Commit graph

2383 commits

Author SHA1 Message Date
Darryl Green 9e2d7a09f1 Add ifdefs for psa_internal_export_key function
MBEDTLS_PK_WRITE_C only requires either MBEDTLS_RSA_C or MBEDTLS_ECP_C to be defined.
Added wrappers to handle the cases where only one has been defined.
Moved mbedtls_pk_init to be within the ifdefs, so it's only called if appropriate.
2018-09-14 10:02:28 +01:00
Darryl Green 8800136156 Fix key parameter in psa_key_derivation to use correct type 2018-09-14 10:02:28 +01:00
Jaeden Amero cab5494b12 psa: Add license header to crypto.h 2018-09-14 10:02:28 +01:00
Gilles Peskine edd768775f Fix doxygen warnings
* Broken link #PSA_ALG_SHA_256
* Duplicate group name "generators"
* Missing documentation in psa_generate_key_extra_rsa due to bad magic
  comment marker
2018-09-12 16:50:07 +03:00
Gilles Peskine 9f900a8b25 Merge pull request #105 from ARMmbed/psa-derive_hkdf
PSA key derivation: simple-ish interface, HKDF
2018-09-12 16:50:07 +03:00
Gilles Peskine 9fb0e01177 Fix nonstandard whitespace 2018-09-12 16:50:07 +03:00
Gilles Peskine bef7f14f8e Implement HKDF 2018-09-12 16:44:05 +03:00
Gilles Peskine ea0fb4975c Add framework for simple key derivation
New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE.
New function psa_key_derivation.

No key derivation algorithm is implemented yet. The code may not
compile with -Wunused.

Write some unit test code for psa_key_derivation. Most of it cannot be
used yet due to the lack of a key derivation algorithm.
2018-09-12 16:44:04 +03:00
Gilles Peskine eab56e4159 Add generator API
Add an API for byte generators: psa_crypto_generator_t,
PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init,
psa_get_generator_capacity, psa_generator_read,
psa_generator_import_key, psa_generator_abort.

This commit does not yet implement any generator algorithm, it only
provides the framework. This code may not compile with -Wunused.
2018-09-12 16:41:12 +03:00
Gilles Peskine 55728b0e70 Add a few key type and algorithm test macros
These new PSA_xxx_IS_yyy macros fill a few missing gaps.
2018-09-12 16:41:12 +03:00
Gilles Peskine 3bd1a42203 Remove duplicate definition of PSA_KEY_TYPE_IS_RSA 2018-09-12 16:41:12 +03:00
Gilles Peskine 072ac56a03 Implement OAEP
Implement RSAES-OAEP encryption and decryption.

Test it to the same level as PKCS#1 v1.5.
2018-09-12 16:41:12 +03:00
Gilles Peskine a4d20bd387 For RSA PSS, document that salt length = hash length
This is the most common mode and the only mode that Mbed TLS functions
fully supports (mbedtls_rsa_rsassa_pss_verify_ext can verify
signatures with a different salt length).
2018-09-12 16:41:12 +03:00
Gilles Peskine b82ab6f402 Improve documentation of abort functions
Explicitly state that calling abort is safe after initializing to
zero.

Explicitly state that calling abort on an inactive operation is safe,
and replace "active" by "initialized" in the description of the
parameter.

Get rid of the recommendation for implementers to try to handle
uninitialized structures safely. It's good advice in principle but
cannot be achieved in a robust way and the wording was confusing.
2018-09-12 16:41:11 +03:00
Gilles Peskine 54622aec80 Fix PSA_ALG_SIGN_GET_HASH for PSA_ALG_SIGN_xxx_RAW 2018-09-12 16:41:11 +03:00
Gilles Peskine be42f312a8 Doxygen: use \c foo in preference to foo for consistency 2018-09-12 16:41:11 +03:00
Gilles Peskine 9ac9426731 Doc: clarify the preconditions for psa_cipher_update 2018-09-12 16:41:11 +03:00
Gilles Peskine 6ac73a912b Doc: add some missing documentation of function and macro parameters 2018-09-12 16:41:11 +03:00
Gilles Peskine dda3bd344d Doc: Minor formatting and copy fixes 2018-09-12 16:41:11 +03:00
Gilles Peskine d8008d6dfe New macro PSA_KEY_TYPE_IS_RSA 2018-09-12 16:41:11 +03:00
Gilles Peskine fa4070c50b Doc: Fix some \c name that should have been \p name 2018-09-12 16:41:11 +03:00
Gilles Peskine 3fa675cd97 Doc: generate_key: improve documentation of \p extra 2018-09-12 16:41:11 +03:00
Gilles Peskine 4c317f4b4c generate_key: define a structure type for RSA extra parameters 2018-09-12 16:41:11 +03:00
Gilles Peskine 53d991e655 generate_key: rename \p parameters to \p extra
\p parameters is a confusing name for a function parameter. Rename it
to \p extra.
2018-09-12 16:41:11 +03:00
Gilles Peskine edd11a14aa Doc: add [in] or [out] annotations to pointer arguments 2018-09-12 16:41:11 +03:00
Gilles Peskine aa7bc47f73 Add missing const on policy_get_xxx function parameter 2018-09-12 16:41:11 +03:00
Gilles Peskine 3ff2162d14 Remove salt from asymmetric_{sign,verify}
No common signature algorithm uses a salt (RSA-PKCS#1v1.5, RSA-PSS,
DSA, ECDSA, EdDSA). We don't even take an IV for MAC whereas MAC
algorithms with IV are uncommon but heard of. So remove the salt
parameter from psa_asymmetric_sign and psa_asymmetric_verify.
2018-09-12 16:41:11 +03:00
Gilles Peskine 7256e6c9a4 Doc: fix formatting of some macro arguments in explanations 2018-09-12 16:41:11 +03:00
Gilles Peskine dcd1494327 Doc: write documentation for many macros and functions
As of this commit, all #identifier links in the documentation are resolved.
2018-09-12 16:41:11 +03:00
Gilles Peskine 5ce3e59dfe Doc: PSA_ALG_IS_HASH is unspecified if alg is not *supported* 2018-09-12 16:41:11 +03:00
Gilles Peskine 5d1888ebc5 Rename PSA_ALG_STREAM_CIPHER -> PSA_ALG_STREAM_CIPHER_BASE
Follow the usual naming convention: PSA_ALG_xxx_BASE for a constant
that isn't an algorithm, just used to build one.
2018-09-12 16:41:11 +03:00
Gilles Peskine 2853849498 Doxygen: linkify references to macro names 2018-09-12 16:41:11 +03:00
Jaeden Amero 0794936411 Merge pull request #102 from ARMmbed/dev/Patater/fix-allsh
Fix various issues caught by all.sh
2018-09-12 16:41:11 +03:00
Jaeden Amero 67a9351bc5 psa: config: Add MBEDTLS_PSA_CRYPTO_SPM
We failed check-names.sh due to using a define which wasn't described or
defined anywhere. Even though we won't realistically enable
MBEDTLS_PSA_CRYPTO_SPM via the configuration system (and will do it from
PSA Crypto SPM tooling instead), add a description of the configuration to
config.h as good practice. Exclude MBEDTLS_PSA_CRYPTO_SPM from the "full"
configuration as well.
2018-09-12 16:41:11 +03:00
Gilles Peskine 61a60376b7 Fix misplaced Doxygen comment 2018-09-12 16:41:11 +03:00
Gilles Peskine fe11951c16 Rename psa cipher functions to psa_cipher_xxx
Make function names for multipart operations more consistent (cipher
edition).

Rename symmetric cipher multipart operation functions so that they all
start with psa_cipher_:

* psa_encrypt_setup -> psa_cipher_encrypt_setup
* psa_decrypt_setup -> psa_cipher_decrypt_setup
* psa_encrypt_set_iv -> psa_cipher_set_iv
* psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-09-12 16:41:11 +03:00
Gilles Peskine 89167cb597 Split psa_mac_setup -> psa_mac_{sign,verify}_setup
Make function names for multipart operations more consistent (MAC
setup edition).

Split psa_mac_setup into two functions psa_mac_sign_setup and
psa_mac_verify_setup. These functions behave identically except that
they require different usage flags on the key. The goal of the split
is to enforce the key policy during setup rather than at the end of
the operation (which was a bit of a hack).

In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is
of the wrong type, abort the operation before returning BAD_STATE.
2018-09-12 16:41:11 +03:00
Gilles Peskine acd4be36fa Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish
Make function names for multipart operations more consistent (MAC
finish edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine da8191d1cd Rename psa_hash_start -> psa_hash_setup
Make function names for multipart operations more consistent (hash
edition).
2018-09-12 16:41:11 +03:00
Gilles Peskine 07c91f5df3 Add notes about the purpose and usage of auxiliary header files 2018-09-12 16:41:11 +03:00
Gilles Peskine 2743e42580 Correct reference for RSA keypair export format 2018-09-12 16:41:11 +03:00
Gilles Peskine af3baabd05 Define max sizes for MAC and signatures
This requires defining a maximum RSA key size, since the RSA key size
is the signature size. Enforce the maximum RSA key size when importing
or generating a key.
2018-09-12 16:41:11 +03:00
Gilles Peskine 49cee6c582 Move implementation-dependent size macros to crypto_sizes.h
Macros such as PSA_HASH_SIZE whose definitions can be the same
everywhere except in implementations that support non-standard
algorithms remain in crypto.h, at least for the time being.
2018-09-12 16:41:11 +03:00
Gilles Peskine 0cad07c2fb New header crypto_sizes.h
This header will contain macros that calculate buffer sizes, whose
semantics are standardized but whose definitions are
implementation-specific because they depend on the available algorithms
and on some permitted buffer size tolerances.

Move size macros from crypto_struct.h to crypto_sizes.h, because these
definitions need to be available both in the frontend and in the
backend, whereas structures have different contents.
2018-09-12 16:41:11 +03:00
Gilles Peskine eae6eee24c Change ECDSA signature representation to r||s
Change the representation of an ECDSA signature from the ASN.1 DER
encoding used in TLS and X.509, to the concatenation of r and s
in big-endian order with a fixed size. A fixed size helps memory and
buffer management and this representation is generally easier to use
for anything that doesn't require the ASN.1 representation. This is
the same representation as PKCS#11 (Cryptoki) except that PKCS#11
allows r and s to be truncated (both to the same length), which
complicates the implementation and negates the advantage of a
fixed-size representation.
2018-09-12 16:41:11 +03:00
Gilles Peskine a81d85b732 Sort out ECDSA mechanisms
* Distinguish randomized ECDSA from deterministic ECDSA.
* Deterministic ECDSA needs to be parametrized by a hash.
* Randomized ECDSA only uses the hash for the initial hash step,
  but add ECDSA(hash) algorithms anyway so that all the signature
  algorithms encode the initial hashing step.
* Add brief documentation for the ECDSA signature mechanisms.
* Also define DSA signature mechanisms while I'm at it. There were
  already key types for DSA.
2018-09-12 16:24:51 +03:00
Gilles Peskine 526fab0066 Fix parameter name signature_size for psa_asymmetric_verify
It should have been signature_length, following our conventions.
2018-09-12 16:24:51 +03:00
Gilles Peskine e9191ff90b Add missing const for signature parameter of psa_asymmetric_verify 2018-09-12 16:24:51 +03:00
Gilles Peskine 08bac713df Clarify that asymmetric_{sign,verify} operate on a hash 2018-09-12 16:24:51 +03:00
Gilles Peskine 55bf3d1171 Sort out RSA mechanisms
* PSS needs to be parametrized by a hash.
* Don't use `_MGF1` in the names of macros for OAEP and PSS. No one
  ever uses anything else.
* Add brief documentation for the RSA signature mechanisms.
2018-09-12 16:24:51 +03:00