Commit graph

302 commits

Author SHA1 Message Date
Moran Peker b4d0ddd2d3 psa_export_public_key 2018-09-05 12:13:20 +03:00
Moran Peker dd4ea38d58 export public key 2018-09-05 12:10:47 +03:00
itayzafrir 5c7533923a ECDSA sign and verify implementation and tests
ECDSA sign and verify implementation and tests
2018-09-05 12:10:47 +03:00
Gilles Peskine a0655c3501 Merge remote-tracking branch 'psa/pr/13' into feature-psa
Conflicts:
	library/psa_crypto.c
	tests/suites/test_suite_psa_crypto.data
	tests/suites/test_suite_psa_crypto.function

All the conflicts are concurrent additions where the order doesn't
matter. I put the code from feature-psa (key policy) before the code
from PR #13 (key lifetime).
2018-09-05 12:10:43 +03:00
Gilles Peskine f0c9dd37d2 Added possible error codes for lifetime functions 2018-09-05 12:01:38 +03:00
Gilles Peskine 9bb53d7aff Fix copypasta in lifetime function descriptions 2018-09-05 12:01:38 +03:00
Gilles Peskine 8ca560293b Whitespace fixes 2018-09-05 12:01:37 +03:00
mohammad1603 a7d245a4a2 Fix return error values description
Fix return PSA_ERROR_INVALID_ARGUMENT description for psa_set_key_lifetime()
and psa_get_key_lifetime()
2018-09-05 12:01:37 +03:00
mohammad1603 ea0500936e Change behavior of psa_get_key_lifetime()
psa_get_key_lifetime() behavior changed regarding empty slots, now
it return the lifetime of and empty slots. Documentation in header
file updated accordingly.
2018-09-05 12:01:37 +03:00
mohammad1603 1c34545cfe Remove usage of PSA_KEY_LIFETIME_NONE
Remove usage of PSA_KEY_LIFETIME_NONE, initiate all key slot to
PSA_KEY_LIFETIME_VOLATILE ini psa_crypto_init()
2018-09-05 12:01:37 +03:00
mohammad1603 ba178511f4 Remove unused and duplicated erros, fix documentation and tests
Remove unused and duplicated erros, fix documentation and tests
2018-09-05 12:01:37 +03:00
mohammad1603 804cd71bf8 initial key lifetime implementation and tests 2018-09-05 12:01:37 +03:00
Gilles Peskine c63b6ba754 Merge remote-tracking branch 'psa/pr/14' into feature-psa
Conflict resolution:

* `tests/suites/test_suite_psa_crypto.data`: in the new tests from PR #14,
  rename `PSA_ALG_RSA_PKCS1V15_RAW` to `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` as
  was done in PR #15 in the other branch.
2018-09-05 12:01:34 +03:00
Gilles Peskine f48af7fe76 psa_generate_key: specify what the extra parameters mean 2018-09-05 11:53:26 +03:00
Gilles Peskine 9e7dc717b0 New function: generate key/random 2018-09-05 11:53:26 +03:00
Gilles Peskine 06297936f2 More precise bounds for PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE 2018-09-05 11:53:26 +03:00
mohammad1603 5feda72d7a Remove usage of PSA_ERROR_INVALID_KEY_POLICY
use PSA_ERROR_INVALID_ARGUMENT instead of INVALID_KEY_POLICY error
2018-09-05 11:53:26 +03:00
Gilles Peskine 6944f9a831 New functions: asymmetric encrypt/decrypt 2018-09-05 11:53:26 +03:00
Gilles Peskine 9673cc8255 Define PSA_ALG_RSA_OAEP_MGF1(hash) 2018-09-05 11:53:26 +03:00
Gilles Peskine 8484565f85 Minor errors in documentation around asymmetric signature 2018-09-05 11:53:26 +03:00
mohammad1603 6df908f234 Add static internal MAC finish function
add new psa_mac_finish_internal() to be called by psa_mac_finish() and
psa_mac_verify() in order to be able to check key usage separatly.
2018-09-05 11:53:26 +03:00
Gilles Peskine a59262338a Rename PKCS1V15 to PKCS1V15_SIGN
There's PKCS1V15_CRYPT as well (to be added soon).
2018-09-05 11:53:26 +03:00
Gilles Peskine 058e0b9963 Avoid empty unions
When no algorithms are present in a category (e.g. no AEAD algorithm),
the union in the corresponding operation structure was empty, which is
not valid C. Add a dummy field to avoid this.
2018-09-05 11:53:26 +03:00
Gilles Peskine 9a1ba0dd3f Typo in the documentation of psa_get_key_information 2018-09-05 11:53:26 +03:00
mohammad1603 8cc1ceec3e Key Policy APIs implementation 2018-09-05 11:53:26 +03:00
Gilles Peskine 1906798d4c Fix some typos and copypasta 2018-09-05 11:53:25 +03:00
Gilles Peskine ed522974bd Clarify how multipart operations get terminated 2018-09-05 11:53:25 +03:00
Gilles Peskine 971f7064e9 More precise reference for the RSA public key format 2018-09-05 11:53:25 +03:00
Gilles Peskine 7e19853722 More documentation 2018-09-05 11:53:25 +03:00
Gilles Peskine d393e18f90 Add psa_set_key_lifetime
It is likely that most implementations won't support this function.
But in case an implementation wants to provide it, standardize its
interface.
2018-09-05 11:53:25 +03:00
Gilles Peskine e3f694f49a Remove non-standard hash algorithms 2018-09-05 11:53:25 +03:00
Gilles Peskine 06dc26350e Fix macro definitions for ECC keys
Public keys and key pairs have different types.
2018-09-05 11:53:25 +03:00
Gilles Peskine 03182e99b6 Fix parameter name in PSA_BLOCK_CIPHER_BLOCK_SIZE 2018-09-05 11:53:25 +03:00
Gilles Peskine f5b9fa13e0 Documentation clarifications
Clarify or add the documentation of some functions and constants.

Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-09-05 11:53:25 +03:00
Gilles Peskine 2905a7adcc Fix namespace violation 2018-09-05 11:53:25 +03:00
Gilles Peskine 609b6a5b67 Get the lifetime of a key slot 2018-09-05 11:53:25 +03:00
Gilles Peskine 7698bcf338 Basic interface for key policies
Get/set the policy of a key slot.

Opaque structure for key policies and field access functions.
2018-09-05 11:53:25 +03:00
Gilles Peskine 92b3073e36 Minor documentation fixes 2018-09-05 11:53:25 +03:00
Gilles Peskine 3b555710e2 Prototypes for AEAD functions
This is still tentative.
2018-09-05 11:53:25 +03:00
Gilles Peskine 428dc5aef1 Prototypes for symmetric cipher functions 2018-09-05 11:53:25 +03:00
Gilles Peskine 7e4acc5ef8 Document some MAC functions: psa_mac_start
Adapt the documentation of hash functions.

State that the key object does not need to remain valid throughout the
operation.
2018-09-05 11:53:25 +03:00
Gilles Peskine 8c9def3e7f PSA: Implement MAC functions
Implement psa_mac_start, psa_mac_update and psa_mac_final.

Implement HMAC anc CMAC.

Smoke tests.
2018-09-05 11:53:25 +03:00
Gilles Peskine 308b91d7db Wrote documentation for several functions, macros and types
Document key import/export functions, hash functions, and asymmetric
sign/verify, as well as some related macros and types.

Nicer formatting for return values: use \retval.
2018-09-05 11:53:25 +03:00
Gilles Peskine 9ef733faa0 Implement hash functions
New header file crypto_struct.h. The main file crypto.sh declares
structures which are implementation-defined. These structures must be
defined in crypto_struct.h, which is included at the end so that the
structures can use types defined in crypto.h.

Implement psa_hash_start, psa_hash_update and psa_hash_final. This
should work for all hash algorithms supported by Mbed TLS, but has
only been smoke-tested for SHA-256, and only in the nominal case.
2018-09-05 11:53:25 +03:00
Gilles Peskine a590529938 Greatly expanded mbedtls_to_psa_error
It now covers most cryptography algorithm modules (missing: bignum,
DHM, everything ECC, HMAC_DRBG).
2018-09-05 11:53:24 +03:00
Gilles Peskine 98f0a24255 Improve key type and algorithm encodings
Refine the encoding of key types and algorithms so that ranges of bits
make more sense.

Define a few symmetric cipher algorithms.
2018-09-05 11:53:24 +03:00
Gilles Peskine 0189e7512d PSA crypto: PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE macro
Test it for RSA.
2018-09-05 11:53:24 +03:00
Gilles Peskine 20035e3579 PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only)
Define hash algorithms and RSA signature algorithms.

New function psa_asymmetric_sign.

Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-09-05 11:53:24 +03:00
Gilles Peskine c66ea6a921 PSA key import: support RSA public keys
Use different key types for private keys and public keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 2f9c4dc5ad Add key management functions
Define psa_key_type_t and a first stab at a few values.

New functions psa_import_key, psa_export_key, psa_destroy_key,
psa_get_key_information. Implement them for raw data and RSA.

Under the hood, create an in-memory, fixed-size keystore with room
for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-09-05 11:53:24 +03:00
Gilles Peskine 62a7e7e65f Add a Doxygen-only section
This is intended to document platform-specific definitions in PSA.
2018-09-05 10:59:02 +03:00
Gilles Peskine e59236fc17 Add PSA crypto module
New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C):
Platform Security Architecture compatibility layer on top of
libmedcrypto.

Implement psa_crypto_init function which sets up a RNG.

Add a mbedtls_psa_crypto_free function which deinitializes the
library.

Define a first batch of error codes.
2018-09-05 10:59:00 +03:00