Merge remote-tracking branch 'psa/pr/103' into feature-psa

This commit is contained in:
Gilles Peskine 2018-07-13 16:02:54 +02:00 committed by itayzafrir
commit ebe10de167
3 changed files with 977 additions and 403 deletions

File diff suppressed because it is too large Load diff

View file

@ -237,17 +237,69 @@
* sensible size or 0. * sensible size or 0.
* If the parameters are not valid, the * If the parameters are not valid, the
* return value is unspecified. * return value is unspecified.
*
*/ */
#define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \ #define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \
((void)alg, 0)) ((void)alg, 0))
/** Safe output buffer size for psa_asymmetric_encrypt().
*
* This macro returns a safe buffer size for a ciphertext produced using
* a key of the specified type and size, with the specified algorithm.
* Note that the actual size of the ciphertext may be smaller, depending
* on the algorithm.
*
* \warning This function may call its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
* \param key_type An asymmetric key type (this may indifferently be a
* key pair type or a public key type).
* \param key_bits The size of the key in bits.
* \param alg The signature algorithm.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
* psa_asymmetric_encrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
* by the implementation, this macro either shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \ (PSA_KEY_TYPE_IS_RSA(key_type) ? \
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \ ((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
0) 0)
/** Safe output buffer size for psa_asymmetric_decrypt().
*
* This macro returns a safe buffer size for a ciphertext produced using
* a key of the specified type and size, with the specified algorithm.
* Note that the actual size of the ciphertext may be smaller, depending
* on the algorithm.
*
* \warning This function may call its arguments multiple times or
* zero times, so you should not pass arguments that contain
* side effects.
*
* \param key_type An asymmetric key type (this may indifferently be a
* key pair type or a public key type).
* \param key_bits The size of the key in bits.
* \param alg The signature algorithm.
*
* \return If the parameters are valid and supported, return
* a buffer size in bytes that guarantees that
* psa_asymmetric_decrypt() will not fail with
* #PSA_ERROR_BUFFER_TOO_SMALL.
* If the parameters are a valid combination that is not supported
* by the implementation, this macro either shall return either a
* sensible size or 0.
* If the parameters are not valid, the
* return value is unspecified.
*/
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \
(PSA_KEY_TYPE_IS_RSA(key_type) ? \ (PSA_KEY_TYPE_IS_RSA(key_type) ? \
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \ PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \

View file

@ -1191,7 +1191,7 @@ static const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
switch( alg ) switch( alg )
{ {
case PSA_ALG_STREAM_CIPHER: case PSA_ALG_STREAM_CIPHER_BASE:
mode = MBEDTLS_MODE_STREAM; mode = MBEDTLS_MODE_STREAM;
break; break;
case PSA_ALG_CBC_BASE: case PSA_ALG_CBC_BASE:
@ -2585,12 +2585,12 @@ void psa_key_policy_set_usage( psa_key_policy_t *policy,
policy->alg = alg; policy->alg = alg;
} }
psa_key_usage_t psa_key_policy_get_usage( psa_key_policy_t *policy ) psa_key_usage_t psa_key_policy_get_usage( const psa_key_policy_t *policy )
{ {
return( policy->usage ); return( policy->usage );
} }
psa_algorithm_t psa_key_policy_get_algorithm( psa_key_policy_t *policy ) psa_algorithm_t psa_key_policy_get_algorithm( const psa_key_policy_t *policy )
{ {
return( policy->alg ); return( policy->alg );
} }
@ -2964,13 +2964,13 @@ psa_status_t psa_generate_random( uint8_t *output,
psa_status_t psa_generate_key( psa_key_slot_t key, psa_status_t psa_generate_key( psa_key_slot_t key,
psa_key_type_t type, psa_key_type_t type,
size_t bits, size_t bits,
const void *parameters, const void *extra,
size_t parameters_size ) size_t extra_size )
{ {
key_slot_t *slot; key_slot_t *slot;
psa_status_t status; psa_status_t status;
if( parameters == NULL && parameters_size != 0 ) if( extra == NULL && extra_size != 0 )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
status = psa_get_empty_key_slot( key, &slot ); status = psa_get_empty_key_slot( key, &slot );
@ -3010,14 +3010,18 @@ psa_status_t psa_generate_key( psa_key_slot_t key,
int exponent = 65537; int exponent = 65537;
if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS ) if( bits > PSA_VENDOR_RSA_MAX_KEY_BITS )
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
if( parameters != NULL ) if( extra != NULL )
{ {
const unsigned *p = parameters; const psa_generate_key_extra_rsa *p = extra;
if( parameters_size != sizeof( *p ) ) if( extra_size != sizeof( *p ) )
return( PSA_ERROR_INVALID_ARGUMENT ); return( PSA_ERROR_INVALID_ARGUMENT );
if( *p > INT_MAX ) #if INT_MAX < 0xffffffff
return( PSA_ERROR_INVALID_ARGUMENT ); /* Check that the uint32_t value passed by the caller fits
exponent = *p; * in the range supported by this implementation. */
if( p->e > INT_MAX )
return( PSA_ERROR_NOT_SUPPORTED );
#endif
exponent = p->e;
} }
rsa = mbedtls_calloc( 1, sizeof( *rsa ) ); rsa = mbedtls_calloc( 1, sizeof( *rsa ) );
if( rsa == NULL ) if( rsa == NULL )
@ -3048,7 +3052,7 @@ psa_status_t psa_generate_key( psa_key_slot_t key,
mbedtls_ecp_curve_info_from_grp_id( grp_id ); mbedtls_ecp_curve_info_from_grp_id( grp_id );
mbedtls_ecp_keypair *ecp; mbedtls_ecp_keypair *ecp;
int ret; int ret;
if( parameters != NULL ) if( extra != NULL )
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL ) if( grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL )
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );