Commit graph

751 commits

Author SHA1 Message Date
Steven Cooreman aec44e9fe8 Merge remote-tracking branch 'mbedtls/development' into montgomery-keys-clarification 2020-07-13 11:48:21 +02:00
Steven Cooreman ed3c9ec71a Added support for AES-ECB to the PSA Crypto implementation
PSA_ALG_ECB_NO_PADDING came in to the PSA Crypto API spec v1.0.0, but
was not implemented yet in the mbed TLS implementation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 14:16:10 +02:00
Steven Cooreman 6f5cc71ad1 Document masking of Montgomery private keys in psa_export_key
Follow the PSA Crypto specification which was updated between 1.0 beta3
and 1.0.0.
Add corresponding test cases.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-07-06 10:45:04 +02:00
Paul Elliott 75e27032d3 Rename DH Family Macros According to PSA Spec
Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename
psa_dh_group_t to psa_dh_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:49 +01:00
Paul Elliott 8ff510ac26 Rename ECC Family Macros According to PSA Spec
Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename
PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename
psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in
include/crypto_compat.h for backward compatibility.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2020-07-02 16:59:30 +01:00
Steven Cooreman db06445ad6 Fix typo in currently unused macro constant
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-06-08 18:19:33 +02:00
Janos Follath 0af1560919
Merge pull request #3305 from gilles-peskine-arm/psa-asymmetric-adjectives
PSA: Fix copypasta and align terminology about asymmetric encryption
2020-05-29 08:15:11 +01:00
Gilles Peskine 4eb05a4edd Fix article in documentation
Co-authored-by: Andrew Thoelke <andrew.thoelke@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-27 21:51:00 +02:00
Manuel Pégourié-Gonnard 5eae4dd08e
Merge pull request #3301 from Patater/inline-mbedtls_ecc_group_to_psa
psa: Define mbedtls_ecc_group_to_psa() inline
2020-05-19 09:06:04 +02:00
Gilles Peskine 344e15b010 Update SE support to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:15:26 +02:00
Gilles Peskine 52ac958d6b Update the SE interface to pass a location when registering a driver
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.

This commit updates the PSA specification draft.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 4cfa443d2a Fix macros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine e3871f8ae8 Missing word
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine c4ee2f3a87 Define a macro to construct a lifetime from persistence and location
Applications need this to combine implementation-specific values of
persistence levels and location indicators.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine aff1181d67 Document PSA_KEY_PERSISTENCE_xxx and PSA_KEY_LOCATION_xxx
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine ee04e69956 Rename and clarify the default persistent location and persistence
Call persistence "default" because that is genuinely the default that
applications should use if they don't know better. It's slightly
misleading in that the default persistence when you create a key is
volatile, not this: "default" is the default persistence for
persistent keys, not the default persistence for keys in general. But
we haven't found a better name.

Introduce the term "primary local storage" to designate the default
storage location.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 5dcb74f02f PSA_KEY_LIFETIME_PERSISTENT is a lifetime, not just a storage area
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine bbb3c1815a Shorten type and value names for lifetime parts
Drop lifetime_ or LIFETIME_ to make the names shorter. They're still
unambiguous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 2d2bb1dd04 Define some structure for lifetime values
* Lower 8 bits: persistence level
    * 0: volatile
    * 1: persistent (default)
    * 2-127: persistent (reserved for future PSA specifications)
    * 128-254: persistent (reserved for vendors)
    * 255: read-only
* Upper 24 bits: location indicator
    * 0: built-in
    * 1: primary secure element
    * 2-0x7fffff: reserved for future PSA specifications
    * 0x800000-0xffffff: vendor-specific

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-11 11:14:51 +02:00
Gilles Peskine 6cc0a204b9 Terminology: prefer "asymmetric" to "public-key"
Most of the documentation and some of the function names use
"asymmetric", so use "asymmetric" everywhere. Mention "public-key" in
key places to make the relevant functions easy to find if someone is
looking for that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:26 +02:00
Gilles Peskine 7668960e43 Fix copypasta: ciphertext -> plaintext
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:08 +02:00
Gilles Peskine 9ff8d1f963 Fix copypasta: signature -> encryption
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-05-05 16:05:08 +02:00
Darryl Green 2f0eb51aae psa: Define mbedtls_ecc_group_to_psa() inline
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.

Without this change, dual world platforms get error messages like the
following.

    [Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)

Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.

Fixes #3300

Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2020-05-05 12:41:48 +01:00
Soby Mathew 0a4270d732 Change the compatibility API to inline functions
This patch changes the compatibility API defined in crypto_compat.h
to static inline functions as the previous macro definitions were
causing issues for the C pre-processor when included in projects
which need to redefine the PSA function names. Making it static
inline function solves this problem neatly and also modern compilers
do a good job at inlining the function which makes the need for making
it a macro redundant.

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2020-02-10 17:26:22 +00:00
Gilles Peskine 7cfcb3fc03 Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group
families to make the low-order bit a parity bit (with even parity).

This ensures that distinct key type values always have a Hamming
distance of at least 2, which makes it easier for implementations to
resist single bit flips.
2020-01-31 10:24:21 +01:00
Gilles Peskine 46e6f9de4a Document the vendor range for EC curve and DH group families 2020-01-31 10:24:21 +01:00
Gilles Peskine f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Gilles Peskine b87b719467 Remove old values of curve encodings
Remove the values of curve encodings that are based on the TLS registry
and include the curve size, keeping only the new encoding that merely
encodes a curve family in 8 bits.

Keep the old constant names as aliases for the new values and
deprecate the old names.
2020-01-31 10:24:21 +01:00
Gilles Peskine 45c29ce4c0 Move size-specific curve/group constants to crypto_compat.h 2020-01-31 10:15:32 +01:00
Gilles Peskine 228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine 025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine 5055b239bf Expose mbedtls/psa curve identifier conversions from psa_crypto.c 2020-01-31 10:15:32 +01:00
Gilles Peskine 2eea95cb5d Extract the block size from the key type encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine 7bfcfac164 Change key type encodings to avoid bit 16
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.

For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Gilles Peskine 8fe6e0de3a Symmetric key types only use the upper 16 bits of psa_key_type_t
Change the numerical encoding of values for symmetric key types to
have 0000 as the lower 16 bits. Now the lower 16 bits are only used
for key types that have a subtype (EC curve or DH group).
2020-01-31 10:15:32 +01:00
Gilles Peskine 13faa2d920 Don't declare a parameter as const
An earlier commit fixed this for psa_hash_compare. psa_mac_verify had
the same flaw.
2020-01-30 16:32:21 +01:00
Gilles Peskine fa710f5c6a Don't declare a parameter as const
Whether a parameter should be const is an implementation detail of the
function, so don't declare a parameter of psa_hash_compare as
const. (This only applies to parameters themselves, not to objects
that pointer parameters points to.)
2020-01-30 12:27:14 +01:00
Gilles Peskine f8210f2bd5 Test the block size for symmetric keys
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
2019-12-12 09:00:27 +01:00
Gilles Peskine 81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
2019-12-06 10:10:14 +01:00
Gilles Peskine 0168f2f2c1 Better documentation in crypto_compat.h
Note that the identifiers declared in this header are deprecated.

Indicate what API version identifiers were from.
2019-11-29 12:23:46 +01:00
Gilles Peskine 972630e240 Remove dependency of crypto_values.h on crypto_extra.h
Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h.

This is necessary for the current PSA API specification processing
scripts.
2019-11-29 11:55:48 +01:00
Gilles Peskine 4151094a52 Add backward compatibility aliases for signature-related identifiers
Define deprecated aliases for identifiers that are being renamed.
2019-11-26 19:08:55 +01:00
Gilles Peskine 89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine 7b0ab6d34a Simplify support for deprecated constants of various types
Generalize MBEDTLS_DEPRECATED_NUMERIC_CONSTANT into macros that can
accommodate types other than int.
2019-11-26 18:20:58 +01:00
Gilles Peskine 7a894f2142 Move backward compatibility aliases to their own header
Move backward compatibility aliases to a separate header. Reserve
crypto_extra.h for implementation-specific extensions that we intend
to keep supporting.

This is better documentation for users. New users should simply ignore
backward compatibility aliases, and old users can look at
crypto_compat.h to see what is deprecated without bothering about new
features appearing in crypto_extra.h.

This facilitates maintenance because scripts such as
generate_psa_constants that want to ignore backward compability
aliases can simply exclude crypto_compat.h from their parsing.
2019-11-26 18:20:58 +01:00
Gilles Peskine 2975571ff5 Fix ECDSA case in PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE was taking the maximum ECDSA key
size as the ECDSA signature size. Fix it to use the actual maximum
size of an ECDSA signature.
2019-11-12 13:21:53 +01:00
Gilles Peskine 150d577780
Merge pull request #292 from gilles-peskine-arm/psa-destroy_0
Make psa_close_key(0) and psa_destroy_key(0) succeed
2019-10-14 11:21:54 +02:00
Jaeden Amero cb5fa8b4bd
Merge pull request #279 from athoelke/at-fix262
Include IANA reference in the definition of ECC curves and DH groups
2019-10-11 14:03:18 +01:00
Gilles Peskine 36029387de
Merge pull request #285 from gilles-peskine-arm/psa-se_driver-validate_save_persistent
SE driver: make persistent data work
2019-10-09 18:35:33 +02:00
Gilles Peskine 1bbe284d63
Merge pull request #272 from adrianlshaw/document_old_algs
Insert doxygen comments on old algorithms so they appear in PSA documentation
2019-10-09 17:18:11 +02:00
Gilles Peskine 43326f0d1e Change PSA_DH_GROUP_CUSTOM to not be in the vendor-defined range 2019-10-09 16:43:39 +02:00
Gilles Peskine 2493401af4 Document that psa_close_key(0) and psa_destroy_key(0) succeed
Document that passing 0 to a close/destroy function does nothing and
returns PSA_SUCCESS.

Although this was not written explicitly, the specification strongly
suggested that this would return PSA_ERROR_INVALID_HANDLE. While
returning INVALID_HANDLE makes sense, it was awkward for a very common
programming style where applications can store 0 in a handle variable
to indicate that the handle has been closed or has never been open:
applications had to either check if (handle != 0) before calling
psa_close_key(handle) or psa_destroy_key(handle), or ignore errors
from the close/destroy function. Now applications following this style
can just call psa_close_key(handle) or psa_destroy_key(handle).
2019-10-08 15:43:13 +02:00
Andrew Thoelke 6e59505bb2 Recommend use of GREASE values for vendor defined DH groups 2019-10-07 22:27:17 +01:00
Andrew Thoelke 691ec52694 Remove over-specific RFC references
Rely on general reference to IANA documentation
2019-10-07 15:28:36 +01:00
Andrew Thoelke 02b372b7b2 Fix defgroup syntax for API version section 2019-10-02 09:32:21 +01:00
Gilles Peskine 5ec3a30edb SE driver: validate_slot_number: support changing persistent data
Add a parameter to the p_validate_slot_number method to allow the
driver to modify the persistent data.

With the current structure of the core, the persistent data is already
updated. All it took was adding a way to modify it.
2019-10-01 14:27:23 +02:00
Gilles Peskine 3efcebbc5e SE support: Use a transaction when registering a key
When registering a key in a secure element, go through the transaction
mechanism. This makes the code simpler, at the expense of a few extra
storage operations. Given that registering a key is typically very
rare over the lifetime of a device, this is an acceptable loss.

Drivers must now have a p_validate_slot_number method, otherwise
registering a key is not possible. This reduces the risk that due to a
mistake during the integration of a device, an application might claim
a slot in a way that is not supported by the driver.
2019-10-01 14:18:35 +02:00
Gilles Peskine a990c49caf
Merge pull request #269 from adrianlshaw/version
Add PSA API versioning
2019-09-30 15:59:21 +02:00
Andrew Thoelke 214064ea85 Xref documentation for ECC curves and DH groups.
Connect the types to the key type construction macros by x-refs.
2019-09-25 22:16:21 +01:00
Andrew Thoelke fd368e50d5 Support for vendor-defined ECC curves and DH groups
Define a vendor-range within the the private use ranges in the IANA 
registry. Provide recommendations for how to support vendor-defined 
curves and groups.
2019-09-25 22:14:29 +01:00
Andrew Thoelke c625045da6 Tighten up language regarding direct use of the IANA registry values 2019-09-25 22:11:36 +01:00
Gilles Peskine 178c9aa966 Key derivation: forbid output_key without input_key
If none of the inputs to a key derivation is a
PSA_KEY_DERIVATION_INPUT_SECRET passed with
psa_key_derivation_input_key(), forbid
psa_key_derivation_output_key(). It usually doesn't make sense to
derive a key object if the secret isn't itself a proper key.
2019-09-24 18:39:03 +02:00
Gilles Peskine 7ebd4dcf57 Key derivation: allow both keys and direct inputs (function doc)
Update the documentation of psa_key_derivation_input_key() and
psa_key_derivation_input_bytes() now that the key/buffer distinction
is not mandatory.
2019-09-24 18:39:03 +02:00
Gilles Peskine 224b0d656a Key derivation: allow both keys and direct inputs
Allow a direct input as the SECRET input step in a key derivation, in
addition to allowing DERIVE keys. This makes it easier for
applications to run a key derivation where the "secret" input is
obtained from somewhere else. This makes it possible for the "secret"
input to be empty (keys cannot be empty), which some protocols do (for
example the IV derivation in EAP-TLS).

Conversely, allow a RAW_DATA key as the INFO/LABEL/SALT/SEED input to a key
derivation, in addition to allowing direct inputs. This doesn't
improve security, but removes a step when a personalization parameter
is stored in the key store, and allows this personalization parameter
to remain opaque.

Add test cases that explore step/key-type-and-keyhood combinations.
2019-09-24 18:39:03 +02:00
Andrew Thoelke c6f03ef6d4 Include IANA reference in the definition of ECC curves and DH groups
Fixes ARMmbed/psa-crypto#262
2019-09-24 13:19:49 +01:00
Andrew Thoelke dd49cf984b Include vendor-defined algorithm macros
Fixes ARMmbed/psa-crypto#264
2019-09-24 13:11:49 +01:00
Gilles Peskine 38b7c5edeb
Merge pull request #260 from athoelke/at-operations
Update multipart operation documentation
2019-09-20 18:44:44 +02:00
Adrian L. Shaw 21e7145f46 Insert doxygen comments on old algorithms so they appear in PSA documentation 2019-09-20 16:01:11 +01:00
Gilles Peskine c893235ea1
Merge pull request #115 from gilles-peskine-arm/psa-error-compatibility_aliases
Improve how generate_psa_constants handles compatibility aliases
2019-09-19 16:20:08 +02:00
Adrian L. Shaw 429fff487a Remove whitespace 2019-09-19 14:03:49 +01:00
Adrian L. Shaw d89338ac47 Add API versioning 2019-09-19 13:32:57 +01:00
Gilles Peskine a291413a1e
Merge pull request #257 from gilles-peskine-arm/psa-remove_zero_length_keys
Forbid zero-length keys
2019-09-19 13:07:41 +02:00
Andrew Thoelke 51514f57e9 Resolve inconsistent descipriton of operation state after exhausting a key derivation operation 2019-09-18 17:50:01 +01:00
Andrew Thoelke 4104afb770 Clarify valid state descriptions 2019-09-18 17:47:25 +01:00
Andrew Thoelke beb97ba066 Update documentation for multipart key derivation operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke 414415a457 Update documentation for multipart aead operations 2019-09-13 15:35:18 +01:00
Andrew Thoelke db6f44f875 Update documentation for multipart cipher operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke 9f208cc8c2 Update documentation for multipart mac operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke 272ba1dd96 Update documentation for multipart hash operations 2019-09-13 15:35:17 +01:00
Andrew Thoelke 340984b003 Fix PSA_ERROR_BAD_STATE messages
Remove some duplicated entries and added some missing ones.
2019-09-13 15:35:17 +01:00
Gilles Peskine 05c900b576 Forbid keys of size 0
Keys of size 0 generally don't make sense: a key is supposed to be
secret. There is one edge case which is "raw data" keys, which are
useful to store non-key objects in the same storage location as keys.
However those are also problematic because they involve a zero-length
buffer. Manipulating zero-length buffers in C requires special cases
with functions like malloc() and memcpy(). Additionally, 0 as a key
size already has a meaning "unspecified", which does not always
overlap seamlessly with the meaning "0".

Therefore, forbid keys of size 0. No implementation may accept them.
2019-09-12 18:29:43 +02:00
Gilles Peskine a170d927dd Clarify how key creation functions use attributes and what 0 means
Clarify how key creation functions use attributes. Explain the meaning
of attribute values, espcially what 0 means in each field where it has
a special meaning. Explain what an algorithm usage policy can be (an
algorithm, a wildcard with ANY_HASH, or 0).
2019-09-12 17:38:19 +02:00
Andrew Thoelke 5ae24ec7af Add missing error case to psa_aead_verify 2019-09-12 09:44:33 +01:00
Adrian L. Shaw 4c61c1a736 Move psa_destroy_key and psa_copy_key to Key Management section 2019-09-11 14:40:51 +01:00
Jaeden Amero 4badc92438
Merge pull request #117 from gilles-peskine-arm/psa_error_code_coverage
PSA return status coverage script
2019-09-10 16:39:23 +01:00
Jaeden Amero 4864eb5bec
Merge pull request #247 from athoelke/at-key-handles
Update the behavior of key handles
2019-09-10 14:38:56 +01:00
Andrew Thoelke 970629fc9a Fix grammar. 2019-09-09 09:56:34 +01:00
Gilles Peskine be061337c1 Document more error codes 2019-09-06 19:29:52 +02:00
Gilles Peskine 1983512803 Add backward compatibility alias for PSA_ERROR_CORRUPTION_DETECTED
This was renamed from PSA_ERROR_TAMPERING_DETECTED. Add a backward
compatibility alias in case somebody was already using it.
2019-09-06 17:48:56 +02:00
Jaeden Amero 7c2cc479b0
Merge pull request #213 from adrianlshaw/psa-api-1.0-beta
Update function return codes
2019-09-06 08:53:29 +01:00
Adrian L. Shaw 8619f8cd07 Remove storage errors from psa_generate_random 2019-09-05 10:37:22 +01:00
Andrew Thoelke de183416f8 Update the behavior of key handles
* open output distinct key handles
* each handle must be closed
* destroying a key does not invalidate other handles
* closing a key can/might fail an active operation (but not required)
2019-09-05 09:38:06 +01:00
Adrian L. Shaw 3b5975641e Fix return code warnings
- Remove STORAGE_FAILURE from hash and abort functions
- Remove BUFFER_TOO_SMALL from psa_mac_verify
2019-09-04 19:20:32 +01:00
Jaeden Amero 8096969905
Merge pull request #139 from Patater/des-faster-and-typo-fix
Make DES self-test faster, and fix a typo
2019-09-04 12:18:39 +01:00
Adrian L. Shaw fa2cefa001 Fix warnings 2019-09-04 11:36:15 +01:00
Adrian L. Shaw f483973c37 Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv 2019-09-04 11:35:32 +01:00
Adrian L. Shaw 599c712668 Remove errorneous insert 2019-09-04 11:35:32 +01:00
Adrian L. Shaw 1505b2108a Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:35:32 +01:00
Adrian L. Shaw 1f1e1a5253 Add storage failure to psa_mac_verify_finish 2019-09-04 11:35:32 +01:00
Adrian L. Shaw 56b32b126c Add storage failure to psa_mac_sign_finish 2019-09-04 11:35:32 +01:00
Adrian L. Shaw 22bc8fff0c Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:35:06 +01:00
Adrian L. Shaw 8f7cd1ee55 Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:34:22 +01:00
Adrian L. Shaw 97d3bc3674 Added extra bad state case to psa_hash_setup 2019-09-04 11:34:22 +01:00
Adrian L. Shaw 2364924619 Add missing return codes to psa_generate_key 2019-09-04 11:34:22 +01:00
Adrian L. Shaw 1f42a84a13 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:33:32 +01:00
Adrian L. Shaw 650229ba38 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw 2a889781c5 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:31:14 +01:00
Adrian L. Shaw 11638b99a0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:31:14 +01:00
Adrian L. Shaw 7f1863c905 Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw 15731c1422 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:31:14 +01:00
Adrian L. Shaw 23c006f45e Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:31:14 +01:00
Adrian L. Shaw 39797aa34c Fix erroneous cut and paste 2019-09-04 11:30:18 +01:00
Adrian L. Shaw fbf7f121f9 Separate return codes for unsupported and invalid algorithms 2019-09-04 11:30:18 +01:00
Adrian L. Shaw 66200c4e98 Add PSA_ERROR_STORAGE_FAILURE to psa_cipher_generate_iv 2019-09-04 11:30:18 +01:00
Adrian L. Shaw f97c8523ee Add CORRUPTION_DETECTED to psa_close_key 2019-09-04 11:30:18 +01:00
Adrian L. Shaw 6725757cec Remove errorneous insert 2019-09-04 11:30:18 +01:00
Adrian L. Shaw 484ba88a0f Add STORAGE_FAILURE everywhere + add missing codes 2019-09-04 11:30:18 +01:00
Adrian L. Shaw dc5bf5c8e7 Add storage failure to (encrypt/decrypt)_setup 2019-09-04 11:30:18 +01:00
Adrian L. Shaw d9e9024885 Add storage failure to psa_mac_verify_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw 263223689f Add storage failure to psa_mac_sign_finish 2019-09-04 11:30:18 +01:00
Adrian L. Shaw 8d0bcf27ec Add PSA_ERROR_INVALID_ARGUMENT to psa_hash_compare 2019-09-04 11:30:17 +01:00
Adrian L. Shaw df3c7ac645 Remove trailing whitespace 2019-09-04 11:30:17 +01:00
Adrian L. Shaw d789dc13da Added a few more return codes 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 3e41249417 Add PSA_ERROR_STORAGE_FAILURE to psa_aead_*_setup functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 71b33ffcf8 Add missing error codes to psa_generate_random 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 0d280b9873 Add missing error codes for psa_raw_key_agreement 2019-09-04 11:30:17 +01:00
Adrian L. Shaw a3f6ba5843 Added PSA_ERROR_STORAGE_FAILURE to psa_cipher_(encrypt/decrypt) 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 320659b54c Added PSA_ERROR_BAD_STATE to functions with operations
In the case that the operation object has not been initialized
appropriately.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw e970d65273 Added extra bad state case to psa_hash_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 6e758c9bb8 Add missing return codes to psa_asymmetric_verify 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 27c121574b Add missing parameters to psa_asymmetric_sign 2019-09-04 11:30:17 +01:00
Adrian L. Shaw d21c6e6566 Add missing return codes to psa_generate_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw c207ba376e Added missing return codes to psa_aead_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 96f31ada18 Add missing return codes to psa_asymmetric_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw f961d5c9e6 Add missing return codes to psa_asymmetric_encrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 53d90c5199 Only return PSA_ERROR_DOES_NOT_EXIST from psa_open_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 9770d0e0f8 Add PSA_ERROR_STORAGE_FAILURE to psa_mac_verify_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 2409ba0429 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 7563ed17ab Remove PSA_ERROR_DOES_NOT_EXIST from psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw d5ae06b1e3 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw dec47b6f9d Added the possibility of PSA_ERROR_BAD_STATE to all functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw fa591c44af Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw f7d852a9d5 Added PSA_ERROR_BUFFER_TOO_SMALL to psa_hash_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 60b0320af0 Add PSA_ERROR_STORAGE_FAILURE to psa_copy_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 398b3c27e0 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:30:17 +01:00
Adrian L. Shaw e926e7370f Removed PSA_DOES_NOT_EXIST from psa_export_public_key
The implementation should return PSA_ERROR_INVALID_HANDLE instead.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 88c51adfc0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 742084ea25 Removed PSA_ERROR_DOES_NOT_EXIST from psa_export_key
If the key doesn't exist by the time this call is made
then the handle is invalid,
which means that PSA_ERROR_INVALID_HANDLE should be
returned rather than "does not exist"
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 0542d595ce Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 89b7152ed0 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:30:17 +01:00