Commit Graph

2348 Commits

Author SHA1 Message Date
Gilles Peskine
fe11951c16 Rename psa cipher functions to psa_cipher_xxx
Make function names for multipart operations more consistent (cipher
edition).

Rename symmetric cipher multipart operation functions so that they all
start with psa_cipher_:

* psa_encrypt_setup -> psa_cipher_encrypt_setup
* psa_decrypt_setup -> psa_cipher_decrypt_setup
* psa_encrypt_set_iv -> psa_cipher_set_iv
* psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-09-12 16:41:11 +03:00
Gilles Peskine
89167cb597 Split psa_mac_setup -> psa_mac_{sign,verify}_setup
Make function names for multipart operations more consistent (MAC
setup edition).

Split psa_mac_setup into two functions psa_mac_sign_setup and
psa_mac_verify_setup. These functions behave identically except that
they require different usage flags on the key. The goal of the split
is to enforce the key policy during setup rather than at the end of
the operation (which was a bit of a hack).

In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is
of the wrong type, abort the operation before returning BAD_STATE.
2018-09-12 16:41:11 +03:00
Gilles Peskine
acd4be36fa Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish
Make function names for multipart operations more consistent (MAC
finish edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine
da8191d1cd Rename psa_hash_start -> psa_hash_setup
Make function names for multipart operations more consistent (hash
edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine
07c91f5df3 Add notes about the purpose and usage of auxiliary header files 2018-09-12 16:41:11 +03:00
Gilles Peskine
2743e42580 Correct reference for RSA keypair export format 2018-09-12 16:41:11 +03:00
Gilles Peskine
af3baabd05 Define max sizes for MAC and signatures
This requires defining a maximum RSA key size, since the RSA key size
is the signature size. Enforce the maximum RSA key size when importing
or generating a key.
2018-09-12 16:41:11 +03:00
Gilles Peskine
49cee6c582 Move implementation-dependent size macros to crypto_sizes.h
Macros such as PSA_HASH_SIZE whose definitions can be the same
everywhere except in implementations that support non-standard
algorithms remain in crypto.h, at least for the time being.
2018-09-12 16:41:11 +03:00
Gilles Peskine
0cad07c2fb New header crypto_sizes.h
This header will contain macros that calculate buffer sizes, whose
semantics are standardized but whose definitions are
implementation-specific because they depend on the available algorithms
and on some permitted buffer size tolerances.

Move size macros from crypto_struct.h to crypto_sizes.h, because these
definitions need to be available both in the frontend and in the
backend, whereas structures have different contents.
2018-09-12 16:41:11 +03:00
Gilles Peskine
eae6eee24c Change ECDSA signature representation to r||s
Change the representation of an ECDSA signature from the ASN.1 DER
encoding used in TLS and X.509, to the concatenation of r and s
in big-endian order with a fixed size. A fixed size helps memory and
buffer management and this representation is generally easier to use
for anything that doesn't require the ASN.1 representation. This is
the same representation as PKCS#11 (Cryptoki) except that PKCS#11
allows r and s to be truncated (both to the same length), which
complicates the implementation and negates the advantage of a
fixed-size representation.
2018-09-12 16:41:11 +03:00
Gilles Peskine
a81d85b732 Sort out ECDSA mechanisms
* Distinguish randomized ECDSA from deterministic ECDSA.
* Deterministic ECDSA needs to be parametrized by a hash.
* Randomized ECDSA only uses the hash for the initial hash step,
  but add ECDSA(hash) algorithms anyway so that all the signature
  algorithms encode the initial hashing step.
* Add brief documentation for the ECDSA signature mechanisms.
* Also define DSA signature mechanisms while I'm at it. There were
  already key types for DSA.
2018-09-12 16:24:51 +03:00
Gilles Peskine
526fab0066 Fix parameter name signature_size for psa_asymmetric_verify
It should have been signature_length, following our conventions.
2018-09-12 16:24:51 +03:00
Gilles Peskine
e9191ff90b Add missing const for signature parameter of psa_asymmetric_verify 2018-09-12 16:24:51 +03:00
Gilles Peskine
08bac713df Clarify that asymmetric_{sign,verify} operate on a hash 2018-09-12 16:24:51 +03:00
Gilles Peskine
55bf3d1171 Sort out RSA mechanisms
* PSS needs to be parametrized by a hash.
* Don't use `_MGF1` in the names of macros for OAEP and PSS. No one
  ever uses anything else.
* Add brief documentation for the RSA signature mechanisms.
2018-09-12 16:24:51 +03:00
Gilles Peskine
9e73ff17d4 Add missing parameters to some documentation
tests/scripts/doxygen.sh now passes.
2018-09-12 16:24:50 +03:00
Gilles Peskine
ea4469f8d1 Fix parameter name in Doxygen documentation 2018-09-12 16:24:50 +03:00
Gilles Peskine
7ed29c56f1 Rename PSA_ALG_RSA_GET_HASH to PSA_ALG_SIGN_GET_HASH
And don't use it for HMAC when there's a perfectly serviceable
PSA_ALG_HMAC_HASH. HMAC isn't hash-and-sign.
2018-09-12 16:24:50 +03:00
Jaeden Amero
7baf0d5702 psa: doxygen: Fix parameters reference
Doxygen interprets `\param` as starting documentation for a new param, or
to extend a previously started `\param` documentation when the same
reference is used. The intention here was to reference the function
parameter, not extend the previous documentation. Use `\p` to refer to
function parameters.
2018-09-12 16:24:50 +03:00
Gilles Peskine
e584ccb6fd Merge remote-tracking branch 'psa/pr/57' into feature-psa 2018-09-12 16:24:50 +03:00
Gilles Peskine
e9a0a9d74d Update documentation of psa_success_t
Now that the type is not an enum, explain what values are valid.

Also add a comment to explain the #if defined(PSA_SUCCESS) temporary hack.
2018-09-12 16:24:50 +03:00
itayzafrir
c2a7976886 PSA Crypto error code definitions
Removed the psa_status_t enum and defined error codes as defines.
Conditionally defining PSA_SUCCESS and psa_status_t.
2018-09-12 16:24:50 +03:00
Gilles Peskine
48c0ea14c6 Remove PSA_KEY_TYPE_IS_RAW_BYTES from crypto.h
It isn't used to define other macros and it doesn't seem that useful
for users. Remove it, we can reintroduce it if needed.

Define a similar function key_type_is_raw_bytes in the implementation
with a clear semantics: it's a key that's represented as a struct
raw_data.
2018-09-12 16:24:50 +03:00
Gilles Peskine
4e69d7a9a7 psa_generate_key: pass parameters_size argument
When calling psa_generate_key, pass the size of the parameters buffer
explicitly. This makes calls more verbose but less error-prone. This
also has the benefit that in an implementation with separation, the
frontend knows how many bytes to send to the backend without needing
to know about each key type.
2018-09-12 16:22:51 +03:00
Gilles Peskine
9a9e19f3fb Switch default config back to the upstream one + PSA + CMAC
Switch the default config.h back to the upstream version, plus the new
feature from this branch MBEDTLS_PSA_CRYPTO_C, plus MBEDTLS_CMAC_C
because it's a features we're using to explore the API design but
that's off by default in Mbed TLS.

Having a crypto-only version saved a bit of developer time, and it's
something we want to ship, but we also need a full build with TLS to
work, and the CI scripts assume that the default build includes TLS.

As a consequence, list-macros.sh no longer needs a special case to
pass check-names.sh.
2018-09-12 16:22:51 +03:00
Gilles Peskine
1672d1d2e4 Remove features with missing dependencies from config.h
The default config.h omits non-crypto features. Remove some features
that had been accidentally left in but have dependencies that had been
removed.

Also update configs/config-psa-crypto.h to match
include/mbedtls/config.h. They were historically identical but started
diverging when the feature-psa branch was rebased on top of a more
recent upstream.

Now the code builds with the "full" config.
2018-09-12 16:22:51 +03:00
Gilles Peskine
e1fed0de18 Define elliptic curve identifiers from TLS
Instead of rolling our own list of elliptic curve identifiers, use one
from somewhere. Pick TLS because it's the right size (16 bits) and
it's as good as any.
2018-09-12 16:19:04 +03:00
Gilles Peskine
b3e6e5deeb Rename hash max sizes for consistency
Use "hash" throughout the library, not "md" as in Mbed TLS.
2018-09-12 16:19:04 +03:00
Gilles Peskine
2d2778650b Normalize whitespace
Normalize whitespace to Mbed TLS standards. There are only whitespace
changes in this commit.
2018-09-12 16:15:52 +03:00
Gilles Peskine
6de7a179c8 Fix file permissions
Some files were marked as executable but shouldn't have been.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
5ca6547b77 Renamed hmac_ctx to opad and removed null check.
this array is now part of the struct and not dynamically allocated
so it can't be null.
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
9e2ffe83ac change type of hash block to uint8_t 2018-09-12 16:13:49 +03:00
Nir Sonnenschein
35dfbf4601 change hmac context to use statically allocated memory
1. removed dynamic allocation of stack context
2. moved ipad to stack
3. added defines for maximal sizes
2018-09-12 16:13:49 +03:00
Nir Sonnenschein
dcd636a73f Commit changes to hmac to not use MD abstraction
this PR is part of efforts to use "lower level" mbedTLS APIs vs "higher level" abstract APIs.
2018-09-12 16:13:49 +03:00
Gilles Peskine
8605428dcf Merge remote-tracking branch 'psa/pr/27' into feature-psa 2018-09-05 12:46:19 +03:00
Gilles Peskine
625b01c9c3 Add OAEP placeholders in asymmetric encrypt/decrypt
Replace PSS placeholders by OAEP placeholders. PSS is a signature
algorithm, not an encryption algorithm.

Fix typo in PSA_ALG_IS_RSA_OAEP_MGF1.
2018-09-05 12:44:17 +03:00
Gilles Peskine
723feffe15 Fix some errors in PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE
A call to PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE wouldn't even have
compiled. Fix some obvious errors. This is still untested.
2018-09-05 12:44:17 +03:00
Gilles Peskine
d6125ca63b Merge remote-tracking branch 'psa/pr/24' into feature-psa 2018-09-05 12:41:53 +03:00
Gilles Peskine
3585596aec Document a few more macros 2018-09-05 12:41:52 +03:00
Gilles Peskine
84861a95ca Merge remote-tracking branch 'psa/psa-wrapper-apis-aead' into feature-psa 2018-09-05 12:41:52 +03:00
Gilles Peskine
154bd95131 psa_destroy_key: return SUCCESS on an empty slot
Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-09-05 12:41:52 +03:00
Gilles Peskine
5e39dc96e0 New macro PSA_AEAD_TAG_SIZE, use it for PSA_AEAD_xxx_OUTPUT_SIZE 2018-09-05 12:41:52 +03:00
Gilles Peskine
71bb7b77f0 Switch PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
Make this macro work on derived algorithms as well (HMAC,
hash-and-sign, etc.).
2018-09-05 12:41:52 +03:00
Gilles Peskine
212e4d8f7c Improve documentation of PSA_AEAD_xxx_OUTPUT_SIZE 2018-09-05 12:41:52 +03:00
Gilles Peskine
65eb8588fe Expand the description of error codes 2018-09-05 12:41:52 +03:00
mohammad1603
1347a73fbe fix macros documentation style. 2018-09-05 12:41:52 +03:00
mohammad1603
fb5b9cbb8d add missing documentations 2018-09-05 12:41:52 +03:00
mohammad1603
22898ba0bd remove duplicated definition 2018-09-05 12:41:51 +03:00
Gilles Peskine
36a74b71a0 Fix Doxygen comments to pass clang -Wdocumentation 2018-09-05 12:41:51 +03:00
Gilles Peskine
1e7d8f1b09 Document AEAD functions
Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define
macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE
(untested).
2018-09-05 12:41:51 +03:00