Commit graph

627 commits

Author SHA1 Message Date
Gilles Peskine d772958ffc New function mbedtls_psa_register_se_key
Register an existing key in a secure element.

Minimal implementation that doesn't call any driver method and just
lets the application declare whatever it wants.
2019-08-09 15:05:21 +02:00
Gilles Peskine e88c2c1338 Pass the key creation method to drivers
Pass the key creation method (import/generate/derive/copy) to the
driver methods to allocate or validate a slot number. This allows
drivers to enforce policies such as "this key slot can only be used
for keys generated inside the secure element".
2019-08-09 14:59:31 +02:00
Gilles Peskine 9d75202efb Clarify and expand the documentation of the allocate/create sequence 2019-08-09 11:33:48 +02:00
Gilles Peskine ae9964d3ef Add validate_slot_number method to SE drivers
Pave the way for allowing the application to choose the slot number in
a secure element, rather than always letting the driver choose.
2019-08-08 11:02:30 +02:00
Gilles Peskine 0a23322431 Improve documentation of the allocate method 2019-08-08 11:02:30 +02:00
Gilles Peskine 5fe5e27591 Test slot_number attribute
Test the behavior of the getter/setter functions.

Test that psa_get_key_slot_number() reports a slot number for a key in
a secure element, and doesn't report a slot number for a key that is
not in a secure element.

Test that psa_get_key_slot_number() reports the correct slot number
for a key in a secure element.
2019-08-08 10:58:09 +02:00
Gilles Peskine c8000c005a Add slot_number attribute
Add a slot_number field to psa_key_attributes_t and getter/setter
functions. Since slot numbers can have the value 0, indicate the
presence of the field via a separate flag.

In psa_get_key_attributes(), report the slot number if the key is in a
secure element.

When creating a key, for now, applications cannot choose a slot
number. A subsequent commit will add this capability in the secure
element HAL.
2019-08-08 10:58:09 +02:00
Gilles Peskine 91e8c33f48 Add infrastructure for key attribute flags
Add infrastructure for internal, external and dual-use flags, with a
compile-time check (if static_assert is available) to ensure that the
same numerical value doesn't get declared for two different purposes
in crypto_struct.h (external or dual-use) and
psa_crypto_core.h (internal).
2019-08-08 10:58:09 +02:00
Gilles Peskine 0c77b0e2f9
Merge pull request #198 from gilles-peskine-arm/psa-api-1.0-beta-merge_development_20190801
Merge mbed-crypto/development into psa-api-1.0-beta
2019-08-08 10:24:53 +02:00
Gilles Peskine 72c8c5b352 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801
Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
2019-07-31 17:47:49 +02:00
Gilles Peskine 68cc433b5b Store key sizes in 16 bits in attributes
This is larger than the maximum key size introduced in the previous
commit, by design.

Make some room for flags (not used yet).
2019-07-30 21:08:38 +02:00
Gilles Peskine c744d99386 Limit keys to 65528 bits
65528 bits is more than any reasonable key until we start supporting
post-quantum cryptography.

This limit is chosen to allow bit-sizes to be stored in 16 bits, with
65535 left to indicate an invalid value. It's a whole number of bytes,
which facilitates some calculations, in particular allowing a key of
exactly PSA_CRYPTO_MAX_STORAGE_SIZE to be created but not one bit
more.

As a resource usage limit, this is arguably too large, but that's out
of scope of the current commit.

Test that key import, generation and derivation reject overly large
sizes.
2019-07-30 20:58:33 +02:00
Gilles Peskine 7e0cff90b9 Move attribute fields to a substructure
Move the "core attributes" to a substructure of psa_key_attribute_t.
The motivation is to be able to use the new structure
psa_core_key_attributes_t internally.
2019-07-30 20:58:27 +02:00
Gilles Peskine 1801740a7c SE driver: report the bit size on key import
Add a parameter to the key import method of a secure element driver to
make it report the key size in bits. This is necessary (otherwise the
core has no idea what the bit-size is), and making import report it is
easier than adding a separate method (for other key creation methods,
this information is an input, not an output).
2019-07-29 18:07:09 +02:00
Gilles Peskine adb1c52149
Merge pull request #157 from gilles-peskine-arm/psa-se_driver-create_key
Secure element key creation foundation
2019-07-26 14:39:55 +02:00
Gilles Peskine 0c3ae1f0b4 Improve documentation of SE driver persistent state
Explain what it can be used for and when it is saved to storage.
2019-07-25 14:04:38 +02:00
Gilles Peskine 6a3dd89a64 Improve alignment in comments 2019-07-25 10:56:39 +02:00
Gilles Peskine 105f67f0fa Move the definition of psa_key_attributes_t to crypto_types.h
psa_key_attributes_t is used in the SE driver HAL, so it must be
defined in a common header, not in the API-only header crypto.h.
2019-07-23 18:43:28 +02:00
Gilles Peskine 9dd125d8bb Fix overly complex Doxygen markup 2019-07-23 18:43:28 +02:00
Gilles Peskine 6032673b39 Fix Doxygen reference
Pass doxygen.sh
2019-07-22 20:10:36 +02:00
Gilles Peskine c11c4dcf95 Favor stdint.h types in internal types
Use uint8_t for PSA buffers. Keep unsigned char for generic libc
buffers and for mbedtls buffers.
2019-07-15 11:17:53 +02:00
Gilles Peskine 7228da25f9 Favor stdint.h types in implementation-specific API 2019-07-15 11:16:18 +02:00
Gilles Peskine f82088a5f4 Favor stdint.h types in example code 2019-07-15 11:16:18 +02:00
Andrew Thoelke d16bdac9b5 Use stdint.h types in multipart AEAD functions
No implementation yet.
2019-07-15 11:14:56 +02:00
Andrew Thoelke 47629d076e Use stdint.h types
Follow MISRA C 2012 rules by using exact width types from stdint.h.
2019-07-15 11:14:56 +02:00
Gilles Peskine 94cc42c28f Pass a writable pointer to the persistent data when needed
Most driver methods are not allowed to modify the persistent data, so
the driver context structure contains a const pointer to it. Pass a
non-const pointer to the persstent data to the driver methods that
need it: init, allocate, destroy.
2019-07-12 23:34:20 +02:00
Gilles Peskine f2223c868d New driver method: allocate
Add a driver method to allocate a key slot for a key that is about to
be created.
2019-07-12 23:33:02 +02:00
Gilles Peskine 8597bc13e7 Pass the driver context to most driver methods
Pass the driver context to all driver methods except the ones that
operate on an already-setup operation context.

Rename `p_context` arguments to `op_context` to avoid confusion
between contexts.
2019-07-12 23:32:27 +02:00
Gilles Peskine 7a86da1d42 Define a driver context structure type
Define a structure that is to be instantiated once per driver
instance.

Define a driver initialization method and pass it the driver context.
2019-07-12 23:25:59 +02:00
Gilles Peskine f03143a4d1 Change driver key slot numbers to 64 bits
This slightly increases storage requirements, but works in more use
cases. In particular, it allows drivers to treat choose slot numbers
with a monotonic counter that is incremented each time a key is
created, without worrying about overflow in practice.
2019-07-12 23:18:29 +02:00
Gilles Peskine 6e59c42d1d Split the secure element driver method table memory layout
Instead of having one giant table containing all possible methods,
represent a driver's method table as a structure containing pointers
to substructures. This way a driver that doesn't implement a certain
class of operations can use NULL for this class as a whole instead of
storing NULL for each method.
2019-07-12 11:47:50 +02:00
Gilles Peskine e62b74e68f Add public-key export method 2019-07-12 11:47:50 +02:00
Adrian L. Shaw 2282cfa660 Remove GMAC algorithm (for now)
It can't be implemented with the current version of the API
2019-07-11 15:51:45 +01:00
Adrian L. Shaw fd2aed4d76 Document cipher modes 2019-07-11 15:47:40 +01:00
Jaeden Amero c19dcebbdd
Merge pull request #154 from yanesca/iotcrypt-789-update-tls-prf-to-multipart
Update TLS 1.2 PRF to multipart API
2019-07-04 11:53:04 +01:00
Gilles Peskine c93a43bed6 Improve documentation 2019-06-26 11:21:41 +02:00
Janos Follath 844eb0e5fa Add tls12_prf_read for the new API
Technically we could have reused the old one for the new API, but then
we had to set an extra field during setup. The new version works when
all the fields that haven't been set explicitely are zero-initialised.
2019-06-26 09:15:08 +01:00
Janos Follath adbec81cc4 Remove the deprecated PSA_ALG_SELECT_RAW option
This change affects the psa_key_derivation_s structure. With the buffer
removed from the union, it is empty if MBEDTLS_MD_C is not defined.

We can avoid undefined behaviour by adding a new dummy field that is
always present or make the whole union conditional on MBEDTLS_MD_C.

In this latter case the initialiser macro has to depend on MBEDTLS_MD_C
as well. Furthermore the first structure would be either
psa_hkdf_key_derivation_t or psa_tls12_prf_key_derivation_t both of
which are very deep and would make the initialisation macro difficult
to maintain, therefore we go with the first option.
2019-06-26 09:15:08 +01:00
Janos Follath 999f648437 Add new psa_tls12_prf_key_derivation_t
As part of adapting TLS 1.2 key derivation to the PSA 1.0 API we need to
change the context structure.
2019-06-26 09:15:08 +01:00
Janos Follath e3e8166cdd Move PSA_PRE_1_0_KEY_DERIVATION to crypto_struct.h
We want to make the PRF context structure depend on this flag, but
crypto_extra.h is included after crypto_struct.h and having the
option at its original place would not affect crypto_struct.h.
2019-06-26 09:15:08 +01:00
Janos Follath 71a4c9125b Add flag for removing deprecated API
Add the compile time option PSA_PRE_1_0_KEY_DERIVATION. If this is not
turned on, then the function `psa_key_derivation()` is removed.

Most of the tests regarding key derivation haven't been adapted to the
new API yet and some of them have only been adapted partially. When this
new option is turned off, the tests using the old API and test cases
using the old API of partially adapted tests are skipped.

The sole purpose of this option is to make the transition to the new API
smoother. Once the transition is complete it can and should be removed
along with the old API and its implementation.
2019-06-26 09:15:08 +01:00
Gilles Peskine ed87d31d7d Specify the order of inputs for TLS-1.2 KDFs
From the implementation point of view does not make much difference to
constrain the input order.

We constrain it because, this way the code is easier to review, the data
flow easier to understand and the implementations in general are easier
to validate.
2019-06-25 12:02:31 +01:00
Gilles Peskine 45a8ca373c Fix typos in function argument names 2019-06-24 19:55:49 +02:00
Gilles Peskine d910e928e8 Declare a function to register a secure element driver 2019-06-24 14:10:24 +02:00
Gilles Peskine b6cadea6a5 Secure element driver structure
Define a structure type containing all the methods of a secure element
driver.
2019-06-24 14:10:24 +02:00
Jaeden Amero d58a00d5b7 psa: Avoid use of relative include paths
Relative include paths should be avoided. The build system will
determine where to pull in includes from. Specifically, `#include
"../mbedtls/config.h"` shouldn't be used. Use `#include
"mbedtls/config.h` instead, so that the submodule-building makefiles can
change which directory to use to get mbedtls include files from.

Fixes #141
2019-06-07 11:49:59 +01:00
Gilles Peskine 4bac9a4c4b New function to get key slot statistics
New function mbedtls_psa_get_stats to obtain some data about how many
key slots are in use. This is intended for debugging and testing
purposes.
2019-06-05 16:38:42 +02:00
Gilles Peskine f46f81ceb5 Remove obsolete key creation functions
Remove the key creation functions from before the attribute-based API,
i.e. the key creation functions that worked by allocating a slot, then
setting metadata through the handle and finally creating key material.
2019-06-05 11:34:54 +02:00
Gilles Peskine f25c9ec02e Minor documentation improvements 2019-05-27 14:08:27 +02:00
Gilles Peskine 96f0b3b1d3 Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-27 14:08:27 +02:00
Gilles Peskine 549ea8676a Minor documentation improvements 2019-05-22 11:45:59 +02:00
Gilles Peskine a9b9cf7d1e Document macros that are referenced
Without documentation, Doxygen does not generate hyperlinks when the
macro is referenced and prints out #PSA_xxx instead.
2019-05-21 19:18:33 +02:00
Gilles Peskine 6a21123619 Remove obsolete mentions of PSA_ERROR_EMPTY_SLOT
There are no more "empty slots", so finish removing the corresponding
error.
2019-05-21 19:11:07 +02:00
Gilles Peskine a741d39893 State that all error codes are negative 2019-05-21 18:43:27 +02:00
Gilles Peskine 737c6bef6a Fix grammar 2019-05-21 18:43:24 +02:00
Gilles Peskine 56e2dc8010 Use "sufficient buffer size" in buffer size macros
Don't use "safe buffer size", because this it's somewhat misleading to
make it about safety: a buffer size that's too small will lead to a
runtime error, not to undefined behavior.
2019-05-21 18:43:19 +02:00
Gilles Peskine 2cb9e39b50 Convert TLS1.2 KDF descriptions to multistep key derivation
Convert the description of PSA_ALG_TLS12_PRF and
PSA_ALG_TLS12_PSK_TO_MS to the key derivation API that takes one input
at a time rather than the old {secret,salt,label} interface.

Define a new input category "seed".
2019-05-21 18:43:19 +02:00
Gilles Peskine 6c6195d7ba Remove implementation comment from API specification 2019-05-21 18:43:19 +02:00
Gilles Peskine 4754cdeef8 Improve description of psa_open_key()
Remove obsolete reference to psa_make_key_persistent().
2019-05-21 18:43:18 +02:00
Gilles Peskine 536e20571a New macro to get the bit size of an elliptic curve 2019-05-21 17:06:03 +02:00
Gilles Peskine d6f371b1ba Keys may allow a second algorithm
Add a second permitted algorithm to key policies.

This commit includes smoke tests that do not cover psa_copy_key.
2019-05-21 17:06:03 +02:00
Gilles Peskine d7d43b9791 Convert code samples to the new attribute-based key creation API 2019-05-21 15:56:03 +02:00
Gilles Peskine a0c0655c91 Add missing declarations to the API document
PSA_KEY_ATTRIBUTES_INIT and psa_key_attributes_init weren't declared
in the API document, only defined in our implementation, but they are
referenced in the API document.
2019-05-21 15:54:54 +02:00
Jaeden Amero fba7539ad7
Merge pull request #269 from ARMmbed/psa-slots_to_handles
Update API documentation to refer to handles and key ids, not slots
2019-05-17 10:18:34 +01:00
Gilles Peskine eff4942202
Merge pull request #268 from ARMmbed/psa-error_tampering_detected
Rename PSA_ERROR_TAMPERING_DETECTED to PSA_ERROR_CORRUPTION_DETECTED
2019-05-17 11:06:09 +02:00
Gilles Peskine 35ef36b62f Rename psa_generate_random_key back to psa_generate_key
generate_key is a more classical name. The longer name was only
introduced to avoid confusion with getting a key from a generator,
which is key derivation, but we no longer use the generator
terminology so this reason no longer applies.

perl -i -pe 's/psa_generate_random_key/psa_generate_key/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Gilles Peskine c93b80c350 Rename *KEYPAIR* to *KEY_PAIR*
Be consistent with PUBLIC_KEY.

perl -i -pe 's/KEYPAIR/KEY_PAIR/g' $(git ls-files)
2019-05-17 10:56:57 +02:00
Adrian L. Shaw 0a695bd13e Simplify description of psa_copy_key 2019-05-16 22:11:18 +02:00
Adrian L. Shaw 52d83dabd6 Mention psa_close_key in the description of psa_open_key 2019-05-16 22:11:17 +02:00
Adrian L. Shaw d56456cbe8 Improve descriptions that mention handles and fix incorrect mention of psa_create_key 2019-05-16 22:10:51 +02:00
Adrian L. Shaw 67e1c7ac80 Remove remaining mentions of slots 2019-05-16 22:10:49 +02:00
Gilles Peskine 4b3eb69271 Rename PSA_ERROR_TAMPERING_DETECTED to ..._CORRUPTION_DETECTED
“Tampering detected” was misleading because in the real world it can
also arise due to a software bug. “Corruption detected” is neutral and
more precisely reflects what can trigger the error.

perl -i -pe 's/PSA_ERROR_TAMPERING_DETECTED/PSA_ERROR_CORRUPTION_DETECTED/gi' $(git ls-files)
2019-05-16 21:35:18 +02:00
Gilles Peskine 27a983d93c Grammar fix 2019-05-16 19:51:11 +02:00
Gilles Peskine 20a77aeac7 RSA key generation: require e=65537 2019-05-16 19:51:10 +02:00
Gilles Peskine a130219ac0 Move remaining text about DSA out of the specification 2019-05-16 19:51:10 +02:00
Gilles Peskine e38ab1ac4f Move DSA definitions out of the specification
Move DSA-related key types and algorithms to the
implementation-specific header file. Not that we actually implement
DSA, but with domain parameters, we should be able to.
2019-05-16 19:51:10 +02:00
Gilles Peskine dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Gilles Peskine 24f10f85e2 Remove domain parameters from the official API
Move psa_get_key_domain_parameters() and
psa_set_key_domain_parameters() out of the official API and declare
them to be implementation-specific extensions.

Expand the documentation of psa_set_key_domain_parameters() a bit to
explain how domain parameters are used.

Remove all mentions of domain parameters from the documentation of API
functions. This leaves DH and DSA effectively unusable.
2019-05-16 19:27:05 +02:00
Gilles Peskine 58fe9e8afe Correct the description of psa_raw_key_agreement
There was some copypasta from the KA+KDF function's description.
2019-05-16 18:55:25 +02:00
Gilles Peskine be697d8324 Shorten the name of psa_key_agreement_raw_shared_secret
There is less of a risk of confusion with the KA+KDF function now.
2019-05-16 18:55:25 +02:00
Gilles Peskine 1cb9a08d6a Reorder key derivation functions in the header file
Present key derivation functions in a more logical order,
corresponding roughly to the order in which an application would call
them.
2019-05-16 18:55:25 +02:00
Gilles Peskine cf7292e257 Wrap and reindent some lines
After renaming several identifiers, re-wrap and re-indent some lines
to make the code prettier.
2019-05-16 18:55:25 +02:00
Gilles Peskine 35675b6b26 Terminology: say "key derivation operation", not "generator"
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology.

This commit updates the function descriptions.
2019-05-16 18:55:25 +02:00
Gilles Peskine cbe6650394 Rename generator-related internal identifiers
perl -pe 's/crypto_generator/key_derivation/gi' $(git ls-files)
    perl -pe 's/_generator/_key_derivation/gi' $(git ls-files)
2019-05-16 18:55:25 +02:00
Gilles Peskine 03410b5c5f Rename PSA_KDF_STEP_xxx -> PSA_KEY_DERIVATION_INPUT_xxx
More consistent with the new function names.
2019-05-16 18:55:25 +02:00
Gilles Peskine a99d3fbd05 Rename generator functions to psa_key_derivation_xxx
Generators are mostly about key derivation (currently: only about key
derivation). "Generator" is not a commonly used term in cryptography.
So favor "derivation" as terminology. Call a generator a key
derivation operation structure, since it behaves like other multipart
operation structures. Furthermore, the function names are not fully
consistent.

In this commit, I rename the functions to consistently have the prefix
"psa_key_derivation_". I used the following command:

    perl -i -pe '%t = (
        psa_crypto_generator_t => "psa_key_derivation_operation_t",
        psa_crypto_generator_init => "psa_key_derivation_init",
        psa_key_derivation_setup => "psa_key_derivation_setup",
        psa_key_derivation_input_key => "psa_key_derivation_input_key",
        psa_key_derivation_input_bytes => "psa_key_derivation_input_bytes",
        psa_key_agreement => "psa_key_derivation_key_agreement",
        psa_set_generator_capacity => "psa_key_derivation_set_capacity",
        psa_get_generator_capacity => "psa_key_derivation_get_capacity",
        psa_generator_read => "psa_key_derivation_output_bytes",
        psa_generate_derived_key => "psa_key_derivation_output_key",
        psa_generator_abort => "psa_key_derivation_abort",
        PSA_CRYPTO_GENERATOR_INIT => "PSA_KEY_DERIVATION_OPERATION_INIT",
        PSA_GENERATOR_UNBRIDLED_CAPACITY => "PSA_KEY_DERIVATION_UNLIMITED_CAPACITY",
        ); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files)
2019-05-16 18:55:21 +02:00
Jaeden Amero d35249e66f
Merge pull request #109 from gilles-peskine-arm/psa-key_attributes-set_persistent
Individual setters for persistent key attributes
2019-05-16 17:28:53 +01:00
Jaeden Amero 99e8d26a75
Merge pull request #104 from gilles-peskine-arm/psa-global_key_id
Make key ids global and define their range
2019-05-16 17:11:59 +01:00
Gilles Peskine f1b7694768 Minor documentation improvements 2019-05-16 16:10:59 +02:00
Gilles Peskine 280948a32b Fix copypasta in the documentation of PSA_KEY_ID_xxx_{MIN,MAX} 2019-05-16 15:27:14 +02:00
Jaeden Amero 16ab39102e
Merge pull request #102 from gilles-peskine-arm/psa-aead_multipart-delay
Multipart AEAD buffer output sizes
2019-05-16 13:34:21 +01:00
Jaeden Amero 76be7f9c70
Merge pull request #108 from gilles-peskine-arm/psa-copy_key-policy
Add policy usage flag to copy a key
2019-05-16 12:08:13 +01:00
Jaeden Amero 826e326d2e
Merge pull request #107 from gilles-peskine-arm/psa-curve_size_macro
PSA: EC curve size macro
2019-05-16 11:59:41 +01:00
Gilles Peskine 6c9514427b New macro to get the bit size of an elliptic curve 2019-05-16 00:16:46 +02:00
Gilles Peskine 73676cbc50 Put handle parameter last: psa_import_key
In psa_import_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 23:16:07 +02:00
Gilles Peskine 806051f17e Update an obsolete use of psa_import_key in documentation
psa_import_key now takes an attribute structure, not a type.
2019-05-15 23:15:49 +02:00
Gilles Peskine 98dd779eb5 Put handle parameter last: psa_generate_derived_key
In psa_generate_derived_key, change the order of parameters to pass
the pointer where the newly created handle will be stored last.
This is consistent with most other library functions that put inputs
before outputs.
2019-05-15 20:15:31 +02:00
Gilles Peskine 9de5eb0a2f Remove psa_make_key_persistent 2019-05-15 19:14:05 +02:00
Gilles Peskine dc8219a10d Replace psa_make_key_persistent by id/lifetime setters
Use individual setters for the id and lifetime fields of an attribute
structure, like the other attributes.

This commit updates the specification and adds an implementation of
the new setters.
2019-05-15 19:14:05 +02:00
Gilles Peskine 80b39ae753 Remove obsolete use of key policy structure in API text 2019-05-15 19:14:05 +02:00
Gilles Peskine f9fbc38e66 Declare key id 0 as invalid
In keeping with other integral types, declare 0 to be an invalid key
identifier.

Documented, implemented and tested.
2019-05-15 18:42:09 +02:00
Gilles Peskine d6a8f5f1b5 Improve description of PSA_KEY_USAGE_COPY
Be more clear about when EXPORT is also required.
2019-05-14 16:25:50 +02:00
Gilles Peskine ac99e32b79 Documentation improvements 2019-05-14 16:11:07 +02:00
Gilles Peskine 36d477de44 Fix copypasta in PSA_AEAD_DECRYPT_OUTPUT_SIZE 2019-05-14 16:11:07 +02:00
Gilles Peskine 248010caa0 Fix calculation in PSA_AEAD_UPDATE_OUTPUT_SIZE 2019-05-14 16:11:07 +02:00
Gilles Peskine 8e0206aa26 New usage flag PSA_KEY_USAGE_COPY
Document the new flag and allow its use.
2019-05-14 14:24:28 +02:00
Gilles Peskine 4318dfc8ec psa_export_key, psa_export_public_key: document the EXPORT flag 2019-05-14 14:23:32 +02:00
Jaeden Amero 1fe90fab30
Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes
Check unused attributes in import and copy
2019-05-13 11:48:40 +01:00
Gilles Peskine 4a231b8d3b Break up key identifiers into user, vendor and reserved ranges
Define a range of key identifiers for use by the application
(0..2^30-1), a range for use by implementations (2^30..2^31), and a
range that is reserved for future use (2^31..2^32-1).
2019-05-06 18:56:14 +02:00
Gilles Peskine 225010fdf7 Remove lifetime parameter from psa_open_key
Change the scope of key identifiers to be global, rather than
per lifetime. As a result, you now need to specify the lifetime of a
key only when creating it.
2019-05-06 18:52:22 +02:00
Gilles Peskine f02aec90dc Allow AEAD update output to be delayed
Do not require finish() to have empty output for any algorithm. Some
hardware does not support immediate stream processing.
2019-05-06 15:59:44 +02:00
Gilles Peskine 3e79c8ecfd Declare ChaCha20 cipher and AEAD
Declare algorithms for ChaCha20 and ChaCha20-Poly1305, and a
corresponding (common) key type.

Don't declare Poly1305 as a separate algorithm because it's a one-time
authenticator, not a MAC, so the API isn't suitable for it (no way to
use a nonce).
2019-05-06 15:59:44 +02:00
Gilles Peskine 49dd8d8cec Add size macros for multipart AEAD
New macros PSA_AEAD_UPDATE_OUTPUT_SIZE, PSA_AEAD_FINISH_OUTPUT_SIZE
and PSA_AEAD_VERIFY_OUTPUT_SIZE to determine the output buffer sizes
for psa_aead_update(), psa_aead_finish() and psa_aead_verify().
2019-05-06 15:59:16 +02:00
Gilles Peskine 5211efb317 Add output parameter for psa_aead_verify
Like psa_aead_finish(), psa_aead_verify() needs to produce output from
the last partial block of input if psa_aead_update() cannot produce
output byte by byte.
2019-05-06 15:56:05 +02:00
Gilles Peskine bdc27860c2 Reorder macros for clarity
Group PSA_AEAD_DECRYPT_OUTPUT_SIZE with PSA_AEAD_ENCRYPT_OUTPUT_SIZE.
2019-05-06 15:45:16 +02:00
Gilles Peskine 679693ee49 Algorithm encoding: add flag bit PSA_ALG_AEAD_FROM_BLOCK_FLAG
Make it easy to distinguish generic constructions on top of block
ciphers, such as CCM or GCM, from specialized algorithms such as
Chacha20-Poly1305.
2019-05-06 15:10:16 +02:00
Gilles Peskine 4ce2a9dcbf Check unused attributes in import and copy
In psa_import_key and psa_copy_key, some information comes from the
key data (input buffer or source key) rather than from the attributes:
key size for import, key size and type and domain parameters for copy.
If an unused attribute is nonzero in the attribute structure, check
that it matches the correct value. This protects against application
errors.
2019-05-03 16:57:15 +02:00
Adrian L. Shaw 5a5a79ae2a Rename psa_generate_key() and psa_generator_import_key() 2019-05-03 15:44:28 +01:00
Gilles Peskine 1ea5e44c93 Minor documentation improvement 2019-05-02 20:31:10 +02:00
Gilles Peskine aa02c17dfa Add buffer size macro for psa_get_key_domain_parameters 2019-04-28 11:48:29 +02:00
Gilles Peskine 9c640f91d4 Improve documentation of key attributes 2019-04-28 11:48:26 +02:00
Gilles Peskine 06af0cd4a3 Always require reset after psa_get_key_attributes
There was a guarantee that psa_get_key_attributes() does not require a
subsequent psa_reset_key_attributes() to free resources as long as the
key was created with attributes having this property. This requirement
was hard to pin down because if a key is created with default
parameters, there are cases where it is difficult to ensure that the
domain parameters will be reported without allocating memory. So
remove this guarantee. Now the only case psa_reset_key_attributes() is
not required is if the attribute structure has only been modified with
certain specific setters.
2019-04-28 11:46:10 +02:00
Gilles Peskine e56e878207 Remove extra parameter from psa_generate_key
Read extra data from the domain parameters in the attribute structure
instead of taking an argument on the function call.

Implement this for RSA key generation, where the public exponent can
be set as a domain parameter.

Add tests that generate RSA keys with various public exponents.
2019-04-26 17:37:50 +02:00
Gilles Peskine b699f07af0 Switch psa_{get,set}_domain_parameters to attributes
Change psa_get_domain_parameters() and psa_set_domain_parameters() to
access a psa_key_attributes_t structure rather than a key handle.

In psa_get_key_attributes(), treat the RSA public exponent as a domain
parameter and read it out. This is in preparation for removing the
`extra` parameter of psa_generate_key() and setting the RSA public
exponent for key generation via domain parameters.

In this commit, the default public exponent 65537 is not treated
specially, which allows us to verify that test code that should be
calling psa_reset_key_attributes() after retrieving the attributes of
an RSA key is doing so properly (if it wasn't, there would be a memory
leak), even if the test data happens to use an RSA key with the
default public exponent.
2019-04-26 17:37:08 +02:00
Gilles Peskine 3a4f1f8e46 Set the key size as an attribute
Instead of passing a separate parameter for the key size to
psa_generate_key and psa_generator_import_key, set it through the
attributes, like the key type and other metadata.
2019-04-26 13:49:28 +02:00
Gilles Peskine a3dd737be4 Move legacy definitions to crypto_extra.h
Types and functions that are not used in the attribute-based key
creation API are now implementation-specific extensions, kept around
until we finish transitioning to the new API.
2019-04-24 15:47:30 +02:00
Gilles Peskine 2062859496 Document the new functions related to key attributes
Also update the documentation of key creation functions that have been
modified to use key attributes.
2019-04-24 15:47:30 +02:00
Gilles Peskine 8c8f2ab66b Implement psa_get_key_attributes
Implement attribute querying.

Test attribute getters and setters. Use psa_get_key_attributes instead
of the deprecated functions psa_get_key_policy or
psa_get_key_information in most tests.
2019-04-24 15:46:04 +02:00
Gilles Peskine db4b3abab1 Implement missing attributes setters and getters 2019-04-24 15:46:03 +02:00
Gilles Peskine 4747d19d18 Implement atomic-creation psa_import_key
Implement the new, attribute-based psa_import_key and some basic
functions to access psa_key_attributes_t. Replace
psa_import_key_to_handle by psa_import_key in a few test functions.

This commit does not handle persistence attributes yet.
2019-04-24 15:45:50 +02:00
Gilles Peskine 87a5e565f4 Rename functions that inject key material to an allocated handle
This commit starts a migration to a new interface for key creation.
Today, the application allocates a handle, then fills its metadata,
and finally injects key material. The new interface fills metadata
into a temporary structure, and a handle is allocated at the same time
it gets filled with both metadata and key material.

This commit was obtained by moving the declaration of the old-style
functions to crypto_extra.h and renaming them with the to_handle
suffix, adding declarations for the new-style functions in crypto.h
under their new name, and running

    perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c
    perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c

Many functions that are specific to the old interface, and which will
not remain under the same name with the new interface, are still in
crypto.h for now.

All functional tests should still pass. The documentation may have
some broken links.
2019-04-24 15:24:45 +02:00
Gilles Peskine 22c51517fb Use unsigned int for bitfields
uintN_t is not a standard type for a bitfield, as armcc points out.
2019-04-18 09:42:21 +02:00
Gilles Peskine a52460c3ed Algorithm encoding: move two bits from derivation to agreement
This gives a little more room to encode key agreement algorithms,
while keeping enough space for key derivation algorithms.

This doesn't affect any of the already-defined algorithms.
2019-04-18 09:42:21 +02:00
Gilles Peskine 3135184cfc Merge remote-tracking branch 'upstream-crypto/development' into psa-api-beta2-merge-development
Merge the Mbed Crypto development branch a little after
mbedcrypto-1.0.0 into the PSA Crypto API 1.0 beta branch a little
after beta 2.

Summary of merge conflicts:

* Some features (psa_copy_key, public key format without
  SubjectPublicKeyInfo wrapping) went into both sides, but with a few
  improvements on the implementation side. For those, take the
  implementation side.
* The key derivation API changed considerably on the API side. This
  merge commit generally goes with the updated API except in the tests
  where it keeps some aspects of the implementation.

Due to the divergence between the two branches on key derivation and
key agreement, test_suite_psa_crypto does not compile. This will be
resolved in subsequent commits.
2019-04-09 12:00:00 +02:00
Gilles Peskine e3dbdd8d90 Gate entropy injection through a dedicated configuration option
Entropy injection has specific testing requirements. Therefore it
should depend on a specific option.
2019-03-15 11:15:21 +01:00
Gilles Peskine 6bf4baef95 Remove compilation option MBEDTLS_PSA_HAS_ITS_IO
MBEDTLS_PSA_HAS_ITS_IO is not really useful since it doesn't actually
enable anything except the entropy seed file support, which only
requires the ITS interface and not a native implemetation. Remove it.
2019-03-15 11:15:13 +01:00
Gilles Peskine ee67dd61bc Fix Doxygen warnings 2019-03-12 13:23:17 +01:00
Gilles Peskine 5579971cb1 psa_generator_import_key (ECC): minor corrections 2019-03-12 11:55:43 +01:00
Gilles Peskine 2de2c0d9ce Clarify deterministic generation by re-drawing
For DH, ECC (Weierstrass curves) and DSA, specify that the re-drawing
method is the one defined by NIST as
"key-pair generation by testing candidates", and describe it
unambiguously.

Also specify DES explicitly.
2019-03-11 18:10:07 +01:00
Gilles Peskine fa4486d7ec Specify psa_generator_import_key for each key type
psa_generator_import_key() was only specified for "symmetric keys",
and there were some mistakes in the specification. Rewrite the
specification and extend it to other key types.

* For most private key types, specify that the function draws a byte
  string repeatedly until the byte string is suitable.
* For DES, despite being a symmetric key type, re-drawing is
  necessary.
* For Montgomery curves, despite being asymmetric, no re-drawing is
  necessary.
* Specify the behavior for every standard key type other than RSA.
  An implementation doesn't have to support all key types, but if it
  does, it's better to have a standard.
2019-03-11 17:30:31 +01:00
Gilles Peskine 3be6b7f553 Fix some copypasta in references to parameter names
Validated by

perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-11 15:11:31 +01:00
Gilles Peskine ae2e5e0806 Remove copypasta'ed error reason in psa_aead_finish 2019-03-11 15:11:31 +01:00
Gilles Peskine 2e37c0dc5d Fix leftover occurrences of "key selection algorithm" 2019-03-11 15:11:31 +01:00
Jaeden Amero 03a60301d7
Merge pull request #248 from ARMmbed/dreemkiller_rename_driver
Various Changes for the PSA Driver Model
2019-03-06 18:59:46 +00:00
Gilles Peskine 32668ce268 Pacify check-names.sh 2019-03-06 18:29:57 +01:00
Gilles Peskine c079f5692d Pass check-files.py 2019-03-06 18:01:52 +01:00
Gilles Peskine e5c025c7ab Fix Doxygen warnings 2019-03-06 18:01:43 +01:00
Gilles Peskine c3044a6a36 Remove trailing whitespace
check-files.py doesn't like trailing whitespace.
2019-03-06 17:56:28 +01:00
Jaeden Amero 81cefed27f psa: Explicitly include platform_util.h
crypto_extra.h has a dependency on platform_util.h for
MBEDTLS_DEPRECATED_NUMERIC_CONSTANT. Make the dependency explicit by
including platform_util.h. Although in most use cases the header should
already be included by something else, it doesn't hurt to include it
again and helps to clarify dependencies.
2019-02-25 10:25:48 +00:00
Gilles Peskine bf7a98b791 Fix typos found in PSA Crypto API 1.0 beta2 before publication 2019-02-22 16:42:11 +01:00
Jaeden Amero 5e6d24c5e1 psa: Add backwards compatible error codes
Add deprecated error codes to help transition between the previous
version of the PSA Crypto specification and the current one.
2019-02-21 11:49:15 +00:00
Jaeden Amero 72f40c6686
Merge pull request #59 from gilles-peskine-arm/psa-its-64_bit_internal_key_id
Support key file IDs encoding the key owner
2019-02-20 13:45:12 +00:00
Gilles Peskine 572f067205 PSA crypto service: encode the key owner (ITS backend only)
When building for the PSA crypto service (defined(PSA_CRYPTO_SECURE)),
define psa_key_owner_id_t as int32_t, which is how a PSA platform
encodes partition identity. Note that this only takes effect when the
build option MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is active.

Support this configuration in the ITS backend.
2019-02-20 12:52:09 +01:00
Gilles Peskine 69d7c8b2d7 Declare a psa_key_file_id_t layout with an owner field
Declare the owner as psa_key_owner_id_t, of which an implementation
must be provided separately.

Make this a configuration option
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER, to make the conditional
compilation flow easier to follow. Declare it in config.h to
pacify check_names.sh.

Support for a specific implementation of psa_key_owner_id_t in storage
backends will come in a subsequent commit.
2019-02-20 12:52:09 +01:00
Gilles Peskine 5b229a06f4 Support encoding an owner in key file IDs
Differentiate between _key identifiers_, which are always `uint32_t`,
and _key file identifiers_, which are platform-dependent. Normally,
the two are the same.

In `psa/crypto_platform.h`, define `psa_app_key_id_t` (which is always
32 bits, the standard key identifier type) and
`psa_key_file_id_t` (which will be different in some service builds).
A subsequent commit will introduce a platform where the two are different.

It would make sense for the function declarations in `psa/crypto.h` to
use `psa_key_file_id_t`. However this file is currently part of the
PSA Crypto API specification, so it must stick to the standard type
`psa_key_id_t`. Hence, as long as the specification and Mbed Crypto
are not separate, use the implementation-specific file
`psa/crypto_platform.h` to define `psa_key_id_t` as `psa_key_file_id_t`.

In the library, systematically use `psa_key_file_id_t`.

    perl -i -pe 's/psa_key_id_t/psa_key_file_id_t/g' library/*.[hc]
2019-02-20 12:52:07 +01:00
Jaeden Amero 7e2cda1d67
Merge pull request #11 from gilles-peskine-arm/psa-setup_bad_state-document
Document that multipart operation setup can return BAD_STATE
2019-02-19 10:24:23 +00:00
David Saada a2523b2c6d Replace ITS specific types with more generic PSA storage types
PSA spec now defines more generic PSA storage types instead of the ITS
specific ones. This is necessary in order to integrate with
the newer implementation of PSA ITS landing in Mbed OS soon.
Changes include the following:
- psa_status_t replaces psa_its_status_t
- psa_storage_info_t replaces psa_its_info_t
- psa_storage_uid_t replaces psa_its_uid_t
2019-02-18 13:56:26 +02:00
David Saada b4ecc27629 Replace PSA error code definitions with the ones defined in PSA spec 2019-02-18 13:53:13 +02:00
Derek Miller f0c1d0d375 Doxygen changes to match the code changes. clarifications. 2019-02-15 17:23:42 -06:00
Derek Miller 28d483ef2f removed * from entropy function pointers as they are already pointers 2019-02-15 17:18:03 -06:00
Derek Miller 8a241a5779 Replaced entropy driver context with void * to support multiple entropy drivers 2019-02-15 17:17:25 -06:00
Derek Miller 6aaa4fd73b added key_type parameter to asymmetric operations because the accelerator need this info 2019-02-15 17:15:54 -06:00
Derek Miller 34b33f198b Changed psa_drv_se_cipher_t.size to context_size to be consistent 2019-02-15 17:13:54 -06:00
Derek Miller 6211726c61 Removed key deriv. context struct, replaced with void* and a context_size 2019-02-15 17:12:26 -06:00
Derek Miller 0b3098a486 added generate key. Removed pubkey export 2019-02-15 17:10:49 -06:00
Derek Miller 0972fe548c added lifetime paramter to psa_drv_se_import_key_t as the SE needs to know this 2019-02-15 17:08:27 -06:00
Derek Miller ea743cf6b0 Removed * from function pointers (as they were already pointers) 2019-02-15 17:06:29 -06:00
Derek Miller b2a1cceaf7 temporarily changed psa_key_slot_t to psa_key_slot_number_t to avoid naming collision 2019-02-15 17:03:42 -06:00
Derek Miller 83d2662dfa Changed opaque/transparent in functions/structs to se/accel 2019-02-15 16:41:22 -06:00
Gilles Peskine 9153ec0d04 Add documentation for some macros
Document some macros which have cross-references. Without
documentation for those macros, the cross-references were broken links.
2019-02-15 13:02:02 +01:00
Gilles Peskine d338b91174 Fix some copypasta in one-shot hash and MAC function descriptions 2019-02-15 13:01:41 +01:00
Gilles Peskine 63f7930003 Doxygen: fix missing markup indicator that was causing broken links 2019-02-15 13:01:17 +01:00
Jaeden Amero 1fb011f2a6
Merge pull request #152 from ARMmbed/psa-test-psa_constant_names
Test psa_constant_names
2019-02-12 13:39:25 +00:00
Gilles Peskine 47e79fb5ab Fix minor errors in key derivation and key agreement documentation 2019-02-08 11:36:59 +01:00
Gilles Peskine 12b58abad6 Remove duplicate definition of PSA_ALG_IS_WILDCARD
This was due to a bad merge.
2019-02-08 11:36:59 +01:00
Gilles Peskine 6bce7f7ebb Fix copypasta in multipart AEAD macro 2019-02-08 11:36:59 +01:00
Gilles Peskine 4c6fdbbe8d Fix typos in doxygen formatting commands 2019-02-08 11:36:59 +01:00
Jaeden Amero 2a0f48ae1f
Merge pull request #43 from Patater/update-2.16-dev
Update to a development version of Mbed TLS 2.16.0
2019-02-08 08:13:41 +00:00
Jaeden Amero 7f04214cf4 psa: Rename PSA_HASH_FINAL_SIZE to PSA_HASH_SIZE
The macro PSA_HASH_FINAL_SIZE no longer exists and all instances of it
should be replaced by PSA_HASH_SIZE. Replace all remaining instances of
PSA_HASH_FINAL_SIZE with PSA_HASH_SIZE.
2019-02-07 12:19:59 +00:00
Gilles Peskine aec5a7fd49 psa_copy_key: minor documentation clarification 2019-02-05 20:26:09 +01:00
Gilles Peskine 434899fccd Test truncated MAC and AEAD algorithms
For MAC and AEAD algorithms, test the algorithm truncated to certain
lengths (1 and 63 bytes).
2019-01-29 16:08:46 +00:00
Gilles Peskine f603c718c9 New function psa_copy_key
Copy a key from one slot to another.

Implemented and smoke-tested.
2019-01-28 14:41:11 +01:00
Jaeden Amero 43bafcca94
Merge pull request #15 from gilles-peskine-arm/psa-signature_policy_wildcard
Support wildcard hash in signature policies
2019-01-28 13:31:14 +00:00
Gilles Peskine 763fb9a150 Improve the description of PSA_ALG_ANY_HASH
Make it clearer what PSA_ALG_ANY_HASH can and cannot be used for.
2019-01-28 13:29:01 +01:00
Jaeden Amero 4d69cf1a84
Merge pull request #13 from Patater/pubkey-format
Simplify RSA and EC public key formats
2019-01-25 10:09:40 +00:00
Jaeden Amero 21fec0c1c5 psa: Expand documentation for psa_key_agreement()
Document `peer_key` parameter requirements, including an explanation of
how the peer key is used and an example for EC keys.
2019-01-23 17:39:46 +00:00
Jaeden Amero ccdce90adb psa: Simplify EC public key format
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.

As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
2019-01-23 17:39:46 +00:00
Jaeden Amero 25384a236e psa: Simplify RSA public key format
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
2019-01-23 17:31:50 +00:00
Jaeden Amero 494624d299
Merge pull request #18 from gilles-peskine-arm/psa-hash_clone
New function psa_hash_clone
2019-01-22 17:35:25 +00:00
Gilles Peskine dad0832dc6 Merge branch 'psa-hash_clone' into psa-api-1.0-beta
Update the documentation of psa_hash_clone().
2019-01-21 14:54:59 +01:00
Gilles Peskine e43aa39397 hash_clone: Fix copypasta and add a functional description 2019-01-21 14:50:37 +01:00
Gilles Peskine ea2e3604b1 Merge branch 'psa-copy_key' into psa-api-1.0-beta
New function psa_copy_key().

Conflicts:
* library/psa_crypto.c: trivial conflicts due to consecutive changes.
* tests/suites/test_suite_psa_crypto.data: the same code
  was added on both sides, but with a conflict resolution on one side.
* tests/suites/test_suite_psa_crypto_metadata.function: the same code
  was added on both sides, but with a conflict resolution on one side.
2019-01-19 13:56:35 +01:00
Gilles Peskine 4cb9dde84a New function psa_copy_key
Copy a key from one slot to another.

Implemented and smoke-tested.
2019-01-19 13:46:36 +01:00
Gilles Peskine 0ce26e35d6 Add a hash wildcard value for hash-and-sign algorithm
You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.

Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.
2019-01-19 13:42:51 +01:00
Gilles Peskine b66c27b2c9 New macro PSA_ALG_IS_HASH_AND_SIGN
Test for a subclass of public-key algorithm: those that perform
full-domain hashing, i.e. algorithms that can be broken down as
sign(key, hash(message)).
2019-01-19 13:42:51 +01:00
Gilles Peskine b865df005c Merge branch 'psa-no_type_on_allocate_key' into psa-api-1.0-beta
Remove the type and bits arguments from psa_allocate_key() and
psa_create_key().
2019-01-19 12:24:18 +01:00
Gilles Peskine d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00
Gilles Peskine b37af92eb9 Merge branch 'psa-hash_clone' into psa-api-1.0-beta
Add psa_hash_clone.
2019-01-19 12:07:27 +01:00
Gilles Peskine ebb2c3e419 New function psa_hash_clone
Clone a hash operation.

Test good cases as part as multipart tests. Add new test functions for
the state machine.
2019-01-19 12:03:41 +01:00
Gilles Peskine 9dcc80e628 Merge branch 'psa-derive_input_steps-agreement_as_one_step' into psa-api-1.0-beta
Change the key derivation API to take inputs in multiple steps,
instead of a single one-site-fits-poorly function.

Conflicts:
* include/psa/crypto.h: merge independent changes in the documentation
  of psa_key_agreement (public_key from the work on public key formats
  vs general description and other parameters in the work on key derivation).
* tests/suites/test_suite_psa_crypto.data: update the key agreement
  tests from the work on key derivation to the format from the work on
  public key formats.
* tests/suites/test_suite_psa_crypto_metadata.function: reconcile the
  addition of unrelated ALG_IS_xxx macros
2019-01-18 18:54:15 +01:00