:35:25 +00:00
Gilles Peskine
e43aa39397 hash_clone: Fix copypasta and add a functional description 2019-01-21 14:50:37 +01:00
Gilles Peskine
d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00
Gilles Peskine
ebb2c3e419 New function psa_hash_clone
Clone a hash operation.

Test good cases as part as multipart tests. Add new test functions for
the state machine.
2019-01-19 12:03:41 +01:00
Jaeden Amero
d3a0c2c779 psa: Document requirements for psa_export_public_key()
Copy the nice and clear documentation from psa_export_key() as to what
implementations are allowed to do regarding key export formats, as the
same applies to public keys.
2019-01-11 17:15:56 +00:00
Gilles Peskine
8e1addc710 Document BAD_STATE errors for multipart operation setup functions
Future commits will implement this and add tests.
2019-01-10 11:51:17 +01:00
Gilles Peskine
76d7bfeb0c Terminology: consistently use "set up" for multipart operations
hash_setup and mac_setup used to be called hash_start and mac_start,
but we've now converged on _setup as names. Finish making the
terminology in the documentation consistent.
2019-01-10 11:47:49 +01:00
Jaeden Amero
9e919c636f psa: Document generator requirements consistently
We've added documentation for how context objects for multi-part
operations must be initialized consistently for key policy, hash,
cipher, and MAC. Update the generator documentation to be consistent
with how we've documented the other operations.
2019-01-08 14:28:04 +00:00
Jaeden Amero
5bae227da0 psa: Add initializers for cipher operation objects
Add new initializers for cipher operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero
769ce27f12 psa: Add initializers for MAC operation objects
Add new initializers for MAC operation objects and use them in our tests
and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero
6a25b41ac3 psa: Add initializers for hash operation objects
Add new initializers for hash operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero
70261c513a psa: Add initializers for key policies
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
2019-01-08 14:28:04 +00:00
Gilles Peskine
a7c26db335 Move remaining size macros from crypto.h to crypto_sizes.h
No functional changes, code was only moved from crypto.h to crypto_sizes.h.
2018-12-21 17:53:12 +01:00
Gilles Peskine
f3b731e817 Move integral types and associated macros to their own header
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.

No functional changes, code was only moved from crypto.h to the new headers.
2018-12-21 17:53:09 +01:00
Gilles Peskine
0344d8171d Simplify the SPM compatibility hack
Define psa_status_t to int32_t unconditionally. There's no reason to
refer to psa_error_t here: psa_error_t is int32_t if it's present. We
would only need a conditional definition if psa_defs.h and
psa_crypto.h used the same type name.

Keep the conditional definition of PSA_SUCCESS. Although the C
preprocessor allows a duplicate definition for a macro, it has to be
the exact same token sequence, not merely an equivalent way to build
the same value.
2018-12-20 20:09:04 +01:00
Gilles Peskine
23fd2bdb94 Update some documentation related to key slots
Some of the documentation is obsolete in its reference to key slots
when it should discuss key handles. This may require a further pass,
possibly with some reorganization of error codes.

Update the documentation of functions that modify key slots (key
material creation and psa_set_key_policy()) to discuss how they affect
storage.
2018-12-11 16:48:14 +01:00
Gilles Peskine
b77a6b25c0 Remove psa_set_key_lifetime
This function is no longer relevant. Use psa_create_key instead.
2018-12-11 16:48:13 +01:00
Gilles Peskine
ae32aac48e Switch function declarations from key slots to key handles
Replace `psa_key_slot_t key` by `psa_key_handle_t` in function
declarations.

This is a transition period during which handles are key slot numbers
and the whole library can still be used by accessing a key slot number
without allocating a handle.
2018-12-11 16:48:10 +01:00
Gilles Peskine
644cd5fd89 Linkify some macros that were just typeset as text 2018-12-11 16:47:35 +01:00
Gilles Peskine
f535eb2e61 Declare the new slot management functions in crypto.h
No changes to existing functions.
2018-12-11 16:06:51 +01:00
Gilles Peskine
3cac8c4d78 Move declarations related to lifetimes further up in crypto.h
No content change. This is in preparation for declaring the slot
management functions, which need the type psa_key_lifetime_t.
2018-12-05 09:40:07 +01:00
Darryl Green
d49a499d03 psa: Implement persistent keys
Allow use of persistent keys, including configuring them, importing and
exporting them, and destroying them.

When getting a slot using psa_get_key_slot, there are 3 scenarios that
can occur if the keys lifetime is persistent:

1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry:
   -  The key slot is treated as a standard empty key slot
2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists:
   -  Attempt to load the key from persistent storage
3. Key type is not PSA_KEY_TYPE_NONE:
   -  As checking persistent storage on every use of the key could
      be expensive, the persistent key is assumed to be saved in
      persistent storage, the in-memory key is continued to be used.
2018-11-20 15:40:25 +00:00
Hanno Becker
2255a360a6 Improve documentation of TLS-1.2 PRF and PSK-to-MS KDF 2018-11-19 11:24:26 +00:00
Hanno Becker
8dbfca4628 Add TLS-1.2 PSK-to-MS key derivation algorithm identifier to PSA API 2018-11-19 11:24:21 +00:00
Gilles Peskine
19643c573d Fix typo in documentation
tests/scripts/doxygen.sh passes.
2018-11-16 16:45:02 +01:00
Hanno Becker
79250c255f Add identifiers for TLS-1.2 PRF
This commit adds KDF algorithm identifiers `PSA_ALG_TLS12_PRF(HASH)`
to the PSA crypto API. They represent the key derivation functions
used by TLS 1.2 for the PreMasterSecret->MasterSecret and
MasterSecret->KeyBlock conversions.
2018-11-16 11:12:01 +00:00
Gilles Peskine
99d0259987 Improve documentation the shared secret format for FFDH 2018-11-15 17:48:15 +01:00
Gilles Peskine
d171e78b46 Document the peer_key format for psa_key_agreement 2018-11-15 17:48:15 +01:00
Gilles Peskine
6c6a023f99 More tweaks on EC-related wording
Use m for the bit size of the field order, not q which is
traditionally the field order.

Correct and clarify the private key representation format as has been
done for the private key and ECDH shared secret formats.
2018-11-15 17:48:15 +01:00
Gilles Peskine
7b5b4a01a4 Correct description of the ECDH shared secret
The endianness actually depends on the curve type.

Correct the terminology around "curve size" and "order of the curve".
I tried to find a formulation that is comprehensible to programmers
who do not know the underlying mathematics, but nonetheless correct
and precise.

Use similar terminology in other places that were using "order of the
curve" to describe the bit size associated with the curve.
2018-11-14 21:17:16 +01:00
Gilles Peskine
f5f442a50c More accurate description of the shared secret for ECDH
Don't refer to the "curve size", call it the "size of the order of the
curve".
2018-11-14 21:17:16 +01:00
Gilles Peskine
211a436f2e Document that key agreement produces a maximum-capacity generator 2018-11-14 21:15:37 +01:00
Gilles Peskine
79dd6229e4 Clarify the format of the (EC)DH shared secret 2018-11-14 21:15:37 +01:00
Gilles Peskine
2607bca666 Give "DH" and "DHM" as alternative names
Be consistent about calling it just "Diffie-Hellman", except once
where I state that "Diffie-Hellman-Merkle" is an alternative name.
2018-11-14 21:15:37 +01:00
Gilles Peskine
01d718cee8 New API function: psa_key_agreement
Set up a generator from a key agreement.
2018-11-14 21:15:37 +01:00
Gilles Peskine
8feb3a886d Support key derivation with non-predefined capacity
psa_key_derivation requires the caller to specify a maximum capacity.
This commit adds a special value that indicates that the maximum
capacity should be the maximum supported by the algorithm. This is
currently meant only for selection algorithms used on the shared
secret produced by a key agreement.
2018-11-14 21:15:37 +01:00
Gilles Peskine
93098fd996 Key agreement: macros for finite-field Diffie-Hellman, ECDH
Declare macros to represent key agreement algorithms.
2018-11-14 21:15:37 +01:00
Gilles Peskine
e8f0e3dc3c New algorithm category: key selection
A key selection algorithm is similar to a key derivation algorithm in
that it takes a secret input and produces a secret output stream.
However, unlike key derivation algorithms, there is no expectation
that the input cannot be reconstructed from the output. Key selection
algorithms are exclusively meant to be used on the output of a key
agreement algorithm to select chunks of the shared secret.
2018-11-14 21:15:37 +01:00
Gilles Peskine
92587dbf2b Write missing bit of the documentation of psa_key_derivation 2018-11-14 21:15:37 +01:00
Gilles Peskine
f7933939b3 Expand the documentation of import/export formats
Clarify that the key type determines the syntax of the input.

Clarify the constraints on implementations that support extra import
formats.
2018-10-31 14:10:07 +01:00
Gilles Peskine
f76aa7789b Private EC key format: change to raw secret value (doc, import)
Change the import/export format of private elliptic curve keys from
RFC 5915 to the raw secret value. This commit updates the format
specification and the import code, but not the export code.
2018-10-31 14:10:06 +01:00
Gilles Peskine
e0e9c7c417 New macro PSA_ALG_FULL_LENGTH_MAC
Provide a documented way of constructing the full-length MAC algorithm
from a truncated version.
2018-10-17 18:30:47 +02:00