Commit graph

3141 commits

Author SHA1 Message Date
Gilles Peskine b70a0fd1a5 Key derivation by small input steps: proof-of-concept
Document the new API. Keep the old one.

Implement for HKDF. Use it in a few test cases.

Key agreement is still unchanged.
2019-01-18 18:33:12 +01:00
Gilles Peskine 7666edbfe1 Merge branch 'psa-aead_multipart' into psa-api-1.0-beta
Add multipart AEAD API.

Add one-shot API for hash, MAC and cipher.
2019-01-18 17:59:30 +01:00
Gilles Peskine 1f9e58a1bb Merge branch 'psa-signature_policy_wildcard' into psa-api-1.0-beta
For hash-and-sign algorithms, allow a policy to specify a wildcard
instead of a specific hash algorithm.
2019-01-18 17:52:17 +01:00
Gilles Peskine 3a74e00429 Add type argument to psa_set_key_domain_parameters
psa_set_key_domain_parameters needs the type to parse the domain
parameters.
2019-01-18 17:24:20 +01:00
Jaeden Amero 8851c40d85 psa: Add DH key exchange keys
Add the ability to specify Diffie-Hellman key exchange keys. Specify the
import/export format as well, even though importing and exporting isn't
implemented yet.
2019-01-18 17:24:20 +01:00
Jaeden Amero 1308fb517f psa: Simplify DSA key formats
Remove front matter and DSS parameters from our DSA key formats, both
keypair and public key, to make it just a representation of the integer
private key, `x`, or the public key, `y`, respectively.
2019-01-18 17:24:20 +01:00
Jaeden Amero 283dfd1613 psa: Add get/set domain parameters
DSA and static DH need extra domain parameters. Instead of passing these
in with the keys themselves, add get and set functions to set and
retrieve this information about keys.
2019-01-18 17:19:54 +01:00
Gilles Peskine bc59c855c4 Doc only: Add psa_aead_set_lengths() for the sake of CCM 2019-01-17 15:26:08 +01:00
Gilles Peskine a05602d100 Fix typos in recently-added documentation 2019-01-17 15:25:52 +01:00
Andres Amaya Garcia 88bf1b3dd5 Improve docs for named bitstrings and their usage 2019-01-16 18:59:07 +00:00
Andres Amaya Garcia ec6329f23d Add new function mbedtls_asn1_write_named_bitstring()
Add a new function mbedtls_asn1_write_named_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.

This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
2019-01-16 10:35:13 +00:00
Jaeden Amero 8afbff82dd psa: Expand documentation for psa_key_agreement()
Document `peer_key` parameter requirements, including an explanation of
how the peer key is used and an example for EC keys.
2019-01-15 11:29:19 +00:00
Jaeden Amero 0ae445f8fd psa: Simplify EC public key format
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.

As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
2019-01-15 11:29:18 +00:00
Jeffrey Martin d25fd8d4c9
MIPS register hints without $ for compatibility
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:01:40 -06:00
Jeffrey Martin 2f70e4b2f9
add hints for mips registers that may need restore
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 16:40:18 -06:00
Gilles Peskine 69647a45a3 Declare one-shot hash, MAC and cipher functions
Declare and document one-shot hash, MAC and cipher functions.

This commit does not contain any implementation or tests.
2019-01-14 20:18:12 +01:00
Gilles Peskine 30f77cdfc1 Add a hash wildcard value for hash-and-sign algorithm
You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.

Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.
2019-01-14 19:38:56 +01:00
Gilles Peskine 30a9e41076 Declare multipart AEAD functions
Declare and document multipart AEAD functions.

This commit does not contain any implementation or tests.
2019-01-14 18:36:12 +01:00
Gilles Peskine f45adda9ac Copyedit the documentation of multipart operation functions
Finish changing "start" to "set up".

Correct the way to set an IV for decryption: it's set_iv(), not
update().

When decrypting, the IV is given, not random.
2019-01-14 18:29:46 +01:00
Gilles Peskine 5f25dd00c0 Document that destroying a key aborts any ongoing operation
Document that psa_close_key() and psa_destroy_key() abort any ongoing
multipart operation that is using the key. This is not implemented
yet.
2019-01-14 18:29:46 +01:00
Gilles Peskine d35b489ce5 New macro PSA_ALG_IS_HASH_AND_SIGN
Test for a subclass of public-key algorithm: those that perform
full-domain hashing, i.e. algorithms that can be broken down as
sign(key, hash(message)).
2019-01-14 16:02:15 +01:00
Andrzej Kurek 62594a8b12 pk_wrap: pass curve size instead of a larger size of the exported key
Whitespace fixes
2019-01-14 05:14:18 -05:00
Andrzej Kurek 93a38a3101 pk: wrap curve_id before passing it to PSA
Add a helper function in PSA utils
2019-01-14 05:09:46 -05:00
Jaeden Amero 6b19600fba psa: Simplify RSA public key format
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
2019-01-11 18:08:53 +00:00
Jaeden Amero d3a0c2c779 psa: Document requirements for psa_export_public_key()
Copy the nice and clear documentation from psa_export_key() as to what
implementations are allowed to do regarding key export formats, as the
same applies to public keys.
2019-01-11 17:15:56 +00:00
Gilles Peskine 8e1addc710 Document BAD_STATE errors for multipart operation setup functions
Future commits will implement this and add tests.
2019-01-10 11:51:17 +01:00
Gilles Peskine 76d7bfeb0c Terminology: consistently use "set up" for multipart operations
hash_setup and mac_setup used to be called hash_start and mac_start,
but we've now converged on _setup as names. Finish making the
terminology in the documentation consistent.
2019-01-10 11:47:49 +01:00
Simon Butcher 62ec2dd68f Merge remote-tracking branch 'public/pr/975' into development 2019-01-08 16:28:08 +00:00
Andrzej Kurek 2349c4db88 Adapt to the new key allocation mechanism 2019-01-08 09:36:01 -05:00
Jaeden Amero 9e919c636f psa: Document generator requirements consistently
We've added documentation for how context objects for multi-part
operations must be initialized consistently for key policy, hash,
cipher, and MAC. Update the generator documentation to be consistent
with how we've documented the other operations.
2019-01-08 14:28:04 +00:00
Jaeden Amero 5bae227da0 psa: Add initializers for cipher operation objects
Add new initializers for cipher operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero 5a5dc77696 psa: Enable easier initialization of cipher operations
The struct psa_cipher_operation_s is built with a
mbedtls_cipher_context_t. The shape of mbedtls_cipher_context_t and an
initializer that works with Clang 5.0 and its
-Wmissing-field-initializers varies based on the configuration of the
library. Instead of making multiple initializers based on a maze of
ifdefs for all combinations of MBEDTLS_CIPHER_MODE_WITH_PADDING,
MBEDTLS_CMAC_C, and MBEDTLS_USE_PSA_CRYPTO, add a dummy variable to
psa_cipher_operation_s's union that encloses mbedtls_cipher_context_t.
This allows us to initialize the dummy with a Clang-approved initializer
and have it properly initialize the entire object.
2019-01-08 14:28:04 +00:00
Jaeden Amero 769ce27f12 psa: Add initializers for MAC operation objects
Add new initializers for MAC operation objects and use them in our tests
and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero 6a25b41ac3 psa: Add initializers for hash operation objects
Add new initializers for hash operation objects and use them in our
tests and library code. Prefer using the macro initializers due to their
straightforwardness.
2019-01-08 14:28:04 +00:00
Jaeden Amero 70261c513a psa: Add initializers for key policies
Add new initializers for key policies and use them in our docs, example
programs, tests, and library code. Prefer using the macro initializers
due to their straightforwardness.
2019-01-08 14:28:04 +00:00
k-stachowiak 6b5ef48bf7 Add a configuration fix for vsnprintf for non-conforming platforms 2019-01-07 16:53:29 +01:00
Darryl Green a7064c3b8c Move ecp_restartable definitions out of the MBEDTLS_ECP_ALT guards
As there are some definitions that are defined regardless of
whether MBEDTLS_ECP_RESTARTABLE is defined or not, these definitions
need to be moved outside the MBEDTLS_ECP_ALT guards. This is a simple
move as MBEDTLS_ECP_ALT and MBEDTLS_ECP_RESTARTABLE are mutually
exclusive options.
2019-01-07 10:23:34 +00:00
GuHaijun 983acb75f0 Fix include file path 2018-12-28 11:11:10 +08:00
Gilles Peskine 75976895c6 Split crypto_driver.h into one for each driver type
Split crypto_driver.h into 4:
* crypto_driver_common.h for common definitions, not meant to be
  included directly by driver code.
* crypto_accel_driver.h for drivers that work with transparent
  key material.
* crypto_se_driver.h for drivers that work with opaque key
  material.
* crypto_entropy_driver.h for drivers of entropy sources.

There is no code change in this commit, I only moved some code around.
2018-12-21 18:17:10 +01:00
Gilles Peskine 5e9c9cca03 Document macros that were referenced
Macros that are referenced need to be documented, otherwise Doxygen
has nothing to link to.
2018-12-21 17:53:12 +01:00
Gilles Peskine 2d59b2cd6b crypto_driver.h: get type definitions from crypto_enum.h
Now that the type definitions that are useful for driver are in a
separate header file from the application interface function
declarations, include that header file in crypto_driver.h.
2018-12-21 17:53:12 +01:00
Gilles Peskine a7c26db335 Move remaining size macros from crypto.h to crypto_sizes.h
No functional changes, code was only moved from crypto.h to crypto_sizes.h.
2018-12-21 17:53:12 +01:00
Gilles Peskine f3b731e817 Move integral types and associated macros to their own header
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.

No functional changes, code was only moved from crypto.h to the new headers.
2018-12-21 17:53:09 +01:00
Simon Butcher 6c164e754b Update the version of the library to 2.16.0 2018-12-21 10:51:51 +00:00
Gilles Peskine 0344d8171d Simplify the SPM compatibility hack
Define psa_status_t to int32_t unconditionally. There's no reason to
refer to psa_error_t here: psa_error_t is int32_t if it's present. We
would only need a conditional definition if psa_defs.h and
psa_crypto.h used the same type name.

Keep the conditional definition of PSA_SUCCESS. Although the C
preprocessor allows a duplicate definition for a macro, it has to be
the exact same token sequence, not merely an equivalent way to build
the same value.
2018-12-20 20:09:04 +01:00
Simon Butcher fed19be501 Merge remote-tracking branch 'public/pr/2126' into development-restricted 2018-12-20 12:35:09 +00:00
Simon Butcher 6df8c53cd4 Merge remote-tracking branch 'public/pr/2134' into development-restricted 2018-12-20 12:34:44 +00:00
Simon Butcher ad7c2105a2 Merge remote-tracking branch 'public/pr/2274' into development 2018-12-20 12:16:57 +00:00
Simon Butcher 12b4240300 Merge remote-tracking branch 'public/pr/2288' into development 2018-12-20 12:16:46 +00:00
Simon Butcher c831193c85 Merge remote-tracking branch 'public/pr/2302' into development 2018-12-20 12:16:39 +00:00
Simon Butcher 1efda39f8a Merge remote-tracking branch 'public/pr/2297' into development 2018-12-20 12:16:29 +00:00
Simon Butcher 5aa7809ac8 Merge remote-tracking branch 'public/pr/2275' into development 2018-12-20 12:15:19 +00:00
Simon Butcher 780cf189b0 Merge remote-tracking branch 'public/pr/2271' into development 2018-12-20 12:15:08 +00:00
Simon Butcher 032c037052 Merge remote-tracking branch 'public/pr/2270' into development 2018-12-20 12:04:13 +00:00
Simon Butcher a033633bb0 Merge remote-tracking branch 'public/pr/2269' into development 2018-12-20 12:02:56 +00:00
Simon Butcher 70935a4001 Merge remote-tracking branch 'public/pr/2299' into development 2018-12-20 12:02:23 +00:00
Simon Butcher 003c0e032f Merge remote-tracking branch 'public/pr/2292' into development 2018-12-20 12:02:17 +00:00
Simon Butcher decf2f5c2c Merge remote-tracking branch 'public/pr/2291' into development 2018-12-20 12:02:11 +00:00
Simon Butcher 65ce5dc981 Merge remote-tracking branch 'public/pr/2290' into development 2018-12-20 12:02:05 +00:00
Simon Butcher ad2e0dae32 Merge remote-tracking branch 'public/pr/2283' into development 2018-12-20 12:01:58 +00:00
Simon Butcher 0bbf7f450d Merge remote-tracking branch 'public/pr/2279' into development 2018-12-20 12:01:49 +00:00
Simon Butcher 962b7b17d5 Merge remote-tracking branch 'public/pr/2273' into development 2018-12-20 12:01:17 +00:00
Simon Butcher 6be67a6518 Merge remote-tracking branch 'public/pr/2281' into development 2018-12-20 12:01:09 +00:00
Simon Butcher dac513e246 Merge remote-tracking branch 'public/pr/2282' into development 2018-12-20 12:01:04 +00:00
Simon Butcher ccafd14fee Merge remote-tracking branch 'public/pr/2276' into development 2018-12-20 12:00:57 +00:00
Simon Butcher 2a8d32c6c1 Merge remote-tracking branch 'public/pr/2287' into development 2018-12-20 12:00:50 +00:00
k-stachowiak 247a782668 Increase strictness of NULL parameter validity in CCM's doxygen 2018-12-19 19:02:39 +01:00
k-stachowiak 6adb0574ea Improve details of CCM parameter validation and documentation 2018-12-19 19:02:39 +01:00
k-stachowiak 9da5d7cd83 Adjust mbedtls_ccm_free() documentation 2018-12-19 19:02:39 +01:00
k-stachowiak 373a660193 Fix a documentation typo 2018-12-19 19:02:39 +01:00
k-stachowiak b92f9334e4 Doxygen comments improvement 2018-12-19 19:02:39 +01:00
k-stachowiak 12f0d5c66d Improve the constraints definition in the doxygen comments in CCM 2018-12-19 19:02:39 +01:00
k-stachowiak fd42d531ba Explicitly allow NULL as an argument to mbedtls_ccm_free() 2018-12-19 19:02:39 +01:00
k-stachowiak 438448e45f Format NULL occurrences in CCM's Doxygen comments 2018-12-19 19:02:39 +01:00
k-stachowiak 26d365eb54 Add parameter validation for CCM 2018-12-19 19:02:39 +01:00
Gilles Peskine 6af45ec53e PK: document context validity requirements
Document when a context must be initialized or not, when it must be
set up or not, and whether it needs a private key or a public key will
do.

The implementation is sometimes more liberal than the documentation,
accepting a non-set-up context as a context that can't perform the
requested information. This preserves backward compatibility.
2018-12-19 18:10:03 +01:00
Gilles Peskine d54b97503b pk parse: the password is optional
For mbedtls_pk_parse_key and mbedtls_pk_parse_keyfile, the password is
optional. Clarify what this means: NULL is ok and means no password.
Validate parameters and test accordingly.
2018-12-19 17:36:14 +01:00
k-stachowiak e4b8d28ca7 Remove imprecise clause from documenting comment 2018-12-19 17:34:58 +01:00
k-stachowiak 95070a8286 Make some cipher parameter validation unconditional 2018-12-19 17:34:58 +01:00
k-stachowiak 6df25e7930 Increase strictness of NULL parameter validity in Cipher's doxygen 2018-12-19 17:34:58 +01:00
k-stachowiak 90b8d4a11e Include static cipher functions in the parameter validation scheme 2018-12-19 17:34:13 +01:00
k-stachowiak d5913bc115 Improve documentation of the parameter validation in the Cipher module 2018-12-19 17:34:13 +01:00
Krzysztof Stachowiak e0215d7869 Add Cipher module parameter validation 2018-12-19 17:34:13 +01:00
k-stachowiak 6009ece91d Increase strictness of NULL parameter validity in GCM's doxygen 2018-12-19 17:32:19 +01:00
k-stachowiak 21298a20c4 Improve parameter validation in mbedtls_gcm_free() 2018-12-19 17:32:19 +01:00
k-stachowiak 2ae7ae5301 Doxygen comments improvement 2018-12-19 17:30:38 +01:00
k-stachowiak 8ffc92a1e8 Add parameter validation for the GCM module 2018-12-19 17:30:38 +01:00
Hanno Becker 8ce11a323e Minor improvements to bignum module 2018-12-19 16:18:52 +00:00
Gilles Peskine 159171b72a PK parse/write: support keylen=0 correctly
A 0-length buffer for the key is a legitimate edge case. Ensure that
it works, even with buf=NULL. Document the key and keylen parameters.

There are already test cases for parsing an empty buffer. A subsequent
commit will add tests for writing to an empty buffer.
2018-12-19 17:03:28 +01:00
Hanno Becker df4b59696d Minor Camellia documentation improvements 2018-12-19 15:50:02 +00:00
Hanno Becker ed54128fdb Minor Blowfish documentation improvements 2018-12-19 15:48:37 +00:00
Hanno Becker 70ded3602c Minor improvements to Camellia module and documentation 2018-12-19 13:42:05 +00:00
Hanno Becker 20376d631d Don't promise that passing NULL input to Blowfish works
It seems to work, but we don't test it currently,
so we shouldn't promise it.
2018-12-19 12:52:59 +00:00
Hanno Becker 3d9a3490f8 Improve Blowfish documentation 2018-12-19 12:52:59 +00:00
Hanno Becker 49acc64c69 Minor improvements to Blowfish documentation and tests 2018-12-19 12:52:59 +00:00
Hanno Becker 3b4d6c6925 Document parameter preconditions for Blowfish module 2018-12-19 12:52:59 +00:00
Hanno Becker 938a15e584 Leave behaviour on NULL input unspecified in ARIA
We allow a NULL input buffer if the input length is zero,
but we don't test it. As long as that's the case, we shouldn't
promise to support it.
2018-12-19 12:51:00 +00:00
Hanno Becker 2f87504cb7 Minor ARIA documentation improvements 2018-12-19 12:51:00 +00:00
Hanno Becker 02d524c05c Minor ARIA documentation improvements 2018-12-19 12:51:00 +00:00
Hanno Becker 139d8313d9 Document parameter preconditions for the ARIA module 2018-12-19 12:51:00 +00:00
Hanno Becker 1e2f3ed08f Remove merge artifact 2018-12-19 12:47:55 +00:00
Hanno Becker bdb7cd4840 Don't promise that passing NULL input to Camellia works 2018-12-19 12:47:55 +00:00
Hanno Becker c7579ecb17 Improve Camellia documentation 2018-12-19 12:47:55 +00:00
Hanno Becker af4b83bb2a Minor improvements to CAMELLIA documentation 2018-12-19 12:47:55 +00:00
Hanno Becker e939de7247 Minor fixes to Camellia parameter validation 2018-12-19 12:47:55 +00:00
Hanno Becker f10905a6a7 Use full sentences in documentation of CAMELLIA preconditions 2018-12-19 12:47:55 +00:00
Hanno Becker b4b7fb7504 Implement parameter validation for CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker 7a16aaddba Document parameter preconditions in CAMELLIA module 2018-12-19 12:47:55 +00:00
Hanno Becker bb186f89fc Weaken preconditions for mbedtls[_internal]_sha512_process() 2018-12-19 10:27:24 +00:00
Hanno Becker fbf67770d8 Improve ECJPAKE documentation 2018-12-19 10:14:43 +00:00
Hanno Becker 185e516309 Minor fixes to ECJPAKE parameter validation 2018-12-19 09:48:50 +00:00
Simon Butcher 54b789aa74 Merge remote-tracking branch 'public/pr/2298' into development 2018-12-19 08:08:14 +00:00
Gilles Peskine a310b41ebe Add null-pointer support information to init/free 2018-12-19 00:51:21 +01:00
Hanno Becker 035c6baefe Fix documentation bug in ECDSA module 2018-12-18 23:35:53 +00:00
Hanno Becker c81cfece8f Minor fixes to parameter validation in ECDH module 2018-12-18 23:32:42 +00:00
Hanno Becker 3f1f4ad9bd Weaken preconditions on mbedtls_[internal_]sha256_process() 2018-12-18 23:19:37 +00:00
Hanno Becker 79b9e39732 Weaken preconditions for mbedtls[_internal]_sha1_process() 2018-12-18 23:17:49 +00:00
Hanno Becker d01ff493e5 Minor improvements in bignum documentation 2018-12-18 23:10:28 +00:00
Hanno Becker 3f2d1ef169 Fix typo in SHA512 documentation 2018-12-18 18:41:40 +00:00
Hanno Becker 42f783d3b7 Fix minor issues in SHA1 documentation 2018-12-18 18:39:32 +00:00
Hanno Becker d73101266d Don't promise that passing a NULL to mbedtls_mpi_read_string works 2018-12-18 18:12:13 +00:00
Hanno Becker 01c3c10640 Fix typos in documentation of bignum module
Found by doxygen.sh
2018-12-18 18:12:13 +00:00
Hanno Becker e118504a5f Numerous minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker 8282c2f070 Minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker c23483ed8c Document preconditions on parameters in public bignum API 2018-12-18 18:12:13 +00:00
Hanno Becker 974ca0d947 Fix documentation bug on necessity of RNG in RSA PKCS v1.5 2018-12-18 18:03:24 +00:00
Hanno Becker 2f660d047d Forbid passing NULL input buffers to RSA encryption routines 2018-12-18 17:07:30 +00:00
Hanno Becker 9171c6e9ec Leave behaviour on NULL buffers to SHA-1 unspecified for now
We deal correctly with NULL being passed alongside a zero length
argument, but don't have tests for it, so we shouldn't promise
that it works.
2018-12-18 17:01:58 +00:00
Hanno Becker 6c5c45f400 Document parameter preconditions in DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker ca6f4585c7 Fix parameter validation in SHA-512 module 2018-12-18 16:36:26 +00:00
Hanno Becker fc2a0b2e67 Minor SHA-256 documentation improvement 2018-12-18 16:32:50 +00:00
Hanno Becker 77886af63e Improve SHA-256 documentation on parameter preconditions 2018-12-18 16:30:36 +00:00
Hanno Becker ad7581fac5 Minor improvements to ChaCha20/Poly1305/ChaChaPoly documentation 2018-12-18 15:30:30 +00:00
Hanno Becker e463c42902 Minor improvements 2018-12-18 15:30:30 +00:00
Hanno Becker b3c10b348b Add documentation on parameter preconditions to ChaChaPoly modules 2018-12-18 15:30:30 +00:00
Hanno Becker b5c99f5c72 Improve documentation of SHA-512 parameter preconditions 2018-12-18 15:29:32 +00:00
Andres Amaya Garcia ff1052e6b0 Document valid function params for SHA-512 functions 2018-12-18 15:06:39 +00:00
Andres Amaya Garcia ba519b94a5 Add parameter validation to SHA-512 module 2018-12-18 15:06:39 +00:00
Hanno Becker a9020f2107 Clarify the need for a PRNG in various RSA operations 2018-12-18 14:45:45 +00:00
Hanno Becker e2e509ca5d Document parameter preconditions in ECDSA module 2018-12-18 14:31:50 +00:00
Hanno Becker 8ce3d939be Fix typo in documentation of ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker c4e5aa5746 Document parameter preconditions for ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker 60b65044ac Fix parameter name in documentation of ECDH module 2018-12-18 14:30:39 +00:00
Hanno Becker e77ef2ad33 Document parameter preconditions in ECH module 2018-12-18 14:30:39 +00:00
Hanno Becker 5bdfca926f Further RSA documentation improvements 2018-12-18 13:59:28 +00:00
Hanno Becker f66f294e2e Improve documentation in RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker 0118d4190a Document that RSA public exponent must be odd 2018-12-18 13:38:05 +00:00
Hanno Becker 385ce91592 Minor improvements 2018-12-18 13:38:05 +00:00
Hanno Becker 9a46777d66 Document parameter preconditions in RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker 486f1b33d7 Improve wording in ECP documentation 2018-12-18 13:00:48 +00:00
Hanno Becker 5edcfa529f Improve ECP documentation 2018-12-18 13:00:48 +00:00
Hanno Becker ebffa7995b Document parameter preconditions in ECP module 2018-12-18 13:00:48 +00:00
Hanno Becker 03f2ffa7bc Undo documentation change in ARIA, Blowfish, Camellia modules 2018-12-18 12:45:06 +00:00
Andres Amaya Garcia 0152f1e948 Document valid function params for SHA-256 functions 2018-12-18 11:41:20 +00:00
Andres Amaya Garcia 79e593f617 Add parameter validation to SHA-256 module 2018-12-18 11:41:20 +00:00
Hanno Becker 5359ca8a54 Improve SHA-1 documentation 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia c523e011e0 Document valid function params for SHA-1 functions 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia a685d4f28d Add MBEDTLS_ERR_SHA1_BAD_INPUT_DATA to error.{h,c} 2018-12-18 11:37:28 +00:00
Andres Amaya Garcia f7c43b3145 Add parameter validation to SHA-1 2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard b66e7dbcc1 Fix some documentation markup/wording issues 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard ad54c49e75 Document AES accelerator functions as internal 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 2bc535be86 Add parameter validation for AES-CTR 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 8e41eb7187 Add parameter validation for AES-OFB 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 1677cca54b Add parameter validation for AES-CFB functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 191af1313a Add param validation for mbedtls_aes_crypt_xts() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 3178d1a997 Add param validation for mbedtls_aes_crypt_cbc() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 1aca260571 Add parameter validation for mbedtls_aes_crypt_ecb() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard 68e3dff3f1 Add parameter validation XTS setkey functions 2018-12-18 12:22:40 +01:00
Hanno Becker 6640b0d9a3 Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH 2018-12-18 09:53:14 +00:00
Hanno Becker a034369eca Undo deprecation of MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH 2018-12-18 09:53:11 +00:00
Hanno Becker 938f9e9bdb Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and
MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break.
2018-12-18 09:50:57 +00:00
Hanno Becker 9dbefa1793 Fix conflict between constant deprecation and check-names.sh
The previous introduction of constant deprecation macros
in platform_util.h lead to failure of tests/scrips/check-names.sh
because the regular expressions in the latter choked on the brackets
in the part `__attribute__((deprecated))` of the definition of the
helper type `mbedtls_deprecated_{numeric|string}_constant_t`.

Postponing any further study and potential robustness improvements
in check-names.sh to another time, this commit circumvents this
problem by temporarily abbreviating  `__attribute__((deprecated))`
as `MBEDTLS_DEPRECATED`, which doesn't lead to problems with
check-names.sh.
2018-12-17 22:49:13 +00:00
Hanno Becker 4fb258a868 Remove mentioning of deprecated error codes 2018-12-17 16:09:15 +00:00
Hanno Becker d2f3a00062 Introduce single BLOWFISH error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-17 13:26:37 +00:00
Hanno Becker 4c029d09be Introduce single CAMELLIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:33 +00:00
Hanno Becker 2f47550018 Introduce single ARIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:28 +00:00
Manuel Pégourié-Gonnard 548cecdd2c Discourage making MBEDTLS_PARAM_FAILED() empty. 2018-12-17 13:13:30 +01:00
Hanno Becker 6d0816a8ae Introduce macros to deprecate constants in the API
This commit introduces macros

* MBEDTLS_DEPRECATED_STRING_CONSTANT
* MBEDTLS_DEPRECATED_NUMERIC_CONSTANT

to platform_util.h which can be used to deprecate public macro constants.

Their definition is essentially taken from dhm.h where the
MBEDTLS_DEPRECATED_STRING_CONSTANT was used to deprecate
insecure hardcoded DHM primes.
2018-12-17 11:39:38 +00:00
Ron Eldor 9cbd1b2ecd Include configuration file for all headers
Include the configuration file for all headers that were not
included, and for new headers introduced.
2018-12-16 12:14:37 +02:00
Ron Eldor 8b0cf2e76f Include configuration file to headers
Add inclusion to configration file in header files,
instead of relying on other header files to include
the configuration file. This issue resolves #1371
2018-12-16 12:02:50 +02:00
Manuel Pégourié-Gonnard e7306d30a9 Improve some documentation and ChangeLog entry 2018-12-13 09:45:49 +01:00
Manuel Pégourié-Gonnard cd2b29cd12 Improve wording in documentation and ChangeLog 2018-12-12 10:23:57 +01:00
Manuel Pégourié-Gonnard ed459e6995 Fix content and style of constraints documentation
- Be specific about the constraints: be a readable/writable buffer of length
  X, be an initialized context, be a context initialized and bound to a key...
- Always use full sentences with all the required pronouns.
2018-12-12 10:20:33 +01:00
Gilles Peskine 23fd2bdb94 Update some documentation related to key slots
Some of the documentation is obsolete in its reference to key slots
when it should discuss key handles. This may require a further pass,
possibly with some reorganization of error codes.

Update the documentation of functions that modify key slots (key
material creation and psa_set_key_policy()) to discuss how they affect
storage.
2018-12-11 16:48:14 +01:00
Gilles Peskine b77a6b25c0 Remove psa_set_key_lifetime
This function is no longer relevant. Use psa_create_key instead.
2018-12-11 16:48:13 +01:00
Gilles Peskine f6cc435a8a Remove psa_key_slot_t from public headers
This commit marks the beginning of the removal of support for direct
access to key slots. From this commit on, programs that use
psa_key_slot_t will no longer compile.

Subsequent commits will remove the now-unused legacy support in
psa_crypto.c.
2018-12-11 16:48:13 +01:00
Gilles Peskine ae32aac48e Switch function declarations from key slots to key handles
Replace `psa_key_slot_t key` by `psa_key_handle_t` in function
declarations.

This is a transition period during which handles are key slot numbers
and the whole library can still be used by accessing a key slot number
without allocating a handle.
2018-12-11 16:48:10 +01:00
Gilles Peskine 644cd5fd89 Linkify some macros that were just typeset as text 2018-12-11 16:47:35 +01:00
Gilles Peskine f535eb2e61 Declare the new slot management functions in crypto.h
No changes to existing functions.
2018-12-11 16:06:51 +01:00
Manuel Pégourié-Gonnard 35acb099d6 Fix some documentation typos/markup/duplication. 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 9b8ea89ae5 Fix a few style / whitespace issues 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 22028a0b8d Fix a typo in documentation 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 0e17cc93c6 Avoid stringifying condition too early
It's better if the macro receives the condition as an expression rather than a
string - that way it can choose to use it as is or stringify it. Also, the
documentation states that the parameter is an expression, not a string.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 44c5d58d05 Document AES functions and fix free() functions 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 0e9cddbf1a Introduce generic validation macros
Avoid duplicating source code for each module.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard a967626753 Make MBEDTLS_CHECK_PARAMS disabled by default 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard ab588529e1 Rework documentation. 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard a2b0e27378 Skip param validation tests if custom macro used
The test framework for validation of parameters depends on the macro
MBEDTLS_PARAM_FAILED() being set to its default value when building the
library. So far the test framework attempted to define this macro but this was
the wrong place - this definition wouldn't be picked by the library.

Instead, a different approach is taken: skip those tests when the macro is
defined in config.h, as in that case we have no way to know if it will indeed
end up calling mbedtls_param_failed() as we need it to.

This commit was tested by manually ensuring that aes_invalid_params:

- passes (and is not skipped) in the default configuration
- is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard 8e661bf6a8 Fix arity of the PARAM_FAILED() macro and function
It was inconsistent between files: sometimes 3 arguments, sometimes one.

Align to 1 argument for the macro and 3 for the function, because:
- we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__
  in its expansion, while the function needs them as parameters to be correct;
- people who re-defined the macro should have flexibility, and 3 arguments
  can give the impression they they don't have as much as they actually do;
- the design document has the macro with 1 argument, so let's stick to that.
2018-12-11 12:28:56 +01:00
Simon Butcher 4c37db6d87 Remove the library provided function of MBEDTLS_PARAM_FAILED
The function called through the macro MBEDTLS_PARAM_FAILED() must be supplied by
users and makes no sense as a library function, apart from debug and test.
2018-12-11 12:28:56 +01:00
Simon Butcher 5201e414aa Add optional parameter validation to the AES module
This adds additional and optional parameter validation to the AES module that
can be used by enabling the MBEDTLS_CHECK_PARAMS config.h option.
2018-12-11 12:28:56 +01:00
Simon Butcher b4868034dd Add initial options and support for parameter validation
This function adds the additional config.h option of MBEDTLS_CHECK_PARAMS which
allows additional validation of parameters passed to the library.
2018-12-11 12:28:56 +01:00
Jaeden Amero 01b34fb316 Merge remote-tracking branch 'upstream-public/pr/2267' into development 2018-12-07 16:17:12 +00:00
Jaeden Amero 52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Janos Follath 172ba63463 Add guard for MBEDTLS_ECP_INTERNAL_ALT
MBEDTLS_ECP_RESTARTABLE and MBEDTLS_ECP_INTERNAL_ALT are mutually
exclusive, can't work and shouldn't be compiled together.
2018-12-07 13:13:42 +00:00
Janos Follath d2af46f1e6 Fix typo in ECP alternative documentation 2018-12-07 11:05:21 +00:00
Jaeden Amero 083681c832 Merge remote-tracking branch 'upstream-public/pr/2039' into development 2018-12-06 15:55:34 +00:00
Jaeden Amero 833c053b71 Merge remote-tracking branch 'upstream-public/pr/1982' into development 2018-12-06 15:54:21 +00:00
Jaeden Amero 41722ec29e Merge remote-tracking branch 'upstream-public/pr/1958' into development 2018-12-06 15:53:56 +00:00
Janos Follath c3b680b028 Clarify requirements on handling ECP group IDs 2018-12-06 12:24:04 +00:00
Janos Follath 948f4bedcc Debug: Add functions for ECDH contexts
The SSL module accesses ECDH context members directly to print debug
information. This can't work with the new context, where we can't make
assumptions about the implementation of the context. This commit adds
new debug functions to complete the encapsulation of the ECDH context
and work around the problem.
2018-12-06 12:22:46 +00:00
Gilles Peskine 3cac8c4d78 Move declarations related to lifetimes further up in crypto.h
No content change. This is in preparation for declaring the slot
management functions, which need the type psa_key_lifetime_t.
2018-12-05 09:40:07 +01:00
Jaeden Amero 5dfca1e1bd Update library version to 2.15.1 2018-12-01 18:44:29 +00:00
Janos Follath c9c32f3f63 ECDH: Add flexible context and legacy flag
We want to support alternative software implementations and we extend
the ECDH context to enable this. The actual functional change that makes
use of the new context is out of scope for this commit.

Changing the context breaks the API and therefore it has to be
excluded from the default configuration by a compile time flag.
We add the compile time flag to the module header instead of
`config.h`, because this is not a standalone feature, it only
enables adding new implementations in the future.

The new context features a union of the individual implementations
and a selector that chooses the implementation in use. An alternative
is to use an opaque context and function pointers, like for example the
PK module does it, but it is more dangerous, error prone and tedious to
implement.

We leave the group ID and the point format at the top level of the
structure, because they are very simple and adding an abstraction
layer around them away does not come with any obvious benefit.

Other alternatives considered:

- Using the module level replacement mechanism in the ECP module. This
would have made the use of the replacement feature more difficult and
the benefit limited.
- Replacing our Montgomery implementations with a new one directly. This
would have prevented using Montgomery curves across implementations.
(For example use implementation A for Curve448 and implementation B for
Curve22519.) Also it would have been inflexible and limited to
Montgomery curves.
- Encoding the implementation selector and the alternative context in
`mbedtls_ecp_point` somehow and rewriting `mbedtls_ecp_mul()` to
dispatch between implementations. This would have been a dangerous and
ugly hack, and very likely to break legacy applications.
- Same as above just with hardcoding the selector and using a compile
time option to make the selection. Rejected for the same reasons as
above.
- Using the PK module to provide to provide an entry point for
alternative implementations. Like most of the above options this
wouldn't have come with a new compile time option, but conceptually
would have been very out of place and would have meant much more work to
complete the abstraction around the context.

In retrospect:

- We could have used the group ID as the selector, but this would have
made the code less flexible and only marginally simpler. On the other
hand it would have allowed to get rid of the compile time option if a
tight integration of the alternative is possible. (It does not seem
possible at this point.)
- We could have used the same approach we do in this commit to the
`mbedtls_ecp_point` structure. Completing the abstraction around this
structure would have been a much bigger and much riskier code change
with increase in memory footprint, potential decrease in performance
and no immediate benefit.
2018-11-30 14:21:35 +00:00
Janos Follath f61e486179 ECDH: Add mbedtls_ecdh_setup()
In the future we want to support alternative ECDH implementations. We
can't make assumptions about the structure of the context they might
use, and therefore shouldn't access the members of
`mbedtls_ecdh_context`.

Currently the lifecycle of the context can't be done without direct
manipulation. This commit adds `mbedtls_ecdh_setup()` to complete
covering the context lifecycle with functions.
2018-11-30 14:09:57 +00:00
Janos Follath 89ac8c9266 ECP: Add mbedtls_ecp_tls_read_group_id()
`mbedtls_ecp_tls_read_group()` both parses the group ID and loads the
group into the structure provided. We want to support alternative
implementations of ECDH in the future and for that we need to parse the
group ID without populating an `mbedtls_ecp_group` structure (because
alternative implementations might not use that).

This commit moves the part that parses the group ID to a new function.
There is no need to test the new function directly, because the tests
for `mbedtls_ecp_tls_read_group()` are already implicitly testing it.

There is no intended change in behaviour in this commit.
2018-11-30 14:09:57 +00:00
Gilles Peskine c4a8017e3e mbedtls_ctr_drbg_update_ret: correct doc for input length limit
Unlike mbedtls_ctr_drbg_update, this function returns an error if the
length limit is exceeded, rather than silently truncating the input.
2018-11-26 19:26:22 +01:00
Gilles Peskine e0e9c573ad HMAC_DRBG: deprecate mbedtls_hmac_drbg_update because it ignores errors
Deprecate mbedtls_hmac_drbg_update (which returns void) in favor of a
new function mbedtls_hmac_drbg_update_ret which reports error.
2018-11-26 19:26:21 +01:00
Gilles Peskine d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Simon Butcher 60ee838a8a Merge remote-tracking branch 'public/pr/2224' into development-psa-proposed 2018-11-23 21:18:32 +00:00
Hanno Becker 6b01a9fa7c Merge branch 'psa_cipher_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:27 +00:00
Hanno Becker e322d3edd5 Merge branch 'opaque_psk_implementation_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:53:24 +00:00
Hanno Becker 7fde035ddc Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed 2018-11-23 15:47:20 +00:00
Simon Butcher ebeb6cb446 Update library version to 2.15.0 2018-11-23 14:18:15 +00:00
Hanno Becker f8b5f27bce Merge branch 'psa_cipher' into development-psa-proposed 2018-11-23 11:18:02 +00:00
Hanno Becker 485529952f Merge branch 'opaque_psk_implementation' into development-psa-proposed 2018-11-23 11:12:38 +00:00
Jaeden Amero 565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO
Mbed TLS integration: Shared code between module-specific integration work
2018-11-23 09:00:22 +00:00
Netanel Gonen 596e65e1a5 Fix indentation 2018-11-22 18:41:43 +02:00
Manuel Pégourié-Gonnard 2614562212 Add test utility function: wrap_as_opaque()
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard fe8607350c Add new macro to detemine ECDSA signature length
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71

This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 35a7ff9366 Improve documentation of mbedtls_pk_setup_opaque() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 276cb64e6c Align names to use "opaque" only everywhere
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 07b103fe07 Implement can_do for opaque ECC keypairs
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 06c631859c Add key generation to opaque test function
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 3bc2029a33 Clarify return value of pk_check_pair() 2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard 1ecf92c364 Skeleton for PK_OPAQUE_PSA 2018-11-22 16:39:39 +00:00
Hanno Becker 432084d3f8 Improve doc wording of PSA status field of mbedtls_cipher_context_t 2018-11-22 16:33:01 +00:00
Hanno Becker 9de97d7773 Don't use multiline comments in enums to silence check-names.sh
The sanity checking script tests/scripts/check-names.sh uses a
simple state machine paired with a sequence of `sed` commands to
extract enumeration constants from the code. This code, however,
doesn't work properly when using multiline comments in enumerations
such as recently done in the constants MBEDTLS_CIPHER_PSA_KEY_XXX.

This commit doesn't attempt to make check-names.sh more robust
but instead uses /* ... */ comment indicators in each comment line,
while silences check-names.sh.

Increasing the robustness of check-names.sh is instead tracked
in #2210.
2018-11-22 16:33:01 +00:00
Hanno Becker fea4915459 Minor rewording in documentation of PSA-based cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker 1908655231 Use enum for slot state in PSA-based cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker 20120b373e Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
2018-11-22 16:33:01 +00:00
Hanno Becker edda8b8830 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 16:33:01 +00:00
Hanno Becker 6118e43d15 Add PSA-specific cipher context 2018-11-22 16:33:01 +00:00
Hanno Becker ce1ddee13a Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 16:33:01 +00:00
Hanno Becker 4ccfc40aef Add declaration and dummy-definition of mbedtls_cipher_setup_psa() 2018-11-22 16:33:01 +00:00
Hanno Becker 73907f842b Improve wording in documentation of mbedtls_cipher_setup() 2018-11-22 16:33:01 +00:00
Hanno Becker f28d344832 Expand documentation of mbedtls_cipher_list() 2018-11-22 16:33:01 +00:00
Hanno Becker c8b699dfa4 Fix style in cipher.h 2018-11-22 16:33:01 +00:00
Hanno Becker 2e009fe013 Fix style in definition of mbedtls_cipher_mode_t 2018-11-22 16:33:01 +00:00