AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
4440688a69
mbedtls/include/psa/crypto.h

3420 lines
150 KiB
C
Raw Normal View History

Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
/**
* \file psa/crypto.h
* \brief Platform Security Architecture cryptography module
*/
psa: Add license header to crypto.h
2018-07-25 12:26:13 +00:00
/*
* Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
#ifndef PSA_CRYPTO_H
#define PSA_CRYPTO_H
#include "crypto_platform.h"
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
#include <stddef.h>
Add a Doxygen-only section This is intended to document platform-specific definitions in PSA.
2018-02-07 20:54:47 +00:00
#ifdef __DOXYGEN_ONLY__
Documentation clarifications Clarify or add the documentation of some functions and constants. Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-03-07 15:40:18 +00:00
/* This __DOXYGEN_ONLY__ block contains mock definitions for things that
* must be defined in the crypto_platform.h header. These mock definitions
* are present in this file as a convenience to generate pretty-printed
* documentation that includes those definitions. */
Add a Doxygen-only section This is intended to document platform-specific definitions in PSA.
2018-02-07 20:54:47 +00:00
/** \defgroup platform Implementation-specific definitions
* @{
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
/** \brief Key handle.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* This type represents open handles to keys. It must be an unsigned integral
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* type. The choice of type is implementation-dependent.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
*
Update some documentation related to key slots Some of the documentation is obsolete in its reference to key slots when it should discuss key handles. This may require a further pass, possibly with some reorganization of error codes. Update the documentation of functions that modify key slots (key material creation and psa_set_key_policy()) to discuss how they affect storage.
2018-12-11 14:51:32 +00:00
* 0 is not a valid key handle. How other handle values are assigned is
* implementation-dependent.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
typedef _unsigned_integral_type_ psa_key_handle_t;
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
Add a Doxygen-only section This is intended to document platform-specific definitions in PSA.
2018-02-07 20:54:47 +00:00
/**@}*/
Documentation clarifications Clarify or add the documentation of some functions and constants. Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-03-07 15:40:18 +00:00
#endif /* __DOXYGEN_ONLY__ */
Add a Doxygen-only section This is intended to document platform-specific definitions in PSA.
2018-02-07 20:54:47 +00:00
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
#ifdef __cplusplus
extern "C" {
#endif
Move integral types and associated macros to their own header Some parts of the library, and crypto drivers, need to see key types, algorithms, policies, etc. but not API functions. Move portable integral types and macros to build and analyze values of these types to a separate headers crypto_types.h and crypto_values.h. No functional changes, code was only moved from crypto.h to the new headers.
2018-12-12 12:38:31 +00:00
/* The file "crypto_types.h" declares types that encode errors,
* algorithms, key types, policies, etc. */
#include "crypto_types.h"
PSA Crypto error code definitions Removed the psa_status_t enum and defined error codes as defines. Conditionally defining PSA_SUCCESS and psa_status_t.
2018-06-18 13:20:16 +00:00
Move integral types and associated macros to their own header Some parts of the library, and crypto drivers, need to see key types, algorithms, policies, etc. but not API functions. Move portable integral types and macros to build and analyze values of these types to a separate headers crypto_types.h and crypto_values.h. No functional changes, code was only moved from crypto.h to the new headers.
2018-12-12 12:38:31 +00:00
/* The file "crypto_values.h" declares macros to build and analyze values
* of integral types defined in "crypto_types.h". */
#include "crypto_values.h"
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
Move integral types and associated macros to their own header Some parts of the library, and crypto drivers, need to see key types, algorithms, policies, etc. but not API functions. Move portable integral types and macros to build and analyze values of these types to a separate headers crypto_types.h and crypto_values.h. No functional changes, code was only moved from crypto.h to the new headers.
2018-12-12 12:38:31 +00:00
/** \defgroup initialization Library initialization
* @{
Declare the new slot management functions in crypto.h No changes to existing functions.
2018-11-30 13:08:36 +00:00
*/
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
/**
* \brief Library initialization.
*
* Applications must call this function before calling any other
* function in this module.
*
* Applications may call this function more than once. Once a call
* succeeds, subsequent calls are guaranteed to succeed.
*
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* If the application calls other functions before calling psa_crypto_init(),
* the behavior is undefined. Implementations are encouraged to either perform
* the operation as if the library had been initialized or to return
* #PSA_ERROR_BAD_STATE or some other applicable error. In particular,
* implementations should not return a success status if the lack of
* initialization may have security implications, for example due to improper
* seeding of the random number generator.
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
*/
psa_status_t psa_crypto_init(void);
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
/**@}*/
Rename functions that inject key material to an allocated handle This commit starts a migration to a new interface for key creation. Today, the application allocates a handle, then fills its metadata, and finally injects key material. The new interface fills metadata into a temporary structure, and a handle is allocated at the same time it gets filled with both metadata and key material. This commit was obtained by moving the declaration of the old-style functions to crypto_extra.h and renaming them with the to_handle suffix, adding declarations for the new-style functions in crypto.h under their new name, and running perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c Many functions that are specific to the old interface, and which will not remain under the same name with the new interface, are still in crypto.h for now. All functional tests should still pass. The documentation may have some broken links.
2019-04-17 10:28:25 +00:00
/** \defgroup attributes Key attributes
* @{
*/
/** The type of a structure containing key attributes.
*
* This is an opaque structure that can represent the metadata of a key
* object, including the key type and size, domain parameters, usage policies,
* location in storage, and any other similar information.
*
* The actual key material is not considered an attribute of a key.
* Key attributes do not contain information that is generally considered
* highly confidential.
*/
typedef struct psa_key_attributes_s psa_key_attributes_t;
Implement atomic-creation psa_import_key Implement the new, attribute-based psa_import_key and some basic functions to access psa_key_attributes_t. Replace psa_import_key_to_handle by psa_import_key in a few test functions. This commit does not handle persistence attributes yet.
2019-04-17 13:05:45 +00:00
static void psa_make_key_persistent(psa_key_attributes_t *attributes,
psa_key_id_t id,
psa_key_lifetime_t lifetime);
static psa_key_id_t psa_get_key_id(const psa_key_attributes_t *attributes);
static psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes);
static void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags);
static psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes);
static void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg);
static psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes);
static void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type);
static psa_key_type_t psa_get_key_type(const psa_key_attributes_t *attributes);
static size_t psa_get_key_bits(const psa_key_attributes_t *attributes);
psa_status_t psa_get_key_attributes(psa_key_handle_t handle,
psa_key_attributes_t *attributes);
Implement psa_get_key_attributes Implement attribute querying. Test attribute getters and setters. Use psa_get_key_attributes instead of the deprecated functions psa_get_key_policy or psa_get_key_information in most tests.
2019-04-18 19:44:46 +00:00
void psa_reset_key_attributes(psa_key_attributes_t *attributes);
Implement atomic-creation psa_import_key Implement the new, attribute-based psa_import_key and some basic functions to access psa_key_attributes_t. Replace psa_import_key_to_handle by psa_import_key in a few test functions. This commit does not handle persistence attributes yet.
2019-04-17 13:05:45 +00:00
Rename functions that inject key material to an allocated handle This commit starts a migration to a new interface for key creation. Today, the application allocates a handle, then fills its metadata, and finally injects key material. The new interface fills metadata into a temporary structure, and a handle is allocated at the same time it gets filled with both metadata and key material. This commit was obtained by moving the declaration of the old-style functions to crypto_extra.h and renaming them with the to_handle suffix, adding declarations for the new-style functions in crypto.h under their new name, and running perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c Many functions that are specific to the old interface, and which will not remain under the same name with the new interface, are still in crypto.h for now. All functional tests should still pass. The documentation may have some broken links.
2019-04-17 10:28:25 +00:00
/**@}*/
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
/** \defgroup policy Key policies
* @{
*/
/** The type of the key policy data structure.
*
* Before calling any function on a key policy, the application must initialize
* it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_key_policy_t policy;
* memset(&policy, 0, sizeof(policy));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_key_policy_t policy = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_KEY_POLICY_INIT,
* for example:
* \code
* psa_key_policy_t policy = PSA_KEY_POLICY_INIT;
* \endcode
* - Assign the result of the function psa_key_policy_init()
* to the structure, for example:
* \code
* psa_key_policy_t policy;
* policy = psa_key_policy_init();
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
typedef struct psa_key_policy_s psa_key_policy_t;
/** \def PSA_KEY_POLICY_INIT
*
* This macro returns a suitable initializer for a key policy object of type
* #psa_key_policy_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_KEY_POLICY_INIT {0}
#endif
/** Return an initial value for a key policy that forbids all usage of the key.
*/
static psa_key_policy_t psa_key_policy_init(void);
/** \brief Set the standard fields of a policy structure.
*
* Note that this function does not make any consistency check of the
* parameters. The values are only checked when applying the policy to
* a key slot with psa_set_key_policy().
*
* \param[in,out] policy The key policy to modify. It must have been
* initialized as per the documentation for
* #psa_key_policy_t.
* \param usage The permitted uses for the key.
* \param alg The algorithm that the key may be used for.
*/
void psa_key_policy_set_usage(psa_key_policy_t *policy,
psa_key_usage_t usage,
psa_algorithm_t alg);
/** \brief Retrieve the usage field of a policy structure.
*
* \param[in] policy The policy object to query.
*
* \return The permitted uses for a key with this policy.
*/
psa_key_usage_t psa_key_policy_get_usage(const psa_key_policy_t *policy);
/** \brief Retrieve the algorithm field of a policy structure.
*
* \param[in] policy The policy object to query.
*
* \return The permitted algorithm for a key with this policy.
*/
psa_algorithm_t psa_key_policy_get_algorithm(const psa_key_policy_t *policy);
/** \brief Set the usage policy on a key slot.
*
* This function must be called on an empty key slot, before importing,
* generating or creating a key in the slot. Changing the policy of an
* existing key is not permitted.
*
* Implementations may set restrictions on supported key policies
* depending on the key type and the key slot.
*
* \param handle Handle to the key whose policy is to be changed.
* \param[in] policy The policy object to query.
*
* \retval #PSA_SUCCESS
* Success.
* If the key is persistent, it is implementation-defined whether
* the policy has been saved to persistent storage. Implementations
* may defer saving the policy until the key material is created.
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_ALREADY_EXISTS
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_set_key_policy(psa_key_handle_t handle,
const psa_key_policy_t *policy);
/** \brief Get the usage policy for a key slot.
*
* \param handle Handle to the key slot whose policy is being queried.
* \param[out] policy On success, the key's policy.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_get_key_policy(psa_key_handle_t handle,
psa_key_policy_t *policy);
/**@}*/
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
/** \defgroup key_management Key management
* @{
*/
Declare the new slot management functions in crypto.h No changes to existing functions.
2018-11-30 13:08:36 +00:00
/** Allocate a key slot for a transient key, i.e. a key which is only stored
* in volatile memory.
*
* The allocated key slot and its handle remain valid until the
* application calls psa_close_key() or psa_destroy_key() or until the
* application terminates.
*
* \param[out] handle On success, a handle to a volatile key slot.
*
* \retval #PSA_SUCCESS
* Success. The application can now use the value of `*handle`
* to access the newly allocated key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* There was not enough memory, or the maximum number of key slots
* has been reached.
*/
Don't require a type and size when creating a key slot Remove the type and bits arguments to psa_allocate_key() and psa_create_key(). They can be useful if the implementation wants to know exactly how much space to allocate for the slot, but many implementations (including ours) don't care, and it's possible to work around their lack by deferring size-dependent actions to the time when the key material is created. They are a burden to applications and make the API more complex, and the benefits aren't worth it. Change the API and adapt the implementation, the units test and the sample code accordingly.
2019-01-19 11:20:52 +00:00
psa_status_t psa_allocate_key(psa_key_handle_t *handle);
Declare the new slot management functions in crypto.h No changes to existing functions.
2018-11-30 13:08:36 +00:00
/** Open a handle to an existing persistent key.
*
* Open a handle to a key which was previously created with psa_create_key().
*
* \param lifetime The lifetime of the key. This designates a storage
* area where the key material is stored. This must not
* be #PSA_KEY_LIFETIME_VOLATILE.
* \param id The persistent identifier of the key.
* \param[out] handle On success, a handle to a key slot which contains
* the data and metadata loaded from the specified
* persistent location.
*
* \retval #PSA_SUCCESS
* Success. The application can now use the value of `*handle`
* to access the newly allocated key slot.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Declare the new slot management functions in crypto.h No changes to existing functions.
2018-11-30 13:08:36 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p lifetime is invalid, for example #PSA_KEY_LIFETIME_VOLATILE.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p id is invalid for the specified lifetime.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p lifetime is not supported.
* \retval #PSA_ERROR_NOT_PERMITTED
* The specified key exists, but the application does not have the
* permission to access it. Note that this specification does not
* define any way to create such a key, but it may be possible
* through implementation-specific means.
*/
psa_status_t psa_open_key(psa_key_lifetime_t lifetime,
psa_key_id_t id,
psa_key_handle_t *handle);
/** Close a key handle.
*
* If the handle designates a volatile key, destroy the key material and
* free all associated resources, just like psa_destroy_key().
*
* If the handle designates a persistent key, free all resources associated
* with the key in volatile memory. The key slot in persistent storage is
* not affected and can be opened again later with psa_open_key().
*
Document that destroying a key aborts any ongoing operation Document that psa_close_key() and psa_destroy_key() abort any ongoing multipart operation that is using the key. This is not implemented yet.
2019-01-14 17:24:53 +00:00
* If the key is currently in use in a multipart operation,
* the multipart operation is aborted.
*
Declare the new slot management functions in crypto.h No changes to existing functions.
2018-11-30 13:08:36 +00:00
* \param handle The key handle to close.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
Declare the new slot management functions in crypto.h No changes to existing functions.
2018-11-30 13:08:36 +00:00
*/
psa_status_t psa_close_key(psa_key_handle_t handle);
Move declarations related to lifetimes further up in crypto.h No content change. This is in preparation for declaring the slot management functions, which need the type psa_key_lifetime_t.
2018-11-30 13:07:45 +00:00
/**@}*/
/** \defgroup import_export Key import and export
* @{
*/
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
/**
* \brief Import a key in binary format.
*
Documentation clarifications Clarify or add the documentation of some functions and constants. Add a note about what the __DOXYGEN_ONLY__ section is for.
2018-03-07 15:40:18 +00:00
* This function supports any output from psa_export_key(). Refer to the
Expand the documentation of import/export formats Clarify that the key type determines the syntax of the input. Clarify the constraints on implementations that support extra import formats.
2018-10-31 13:07:52 +00:00
* documentation of psa_export_public_key() for the format of public keys
* and to the documentation of psa_export_key() for the format for
* other key types.
*
* This specification supports a single format for each key type.
* Implementations may support other formats as long as the standard
* format is supported. Implementations that support other formats
* should ensure that the formats are clearly unambiguous so as to
* minimize the risk that an invalid input is accidentally interpreted
* according to a different format.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the slot where the key will be stored.
Don't require a type and size when creating a key slot Remove the type and bits arguments to psa_allocate_key() and psa_create_key(). They can be useful if the implementation wants to know exactly how much space to allocate for the slot, but many implementations (including ours) don't care, and it's possible to work around their lack by deferring size-dependent actions to the time when the key material is created. They are a burden to applications and make the API more complex, and the benefits aren't worth it. Change the API and adapt the implementation, the units test and the sample code accordingly.
2019-01-19 11:20:52 +00:00
* It must have been obtained by calling
* psa_allocate_key() or psa_create_key() and must
* not contain key material yet.
Expand the documentation of import/export formats Clarify that the key type determines the syntax of the input. Clarify the constraints on implementations that support extra import formats.
2018-10-31 13:07:52 +00:00
* \param type Key type (a \c PSA_KEY_TYPE_XXX value). On a successful
* import, the key slot will contain a key of this type.
* \param[in] data Buffer containing the key data. The content of this
* buffer is interpreted according to \p type. It must
* contain the format described in the documentation
* of psa_export_key() or psa_export_public_key() for
* the chosen type.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param data_length Size of the \p data buffer in bytes.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* Success.
Update some documentation related to key slots Some of the documentation is obsolete in its reference to key slots when it should discuss key handles. This may require a further pass, possibly with some reorganization of error codes. Update the documentation of functions that modify key slots (key material creation and psa_set_key_policy()) to discuss how they affect storage.
2018-12-11 14:51:32 +00:00
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* The key type or key size is not supported, either by the
* implementation in general or in this particular slot.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* The key slot is invalid,
* or the key data is not correctly formatted.
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_ALREADY_EXISTS
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* There is already a key in the specified slot.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
psa: Implement persistent keys Allow use of persistent keys, including configuring them, importing and exporting them, and destroying them. When getting a slot using psa_get_key_slot, there are 3 scenarios that can occur if the keys lifetime is persistent: 1. Key type is PSA_KEY_TYPE_NONE, no persistent storage entry: - The key slot is treated as a standard empty key slot 2. Key type is PSA_KEY_TYPE_NONE, persistent storage entry exists: - Attempt to load the key from persistent storage 3. Key type is not PSA_KEY_TYPE_NONE: - As checking persistent storage on every use of the key could be expensive, the persistent key is assumed to be saved in persistent storage, the in-memory key is continued to be used.
2018-06-18 16:27:26 +00:00
* \retval #PSA_ERROR_STORAGE_FAILURE
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*/
Rename functions that inject key material to an allocated handle This commit starts a migration to a new interface for key creation. Today, the application allocates a handle, then fills its metadata, and finally injects key material. The new interface fills metadata into a temporary structure, and a handle is allocated at the same time it gets filled with both metadata and key material. This commit was obtained by moving the declaration of the old-style functions to crypto_extra.h and renaming them with the to_handle suffix, adding declarations for the new-style functions in crypto.h under their new name, and running perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c Many functions that are specific to the old interface, and which will not remain under the same name with the new interface, are still in crypto.h for now. All functional tests should still pass. The documentation may have some broken links.
2019-04-17 10:28:25 +00:00
psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
psa_key_handle_t *handle,
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
const uint8_t *data,
size_t data_length);
/**
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \brief Destroy a key.
psa_destroy_key: return SUCCESS on an empty slot Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-04-19 06:38:16 +00:00
*
* This function destroys the content of the key slot from both volatile
* memory and, if applicable, non-volatile storage. Implementations shall
* make a best effort to ensure that any previous content of the slot is
* unrecoverable.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* This function also erases any metadata such as policies and frees all
* resources associated with the key.
psa_destroy_key: return SUCCESS on an empty slot Do wipe the slot even if it doesn't contain a key, to erase any metadata.
2018-04-19 06:38:16 +00:00
*
Document that destroying a key aborts any ongoing operation Document that psa_close_key() and psa_destroy_key() abort any ongoing multipart operation that is using the key. This is not implemented yet.
2019-01-14 17:24:53 +00:00
* If the key is currently in use in a multipart operation,
* the multipart operation is aborted.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key slot to erase.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* The slot's content, if any, has been erased.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* The slot holds content and cannot be erased because it is
* read-only, either due to a policy or due to physical restrictions.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* There was an failure in communication with the cryptoprocessor.
* The key material may still be present in the cryptoprocessor.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_STORAGE_FAILURE
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* The storage is corrupted. Implementations shall make a best effort
* to erase key material even in this stage, however applications
* should be aware that it may be impossible to guarantee that the
* key material is not recoverable in such cases.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_TAMPERING_DETECTED
Expand the description of error codes
2018-04-19 06:28:58 +00:00
* An unexpected condition which is not a storage corruption or
* a communication failure occurred. The cryptoprocessor may have
* been compromised.
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_destroy_key(psa_key_handle_t handle);
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
/**
* \brief Get basic metadata about a key.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key slot to query.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] type On success, the key type (a \c PSA_KEY_TYPE_XXX value).
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* This may be a null pointer, in which case the key type
* is not written.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] bits On success, the key size in bits.
Typo in the documentation of psa_get_key_information
2018-03-21 19:49:16 +00:00
* This may be a null pointer, in which case the key size
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* is not written.
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* The handle is to a key slot which does not contain key material yet.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_get_key_information(psa_key_handle_t handle,
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
psa_key_type_t *type,
size_t *bits);
psa: Add get/set domain parameters DSA and static DH need extra domain parameters. Instead of passing these in with the keys themselves, add get and set functions to set and retrieve this information about keys.
2019-01-11 12:06:22 +00:00
/**
* \brief Set domain parameters for a key.
*
* Some key types require additional domain parameters to be set before import
* or generation of the key. The domain parameters can be set with this
* function or, for key generation, through the \c extra parameter of
* psa_generate_key().
*
* The format for the required domain parameters varies by the key type.
psa: Simplify DSA key formats Remove front matter and DSS parameters from our DSA key formats, both keypair and public key, to make it just a representation of the integer private key, `x`, or the public key, `y`, respectively.
2019-01-11 13:50:43 +00:00
* - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY),
* the `Dss-Parms` format as defined by RFC 3279 &sect;2.3.2.
* ```
* Dss-Parms ::= SEQUENCE {
* p INTEGER,
* q INTEGER,
* g INTEGER
* }
* ```
psa: Add DH key exchange keys Add the ability to specify Diffie-Hellman key exchange keys. Specify the import/export format as well, even though importing and exporting isn't implemented yet.
2019-01-11 14:20:03 +00:00
* - For Diffie-Hellman key exchange keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY), the
* `DomainParameters` format as defined by RFC 3279 &sect;2.3.3.
* ```
* DomainParameters ::= SEQUENCE {
* p INTEGER, -- odd prime, p=jq +1
* g INTEGER, -- generator, g
* q INTEGER, -- factor of p-1
* j INTEGER OPTIONAL, -- subgroup factor
* validationParms ValidationParms OPTIONAL
* }
* ValidationParms ::= SEQUENCE {
* seed BIT STRING,
* pgenCounter INTEGER
* }
* ```
psa: Add get/set domain parameters DSA and static DH need extra domain parameters. Instead of passing these in with the keys themselves, add get and set functions to set and retrieve this information about keys.
2019-01-11 12:06:22 +00:00
*
Add type argument to psa_set_key_domain_parameters psa_set_key_domain_parameters needs the type to parse the domain parameters.
2019-01-18 16:11:25 +00:00
* \param handle Handle to the slot where the key will be stored.
* This must be a valid slot for a key of the chosen
* type: it must have been obtained by calling
* psa_allocate_key() or psa_create_key() with the
* correct \p type and with a maximum size that is
* compatible with \p data. It must not contain
* key material yet.
* \param type Key type (a \c PSA_KEY_TYPE_XXX value). When
* subsequently creating key material into \p handle,
* the type must be compatible.
psa: Add get/set domain parameters DSA and static DH need extra domain parameters. Instead of passing these in with the keys themselves, add get and set functions to set and retrieve this information about keys.
2019-01-11 12:06:22 +00:00
* \param[in] data Buffer containing the key domain parameters. The content
* of this buffer is interpreted according to \p type. of
* psa_export_key() or psa_export_public_key() for the
* chosen type.
* \param data_length Size of the \p data buffer in bytes.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_OCCUPIED_SLOT
* There is already a key in the specified slot.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_set_key_domain_parameters(psa_key_handle_t handle,
Add type argument to psa_set_key_domain_parameters psa_set_key_domain_parameters needs the type to parse the domain parameters.
2019-01-18 16:11:25 +00:00
psa_key_type_t type,
psa: Add get/set domain parameters DSA and static DH need extra domain parameters. Instead of passing these in with the keys themselves, add get and set functions to set and retrieve this information about keys.
2019-01-11 12:06:22 +00:00
const uint8_t *data,
size_t data_length);
/**
* \brief Get domain parameters for a key.
*
* Get the domain parameters for a key with this function, if any. The format
* of the domain parameters written to \p data is specified in the
* documentation for psa_set_key_domain_parameters().
*
* \param handle Handle to the key to get domain parameters from.
* \param[out] data On success, the key domain parameters.
* \param data_size Size of the \p data buffer in bytes.
* \param[out] data_length On success, the number of bytes
* that make up the key domain parameters data.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* There is no key in the specified slot.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_get_key_domain_parameters(psa_key_handle_t handle,
uint8_t *data,
size_t data_size,
size_t *data_length);
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
/**
* \brief Export a key in binary format.
*
* The output of this function can be passed to psa_import_key() to
* create an equivalent object.
*
Expand the documentation of import/export formats Clarify that the key type determines the syntax of the input. Clarify the constraints on implementations that support extra import formats.
2018-10-31 13:07:52 +00:00
* If the implementation of psa_import_key() supports other formats
* beyond the format specified here, the output from psa_export_key()
* must use the representation specified here, not the original
* representation.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* For standard key types, the output format is as follows:
*
* - For symmetric keys (including MAC keys), the format is the
* raw bytes of the key.
* - For DES, the key data consists of 8 bytes. The parity bits must be
* correct.
* - For Triple-DES, the format is the concatenation of the
* two or three DES keys.
Minor documentation fixes
2018-03-03 20:29:30 +00:00
* - For RSA key pairs (#PSA_KEY_TYPE_RSA_KEYPAIR), the format
Define the encoding of ECC and DSA keys
2018-08-10 16:57:40 +00:00
* is the non-encrypted DER encoding of the representation defined by
* PKCS\#1 (RFC 8017) as `RSAPrivateKey`, version 0.
* ```
* RSAPrivateKey ::= SEQUENCE {
fixup format spec
2018-08-10 23:17:53 +00:00
* version INTEGER, -- must be 0
Define the encoding of ECC and DSA keys
2018-08-10 16:57:40 +00:00
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* }
* ```
psa: Simplify DSA key formats Remove front matter and DSS parameters from our DSA key formats, both keypair and public key, to make it just a representation of the integer private key, `x`, or the public key, `y`, respectively.
2019-01-11 13:50:43 +00:00
* - For DSA private keys (#PSA_KEY_TYPE_DSA_KEYPAIR), the format is the
* representation of the private key `x` as a big-endian byte string. The
* length of the byte string is the private key size in bytes (leading zeroes
* are not stripped).
Define the encoding of ECC and DSA keys
2018-08-10 16:57:40 +00:00
* - For elliptic curve key pairs (key types for which
Private EC key format: change to raw secret value (doc, import) Change the import/export format of private elliptic curve keys from RFC 5915 to the raw secret value. This commit updates the format specification and the import code, but not the export code.
2018-10-29 18:24:33 +00:00
* #PSA_KEY_TYPE_IS_ECC_KEYPAIR is true), the format is
More tweaks on EC-related wording Use m for the bit size of the field order, not q which is traditionally the field order. Correct and clarify the private key representation format as has been done for the private key and ECDH shared secret formats.
2018-11-15 16:44:43 +00:00
* a representation of the private value as a `ceiling(m/8)`-byte string
* where `m` is the bit size associated with the curve, i.e. the bit size
* of the order of the curve's coordinate field. This byte string is
* in little-endian order for Montgomery curves (curve types
* `PSA_ECC_CURVE_CURVEXXX`), and in big-endian order for Weierstrass
* curves (curve types `PSA_ECC_CURVE_SECTXXX`, `PSA_ECC_CURVE_SECPXXX`
* and `PSA_ECC_CURVE_BRAINPOOL_PXXX`).
Private EC key format: change to raw secret value (doc, import) Change the import/export format of private elliptic curve keys from RFC 5915 to the raw secret value. This commit updates the format specification and the import code, but not the export code.
2018-10-29 18:24:33 +00:00
* This is the content of the `privateKey` field of the `ECPrivateKey`
* format defined by RFC 5915.
psa: Add DH key exchange keys Add the ability to specify Diffie-Hellman key exchange keys. Specify the import/export format as well, even though importing and exporting isn't implemented yet.
2019-01-11 14:20:03 +00:00
* - For Diffie-Hellman key exchange key pairs (#PSA_KEY_TYPE_DH_KEYPAIR), the
* format is the representation of the private key `x` as a big-endian byte
* string. The length of the byte string is the private key size in bytes
* (leading zeroes are not stripped).
Define the encoding of ECC and DSA keys
2018-08-10 16:57:40 +00:00
* - For public keys (key types for which #PSA_KEY_TYPE_IS_PUBLIC_KEY is
* true), the format is the same as for psa_export_public_key().
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to export.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] data Buffer where the key data is to be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param data_size Size of the \p data buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] data_length On success, the number of bytes
* that make up the key data.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
Add ifdefs for psa_internal_export_key function MBEDTLS_PK_WRITE_C only requires either MBEDTLS_RSA_C or MBEDTLS_ECP_C to be defined. Added wrappers to handle the cases where only one has been defined. Moved mbedtls_pk_init to be within the ifdefs, so it's only called if appropriate.
2018-07-24 15:33:30 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
New macro PSA_KEY_EXPORT_MAX_SIZE Sufficient buffer size for psa_export_key() and psa_export_public_key().
2018-08-10 17:06:59 +00:00
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
* #PSA_KEY_EXPORT_MAX_SIZE(\c type, \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_export_key(psa_key_handle_t handle,
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
uint8_t *data,
size_t data_size,
size_t *data_length);
Basic interface for key policies Get/set the policy of a key slot. Opaque structure for key policies and field access functions.
2018-03-03 20:30:44 +00:00
/**
* \brief Export a public key or the public part of a key pair in binary format.
*
* The output of this function can be passed to psa_import_key() to
* create an object that is equivalent to the public key.
*
psa: Document requirements for psa_export_public_key() Copy the nice and clear documentation from psa_export_key() as to what implementations are allowed to do regarding key export formats, as the same applies to public keys.
2019-01-11 17:15:56 +00:00
* This specification supports a single format for each key type.
* Implementations may support other formats as long as the standard
* format is supported. Implementations that support other formats
* should ensure that the formats are clearly unambiguous so as to
* minimize the risk that an invalid input is accidentally interpreted
* according to a different format.
*
psa: Simplify RSA public key format Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move code that was shared between RSA and other key types (like EC keys) to be used only with non-RSA keys.
2019-01-10 10:23:21 +00:00
* For standard key types, the output format is as follows:
* - For RSA public keys (#PSA_KEY_TYPE_RSA_PUBLIC_KEY), the DER encoding of
* the representation defined by RFC 3279 &sect;2.3.1 as `RSAPublicKey`.
* ```
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e
* ```
psa: Simplify EC public key format Remove front matter from our EC key format, to make it just the contents of an ECPoint as defined by SEC1 section 2.3.3. As a consequence of the simplification, remove the restriction on not being able to use an ECDH key with ECDSA. There is no longer any OID specified when importing a key, so we can't reject importing of an ECDH key for the purpose of ECDSA based on the OID.
2019-01-10 11:42:27 +00:00
* - For elliptic curve public keys (key types for which
* #PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY is true), the format is the uncompressed
* representation defined by SEC1 &sect;2.3.3 as the content of an ECPoint.
* Let `m` be the bit size associated with the curve, i.e. the bit size of
* `q` for a curve over `F_q`. The representation consists of:
* - The byte 0x04;
* - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
* - `y_P` as a `ceiling(m/8)`-byte string, big-endian.
psa: Simplify DSA key formats Remove front matter and DSS parameters from our DSA key formats, both keypair and public key, to make it just a representation of the integer private key, `x`, or the public key, `y`, respectively.
2019-01-11 13:50:43 +00:00
* - For DSA public keys (#PSA_KEY_TYPE_DSA_PUBLIC_KEY), the format is the
* representation of the public key `y = g^x mod p` as a big-endian byte
* string. The length of the byte string is the length of the base prime `p`
* in bytes.
psa: Add DH key exchange keys Add the ability to specify Diffie-Hellman key exchange keys. Specify the import/export format as well, even though importing and exporting isn't implemented yet.
2019-01-11 14:20:03 +00:00
* - For Diffie-Hellman key exchange public keys (#PSA_KEY_TYPE_DH_PUBLIC_KEY),
* the format is the representation of the public key `y = g^x mod p` as a
* big-endian byte string. The length of the byte string is the length of the
* base prime `p` in bytes.
Basic interface for key policies Get/set the policy of a key slot. Opaque structure for key policies and field access functions.
2018-03-03 20:30:44 +00:00
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to export.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] data Buffer where the key data is to be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param data_size Size of the \p data buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] data_length On success, the number of bytes
* that make up the key data.
Basic interface for key policies Get/set the policy of a key slot. Opaque structure for key policies and field access functions.
2018-03-03 20:30:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
New macro PSA_KEY_EXPORT_MAX_SIZE Sufficient buffer size for psa_export_key() and psa_export_public_key().
2018-08-10 17:06:59 +00:00
* The key is neither a public key nor a key pair.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p data buffer is too small. You can determine a
* sufficient buffer size by calling
* #PSA_KEY_EXPORT_MAX_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(\c type), \c bits)
* where \c type is the key type
* and \c bits is the key size in bits.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Basic interface for key policies Get/set the policy of a key slot. Opaque structure for key policies and field access functions.
2018-03-03 20:30:44 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_export_public_key(psa_key_handle_t handle,
Basic interface for key policies Get/set the policy of a key slot. Opaque structure for key policies and field access functions.
2018-03-03 20:30:44 +00:00
uint8_t *data,
size_t data_size,
size_t *data_length);
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
/** Make a copy of a key.
*
* Copy key material from one location to another.
*
psa_copy_key: minor documentation clarification
2019-02-05 19:26:09 +00:00
* This function is primarily useful to copy a key from one location
* to another, since it populates a key using the material from
* another key which may have a different lifetime.
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
*
* In an implementation where slots have different ownerships,
Fix typos found in PSA Crypto API 1.0 beta2 before publication
2019-02-22 15:42:11 +00:00
* this function may be used to share a key with a different party,
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
* subject to implementation-defined restrictions on key sharing.
* In this case \p constraint would typically prevent the recipient
* from exporting the key.
*
* The resulting key may only be used in a way that conforms to all
* three of: the policy of the source key, the policy previously set
* on the target, and the \p constraint parameter passed when calling
* this function.
* - The usage flags on the resulting key are the bitwise-and of the
* usage flags on the source policy, the previously-set target policy
* and the policy constraint.
* - If all three policies allow the same algorithm or wildcard-based
* algorithm policy, the resulting key has the same algorithm policy.
* - If one of the policies allows an algorithm and all the other policies
* either allow the same algorithm or a wildcard-based algorithm policy
* that includes this algorithm, the resulting key allows the same
* algorithm.
*
* The effect of this function on implementation-defined metadata is
* implementation-defined.
*
* \param source_handle The key to copy. It must be a handle to an
* occupied slot.
* \param target_handle A handle to the target slot. It must not contain
* key material yet.
* \param[in] constraint An optional policy constraint. If this parameter
* is non-null then the resulting key will conform
* to this policy in addition to the source policy
* and the policy already present on the target
* slot. If this parameter is null then the
* function behaves in the same way as if it was
* the target policy, i.e. only the source and
* target policies apply.
Doc: add some missing documentation of function and macro parameters
2018-07-12 17:47:19 +00:00
*
* \retval #PSA_SUCCESS
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_ALREADY_EXISTS
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p target_handle already contains key material.
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p source_handle does not contain key material.
Doc: add some missing documentation of function and macro parameters
2018-07-12 17:47:19 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
* The policy constraints on the source, on the target and
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p constraint are incompatible.
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* The source key is not exportable and its lifetime does not
* allow copying it to the target's lifetime.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
Doc: add some missing documentation of function and macro parameters
2018-07-12 17:47:19 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
More documentation
2018-03-08 06:50:30 +00:00
*/
New function psa_copy_key Copy a key from one slot to another. Implemented and smoke-tested.
2019-01-19 12:40:11 +00:00
psa_status_t psa_copy_key(psa_key_handle_t source_handle,
Rename functions that inject key material to an allocated handle This commit starts a migration to a new interface for key creation. Today, the application allocates a handle, then fills its metadata, and finally injects key material. The new interface fills metadata into a temporary structure, and a handle is allocated at the same time it gets filled with both metadata and key material. This commit was obtained by moving the declaration of the old-style functions to crypto_extra.h and renaming them with the to_handle suffix, adding declarations for the new-style functions in crypto.h under their new name, and running perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c Many functions that are specific to the old interface, and which will not remain under the same name with the new interface, are still in crypto.h for now. All functional tests should still pass. The documentation may have some broken links.
2019-04-17 10:28:25 +00:00
const psa_key_attributes_t *attributes,
psa_key_handle_t *target_handle);
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
/**@}*/
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
/** \defgroup hash Message digests
* @{
*/
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
/** Calculate the hash (digest) of a message.
*
* \note To verify the hash of a message against an
* expected value, use psa_hash_compare() instead.
*
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_HASH(\p alg) is true).
* \param[in] input Buffer containing the message to hash.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] hash Buffer where the hash is to be written.
* \param hash_size Size of the \p hash buffer in bytes.
* \param[out] hash_length On success, the number of bytes
* that make up the hash value. This is always
Fix some copypasta in one-shot hash and MAC function descriptions
2019-02-15 12:01:41 +00:00
* #PSA_HASH_SIZE(\p alg).
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a hash algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_hash_compute(psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
/** Calculate the hash (digest) of a message and compare it with a
* reference value.
*
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_HASH(\p alg) is true).
* \param[in] input Buffer containing the message to hash.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] hash Buffer containing the expected hash value.
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
* \param hash_length Size of the \p hash buffer in bytes.
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
*
* \retval #PSA_SUCCESS
* The expected hash is identical to the actual hash of the input.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a hash algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_hash_compare(psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *hash,
const size_t hash_length);
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
/** The type of the state data structure for multipart hash operations.
psa: Add initializers for hash operation objects Add new initializers for hash operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:47:44 +00:00
*
* Before calling any function on a hash operation object, the application must
* initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_hash_operation_t operation;
* memset(&operation, 0, sizeof(operation));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_hash_operation_t operation = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_HASH_OPERATION_INIT,
* for example:
* \code
* psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
* \endcode
* - Assign the result of the function psa_hash_operation_init()
* to the structure, for example:
* \code
* psa_hash_operation_t operation;
* operation = psa_hash_operation_init();
* \endcode
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Minor documentation fixes
2018-03-03 20:29:30 +00:00
* This is an implementation-defined \c struct. Applications should not
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
typedef struct psa_hash_operation_s psa_hash_operation_t;
psa: Add initializers for hash operation objects Add new initializers for hash operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:47:44 +00:00
/** \def PSA_HASH_OPERATION_INIT
*
* This macro returns a suitable initializer for a hash operation object
* of type #psa_hash_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_HASH_OPERATION_INIT {0}
#endif
/** Return an initial value for a hash operation object.
*/
static psa_hash_operation_t psa_hash_operation_init(void);
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
/** Set up a multipart hash operation.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
* The sequence of operations to calculate a hash (message digest)
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
psa: Add initializers for hash operation objects Add new initializers for hash operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:47:44 +00:00
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_hash_operation_t, e.g. PSA_HASH_OPERATION_INIT.
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* -# Call psa_hash_setup() to specify the algorithm.
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* -# Call psa_hash_update() zero, one or more times, passing a fragment
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* of the message each time. The hash that is calculated is the hash
* of the concatenation of these messages in order.
* -# To calculate the hash, call psa_hash_finish().
* To compare the hash with an expected value, call psa_hash_verify().
*
* The application may call psa_hash_abort() at any time after the operation
psa: Add initializers for hash operation objects Add new initializers for hash operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:47:44 +00:00
* has been initialized.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* After a successful call to psa_hash_setup(), the application must
Clarify how multipart operations get terminated
2018-03-20 16:54:15 +00:00
* eventually terminate the operation. The following events terminate an
* operation:
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* - A failed call to psa_hash_update().
Fix some typos and copypasta
2018-03-20 16:54:53 +00:00
* - A call to psa_hash_finish(), psa_hash_verify() or psa_hash_abort().
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
psa: Add initializers for hash operation objects Add new initializers for hash operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:47:44 +00:00
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_hash_operation_t and not yet in use.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg The hash algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_HASH(\p alg) is true).
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* Success.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p alg is not supported or is not a hash algorithm.
Document BAD_STATE errors for multipart operation setup functions Future commits will implement this and add tests.
2019-01-10 10:51:17 +00:00
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (already set up and not
* subsequently completed).
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*/
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
psa_algorithm_t alg);
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
/** Add a message fragment to a multipart hash operation.
*
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* The application must call psa_hash_setup() before calling this function.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
* If this function returns an error status, the operation becomes inactive.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active hash operation.
* \param[in] input Buffer containing the message fragment to hash.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param input_length Size of the \p input buffer in bytes.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* Success.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or already completed).
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*/
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
psa_status_t psa_hash_update(psa_hash_operation_t *operation,
const uint8_t *input,
size_t input_length);
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
/** Finish the calculation of the hash of a message.
*
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* The application must call psa_hash_setup() before calling this function.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update().
*
* When this function returns, the operation becomes inactive.
*
* \warning Applications should not call this function if they expect
* a specific value for the hash. Call psa_hash_verify() instead.
* Beware that comparing integrity or authenticity data such as
* hash values with a function such as \c memcmp is risky
* because the time taken by the comparison may leak information
* about the hashed data which could allow an attacker to guess
* a valid hash and thereby bypass security controls.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active hash operation.
* \param[out] hash Buffer where the hash is to be written.
* \param hash_size Size of the \p hash buffer in bytes.
* \param[out] hash_length On success, the number of bytes
* that make up the hash value. This is always
Doxygen: use \c foo in preference to `foo` for consistency
2018-07-13 12:38:15 +00:00
* #PSA_HASH_SIZE(\c alg) where \c alg is the
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* hash algorithm that is calculated.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* Success.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or already completed).
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* The size of the \p hash buffer is too small. You can determine a
Doc: fix formatting of some macro arguments in explanations
2018-07-11 22:34:26 +00:00
* sufficient buffer size by calling #PSA_HASH_SIZE(\c alg)
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* where \c alg is the hash algorithm that is calculated.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*/
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
uint8_t *hash,
size_t hash_size,
size_t *hash_length);
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
/** Finish the calculation of the hash of a message and compare it with
* an expected value.
*
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* The application must call psa_hash_setup() before calling this function.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* This function calculates the hash of the message formed by concatenating
* the inputs passed to preceding calls to psa_hash_update(). It then
* compares the calculated hash with the expected hash passed as a
* parameter to this function.
*
* When this function returns, the operation becomes inactive.
*
Fix some typos and copypasta
2018-03-20 16:54:53 +00:00
* \note Implementations shall make the best effort to ensure that the
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* comparison between the actual hash and the expected hash is performed
* in constant time.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active hash operation.
* \param[in] hash Buffer containing the expected hash value.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param hash_length Size of the \p hash buffer in bytes.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* The expected hash is identical to the actual hash of the message.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INVALID_SIGNATURE
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* The hash of the message was calculated successfully, but it
* differs from the expected hash.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or already completed).
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*/
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
const uint8_t *hash,
size_t hash_length);
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
/** Abort a hash operation.
*
* Aborting an operation frees all associated resources except for the
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation by calling
* psa_hash_setup() again.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* You may call this function any time after the operation object has
* been initialized by any of the following methods:
* - A call to psa_hash_setup(), whether it succeeds or not.
* - Initializing the \c struct to all-bits-zero.
* - Initializing the \c struct to logical zeros, e.g.
* `psa_hash_operation_t operation = {0}`.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* In particular, calling psa_hash_abort() after the operation has been
* terminated by a call to psa_hash_abort(), psa_hash_finish() or
* psa_hash_verify() is safe and has no effect.
*
* \param[in,out] operation Initialized hash operation.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p operation is not an active hash operation.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*/
psa_status_t psa_hash_abort(psa_hash_operation_t *operation);
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
New function psa_hash_clone Clone a hash operation. Test good cases as part as multipart tests. Add new test functions for the state machine.
2019-01-19 11:03:41 +00:00
/** Clone a hash operation.
hash_clone: Fix copypasta and add a functional description
2019-01-21 13:50:37 +00:00
*
* This function copies the state of an ongoing hash operation to
* a new operation object. In other words, this function is equivalent
* to calling psa_hash_setup() on \p target_operation with the same
* algorithm that \p source_operation was set up for, then
* psa_hash_update() on \p target_operation with the same input that
* that was passed to \p source_operation. After this function returns, the
* two objects are independent, i.e. subsequent calls involving one of
* the objects do not affect the other object.
New function psa_hash_clone Clone a hash operation. Test good cases as part as multipart tests. Add new test functions for the state machine.
2019-01-19 11:03:41 +00:00
*
* \param[in] source_operation The active hash operation to clone.
* \param[in,out] target_operation The operation object to set up.
* It must be initialized but not active.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
* \p source_operation is not an active hash operation.
* \retval #PSA_ERROR_BAD_STATE
hash_clone: Fix copypasta and add a functional description
2019-01-21 13:50:37 +00:00
* \p target_operation is active.
New function psa_hash_clone Clone a hash operation. Test good cases as part as multipart tests. Add new test functions for the state machine.
2019-01-19 11:03:41 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
psa_hash_operation_t *target_operation);
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
/**@}*/
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
/** \defgroup MAC Message authentication codes
* @{
*/
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
/** Calculate the MAC (message authentication code) of a message.
*
* \note To verify the MAC of a message against an
* expected value, use psa_mac_verify() instead.
* Beware that comparing integrity or authenticity data such as
* MAC values with a function such as \c memcmp is risky
* because the time taken by the comparison may leak information
* about the MAC value which could allow an attacker to guess
* a valid MAC and thereby bypass security controls.
*
* \param handle Handle to the key to use for the operation.
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
Doxygen: fix missing markup indicator that was causing broken links
2019-02-15 12:01:17 +00:00
* such that #PSA_ALG_IS_MAC(\p alg) is true).
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
* \param[in] input Buffer containing the input message.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] mac Buffer where the MAC value is to be written.
* \param mac_size Size of the \p mac buffer in bytes.
* \param[out] mac_length On success, the number of bytes
Fix some copypasta in one-shot hash and MAC function descriptions
2019-02-15 12:01:41 +00:00
* that make up the MAC value.
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a MAC algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_mac_compute(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
/** Calculate the MAC of a message and compare it with a reference value.
*
* \param handle Handle to the key to use for the operation.
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
Doxygen: fix missing markup indicator that was causing broken links
2019-02-15 12:01:17 +00:00
* such that #PSA_ALG_IS_MAC(\p alg) is true).
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
* \param[in] input Buffer containing the input message.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] mac Buffer containing the expected MAC value.
* \param mac_length Size of the \p mac buffer in bytes.
*
* \retval #PSA_SUCCESS
* The expected MAC is identical to the actual MAC of the input.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected value.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a MAC algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
psa_status_t psa_mac_verify(psa_key_handle_t handle,
psa_algorithm_t alg,
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
const uint8_t *input,
size_t input_length,
const uint8_t *mac,
const size_t mac_length);
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
/** The type of the state data structure for multipart MAC operations.
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
*
* Before calling any function on a MAC operation object, the application must
* initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_mac_operation_t operation;
* memset(&operation, 0, sizeof(operation));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_mac_operation_t operation = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_MAC_OPERATION_INIT,
* for example:
* \code
* psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
* \endcode
* - Assign the result of the function psa_mac_operation_init()
* to the structure, for example:
* \code
* psa_mac_operation_t operation;
* operation = psa_mac_operation_init();
* \endcode
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*
Minor documentation fixes
2018-03-03 20:29:30 +00:00
* This is an implementation-defined \c struct. Applications should not
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
typedef struct psa_mac_operation_s psa_mac_operation_t;
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
/** \def PSA_MAC_OPERATION_INIT
*
* This macro returns a suitable initializer for a MAC operation object of type
* #psa_mac_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_MAC_OPERATION_INIT {0}
#endif
/** Return an initial value for a MAC operation object.
*/
static psa_mac_operation_t psa_mac_operation_init(void);
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
/** Set up a multipart MAC calculation operation.
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* This function sets up the calculation of the MAC
* (message authentication code) of a byte string.
* To verify the MAC of a message against an
* expected value, use psa_mac_verify_setup() instead.
*
* The sequence of operations to calculate a MAC is as follows:
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* -# Allocate an operation object which will be passed to all the functions
* listed here.
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* -# Call psa_mac_sign_setup() to specify the algorithm and key.
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
* of the concatenation of these messages in order.
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* -# At the end of the message, call psa_mac_sign_finish() to finish
* calculating the MAC value and retrieve it.
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*
* The application may call psa_mac_abort() at any time after the operation
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
* has been initialized.
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* After a successful call to psa_mac_sign_setup(), the application must
* eventually terminate the operation through one of the following methods:
* - A failed call to psa_mac_update().
* - A call to psa_mac_sign_finish() or psa_mac_abort().
*
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_mac_operation_t and not yet in use.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
Document that destroying a key aborts any ongoing operation Document that psa_close_key() and psa_destroy_key() abort any ongoing multipart operation that is using the key. This is not implemented yet.
2019-01-14 17:24:53 +00:00
* It must remain valid until the operation
* terminates.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
Doxygen: fix missing markup indicator that was causing broken links
2019-02-15 12:01:17 +00:00
* such that #PSA_ALG_IS_MAC(\p alg) is true).
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p alg is not supported or is not a MAC algorithm.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Document BAD_STATE errors for multipart operation setup functions Future commits will implement this and add tests.
2019-01-10 10:51:17 +00:00
* The operation state is not valid (already set up and not
* subsequently completed).
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
*/
psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_key_handle_t handle,
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
psa_algorithm_t alg);
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
/** Set up a multipart MAC verification operation.
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
*
* This function sets up the verification of the MAC
* (message authentication code) of a byte string against an expected value.
*
* The sequence of operations to verify a MAC is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_mac_operation_t, e.g. PSA_MAC_OPERATION_INIT.
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* -# Call psa_mac_verify_setup() to specify the algorithm and key.
* -# Call psa_mac_update() zero, one or more times, passing a fragment
* of the message each time. The MAC that is calculated is the MAC
* of the concatenation of these messages in order.
* -# At the end of the message, call psa_mac_verify_finish() to finish
* calculating the actual MAC of the message and verify it against
* the expected value.
*
* The application may call psa_mac_abort() at any time after the operation
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
* has been initialized.
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
*
* After a successful call to psa_mac_verify_setup(), the application must
* eventually terminate the operation through one of the following methods:
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* - A failed call to psa_mac_update().
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
* - A call to psa_mac_verify_finish() or psa_mac_abort().
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*
psa: Add initializers for MAC operation objects Add new initializers for MAC operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:03 +00:00
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_mac_operation_t and not yet in use.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
Document that destroying a key aborts any ongoing operation Document that psa_close_key() and psa_destroy_key() abort any ongoing multipart operation that is using the key. This is not implemented yet.
2019-01-14 17:24:53 +00:00
* It must remain valid until the operation
* terminates.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg The MAC algorithm to compute (\c PSA_ALG_XXX value
* such that #PSA_ALG_IS_MAC(\p alg) is true).
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* \c key is not compatible with \c alg.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
* \c alg is not supported or is not a MAC algorithm.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Document BAD_STATE errors for multipart operation setup functions Future commits will implement this and add tests.
2019-01-10 10:51:17 +00:00
* The operation state is not valid (already set up and not
* subsequently completed).
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Document some MAC functions: psa_mac_start Adapt the documentation of hash functions. State that the key object does not need to remain valid throughout the operation.
2018-02-16 20:24:11 +00:00
*/
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_key_handle_t handle,
Split psa_mac_setup -> psa_mac_{sign,verify}_setup Make function names for multipart operations more consistent (MAC setup edition). Split psa_mac_setup into two functions psa_mac_sign_setup and psa_mac_verify_setup. These functions behave identically except that they require different usage flags on the key. The goal of the split is to enforce the key policy during setup rather than at the end of the operation (which was a bit of a hack). In psa_mac_sign_finish and psa_mac_verify_finish, if the operation is of the wrong type, abort the operation before returning BAD_STATE.
2018-07-08 18:12:23 +00:00
psa_algorithm_t alg);
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Add a message fragment to a multipart MAC operation.
*
* The application must call psa_mac_sign_setup() or psa_mac_verify_setup()
* before calling this function.
*
* If this function returns an error status, the operation becomes inactive.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active MAC operation.
* \param[in] input Buffer containing the message fragment to add to
* the MAC calculation.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param input_length Size of the \p input buffer in bytes.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or already completed).
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
psa_status_t psa_mac_update(psa_mac_operation_t *operation,
const uint8_t *input,
size_t input_length);
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Finish the calculation of the MAC of a message.
*
* The application must call psa_mac_sign_setup() before calling this function.
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update().
*
* When this function returns, the operation becomes inactive.
*
* \warning Applications should not call this function if they expect
* a specific value for the MAC. Call psa_mac_verify_finish() instead.
* Beware that comparing integrity or authenticity data such as
* MAC values with a function such as \c memcmp is risky
* because the time taken by the comparison may leak information
* about the MAC value which could allow an attacker to guess
* a valid MAC and thereby bypass security controls.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active MAC operation.
* \param[out] mac Buffer where the MAC value is to be written.
* \param mac_size Size of the \p mac buffer in bytes.
* \param[out] mac_length On success, the number of bytes
* that make up the MAC value. This is always
Doc: Minor formatting and copy fixes
2018-07-12 17:40:46 +00:00
* #PSA_MAC_FINAL_SIZE(\c key_type, \c key_bits, \c alg)
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* where \c key_type and \c key_bits are the type and
Doc: Minor formatting and copy fixes
2018-07-12 17:40:46 +00:00
* bit-size respectively of the key and \c alg is the
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* MAC algorithm that is calculated.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or already completed).
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* The size of the \p mac buffer is too small. You can determine a
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* sufficient buffer size by calling PSA_MAC_FINAL_SIZE().
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish Make function names for multipart operations more consistent (MAC finish edition).
2018-07-08 17:56:25 +00:00
psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation,
uint8_t *mac,
size_t mac_size,
size_t *mac_length);
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Finish the calculation of the MAC of a message and compare it with
* an expected value.
*
* The application must call psa_mac_verify_setup() before calling this function.
* This function calculates the MAC of the message formed by concatenating
* the inputs passed to preceding calls to psa_mac_update(). It then
* compares the calculated MAC with the expected MAC passed as a
* parameter to this function.
*
* When this function returns, the operation becomes inactive.
*
* \note Implementations shall make the best effort to ensure that the
* comparison between the actual MAC and the expected MAC is performed
* in constant time.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active MAC operation.
* \param[in] mac Buffer containing the expected MAC value.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param mac_length Size of the \p mac buffer in bytes.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* The expected MAC is identical to the actual MAC of the message.
* \retval #PSA_ERROR_INVALID_SIGNATURE
* The MAC of the message was calculated successfully, but it
* differs from the expected MAC.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or already completed).
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Rename psa_mac_{finish,verify} -> psa_mac_{sign,verify}_finish Make function names for multipart operations more consistent (MAC finish edition).
2018-07-08 17:56:25 +00:00
psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation,
const uint8_t *mac,
size_t mac_length);
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Abort a MAC operation.
*
* Aborting an operation frees all associated resources except for the
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation by calling
* psa_mac_sign_setup() or psa_mac_verify_setup() again.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* You may call this function any time after the operation object has
* been initialized by any of the following methods:
* - A call to psa_mac_sign_setup() or psa_mac_verify_setup(), whether
* it succeeds or not.
* - Initializing the \c struct to all-bits-zero.
* - Initializing the \c struct to logical zeros, e.g.
* `psa_mac_operation_t operation = {0}`.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* In particular, calling psa_mac_abort() after the operation has been
* terminated by a call to psa_mac_abort(), psa_mac_sign_finish() or
* psa_mac_verify_finish() is safe and has no effect.
*
* \param[in,out] operation Initialized MAC operation.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p operation is not an active MAC operation.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
PSA: Implement MAC functions Implement psa_mac_start, psa_mac_update and psa_mac_final. Implement HMAC anc CMAC. Smoke tests.
2018-02-08 09:02:12 +00:00
psa_status_t psa_mac_abort(psa_mac_operation_t *operation);
/**@}*/
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
/** \defgroup cipher Symmetric ciphers
* @{
*/
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
/** Encrypt a message using a symmetric cipher.
*
* This function encrypts a message with a random IV (initialization
* vector).
*
* \param handle Handle to the key to use for the operation.
* It must remain valid until the operation
* terminates.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the message to encrypt.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* The output contains the IV followed by
* the ciphertext proper.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_cipher_encrypt(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/** Decrypt a message using a symmetric cipher.
*
* This function decrypts a message encrypted with a symmetric cipher.
*
* \param handle Handle to the key to use for the operation.
* It must remain valid until the operation
* terminates.
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
* \param[in] input Buffer containing the message to decrypt.
* This consists of the IV followed by the
* ciphertext proper.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the plaintext is to be written.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Declare one-shot hash, MAC and cipher functions Declare and document one-shot hash, MAC and cipher functions. This commit does not contain any implementation or tests.
2019-01-14 19:18:12 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not a cipher algorithm.
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_cipher_decrypt(psa_key_handle_t handle,
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
/** The type of the state data structure for multipart cipher operations.
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
*
* Before calling any function on a cipher operation object, the application
* must initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_cipher_operation_t operation;
* memset(&operation, 0, sizeof(operation));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_cipher_operation_t operation = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_CIPHER_OPERATION_INIT,
* for example:
* \code
* psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
* \endcode
* - Assign the result of the function psa_cipher_operation_init()
* to the structure, for example:
* \code
* psa_cipher_operation_t operation;
* operation = psa_cipher_operation_init();
* \endcode
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
/** \def PSA_CIPHER_OPERATION_INIT
*
* This macro returns a suitable initializer for a cipher operation object of
* type #psa_cipher_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_CIPHER_OPERATION_INIT {0}
#endif
/** Return an initial value for a cipher operation object.
*/
static psa_cipher_operation_t psa_cipher_operation_init(void);
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
/** Set the key for a multipart symmetric encryption operation.
*
* The sequence of operations to encrypt a message with a symmetric cipher
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_cipher_operation_t, e.g.
* PSA_CIPHER_OPERATION_INIT.
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
* -# Call psa_cipher_encrypt_setup() to specify the algorithm and key.
Update documentation due to function renaming
2018-08-02 11:19:33 +00:00
* -# Call either psa_cipher_generate_iv() or psa_cipher_set_iv() to
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
* generate or set the IV (initialization vector). You should use
Update documentation due to function renaming
2018-08-02 11:19:33 +00:00
* psa_cipher_generate_iv() unless the protocol you are implementing
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
* requires a specific IV value.
* -# Call psa_cipher_update() zero, one or more times, passing a fragment
* of the message each time.
* -# Call psa_cipher_finish().
*
* The application may call psa_cipher_abort() at any time after the operation
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
* has been initialized.
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
* After a successful call to psa_cipher_encrypt_setup(), the application must
Clarify how multipart operations get terminated
2018-03-20 16:54:15 +00:00
* eventually terminate the operation. The following events terminate an
* operation:
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* - A failed call to any of the \c psa_cipher_xxx functions.
Fix some typos and copypasta
2018-03-20 16:54:53 +00:00
* - A call to psa_cipher_finish() or psa_cipher_abort().
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_cipher_operation_t and not yet in use.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
Document that destroying a key aborts any ongoing operation Document that psa_close_key() and psa_destroy_key() abort any ongoing multipart operation that is using the key. This is not implemented yet.
2019-01-14 17:24:53 +00:00
* It must remain valid until the operation
* terminates.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p alg is not supported or is not a cipher algorithm.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Document BAD_STATE errors for multipart operation setup functions Future commits will implement this and add tests.
2019-01-10 10:51:17 +00:00
* The operation state is not valid (already set up and not
* subsequently completed).
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*/
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_key_handle_t handle,
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
psa_algorithm_t alg);
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
/** Set the key for a multipart symmetric decryption operation.
*
* The sequence of operations to decrypt a message with a symmetric cipher
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_cipher_operation_t, e.g.
* PSA_CIPHER_OPERATION_INIT.
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
* -# Call psa_cipher_decrypt_setup() to specify the algorithm and key.
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* -# Call psa_cipher_set_iv() with the IV (initialization vector) for the
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
* decryption. If the IV is prepended to the ciphertext, you can call
* psa_cipher_update() on a buffer containing the IV followed by the
* beginning of the message.
* -# Call psa_cipher_update() zero, one or more times, passing a fragment
* of the message each time.
* -# Call psa_cipher_finish().
*
* The application may call psa_cipher_abort() at any time after the operation
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
* has been initialized.
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
* After a successful call to psa_cipher_decrypt_setup(), the application must
Clarify how multipart operations get terminated
2018-03-20 16:54:15 +00:00
* eventually terminate the operation. The following events terminate an
* operation:
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* - A failed call to any of the \c psa_cipher_xxx functions.
Fix some typos and copypasta
2018-03-20 16:54:53 +00:00
* - A call to psa_cipher_finish() or psa_cipher_abort().
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
psa: Add initializers for cipher operation objects Add new initializers for cipher operation objects and use them in our tests and library code. Prefer using the macro initializers due to their straightforwardness.
2019-01-04 11:48:27 +00:00
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_cipher_operation_t and not yet in use.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
Document that destroying a key aborts any ongoing operation Document that psa_close_key() and psa_destroy_key() abort any ongoing multipart operation that is using the key. This is not implemented yet.
2019-01-14 17:24:53 +00:00
* It must remain valid until the operation
* terminates.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg The cipher algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_CIPHER(\p alg) is true).
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p alg is not supported or is not a cipher algorithm.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Document BAD_STATE errors for multipart operation setup functions Future commits will implement this and add tests.
2019-01-10 10:51:17 +00:00
* The operation state is not valid (already set up and not
* subsequently completed).
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
*/
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_key_handle_t handle,
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
psa_algorithm_t alg);
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Generate an IV for a symmetric encryption operation.
*
* This function generates a random IV (initialization vector), nonce
* or initial counter value for the encryption operation as appropriate
* for the chosen algorithm, key type and key size.
*
* The application must call psa_cipher_encrypt_setup() before
* calling this function.
*
* If this function returns an error status, the operation becomes inactive.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active cipher operation.
* \param[out] iv Buffer where the generated IV is to be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param iv_size Size of the \p iv buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] iv_length On success, the number of bytes of the
* generated IV.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or IV already set).
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Doc: Minor formatting and copy fixes
2018-07-12 17:40:46 +00:00
* The size of the \p iv buffer is too small.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation,
unsigned char *iv,
size_t iv_size,
size_t *iv_length);
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Set the IV for a symmetric encryption or decryption operation.
*
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* This function sets the IV (initialization vector), nonce
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* or initial counter value for the encryption or decryption operation.
*
* The application must call psa_cipher_encrypt_setup() before
* calling this function.
*
* If this function returns an error status, the operation becomes inactive.
*
* \note When encrypting, applications should use psa_cipher_generate_iv()
* instead of this function, unless implementing a protocol that requires
* a non-random IV.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active cipher operation.
* \param[in] iv Buffer containing the IV to use.
* \param iv_length Size of the IV in bytes.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, or IV already set).
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* The size of \p iv is not acceptable for the chosen algorithm,
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* or the chosen algorithm does not use an IV.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Rename psa cipher functions to psa_cipher_xxx Make function names for multipart operations more consistent (cipher edition). Rename symmetric cipher multipart operation functions so that they all start with psa_cipher_: * psa_encrypt_setup -> psa_cipher_encrypt_setup * psa_decrypt_setup -> psa_cipher_decrypt_setup * psa_encrypt_set_iv -> psa_cipher_set_iv * psa_encrypt_generate_iv -> psa_cipher_generate_iv
2018-07-08 19:39:34 +00:00
psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation,
const unsigned char *iv,
size_t iv_length);
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Encrypt or decrypt a message fragment in an active cipher operation.
*
Doc: clarify the preconditions for psa_cipher_update
2018-07-12 18:15:32 +00:00
* Before calling this function, you must:
* 1. Call either psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup().
* The choice of setup function determines whether this function
* encrypts or decrypts its input.
* 2. If the algorithm requires an IV, call psa_cipher_generate_iv()
* (recommended when encrypting) or psa_cipher_set_iv().
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* If this function returns an error status, the operation becomes inactive.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active cipher operation.
* \param[in] input Buffer containing the message fragment to
* encrypt or decrypt.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param input_length Size of the \p input buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output Buffer where the output is to be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param output_size Size of the \p output buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, IV required but
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* not set, or already completed).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
psa_status_t psa_cipher_update(psa_cipher_operation_t *operation,
const uint8_t *input,
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-03-12 13:59:30 +00:00
size_t input_length,
Normalize whitespace Normalize whitespace to Mbed TLS standards. There are only whitespace changes in this commit.
2018-06-18 13:41:12 +00:00
unsigned char *output,
size_t output_size,
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-03-12 13:59:30 +00:00
size_t *output_length);
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Finish encrypting or decrypting a message in a cipher operation.
*
* The application must call psa_cipher_encrypt_setup() or
* psa_cipher_decrypt_setup() before calling this function. The choice
* of setup function determines whether this function encrypts or
* decrypts its input.
*
* This function finishes the encryption or decryption of the message
* formed by concatenating the inputs passed to preceding calls to
* psa_cipher_update().
*
* When this function returns, the operation becomes inactive.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in,out] operation Active cipher operation.
* \param[out] output Buffer where the output is to be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param output_size Size of the \p output buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
Copyedit the documentation of multipart operation functions Finish changing "start" to "set up". Correct the way to set an IV for decryption: it's set_iv(), not update(). When decrypting, the IV is given, not random.
2019-01-14 17:29:18 +00:00
* The operation state is not valid (not set up, IV required but
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* not set, or already completed).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation,
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-03-12 13:59:30 +00:00
uint8_t *output,
add missing parameter output_size on psa_cipher_finish
2018-04-22 17:16:58 +00:00
size_t output_size,
initial implementation for PSA symmetric APIs - missing tests and documentations
2018-03-12 13:59:30 +00:00
size_t *output_length);
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
/** Abort a cipher operation.
*
* Aborting an operation frees all associated resources except for the
Improve documentation of abort functions Explicitly state that calling abort is safe after initializing to zero. Explicitly state that calling abort on an inactive operation is safe, and replace "active" by "initialized" in the description of the parameter. Get rid of the recommendation for implementers to try to handle uninitialized structures safely. It's good advice in principle but cannot be achieved in a robust way and the wording was confusing.
2018-07-13 13:33:43 +00:00
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation by calling
* psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup() again.
*
* You may call this function any time after the operation object has
* been initialized by any of the following methods:
* - A call to psa_cipher_encrypt_setup() or psa_cipher_decrypt_setup(),
* whether it succeeds or not.
* - Initializing the \c struct to all-bits-zero.
* - Initializing the \c struct to logical zeros, e.g.
* `psa_cipher_operation_t operation = {0}`.
*
* In particular, calling psa_cipher_abort() after the operation has been
* terminated by a call to psa_cipher_abort() or psa_cipher_finish()
* is safe and has no effect.
*
* \param[in,out] operation Initialized cipher operation.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p operation is not an active cipher operation.
Doc: write documentation for many macros and functions As of this commit, all #identifier links in the documentation are resolved.
2018-07-11 22:30:52 +00:00
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
Prototypes for symmetric cipher functions
2018-03-03 20:27:18 +00:00
psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation);
/**@}*/
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
/** \defgroup aead Authenticated encryption with associated data (AEAD)
* @{
*/
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
/** Process an authenticated encryption operation.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* \param alg The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
Doc: fix formatting of some macro arguments in explanations
2018-07-11 22:34:26 +00:00
* #PSA_ALG_IS_AEAD(\p alg) is true).
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] nonce Nonce or IV to use.
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* \param nonce_length Size of the \p nonce buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] additional_data Additional data that will be authenticated
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* but not encrypted.
* \param additional_data_length Size of \p additional_data in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] plaintext Data that will be authenticated and
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* encrypted.
* \param plaintext_length Size of \p plaintext in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] ciphertext Output buffer for the authenticated and
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* encrypted data. The additional data is not
* part of this output. For algorithms where the
* encrypted data and the authentication tag
* are defined as separate outputs, the
* authentication tag is appended to the
* encrypted data.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
* This must be at least
* #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg,
* \p plaintext_length).
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] ciphertext_length On success, the size of the output
Fix typos in doxygen formatting commands
2019-02-08 10:22:39 +00:00
* in the \p ciphertext buffer.
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p alg is not supported or is not an AEAD algorithm.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_aead_encrypt(psa_key_handle_t handle,
Fix nonstandard whitespace
2018-07-19 13:51:49 +00:00
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
const uint8_t *additional_data,
size_t additional_data_length,
const uint8_t *plaintext,
size_t plaintext_length,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length);
Change AEAD APIs to integrated AEAD APIs. Change AEAD APIs to integrated AEAD APIs, this will allow t support CCM and GCM algorithms.
2018-04-25 21:51:02 +00:00
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
/** Process an authenticated decryption operation.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* \param alg The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
Doc: fix formatting of some macro arguments in explanations
2018-07-11 22:34:26 +00:00
* #PSA_ALG_IS_AEAD(\p alg) is true).
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] nonce Nonce or IV to use.
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* \param nonce_length Size of the \p nonce buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] additional_data Additional data that has been authenticated
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* but not encrypted.
* \param additional_data_length Size of \p additional_data in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] ciphertext Data that has been authenticated and
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* encrypted. For algorithms where the
* encrypted data and the authentication tag
* are defined as separate inputs, the buffer
* must contain the encrypted data followed
* by the authentication tag.
* \param ciphertext_length Size of \p ciphertext in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] plaintext Output buffer for the decrypted data.
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* \param plaintext_size Size of the \p plaintext buffer in bytes.
* This must be at least
* #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg,
* \p ciphertext_length).
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] plaintext_length On success, the size of the output
Fix typos in doxygen formatting commands
2019-02-08 10:22:39 +00:00
* in the \p plaintext buffer.
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INVALID_SIGNATURE
Document AEAD functions Write documentation for psa_aead_encrypt and psa_aead_decrypt. Define macros PSA_AEAD_ENCRYPT_OUTPUT_SIZE and PSA_AEAD_DECRYPT_OUTPUT_SIZE (untested).
2018-06-01 14:29:38 +00:00
* The ciphertext is not authentic.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p alg is not supported or is not an AEAD algorithm.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_aead_decrypt(psa_key_handle_t handle,
Fix nonstandard whitespace
2018-07-19 13:51:49 +00:00
psa_algorithm_t alg,
const uint8_t *nonce,
size_t nonce_length,
const uint8_t *additional_data,
size_t additional_data_length,
const uint8_t *ciphertext,
size_t ciphertext_length,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length);
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
/** The type of the state data structure for multipart AEAD operations.
*
* Before calling any function on an AEAD operation object, the application
* must initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_aead_operation_t operation;
* memset(&operation, 0, sizeof(operation));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_aead_operation_t operation = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_AEAD_OPERATION_INIT,
* for example:
* \code
* psa_aead_operation_t operation = PSA_AEAD_OPERATION_INIT;
* \endcode
* - Assign the result of the function psa_aead_operation_init()
* to the structure, for example:
* \code
* psa_aead_operation_t operation;
* operation = psa_aead_operation_init();
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
/** \def PSA_AEAD_OPERATION_INIT
*
* This macro returns a suitable initializer for an AEAD operation object of
* type #psa_aead_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_AEAD_OPERATION_INIT {0}
#endif
/** Return an initial value for an AEAD operation object.
*/
static psa_aead_operation_t psa_aead_operation_init(void);
/** Set the key for a multipart authenticated encryption operation.
*
* The sequence of operations to encrypt a message with authentication
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_aead_operation_t, e.g.
* PSA_AEAD_OPERATION_INIT.
* -# Call psa_aead_encrypt_setup() to specify the algorithm and key.
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
* -# If needed, call psa_aead_set_lengths() to specify the length of the
* inputs to the subsequent calls to psa_aead_update_ad() and
* psa_aead_update(). See the documentation of psa_aead_set_lengths()
* for details.
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* -# Call either psa_aead_generate_nonce() or psa_aead_set_nonce() to
* generate or set the nonce. You should use
* psa_aead_generate_nonce() unless the protocol you are implementing
* requires a specific nonce value.
* -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
* of the non-encrypted additional authenticated data each time.
* -# Call psa_aead_update() zero, one or more times, passing a fragment
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
* of the message to encrypt each time.
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* -# Call psa_aead_finish().
*
* The application may call psa_aead_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_aead_encrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
* - A failed call to any of the \c psa_aead_xxx functions.
* - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_aead_operation_t and not yet in use.
* \param handle Handle to the key to use for the operation.
* It must remain valid until the operation
* terminates.
* \param alg The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg);
/** Set the key for a multipart authenticated decryption operation.
*
* The sequence of operations to decrypt a message with authentication
* is as follows:
* -# Allocate an operation object which will be passed to all the functions
* listed here.
* -# Initialize the operation object with one of the methods described in the
* documentation for #psa_aead_operation_t, e.g.
* PSA_AEAD_OPERATION_INIT.
* -# Call psa_aead_decrypt_setup() to specify the algorithm and key.
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
* -# If needed, call psa_aead_set_lengths() to specify the length of the
* inputs to the subsequent calls to psa_aead_update_ad() and
* psa_aead_update(). See the documentation of psa_aead_set_lengths()
* for details.
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* -# Call psa_aead_set_nonce() with the nonce for the decryption.
* -# Call psa_aead_update_ad() zero, one or more times, passing a fragment
* of the non-encrypted additional authenticated data each time.
* -# Call psa_aead_update() zero, one or more times, passing a fragment
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
* of the ciphertext to decrypt each time.
* -# Call psa_aead_verify().
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
*
* The application may call psa_aead_abort() at any time after the operation
* has been initialized.
*
* After a successful call to psa_aead_decrypt_setup(), the application must
* eventually terminate the operation. The following events terminate an
* operation:
* - A failed call to any of the \c psa_aead_xxx functions.
* - A call to psa_aead_finish(), psa_aead_verify() or psa_aead_abort().
*
* \param[in,out] operation The operation object to set up. It must have
* been initialized as per the documentation for
* #psa_aead_operation_t and not yet in use.
* \param handle Handle to the key to use for the operation.
* It must remain valid until the operation
* terminates.
* \param alg The AEAD algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_AEAD(\p alg) is true).
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* \p handle is not compatible with \p alg.
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not supported or is not an AEAD algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation,
psa_key_handle_t handle,
psa_algorithm_t alg);
/** Generate a random nonce for an authenticated encryption operation.
*
* This function generates a random nonce for the authenticated encryption
* operation with an appropriate size for the chosen algorithm, key type
* and key size.
*
* The application must call psa_aead_encrypt_setup() before
* calling this function.
*
* If this function returns an error status, the operation becomes inactive.
*
* \param[in,out] operation Active AEAD operation.
* \param[out] nonce Buffer where the generated nonce is to be
* written.
* \param nonce_size Size of the \p nonce buffer in bytes.
* \param[out] nonce_length On success, the number of bytes of the
* generated nonce.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, or nonce already set).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p nonce buffer is too small.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation,
unsigned char *nonce,
size_t nonce_size,
size_t *nonce_length);
/** Set the nonce for an authenticated encryption or decryption operation.
*
* This function sets the nonce for the authenticated
* encryption or decryption operation.
*
* The application must call psa_aead_encrypt_setup() before
* calling this function.
*
* If this function returns an error status, the operation becomes inactive.
*
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
* \note When encrypting, applications should use psa_aead_generate_nonce()
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* instead of this function, unless implementing a protocol that requires
* a non-random IV.
*
* \param[in,out] operation Active AEAD operation.
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
* \param[in] nonce Buffer containing the nonce to use.
* \param nonce_length Size of the nonce in bytes.
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, or nonce already set).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The size of \p nonce is not acceptable for the chosen algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation,
const unsigned char *nonce,
size_t nonce_length);
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
/** Declare the lengths of the message and additional data for AEAD.
*
* The application must call this function before calling
* psa_aead_update_ad() or psa_aead_update() if the algorithm for
* the operation requires it. If the algorithm does not require it,
* calling this function is optional, but if this function is called
* then the implementation must enforce the lengths.
*
* You may call this function before or after setting the nonce with
* psa_aead_set_nonce() or psa_aead_generate_nonce().
*
* - For #PSA_ALG_CCM, calling this function is required.
* - For the other AEAD algorithms defined in this specification, calling
* this function is not required.
* - For vendor-defined algorithm, refer to the vendor documentation.
*
* \param[in,out] operation Active AEAD operation.
* \param ad_length Size of the non-encrypted additional
* authenticated data in bytes.
* \param plaintext_length Size of the plaintext to encrypt in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, already completed,
* or psa_aead_update_ad() or psa_aead_update() already called).
* \retval #PSA_ERROR_INVALID_ARGUMENT
* At least one of the lengths is not acceptable for the chosen
* algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length);
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
/** Pass additional data to an active AEAD operation.
*
* Additional data is authenticated, but not encrypted.
*
* You may call this function multiple times to pass successive fragments
* of the additional data. You may not call this function after passing
* data to encrypt or decrypt with psa_aead_update().
*
* Before calling this function, you must:
* 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
* 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
*
* If this function returns an error status, the operation becomes inactive.
*
* \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
* there is no guarantee that the input is valid. Therefore, until
* you have called psa_aead_verify() and it has returned #PSA_SUCCESS,
* treat the input as untrusted and prepare to undo any action that
* depends on the input if psa_aead_verify() returns an error status.
*
* \param[in,out] operation Active AEAD operation.
* \param[in] input Buffer containing the fragment of
* additional data.
* \param input_length Size of the \p input buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, nonce not set,
* psa_aead_update() already called, or operation already completed).
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the additional data length that
* was previously specified with psa_aead_set_lengths().
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length);
/** Encrypt or decrypt a message fragment in an active AEAD operation.
*
* Before calling this function, you must:
* 1. Call either psa_aead_encrypt_setup() or psa_aead_decrypt_setup().
* The choice of setup function determines whether this function
* encrypts or decrypts its input.
* 2. Set the nonce with psa_aead_generate_nonce() or psa_aead_set_nonce().
* 3. Call psa_aead_update_ad() to pass all the additional data.
*
* If this function returns an error status, the operation becomes inactive.
*
* \warning When decrypting, until psa_aead_verify() has returned #PSA_SUCCESS,
* there is no guarantee that the input is valid. Therefore, until
* you have called psa_aead_verify() and it has returned #PSA_SUCCESS:
* - Do not use the output in any way other than storing it in a
* confidential location. If you take any action that depends
* on the tentative decrypted data, this action will need to be
* undone if the input turns out not to be valid. Furthermore,
* if an adversary can observe that this action took place
* (for example through timing), they may be able to use this
* fact as an oracle to decrypt any message encrypted with the
* same key.
* - In particular, do not copy the output anywhere but to a
* memory or storage space that you have exclusive access to.
*
* \param[in,out] operation Active AEAD operation.
* \param[in] input Buffer containing the message fragment to
* encrypt or decrypt.
* \param input_length Size of the \p input buffer in bytes.
* \param[out] output Buffer where the output is to be written.
* \param output_size Size of the \p output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, nonce not set
* or already completed).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
* The size of the \p output buffer is too small.
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total input length overflows the plaintext length that
* was previously specified with psa_aead_set_lengths().
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_update(psa_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
unsigned char *output,
size_t output_size,
size_t *output_length);
/** Finish encrypting a message in an AEAD operation.
*
* The operation must have been set up with psa_aead_encrypt_setup().
*
* This function finishes the authentication of the additional data
* formed by concatenating the inputs passed to preceding calls to
* psa_aead_update_ad() with the plaintext formed by concatenating the
* inputs passed to preceding calls to psa_aead_update().
*
* This function has two output buffers:
* - \p ciphertext contains trailing ciphertext that was buffered from
* preceding calls to psa_aead_update(). For all standard AEAD algorithms,
* psa_aead_update() does not buffer any output and therefore \p ciphertext
* will not contain any output and can be a 0-sized buffer.
* - \p tag contains the authentication tag. Its length is always
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* #PSA_AEAD_TAG_LENGTH(\c alg) where \c alg is the AEAD algorithm
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* that the operation performs.
*
* When this function returns, the operation becomes inactive.
*
* \param[in,out] operation Active AEAD operation.
* \param[out] ciphertext Buffer where the last part of the ciphertext
* is to be written.
* \param ciphertext_size Size of the \p ciphertext buffer in bytes.
* \param[out] ciphertext_length On success, the number of bytes of
* returned ciphertext.
* \param[out] tag Buffer where the authentication tag is
* to be written.
* \param tag_size Size of the \p tag buffer in bytes.
* \param[out] tag_length On success, the number of bytes
* that make up the returned tag.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, nonce not set,
* decryption, or already completed).
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* The size of the \p ciphertext or \p tag buffer is too small.
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
Fix typos in recently-added documentation
2019-01-17 14:25:52 +00:00
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
uint8_t *tag,
size_t tag_size,
size_t *tag_length);
/** Finish authenticating and decrypting a message in an AEAD operation.
*
* The operation must have been set up with psa_aead_decrypt_setup().
*
* This function finishes the authentication of the additional data
* formed by concatenating the inputs passed to preceding calls to
* psa_aead_update_ad() with the ciphertext formed by concatenating the
* inputs passed to preceding calls to psa_aead_update().
*
* When this function returns, the operation becomes inactive.
*
* \param[in,out] operation Active AEAD operation.
* \param[in] tag Buffer containing the authentication tag.
* \param tag_length Size of the \p tag buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_BAD_STATE
* The operation state is not valid (not set up, nonce not set,
* encryption, or already completed).
Doc only: Add psa_aead_set_lengths() for the sake of CCM
2019-01-17 14:26:08 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update_ad() so far is
* less than the additional data length that was previously
* specified with psa_aead_set_lengths().
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The total length of input to psa_aead_update() so far is
* less than the plaintext length that was previously
* specified with psa_aead_set_lengths().
Declare multipart AEAD functions Declare and document multipart AEAD functions. This commit does not contain any implementation or tests.
2019-01-14 17:36:12 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_verify(psa_aead_operation_t *operation,
const uint8_t *tag,
size_t tag_length);
/** Abort an AEAD operation.
*
* Aborting an operation frees all associated resources except for the
* \p operation structure itself. Once aborted, the operation object
* can be reused for another operation by calling
* psa_aead_encrypt_setup() or psa_aead_decrypt_setup() again.
*
* You may call this function any time after the operation object has
* been initialized by any of the following methods:
* - A call to psa_aead_encrypt_setup() or psa_aead_decrypt_setup(),
* whether it succeeds or not.
* - Initializing the \c struct to all-bits-zero.
* - Initializing the \c struct to logical zeros, e.g.
* `psa_aead_operation_t operation = {0}`.
*
* In particular, calling psa_aead_abort() after the operation has been
* terminated by a call to psa_aead_abort() or psa_aead_finish()
* is safe and has no effect.
*
* \param[in,out] operation Initialized AEAD operation.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
* \p operation is not an active AEAD operation.
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_aead_abort(psa_aead_operation_t *operation);
Prototypes for AEAD functions This is still tentative.
2018-03-03 20:27:57 +00:00
/**@}*/
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
/** \defgroup asymmetric Asymmetric cryptography
* @{
*/
/**
* \brief Sign a hash or short message with a private key.
*
Clarify that asymmetric_{sign,verify} operate on a hash
2018-06-26 14:14:46 +00:00
* Note that to perform a hash-and-sign signature algorithm, you must
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
Clarify that asymmetric_{sign,verify} operate on a hash
2018-06-26 14:14:46 +00:00
* and psa_hash_finish(). Then pass the resulting hash as the \p hash
* parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
* to determine the hash algorithm to use.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
* It must be an asymmetric key pair.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg A signature algorithm that is compatible with
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* the type of \p handle.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] hash The hash or message to sign.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param hash_length Size of the \p hash buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] signature Buffer where the signature is to be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param signature_size Size of the \p signature buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] signature_length On success, the number of bytes
* that make up the returned signature value.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* The size of the \p signature buffer is too small. You can
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* determine a sufficient buffer size by calling
Doc: fix formatting of some macro arguments in explanations
2018-07-11 22:34:26 +00:00
* #PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* where \c key_type and \c key_bits are the type and bit-size
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* respectively of \p handle.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_asymmetric_sign(psa_key_handle_t handle,
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
uint8_t *signature,
size_t signature_size,
size_t *signature_length);
/**
* \brief Verify the signature a hash or short message using a public key.
*
Clarify that asymmetric_{sign,verify} operate on a hash
2018-06-26 14:14:46 +00:00
* Note that to perform a hash-and-sign signature algorithm, you must
Rename psa_hash_start -> psa_hash_setup Make function names for multipart operations more consistent (hash edition).
2018-07-08 17:46:38 +00:00
* first calculate the hash by calling psa_hash_setup(), psa_hash_update()
Clarify that asymmetric_{sign,verify} operate on a hash
2018-06-26 14:14:46 +00:00
* and psa_hash_finish(). Then pass the resulting hash as the \p hash
* parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
* to determine the hash algorithm to use.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
* It must be a public key or an asymmetric key pair.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* \param alg A signature algorithm that is compatible with
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* the type of \p handle.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] hash The hash or message whose signature is to be
Clarify that asymmetric_{sign,verify} operate on a hash
2018-06-26 14:14:46 +00:00
* verified.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param hash_length Size of the \p hash buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] signature Buffer containing the signature to verify.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param signature_length Size of the \p signature buffer in bytes.
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* The signature is valid.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_INVALID_SIGNATURE
Wrote documentation for several functions, macros and types Document key import/export functions, hash functions, and asymmetric sign/verify, as well as some related macros and types. Nicer formatting for return values: use \retval.
2018-02-08 08:47:44 +00:00
* The calculation was perfomed successfully, but the passed
* signature is not a valid signature.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_asymmetric_verify(psa_key_handle_t handle,
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
psa_algorithm_t alg,
const uint8_t *hash,
size_t hash_length,
Add missing const for signature parameter of psa_asymmetric_verify
2018-06-27 12:58:41 +00:00
const uint8_t *signature,
Fix parameter name signature_size for psa_asymmetric_verify It should have been signature_length, following our conventions.
2018-06-27 16:19:40 +00:00
size_t signature_length);
PSA crypto: asymmetric signature (RSA PKCS#1v1.5 only) Define hash algorithms and RSA signature algorithms. New function psa_asymmetric_sign. Implement psa_asymmetric_sign for RSA PKCS#1 v1.5.
2018-02-03 21:44:14 +00:00
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
/**
* \brief Encrypt a short message with a public key.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
* It must be a public key or an asymmetric
* key pair.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg An asymmetric encryption algorithm that is
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* compatible with the type of \p handle.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] input The message to encrypt.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param input_length Size of the \p input buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] salt A salt or label, if supported by the
* encryption algorithm.
* If the algorithm does not support a
* salt, pass \c NULL.
* If the algorithm supports an optional
* salt and you do not want to pass a salt,
* pass \c NULL.
*
* - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
* supported.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param salt_length Size of the \p salt buffer in bytes.
* If \p salt is \c NULL, pass 0.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output Buffer where the encrypted message is to
* be written.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param output_size Size of the \p output buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* The size of the \p output buffer is too small. You can
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
* determine a sufficient buffer size by calling
Doc: fix formatting of some macro arguments in explanations
2018-07-11 22:34:26 +00:00
* #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
* where \c key_type and \c key_bits are the type and bit-size
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* respectively of \p handle.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_asymmetric_encrypt(psa_key_handle_t handle,
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *salt,
size_t salt_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
/**
* \brief Decrypt a short message with a private key.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the key to use for the operation.
* It must be an asymmetric key pair.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param alg An asymmetric encryption algorithm that is
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* compatible with the type of \p handle.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] input The message to decrypt.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param input_length Size of the \p input buffer in bytes.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[in] salt A salt or label, if supported by the
* encryption algorithm.
* If the algorithm does not support a
* salt, pass \c NULL.
* If the algorithm supports an optional
* salt and you do not want to pass a salt,
* pass \c NULL.
*
* - For #PSA_ALG_RSA_PKCS1V15_CRYPT, no salt is
* supported.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \param salt_length Size of the \p salt buffer in bytes.
* If \p salt is \c NULL, pass 0.
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output Buffer where the decrypted message is to
* be written.
* \param output_size Size of the \c output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* The size of the \p output buffer is too small. You can
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
* determine a sufficient buffer size by calling
Doc: Minor formatting and copy fixes
2018-07-12 17:40:46 +00:00
* #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
* where \c key_type and \c key_bits are the type and bit-size
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* respectively of \p handle.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_INVALID_PADDING
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
*/
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_status_t psa_asymmetric_decrypt(psa_key_handle_t handle,
New functions: asymmetric encrypt/decrypt
2018-03-28 12:18:39 +00:00
psa_algorithm_t alg,
const uint8_t *input,
size_t input_length,
const uint8_t *salt,
size_t salt_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
Add key management functions Define psa_key_type_t and a first stab at a few values. New functions psa_import_key, psa_export_key, psa_destroy_key, psa_get_key_information. Implement them for raw data and RSA. Under the hood, create an in-memory, fixed-size keystore with room for MBEDTLS_PSA_KEY_SLOT_COUNT - 1 keys.
2018-01-28 12:16:24 +00:00
/**@}*/
Fix doxygen warnings * Broken link #PSA_ALG_SHA_256 * Duplicate group name "generators" * Missing documentation in psa_generate_key_extra_rsa due to bad magic comment marker
2018-07-20 15:42:05 +00:00
/** \defgroup generators Generators
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* @{
*/
/** The type of the state data structure for generators.
*
* Before calling any function on a generator, the application must
* initialize it by any of the following means:
* - Set the structure to all-bits-zero, for example:
* \code
* psa_crypto_generator_t generator;
* memset(&generator, 0, sizeof(generator));
* \endcode
* - Initialize the structure to logical zero values, for example:
* \code
* psa_crypto_generator_t generator = {0};
* \endcode
* - Initialize the structure to the initializer #PSA_CRYPTO_GENERATOR_INIT,
* for example:
* \code
* psa_crypto_generator_t generator = PSA_CRYPTO_GENERATOR_INIT;
* \endcode
* - Assign the result of the function psa_crypto_generator_init()
* to the structure, for example:
* \code
* psa_crypto_generator_t generator;
* generator = psa_crypto_generator_init();
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation.
*/
typedef struct psa_crypto_generator_s psa_crypto_generator_t;
/** \def PSA_CRYPTO_GENERATOR_INIT
*
* This macro returns a suitable initializer for a generator object
* of type #psa_crypto_generator_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_CRYPTO_GENERATOR_INIT {0}
#endif
/** Return an initial value for a generator object.
*/
static psa_crypto_generator_t psa_crypto_generator_init(void);
/** Retrieve the current capacity of a generator.
*
* The capacity of a generator is the maximum number of bytes that it can
* return. Reading *N* bytes from a generator reduces its capacity by *N*.
*
* \param[in] generator The generator to query.
* \param[out] capacity On success, the capacity of the generator.
*
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
*/
psa_status_t psa_get_generator_capacity(const psa_crypto_generator_t *generator,
size_t *capacity);
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
/** Set the maximum capacity of a generator.
*
* \param[in,out] generator The generator object to modify.
* \param capacity The new capacity of the generator.
* It must be less or equal to the generator's
* current capacity.
*
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p capacity is larger than the generator's current capacity.
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
*/
psa_status_t psa_set_generator_capacity(psa_crypto_generator_t *generator,
size_t capacity);
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
/** Read some data from a generator.
*
* This function reads and returns a sequence of bytes from a generator.
* The data that is read is discarded from the generator. The generator's
* capacity is decreased by the number of bytes read.
*
* \param[in,out] generator The generator object to read from.
* \param[out] output Buffer where the generator output will be
* written.
* \param output_length Number of bytes to output.
*
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_SUCCESS
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_DATA
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* There were fewer than \p output_length bytes
* in the generator. Note that in this case, no
* output is written to the output buffer.
* The generator's capacity is set to 0, thus
* subsequent calls to this function will not
* succeed, even with a smaller output buffer.
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
*/
psa_status_t psa_generator_read(psa_crypto_generator_t *generator,
uint8_t *output,
size_t output_length);
Specify psa_generator_import_key for each key type psa_generator_import_key() was only specified for "symmetric keys", and there were some mistakes in the specification. Rewrite the specification and extend it to other key types. * For most private key types, specify that the function draws a byte string repeatedly until the byte string is suitable. * For DES, despite being a symmetric key type, re-drawing is necessary. * For Montgomery curves, despite being asymmetric, no re-drawing is necessary. * Specify the behavior for every standard key type other than RSA. An implementation doesn't have to support all key types, but if it does, it's better to have a standard.
2019-03-11 16:30:31 +00:00
/** Generate a key deterministically from data read from a generator.
*
* This function uses the output of a generator to derive a key.
* How much output it consumes and how the key is derived depends on the
* key type.
*
* - For key types for which the key is an arbitrary sequence of bytes
* of a given size,
* this function is functionally equivalent to calling #psa_generator_read
* and passing the resulting output to #psa_import_key.
* However, this function has a security benefit:
* if the implementation provides an isolation boundary then
* the key material is not exposed outside the isolation boundary.
* As a consequence, for these key types, this function always consumes
* exactly (\p bits / 8) bytes from the generator.
* The following key types defined in this specification follow this scheme:
*
* - #PSA_KEY_TYPE_AES;
* - #PSA_KEY_TYPE_ARC4;
* - #PSA_KEY_TYPE_CAMELLIA;
* - #PSA_KEY_TYPE_DERIVE;
* - #PSA_KEY_TYPE_HMAC.
*
* - For ECC keys on a Montgomery elliptic curve
* (#PSA_KEY_TYPE_ECC_KEYPAIR(\c curve) where \c curve designates a
* Montgomery curve), this function always draws a byte string whose
* length is determined by the curve, and sets the mandatory bits
* accordingly. That is:
*
* - #PSA_ECC_CURVE_CURVE25519: draw a 32-byte string
* and process it as specified in RFC 7748 &sect;5.
* - #PSA_ECC_CURVE_CURVE448: draw a 56-byte string
* and process it as specified in RFC 7748 &sect;5.
*
* - For key types for which the key is represented by a single sequence of
* \p bits bits with constraints as to which bit sequences are acceptable,
* this function draws a byte string of length (\p bits / 8) bytes rounded
* up to the nearest whole number of bytes. If the resulting byte string
* is acceptable, it becomes the key, otherwise the drawn bytes are discarded.
* This process is repeated until an acceptable byte string is drawn.
* The byte string drawn from the generator is interpreted as specified
* for the output produced by psa_export_key().
* The following key types defined in this specification follow this scheme:
*
Clarify deterministic generation by re-drawing For DH, ECC (Weierstrass curves) and DSA, specify that the re-drawing method is the one defined by NIST as "key-pair generation by testing candidates", and describe it unambiguously. Also specify DES explicitly.
2019-03-11 16:59:16 +00:00
* - #PSA_KEY_TYPE_DES.
* Force-set the parity bits, but discard forbidden weak keys.
* For 2-key and 3-key triple-DES, the three keys are generated
* successively (for example, for 3-key triple-DES,
* if the first 8 bytes specify a weak key and the next 8 bytes do not,
* discard the first 8 bytes, use the next 8 bytes as the first key,
* and continue reading output from the generator to derive the other
* two keys).
* - Finite-field Diffie-Hellman keys (#PSA_KEY_TYPE_DH_KEYPAIR),
* DSA keys (#PSA_KEY_TYPE_DSA_KEYPAIR), and
* ECC keys on a Weierstrass elliptic curve
* (#PSA_KEY_TYPE_ECC_KEYPAIR(\c curve) where \c curve designates a
* Weierstrass curve).
* For these key types, interpret the byte string as integer
* in big-endian order. Discard it if it is not in the range
* [0, *N* - 2] where *N* is the boundary of the private key domain
* (the prime *p* for Diffie-Hellman, the subprime *q* for DSA,
psa_generator_import_key (ECC): minor corrections
2019-03-12 10:50:26 +00:00
* or the order of the curve's base point for ECC).
Clarify deterministic generation by re-drawing For DH, ECC (Weierstrass curves) and DSA, specify that the re-drawing method is the one defined by NIST as "key-pair generation by testing candidates", and describe it unambiguously. Also specify DES explicitly.
2019-03-11 16:59:16 +00:00
* Add 1 to the resulting integer and use this as the private key *x*.
psa_generator_import_key (ECC): minor corrections
2019-03-12 10:50:26 +00:00
* This method allows compliance to NIST standards, specifically
* the methods titled "key-pair generation by testing candidates"
Clarify deterministic generation by re-drawing For DH, ECC (Weierstrass curves) and DSA, specify that the re-drawing method is the one defined by NIST as "key-pair generation by testing candidates", and describe it unambiguously. Also specify DES explicitly.
2019-03-11 16:59:16 +00:00
* in NIST SP 800-56A &sect;5.6.1.1.4 for Diffie-Hellman,
* in FIPS 186-4 &sect;B.1.2 for DSA, and
* in NIST SP 800-56A &sect;5.6.1.2.2 or
* FIPS 186-4 &sect;B.4.2 for elliptic curve keys.
Specify psa_generator_import_key for each key type psa_generator_import_key() was only specified for "symmetric keys", and there were some mistakes in the specification. Rewrite the specification and extend it to other key types. * For most private key types, specify that the function draws a byte string repeatedly until the byte string is suitable. * For DES, despite being a symmetric key type, re-drawing is necessary. * For Montgomery curves, despite being asymmetric, no re-drawing is necessary. * Specify the behavior for every standard key type other than RSA. An implementation doesn't have to support all key types, but if it does, it's better to have a standard.
2019-03-11 16:30:31 +00:00
*
* - For other key types, including #PSA_KEY_TYPE_RSA_KEYPAIR,
* the way in which the generator output is consumed is
* implementation-defined.
*
* In all cases, the data that is read is discarded from the generator.
* The generator's capacity is decreased by the number of bytes read.
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the slot where the key will be stored.
Don't require a type and size when creating a key slot Remove the type and bits arguments to psa_allocate_key() and psa_create_key(). They can be useful if the implementation wants to know exactly how much space to allocate for the slot, but many implementations (including ours) don't care, and it's possible to work around their lack by deferring size-dependent actions to the time when the key material is created. They are a burden to applications and make the API more complex, and the benefits aren't worth it. Change the API and adapt the implementation, the units test and the sample code accordingly.
2019-01-19 11:20:52 +00:00
* It must have been obtained by calling
* psa_allocate_key() or psa_create_key() and must
* not contain key material yet.
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
Fix Doxygen warnings
2019-03-12 12:23:17 +00:00
* This must be a secret key type or a key pair type.
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* \param bits Key size in bits.
* \param[in,out] generator The generator object to read from.
*
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_SUCCESS
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* Success.
Update some documentation related to key slots Some of the documentation is obsolete in its reference to key slots when it should discuss key handles. This may require a further pass, possibly with some reorganization of error codes. Update the documentation of functions that modify key slots (key material creation and psa_set_key_policy()) to discuss how they affect storage.
2018-12-11 14:51:32 +00:00
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_DATA
Specify psa_generator_import_key for each key type psa_generator_import_key() was only specified for "symmetric keys", and there were some mistakes in the specification. Rewrite the specification and extend it to other key types. * For most private key types, specify that the function draws a byte string repeatedly until the byte string is suitable. * For DES, despite being a symmetric key type, re-drawing is necessary. * For Montgomery curves, despite being asymmetric, no re-drawing is necessary. * Specify the behavior for every standard key type other than RSA. An implementation doesn't have to support all key types, but if it does, it's better to have a standard.
2019-03-11 16:30:31 +00:00
* There was not enough data to create the desired key.
* Note that in this case, no output is written to the output buffer.
* The generator's capacity is set to 0, thus subsequent calls to
* this function will not succeed, even with a smaller output buffer.
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* The key type or key size is not supported, either by the
* implementation in general or in this particular slot.
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_ERROR_BAD_STATE
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_ALREADY_EXISTS
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
* There is already a key in the specified slot.
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_STORAGE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
*/
Rename functions that inject key material to an allocated handle This commit starts a migration to a new interface for key creation. Today, the application allocates a handle, then fills its metadata, and finally injects key material. The new interface fills metadata into a temporary structure, and a handle is allocated at the same time it gets filled with both metadata and key material. This commit was obtained by moving the declaration of the old-style functions to crypto_extra.h and renaming them with the to_handle suffix, adding declarations for the new-style functions in crypto.h under their new name, and running perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c Many functions that are specific to the old interface, and which will not remain under the same name with the new interface, are still in crypto.h for now. All functional tests should still pass. The documentation may have some broken links.
2019-04-17 10:28:25 +00:00
psa_status_t psa_generator_import_key(const psa_key_attributes_t *attributes,
psa_key_handle_t *handle,
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
size_t bits,
psa_crypto_generator_t *generator);
/** Abort a generator.
*
* Once a generator has been aborted, its capacity is zero.
* Aborting a generator frees all associated resources except for the
* \c generator structure itself.
*
* This function may be called at any time as long as the generator
* object has been initialized to #PSA_CRYPTO_GENERATOR_INIT, to
* psa_crypto_generator_init() or a zero value. In particular, it is valid
* to call psa_generator_abort() twice, or to call psa_generator_abort()
* on a generator that has not been set up.
*
* Once aborted, the generator object may be called.
*
* \param[in,out] generator The generator to abort.
*
Linkify some macros that were just typeset as text
2018-12-11 15:47:35 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_BAD_STATE
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
*/
psa_status_t psa_generator_abort(psa_crypto_generator_t *generator);
Support key derivation with non-predefined capacity psa_key_derivation requires the caller to specify a maximum capacity. This commit adds a special value that indicates that the maximum capacity should be the maximum supported by the algorithm. This is currently meant only for selection algorithms used on the shared secret produced by a key agreement.
2018-09-18 10:06:11 +00:00
/** Use the maximum possible capacity for a generator.
*
* Use this value as the capacity argument when setting up a generator
* to indicate that the generator should have the maximum possible capacity.
* The value of the maximum possible capacity depends on the generator
* algorithm.
*/
#define PSA_GENERATOR_UNBRIDLED_CAPACITY ((size_t)(-1))
Add generator API Add an API for byte generators: psa_crypto_generator_t, PSA_CRYPTO_GENERATOR_INIT, psa_crypto_generator_init, psa_get_generator_capacity, psa_generator_read, psa_generator_import_key, psa_generator_abort. This commit does not yet implement any generator algorithm, it only provides the framework. This code may not compile with -Wunused.
2018-07-12 15:12:33 +00:00
/**@}*/
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
/** \defgroup derivation Key derivation
* @{
*/
/** Set up a key derivation operation.
*
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
* A key derivation algorithm takes some inputs and uses them to create
* a byte generator which can be used to produce keys and other
* cryptographic material.
*
* To use a generator for key derivation:
* - Start with an initialized object of type #psa_crypto_generator_t.
* - Call psa_key_derivation_setup() to select the algorithm.
* - Provide the inputs for the key derivation by calling
* psa_key_derivation_input_bytes() or psa_key_derivation_input_key()
* as appropriate. Which inputs are needed, in what order, and whether
* they may be keys and if so of what type depends on the algorithm.
* - Optionally set the generator's maximum capacity with
* psa_set_generator_capacity(). You may do this before, in the middle of
* or after providing inputs. For some algorithms, this step is mandatory
* because the output depends on the maximum capacity.
* - Generate output with psa_generator_read() or
* psa_generator_import_key(). Successive calls to these functions
* use successive output bytes from the generator.
* - Clean up the generator object with psa_generator_abort().
*
* \param[in,out] generator The generator object to set up. It must
* have been initialized but not set up yet.
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
* \param alg The key derivation algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_KEY_DERIVATION(\p alg) is true).
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c alg is not a key derivation algorithm.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
*/
psa_status_t psa_key_derivation_setup(psa_crypto_generator_t *generator,
psa_algorithm_t alg);
Improve the rules on key derivation input types Use separate step types for a KDF secret and for the private key in a key agreement. Determine which key type is allowed from the step type, independently of the KDF. Forbid raw inputs for certain steps. They definitely should be forbidden for asymmetric keys, which are structured. Also forbid them for KDF secrets: the secrets are supposed to be keys, even if they're unstructured.
2019-01-08 09:31:27 +00:00
/** Provide an input for key derivation or key agreement.
*
* Which inputs are required and in what order depends on the algorithm.
* Refer to the documentation of each key derivation or key agreement
* algorithm for information.
*
* This function passes direct inputs. Some inputs must be passed as keys
* using psa_key_derivation_input_key() instead of this function. Refer to
* the documentation of individual step types for information.
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
*
* \param[in,out] generator The generator object to use. It must
* have been set up with
* psa_key_derivation_setup() and must not
* have produced any output yet.
* \param step Which step the input data is for.
* \param[in] data Input data to use.
* \param data_length Size of the \p data buffer in bytes.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step is not compatible with the generator's algorithm.
Improve the rules on key derivation input types Use separate step types for a KDF secret and for the private key in a key agreement. Determine which key type is allowed from the step type, independently of the KDF. Forbid raw inputs for certain steps. They definitely should be forbidden for asymmetric keys, which are structured. Also forbid them for KDF secrets: the secrets are supposed to be keys, even if they're unstructured.
2019-01-08 09:31:27 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step does not allow direct inputs.
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
* \retval #PSA_ERROR_BAD_STATE
* The value of \p step is not valid given the state of \p generator.
* \retval #PSA_ERROR_BAD_STATE
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
*/
psa_status_t psa_key_derivation_input_bytes(psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
const uint8_t *data,
size_t data_length);
/** Provide an input for key derivation in the form of a key.
*
Improve the rules on key derivation input types Use separate step types for a KDF secret and for the private key in a key agreement. Determine which key type is allowed from the step type, independently of the KDF. Forbid raw inputs for certain steps. They definitely should be forbidden for asymmetric keys, which are structured. Also forbid them for KDF secrets: the secrets are supposed to be keys, even if they're unstructured.
2019-01-08 09:31:27 +00:00
* Which inputs are required and in what order depends on the algorithm.
* Refer to the documentation of each key derivation or key agreement
* algorithm for information.
*
* This function passes key inputs. Some inputs must be passed as keys
* of the appropriate type using this function, while others must be
* passed as direct inputs using psa_key_derivation_input_bytes(). Refer to
* the documentation of individual step types for information.
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
*
* \param[in,out] generator The generator object to use. It must
* have been set up with
* psa_key_derivation_setup() and must not
* have produced any output yet.
* \param step Which step the input data is for.
Improve the rules on key derivation input types Use separate step types for a KDF secret and for the private key in a key agreement. Determine which key type is allowed from the step type, independently of the KDF. Forbid raw inputs for certain steps. They definitely should be forbidden for asymmetric keys, which are structured. Also forbid them for KDF secrets: the secrets are supposed to be keys, even if they're unstructured.
2019-01-08 09:31:27 +00:00
* \param handle Handle to the key. It must have an
* appropriate type for \p step and must
* allow the usage #PSA_KEY_USAGE_DERIVE.
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
*
* \retval #PSA_SUCCESS
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
* \c step is not compatible with the generator's algorithm.
Improve the rules on key derivation input types Use separate step types for a KDF secret and for the private key in a key agreement. Determine which key type is allowed from the step type, independently of the KDF. Forbid raw inputs for certain steps. They definitely should be forbidden for asymmetric keys, which are structured. Also forbid them for KDF secrets: the secrets are supposed to be keys, even if they're unstructured.
2019-01-08 09:31:27 +00:00
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c step does not allow key inputs.
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
* The value of \p step is not valid given the state of \p generator.
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
*/
Key derivation by small input steps: proof-of-concept Document the new API. Keep the old one. Implement for HKDF. Use it in a few test cases. Key agreement is still unchanged.
2019-01-07 21:59:38 +00:00
psa_status_t psa_key_derivation_input_key(psa_crypto_generator_t *generator,
psa_key_derivation_step_t step,
psa_key_handle_t handle);
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
Make key agreement the secret input for key derivation * Documentation * Proof-of-concept implementation * Updates to the tests (work in progress)
2019-01-16 14:53:06 +00:00
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
*
* A key agreement algorithm takes two inputs: a private key \p private_key
* a public key \p peer_key.
Make key agreement the secret input for key derivation * Documentation * Proof-of-concept implementation * Updates to the tests (work in progress)
2019-01-16 14:53:06 +00:00
* The result of this function is passed as input to a key derivation.
* The output of this key derivation can be extracted by reading from the
* resulting generator to produce keys and other cryptographic material.
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
*
Make key agreement the secret input for key derivation * Documentation * Proof-of-concept implementation * Updates to the tests (work in progress)
2019-01-16 14:53:06 +00:00
* \param[in,out] generator The generator object to use. It must
* have been set up with
* psa_key_derivation_setup() with a
Simplify the encoding of key agreement algorithms Get rid of "key selection" algorithms (of which there was only one: raw key selection). Encode key agreement by combining a raw key agreement with a KDF, rather than passing the KDF as an argument of a key agreement macro.
2019-01-18 15:44:49 +00:00
* key agreement and derivation algorithm
* \c alg (\c PSA_ALG_XXX value such that
Fix some copypasta in references to parameter names Validated by perl -ne 'if (/^\/\*\*/) {%param=(); @p=()} if (/\\param.*? (\w+)/) {$param{$1}=1} while (/\\p \*?(\w+)/g) {push @p,[$1,ARGV->input_line_number()]} if (/^\ \*\//) {foreach (@p) {if (!$param{$_->[0]}) {printf "%s:%d: bad \\p %s\n", $ARGV, $_->[1], $_->[0]}}} close ARGV if eof' include/psa/*.h
2019-03-05 18:32:26 +00:00
* #PSA_ALG_IS_KEY_AGREEMENT(\c alg) is true
* and #PSA_ALG_IS_RAW_KEY_AGREEMENT(\c alg)
Simplify the encoding of key agreement algorithms Get rid of "key selection" algorithms (of which there was only one: raw key selection). Encode key agreement by combining a raw key agreement with a KDF, rather than passing the KDF as an argument of a key agreement macro.
2019-01-18 15:44:49 +00:00
* is false).
Make key agreement the secret input for key derivation * Documentation * Proof-of-concept implementation * Updates to the tests (work in progress)
2019-01-16 14:53:06 +00:00
* The generator must be ready for an
* input of the type given by \p step.
* \param step Which step the input data is for.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param private_key Handle to the private key to use.
psa: Expand documentation for psa_key_agreement() Document `peer_key` parameter requirements, including an explanation of how the peer key is used and an example for EC keys.
2019-01-14 16:56:20 +00:00
* \param[in] peer_key Public key of the peer. The peer key must be in the
* same format that psa_import_key() accepts for the
* public key type corresponding to the type of
* private_key. That is, this function performs the
* equivalent of
Fix minor errors in key derivation and key agreement documentation
2019-02-08 10:24:59 +00:00
* #psa_import_key(`internal_public_key_handle`,
* #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEYPAIR(`private_key_type`),
* `peer_key`, `peer_key_length`) where
psa: Expand documentation for psa_key_agreement() Document `peer_key` parameter requirements, including an explanation of how the peer key is used and an example for EC keys.
2019-01-14 16:56:20 +00:00
* `private_key_type` is the type of `private_key`.
* For example, for EC keys, this means that peer_key
* is interpreted as a point on the curve that the
* private key is on. The standard formats for public
* keys are documented in the documentation of
* psa_export_public_key().
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
* \param peer_key_length Size of \p peer_key in bytes.
*
* \retval #PSA_SUCCESS
* Success.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_DOES_NOT_EXIST
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \c private_key is not compatible with \c alg,
* or \p peer_key is not valid for \c alg or not compatible with
* \c private_key.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \c alg is not supported or is not a key derivation algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_agreement(psa_crypto_generator_t *generator,
Make key agreement the secret input for key derivation * Documentation * Proof-of-concept implementation * Updates to the tests (work in progress)
2019-01-16 14:53:06 +00:00
psa_key_derivation_step_t step,
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
psa_key_handle_t private_key,
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
const uint8_t *peer_key,
Make key agreement the secret input for key derivation * Documentation * Proof-of-concept implementation * Updates to the tests (work in progress)
2019-01-16 14:53:06 +00:00
size_t peer_key_length);
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
New function to get the raw shared secret from key agreement The normal way is to pass the shared secret to a key derivation. Having an ad hoc function will allow us to simplify the possible behaviors of key agreement and get rid of "key selection" algorithms which are a hard-to-understand invention of this API.
2019-01-18 15:42:29 +00:00
/** Perform a key agreement and use the shared secret as input to a key
* derivation.
*
* A key agreement algorithm takes two inputs: a private key \p private_key
* a public key \p peer_key.
*
* \warning The raw result of a key agreement algorithm such as finite-field
* Diffie-Hellman or elliptic curve Diffie-Hellman has biases and should
* not be used directly as key material. It should instead be passed as
* input to a key derivation algorithm. To chain a key agreement with
* a key derivation, use psa_key_agreement() and other functions from
* the key derivation and generator interface.
*
Fix minor errors in key derivation and key agreement documentation
2019-02-08 10:24:59 +00:00
* \param alg The key agreement algorithm to compute
* (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_RAW_KEY_AGREEMENT(\p alg)
* is true).
New function to get the raw shared secret from key agreement The normal way is to pass the shared secret to a key derivation. Having an ad hoc function will allow us to simplify the possible behaviors of key agreement and get rid of "key selection" algorithms which are a hard-to-understand invention of this API.
2019-01-18 15:42:29 +00:00
* \param private_key Handle to the private key to use.
* \param[in] peer_key Public key of the peer. It must be
* in the same format that psa_import_key()
* accepts. The standard formats for public
* keys are documented in the documentation
* of psa_export_public_key().
* \param peer_key_length Size of \p peer_key in bytes.
* \param[out] output Buffer where the decrypted message is to
* be written.
* \param output_size Size of the \c output buffer in bytes.
* \param[out] output_length On success, the number of bytes
* that make up the returned output.
*
* \retval #PSA_SUCCESS
* Success.
* \retval #PSA_ERROR_INVALID_HANDLE
* \retval #PSA_ERROR_EMPTY_SLOT
* \retval #PSA_ERROR_NOT_PERMITTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p alg is not a key agreement algorithm
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \p private_key is not compatible with \p alg,
* or \p peer_key is not valid for \p alg or not compatible with
* \p private_key.
* \retval #PSA_ERROR_NOT_SUPPORTED
* \p alg is not a supported key agreement algorithm.
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
*/
psa_status_t psa_key_agreement_raw_shared_secret(psa_algorithm_t alg,
psa_key_handle_t private_key,
const uint8_t *peer_key,
size_t peer_key_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
New API function: psa_key_agreement Set up a generator from a key agreement.
2018-09-18 10:01:02 +00:00
Add framework for simple key derivation New key type PSA_KEY_TYPE_DERIVE. New usage flag PSA_KEY_USAGE_DERIVE. New function psa_key_derivation. No key derivation algorithm is implemented yet. The code may not compile with -Wunused. Write some unit test code for psa_key_derivation. Most of it cannot be used yet due to the lack of a key derivation algorithm.
2018-07-12 15:17:20 +00:00
/**@}*/
Fix doxygen warnings * Broken link #PSA_ALG_SHA_256 * Duplicate group name "generators" * Missing documentation in psa_generate_key_extra_rsa due to bad magic comment marker
2018-07-20 15:42:05 +00:00
/** \defgroup random Random generation
New function: generate key/random
2018-03-28 12:18:50 +00:00
* @{
*/
/**
* \brief Generate random bytes.
*
* \warning This function **can** fail! Callers MUST check the return status
* and MUST NOT use the content of the output buffer if the return
* status is not #PSA_SUCCESS.
*
* \note To generate a key, use psa_generate_key() instead.
*
Doc: add [in] or [out] annotations to pointer arguments
2018-07-11 23:08:58 +00:00
* \param[out] output Output buffer for the generated data.
New function: generate key/random
2018-03-28 12:18:50 +00:00
* \param output_size Number of bytes to generate and output.
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in psa_generate_random
2018-09-06 13:24:41 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
New function: generate key/random
2018-03-28 12:18:50 +00:00
*/
psa_status_t psa_generate_random(uint8_t *output,
size_t output_size);
generate_key: define a structure type for RSA extra parameters
2018-07-11 23:24:09 +00:00
/** Extra parameters for RSA key generation.
*
Doxygen: use \c foo in preference to `foo` for consistency
2018-07-13 12:38:15 +00:00
* You may pass a pointer to a structure of this type as the \c extra
generate_key: define a structure type for RSA extra parameters
2018-07-11 23:24:09 +00:00
* parameter to psa_generate_key().
*/
typedef struct {
Fix doxygen warnings * Broken link #PSA_ALG_SHA_256 * Duplicate group name "generators" * Missing documentation in psa_generate_key_extra_rsa due to bad magic comment marker
2018-07-20 15:42:05 +00:00
uint32_t e; /**< Public exponent value. Default: 65537. */
generate_key: define a structure type for RSA extra parameters
2018-07-11 23:24:09 +00:00
} psa_generate_key_extra_rsa;
New function: generate key/random
2018-03-28 12:18:50 +00:00
/**
* \brief Generate a key or key pair.
*
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \param handle Handle to the slot where the key will be stored.
Don't require a type and size when creating a key slot Remove the type and bits arguments to psa_allocate_key() and psa_create_key(). They can be useful if the implementation wants to know exactly how much space to allocate for the slot, but many implementations (including ours) don't care, and it's possible to work around their lack by deferring size-dependent actions to the time when the key material is created. They are a burden to applications and make the API more complex, and the benefits aren't worth it. Change the API and adapt the implementation, the units test and the sample code accordingly.
2019-01-19 11:20:52 +00:00
* It must have been obtained by calling
* psa_allocate_key() or psa_create_key() and must
* not contain key material yet.
psa_generate_key: pass parameters_size argument When calling psa_generate_key, pass the size of the parameters buffer explicitly. This makes calls more verbose but less error-prone. This also has the benefit that in an implementation with separation, the frontend knows how many bytes to send to the backend without needing to know about each key type.
2018-06-19 18:19:14 +00:00
* \param type Key type (a \c PSA_KEY_TYPE_XXX value).
* \param bits Key size in bits.
generate_key: rename \p parameters to \p extra \p parameters is a confusing name for a function parameter. Rename it to \p extra.
2018-07-11 23:14:59 +00:00
* \param[in] extra Extra parameters for key generation. The
psa_generate_key: pass parameters_size argument When calling psa_generate_key, pass the size of the parameters buffer explicitly. This makes calls more verbose but less error-prone. This also has the benefit that in an implementation with separation, the frontend knows how many bytes to send to the backend without needing to know about each key type.
2018-06-19 18:19:14 +00:00
* interpretation of this parameter depends on
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* \p type. All types support \c NULL to use
Doc: generate_key: improve documentation of \p extra
2018-07-11 23:31:03 +00:00
* default parameters. Implementation that support
* the generation of vendor-specific key types
* that allow extra parameters shall document
* the format of these extra parameters and
* the default values. For standard parameters,
* the meaning of \p extra is as follows:
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* - For a symmetric key type (a type such
Doc: generate_key: improve documentation of \p extra
2018-07-11 23:31:03 +00:00
* that #PSA_KEY_TYPE_IS_ASYMMETRIC(\p type) is
* false), \p extra must be \c NULL.
Doc: Fix some \c name that should have been \p name
2018-07-12 17:23:03 +00:00
* - For an elliptic curve key type (a type
Doc: generate_key: improve documentation of \p extra
2018-07-11 23:31:03 +00:00
* such that #PSA_KEY_TYPE_IS_ECC(\p type) is
* false), \p extra must be \c NULL.
Doc: Minor formatting and copy fixes
2018-07-12 17:40:46 +00:00
* - For an RSA key (\p type is
* #PSA_KEY_TYPE_RSA_KEYPAIR), \p extra is an
* optional #psa_generate_key_extra_rsa structure
Doc: generate_key: improve documentation of \p extra
2018-07-11 23:31:03 +00:00
* specifying the public exponent. The
* default public exponent used when \p extra
* is \c NULL is 65537.
psa: Simplify DSA key formats Remove front matter and DSS parameters from our DSA key formats, both keypair and public key, to make it just a representation of the integer private key, `x`, or the public key, `y`, respectively.
2019-01-11 13:50:43 +00:00
* - For an DSA key (\p type is
* #PSA_KEY_TYPE_DSA_KEYPAIR), \p extra is an
* optional structure specifying the key domain
psa: Add DH key exchange keys Add the ability to specify Diffie-Hellman key exchange keys. Specify the import/export format as well, even though importing and exporting isn't implemented yet.
2019-01-11 14:20:03 +00:00
* parameters. The key domain parameters can also be
* provided by psa_set_key_domain_parameters(),
* which documents the format of the structure.
* - For a DH key (\p type is
* #PSA_KEY_TYPE_DH_KEYPAIR), the \p extra is an
* optional structure specifying the key domain
psa: Simplify DSA key formats Remove front matter and DSS parameters from our DSA key formats, both keypair and public key, to make it just a representation of the integer private key, `x`, or the public key, `y`, respectively.
2019-01-11 13:50:43 +00:00
* parameters. The key domain parameters can also be
* provided by psa_set_key_domain_parameters(),
* which documents the format of the structure.
generate_key: rename \p parameters to \p extra \p parameters is a confusing name for a function parameter. Rename it to \p extra.
2018-07-11 23:14:59 +00:00
* \param extra_size Size of the buffer that \p extra
* points to, in bytes. Note that if \p extra is
* \c NULL then \p extra_size must be zero.
New function: generate key/random
2018-03-28 12:18:50 +00:00
*
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_SUCCESS
Update some documentation related to key slots Some of the documentation is obsolete in its reference to key slots when it should discuss key handles. This may require a further pass, possibly with some reorganization of error codes. Update the documentation of functions that modify key slots (key material creation and psa_set_key_policy()) to discuss how they affect storage.
2018-12-11 14:51:32 +00:00
* Success.
* If the key is persistent, the key material and the key's metadata
* have been saved to persistent storage.
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* \retval #PSA_ERROR_INVALID_HANDLE
Replace PSA error code definitions with the ones defined in PSA spec
2019-02-14 11:48:10 +00:00
* \retval #PSA_ERROR_ALREADY_EXISTS
Switch function declarations from key slots to key handles Replace `psa_key_slot_t key` by `psa_key_handle_t` in function declarations. This is a transition period during which handles are key slot numbers and the whole library can still be used by accessing a key slot number without allocating a handle.
2018-11-30 13:39:32 +00:00
* There is already a key in the specified slot.
Doxygen: linkify references to macro names
2018-07-11 15:34:00 +00:00
* \retval #PSA_ERROR_NOT_SUPPORTED
* \retval #PSA_ERROR_INVALID_ARGUMENT
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
* \retval #PSA_ERROR_COMMUNICATION_FAILURE
* \retval #PSA_ERROR_HARDWARE_FAILURE
* \retval #PSA_ERROR_TAMPERING_DETECTED
Ensure the module is initialized in key based functions
2018-09-12 08:44:52 +00:00
* \retval #PSA_ERROR_BAD_STATE
Add documentation describing behavior of not calling psa_crypto_init
2018-09-16 09:22:41 +00:00
* The library has not been previously initialized by psa_crypto_init().
* It is implementation-dependent whether a failure to initialize
* results in this error code.
New function: generate key/random
2018-03-28 12:18:50 +00:00
*/
Rename functions that inject key material to an allocated handle This commit starts a migration to a new interface for key creation. Today, the application allocates a handle, then fills its metadata, and finally injects key material. The new interface fills metadata into a temporary structure, and a handle is allocated at the same time it gets filled with both metadata and key material. This commit was obtained by moving the declaration of the old-style functions to crypto_extra.h and renaming them with the to_handle suffix, adding declarations for the new-style functions in crypto.h under their new name, and running perl -i -pe 's/\bpsa_(import|copy|generator_import|generate)_key\b/$&_to_handle/g' library/*.c tests/suites/*.function programs/psa/*.c perl -i -pe 's/\bpsa_get_key_lifetime\b/$&_from_handle/g' library/*.c tests/suites/*.function programs/psa/*.c Many functions that are specific to the old interface, and which will not remain under the same name with the new interface, are still in crypto.h for now. All functional tests should still pass. The documentation may have some broken links.
2019-04-17 10:28:25 +00:00
psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
psa_key_handle_t *handle,
New function: generate key/random
2018-03-28 12:18:50 +00:00
size_t bits,
generate_key: rename \p parameters to \p extra \p parameters is a confusing name for a function parameter. Rename it to \p extra.
2018-07-11 23:14:59 +00:00
const void *extra,
size_t extra_size);
New function: generate key/random
2018-03-28 12:18:50 +00:00
/**@}*/
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
#ifdef __cplusplus
}
#endif
New header crypto_sizes.h This header will contain macros that calculate buffer sizes, whose semantics are standardized but whose definitions are implementation-specific because they depend on the available algorithms and on some permitted buffer size tolerances. Move size macros from crypto_struct.h to crypto_sizes.h, because these definitions need to be available both in the frontend and in the backend, whereas structures have different contents.
2018-06-27 17:49:02 +00:00
/* The file "crypto_sizes.h" contains definitions for size calculation
* macros whose definitions are implementation-specific. */
#include "crypto_sizes.h"
Implement hash functions New header file crypto_struct.h. The main file crypto.sh declares structures which are implementation-defined. These structures must be defined in crypto_struct.h, which is included at the end so that the structures can use types defined in crypto.h. Implement psa_hash_start, psa_hash_update and psa_hash_final. This should work for all hash algorithms supported by Mbed TLS, but has only been smoke-tested for SHA-256, and only in the nominal case.
2018-02-07 20:05:37 +00:00
/* The file "crypto_struct.h" contains definitions for
* implementation-specific structs that are declared above. */
#include "crypto_struct.h"
/* The file "crypto_extra.h" contains vendor-specific definitions. This
* can include vendor-defined algorithms, extra functions, etc. */
Add PSA crypto module New module psa_crypto.c (MBEDTLS_PSA_CRYPTO_C): Platform Security Architecture compatibility layer on top of libmedcrypto. Implement psa_crypto_init function which sets up a RNG. Add a mbedtls_psa_crypto_free function which deinitializes the library. Define a first batch of error codes.
2018-01-27 22:32:46 +00:00
#include "crypto_extra.h"
#endif /* PSA_CRYPTO_H */
Reference in New Issue Copy Permalink