Commit graph

45 commits

Author SHA1 Message Date
Gilles Peskine 5ec3a30edb SE driver: validate_slot_number: support changing persistent data
Add a parameter to the p_validate_slot_number method to allow the
driver to modify the persistent data.

With the current structure of the core, the persistent data is already
updated. All it took was adding a way to modify it.
2019-10-01 14:27:23 +02:00
Gilles Peskine f3801fff77 Update import_key and generate_key SE methods to the current API
The methods to import and generate a key in a secure element drivers
were written for an earlier version of the application-side interface.
Now that there is a psa_key_attributes_t structure that combines all
key metadata including its lifetime (location), type, size, policy and
extra type-specific data (domain parameters), pass that to drivers
instead of separate arguments for each piece of metadata. This makes
the interface less cluttered.

Update parameter names and descriptions to follow general conventions.

Document the public-key output on key generation more precisely.
Explain that it is optional in a driver, and when a driver would
implement it. Declare that it is optional in the core, too (which
means that a crypto core might not support drivers for secure elements
that do need this feature).

Update the implementation and the tests accordingly.
2019-08-09 16:43:35 +02:00
Gilles Peskine a5f8749812 SE key registration: call p_validate_slot_number
When registering a key in a secure element, if the driver has a
p_validate_slot_number method, call it.
2019-08-09 15:05:32 +02:00
Gilles Peskine d772958ffc New function mbedtls_psa_register_se_key
Register an existing key in a secure element.

Minimal implementation that doesn't call any driver method and just
lets the application declare whatever it wants.
2019-08-09 15:05:21 +02:00
Gilles Peskine e88c2c1338 Pass the key creation method to drivers
Pass the key creation method (import/generate/derive/copy) to the
driver methods to allocate or validate a slot number. This allows
drivers to enforce policies such as "this key slot can only be used
for keys generated inside the secure element".
2019-08-09 14:59:31 +02:00
Gilles Peskine 9d75202efb Clarify and expand the documentation of the allocate/create sequence 2019-08-09 11:33:48 +02:00
Gilles Peskine ae9964d3ef Add validate_slot_number method to SE drivers
Pave the way for allowing the application to choose the slot number in
a secure element, rather than always letting the driver choose.
2019-08-08 11:02:30 +02:00
Gilles Peskine 0a23322431 Improve documentation of the allocate method 2019-08-08 11:02:30 +02:00
Gilles Peskine c8000c005a Add slot_number attribute
Add a slot_number field to psa_key_attributes_t and getter/setter
functions. Since slot numbers can have the value 0, indicate the
presence of the field via a separate flag.

In psa_get_key_attributes(), report the slot number if the key is in a
secure element.

When creating a key, for now, applications cannot choose a slot
number. A subsequent commit will add this capability in the secure
element HAL.
2019-08-08 10:58:09 +02:00
Gilles Peskine 1801740a7c SE driver: report the bit size on key import
Add a parameter to the key import method of a secure element driver to
make it report the key size in bits. This is necessary (otherwise the
core has no idea what the bit-size is), and making import report it is
easier than adding a separate method (for other key creation methods,
this information is an input, not an output).
2019-07-29 18:07:09 +02:00
Gilles Peskine 0c3ae1f0b4 Improve documentation of SE driver persistent state
Explain what it can be used for and when it is saved to storage.
2019-07-25 14:04:38 +02:00
Gilles Peskine 6a3dd89a64 Improve alignment in comments 2019-07-25 10:56:39 +02:00
Gilles Peskine 105f67f0fa Move the definition of psa_key_attributes_t to crypto_types.h
psa_key_attributes_t is used in the SE driver HAL, so it must be
defined in a common header, not in the API-only header crypto.h.
2019-07-23 18:43:28 +02:00
Gilles Peskine 9dd125d8bb Fix overly complex Doxygen markup 2019-07-23 18:43:28 +02:00
Gilles Peskine 6032673b39 Fix Doxygen reference
Pass doxygen.sh
2019-07-22 20:10:36 +02:00
Gilles Peskine 94cc42c28f Pass a writable pointer to the persistent data when needed
Most driver methods are not allowed to modify the persistent data, so
the driver context structure contains a const pointer to it. Pass a
non-const pointer to the persstent data to the driver methods that
need it: init, allocate, destroy.
2019-07-12 23:34:20 +02:00
Gilles Peskine f2223c868d New driver method: allocate
Add a driver method to allocate a key slot for a key that is about to
be created.
2019-07-12 23:33:02 +02:00
Gilles Peskine 8597bc13e7 Pass the driver context to most driver methods
Pass the driver context to all driver methods except the ones that
operate on an already-setup operation context.

Rename `p_context` arguments to `op_context` to avoid confusion
between contexts.
2019-07-12 23:32:27 +02:00
Gilles Peskine 7a86da1d42 Define a driver context structure type
Define a structure that is to be instantiated once per driver
instance.

Define a driver initialization method and pass it the driver context.
2019-07-12 23:25:59 +02:00
Gilles Peskine f03143a4d1 Change driver key slot numbers to 64 bits
This slightly increases storage requirements, but works in more use
cases. In particular, it allows drivers to treat choose slot numbers
with a monotonic counter that is incremented each time a key is
created, without worrying about overflow in practice.
2019-07-12 23:18:29 +02:00
Gilles Peskine 6e59c42d1d Split the secure element driver method table memory layout
Instead of having one giant table containing all possible methods,
represent a driver's method table as a structure containing pointers
to substructures. This way a driver that doesn't implement a certain
class of operations can use NULL for this class as a whole instead of
storing NULL for each method.
2019-07-12 11:47:50 +02:00
Gilles Peskine e62b74e68f Add public-key export method 2019-07-12 11:47:50 +02:00
Gilles Peskine c93a43bed6 Improve documentation 2019-06-26 11:21:41 +02:00
Gilles Peskine 45a8ca373c Fix typos in function argument names 2019-06-24 19:55:49 +02:00
Gilles Peskine d910e928e8 Declare a function to register a secure element driver 2019-06-24 14:10:24 +02:00
Gilles Peskine b6cadea6a5 Secure element driver structure
Define a structure type containing all the methods of a secure element
driver.
2019-06-24 14:10:24 +02:00
Gilles Peskine eff4942202
Merge pull request #268 from ARMmbed/psa-error_tampering_detected
Rename PSA_ERROR_TAMPERING_DETECTED to PSA_ERROR_CORRUPTION_DETECTED
2019-05-17 11:06:09 +02:00
Gilles Peskine 35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine 4b3eb69271 Rename PSA_ERROR_TAMPERING_DETECTED to ..._CORRUPTION_DETECTED
“Tampering detected” was misleading because in the real world it can
also arise due to a software bug. “Corruption detected” is neutral and
more precisely reflects what can trigger the error.

perl -i -pe 's/PSA_ERROR_TAMPERING_DETECTED/PSA_ERROR_CORRUPTION_DETECTED/gi' $(git ls-files)
2019-05-16 21:35:18 +02:00
Adrian L. Shaw 5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Jaeden Amero 03a60301d7
Merge pull request #248 from ARMmbed/dreemkiller_rename_driver
Various Changes for the PSA Driver Model
2019-03-06 18:59:46 +00:00
Gilles Peskine 32668ce268 Pacify check-names.sh 2019-03-06 18:29:57 +01:00
Gilles Peskine c079f5692d Pass check-files.py 2019-03-06 18:01:52 +01:00
Gilles Peskine e5c025c7ab Fix Doxygen warnings 2019-03-06 18:01:43 +01:00
Gilles Peskine c3044a6a36 Remove trailing whitespace
check-files.py doesn't like trailing whitespace.
2019-03-06 17:56:28 +01:00
David Saada b4ecc27629 Replace PSA error code definitions with the ones defined in PSA spec 2019-02-18 13:53:13 +02:00
Derek Miller f0c1d0d375 Doxygen changes to match the code changes. clarifications. 2019-02-15 17:23:42 -06:00
Derek Miller 34b33f198b Changed psa_drv_se_cipher_t.size to context_size to be consistent 2019-02-15 17:13:54 -06:00
Derek Miller 6211726c61 Removed key deriv. context struct, replaced with void* and a context_size 2019-02-15 17:12:26 -06:00
Derek Miller 0b3098a486 added generate key. Removed pubkey export 2019-02-15 17:10:49 -06:00
Derek Miller 0972fe548c added lifetime paramter to psa_drv_se_import_key_t as the SE needs to know this 2019-02-15 17:08:27 -06:00
Derek Miller ea743cf6b0 Removed * from function pointers (as they were already pointers) 2019-02-15 17:06:29 -06:00
Derek Miller b2a1cceaf7 temporarily changed psa_key_slot_t to psa_key_slot_number_t to avoid naming collision 2019-02-15 17:03:42 -06:00
Derek Miller 83d2662dfa Changed opaque/transparent in functions/structs to se/accel 2019-02-15 16:41:22 -06:00
Gilles Peskine 75976895c6 Split crypto_driver.h into one for each driver type
Split crypto_driver.h into 4:
* crypto_driver_common.h for common definitions, not meant to be
  included directly by driver code.
* crypto_accel_driver.h for drivers that work with transparent
  key material.
* crypto_se_driver.h for drivers that work with opaque key
  material.
* crypto_entropy_driver.h for drivers of entropy sources.

There is no code change in this commit, I only moved some code around.
2018-12-21 18:17:10 +01:00
Renamed from include/psa/crypto_driver.h (Browse further)