AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #4317 from yanesca/psa-jpake-interface

Browse Source 
J-PAKE interface definition for PSA Crypto
This commit is contained in:
Janos Follath 2021-06-11 13:47:25 +01:00 committed by GitHub
commit 21f84643f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 1080 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
include/psa/crypto.h
View File

@ -112,12 +112,6 @@ psa_status_t psa_crypto_init(void);
* This macro returns a suitable initializer for a key attribute structure
* of type #psa_key_attributes_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_KEY_ATTRIBUTES_INIT {0}
#endif
/** Return an initial value for a key attributes structure.
*/
@ -938,8 +932,8 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
* make any assumptions about the content of this structure.
* Implementation details can change in future versions without notice. */
typedef struct psa_hash_operation_s psa_hash_operation_t;
/** \def PSA_HASH_OPERATION_INIT
@ -947,12 +941,6 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
* This macro returns a suitable initializer for a hash operation object
* of type #psa_hash_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_HASH_OPERATION_INIT {0}
#endif
/** Return an initial value for a hash operation object.
*/
@ -1307,9 +1295,10 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
* operation = psa_mac_operation_init();
* \endcode
*
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
* make any assumptions about the content of this structure.
* Implementation details can change in future versions without notice. */
typedef struct psa_mac_operation_s psa_mac_operation_t;
/** \def PSA_MAC_OPERATION_INIT
@ -1317,12 +1306,6 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
* This macro returns a suitable initializer for a MAC operation object of type
* #psa_mac_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_MAC_OPERATION_INIT {0}
#endif
/** Return an initial value for a MAC operation object.
*/
@ -1732,8 +1715,8 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
* make any assumptions about the content of this structure.
* Implementation details can change in future versions without notice. */
typedef struct psa_cipher_operation_s psa_cipher_operation_t;
/** \def PSA_CIPHER_OPERATION_INIT
@ -1741,12 +1724,6 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t;
* This macro returns a suitable initializer for a cipher operation object of
* type #psa_cipher_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_CIPHER_OPERATION_INIT {0}
#endif
/** Return an initial value for a cipher operation object.
*/
@ -2261,8 +2238,8 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation. */
* make any assumptions about the content of this structure.
* Implementation details can change in future versions without notice. */
typedef struct psa_aead_operation_s psa_aead_operation_t;
/** \def PSA_AEAD_OPERATION_INIT
@ -2270,12 +2247,6 @@ typedef struct psa_aead_operation_s psa_aead_operation_t;
* This macro returns a suitable initializer for an AEAD operation object of
* type #psa_aead_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_AEAD_OPERATION_INIT {0}
#endif
/** Return an initial value for an AEAD operation object.
*/
@ -3260,8 +3231,8 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
* \endcode
*
* This is an implementation-defined \c struct. Applications should not
* make any assumptions about the content of this structure except
* as directed by the documentation of a specific implementation.
* make any assumptions about the content of this structure.
* Implementation details can change in future versions without notice.
*/
typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
@ -3270,12 +3241,6 @@ typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
* This macro returns a suitable initializer for a key derivation operation
* object of type #psa_key_derivation_operation_t.
*/
#ifdef __DOXYGEN_ONLY__
/* This is an example definition for documentation purposes.
* Implementations should define a suitable value in `crypto_struct.h`.
*/
#define PSA_KEY_DERIVATION_OPERATION_INIT {0}
#endif
/** Return an initial value for a key derivation operation object.
*/

1003
include/psa/crypto_extra.h
View File

File diff suppressed because it is too large Load Diff

64
include/psa/crypto_struct.h
View File

@ -92,7 +92,7 @@ struct psa_hash_operation_s
psa_driver_hash_context_t ctx;
};
#define PSA_HASH_OPERATION_INIT {0, {0}}
#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
static inline struct psa_hash_operation_s psa_hash_operation_init( void )
{
const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@ -117,7 +117,7 @@ struct psa_cipher_operation_s
psa_driver_cipher_context_t ctx;
};
#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
{
const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@ -142,7 +142,7 @@ struct psa_mac_operation_s
psa_driver_mac_context_t ctx;
};
#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
static inline struct psa_mac_operation_s psa_mac_operation_init( void )
{
const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@ -163,7 +163,7 @@ struct psa_aead_operation_s
} ctx;
};
#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
static inline struct psa_aead_operation_s psa_aead_operation_init( void )
{
const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@ -223,7 +223,7 @@ typedef struct psa_tls12_prf_key_derivation_s
uint8_t Ai[PSA_HASH_MAX_SIZE];
/* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
/* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
uint8_t output_block[PSA_HASH_MAX_SIZE];
} psa_tls12_prf_key_derivation_t;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
@ -249,8 +249,9 @@ struct psa_key_derivation_s
};
/* This only zeroes out the first byte in the union, the rest is unspecified. */
#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
void )
{
const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
return( v );
@ -264,7 +265,7 @@ struct psa_key_policy_s
};
typedef struct psa_key_policy_s psa_key_policy_t;
#define PSA_KEY_POLICY_INIT {0, 0, 0}
#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
static inline struct psa_key_policy_s psa_key_policy_init( void )
{
const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
@ -276,7 +277,7 @@ static inline struct psa_key_policy_s psa_key_policy_init( void )
typedef uint16_t psa_key_bits_t;
/* The maximum value of the type used to represent bit-sizes.
* This is used to mark an invalid key size. */
#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
#define PSA_KEY_BITS_TOO_LARGE ( ( psa_key_bits_t ) -1 )
/* The maximum size of a key in bits.
* Currently defined as the maximum that can be represented, rounded down
* to a whole number of bytes.
@ -317,7 +318,10 @@ typedef struct
psa_key_attributes_flag_t flags;
} psa_core_key_attributes_t;
#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
PSA_KEY_LIFETIME_VOLATILE, \
MBEDTLS_SVC_KEY_ID_INIT, \
PSA_KEY_POLICY_INIT, 0 }
struct psa_key_attributes_s
{
@ -330,9 +334,9 @@ struct psa_key_attributes_s
};
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
#else
#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
#endif
static inline struct psa_key_attributes_s psa_key_attributes_init( void )
@ -358,7 +362,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
}
static inline mbedtls_svc_key_id_t psa_get_key_id(
const psa_key_attributes_t *attributes)
const psa_key_attributes_t *attributes )
{
return( attributes->core.id );
}
@ -371,8 +375,8 @@ static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
}
#endif
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime)
static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
psa_key_lifetime_t lifetime )
{
attributes->core.lifetime = lifetime;
if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
@ -386,44 +390,44 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
}
static inline psa_key_lifetime_t psa_get_key_lifetime(
const psa_key_attributes_t *attributes)
const psa_key_attributes_t *attributes )
{
return( attributes->core.lifetime );
}
static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags)
static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
psa_key_usage_t usage_flags )
{
attributes->core.policy.usage = usage_flags;
}
static inline psa_key_usage_t psa_get_key_usage_flags(
const psa_key_attributes_t *attributes)
const psa_key_attributes_t *attributes )
{
return( attributes->core.policy.usage );
}
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
psa_algorithm_t alg)
static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
psa_algorithm_t alg )
{
attributes->core.policy.alg = alg;
}
static inline psa_algorithm_t psa_get_key_algorithm(
const psa_key_attributes_t *attributes)
const psa_key_attributes_t *attributes )
{
return( attributes->core.policy.alg );
}
/* This function is declared in crypto_extra.h, which comes after this
* header file, but we need the function here, so repeat the declaration. */
psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
psa_key_type_t type,
const uint8_t *data,
size_t data_length);
size_t data_length );
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
psa_key_type_t type)
static inline void psa_set_key_type( psa_key_attributes_t *attributes,
psa_key_type_t type )
{
if( attributes->domain_parameters == NULL )
{
@ -441,13 +445,13 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
}
static inline psa_key_type_t psa_get_key_type(
const psa_key_attributes_t *attributes)
const psa_key_attributes_t *attributes )
{
return( attributes->core.type );
}
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
size_t bits)
static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
size_t bits )
{
if( bits > PSA_MAX_KEY_BITS )
attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
@ -456,7 +460,7 @@ static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
}
static inline size_t psa_get_key_bits(
const psa_key_attributes_t *attributes)
const psa_key_attributes_t *attributes )
{
return( attributes->core.bits );
}

3
scripts/mbedtls_dev/macro_collector.py
View File

@ -95,6 +95,7 @@ class PSAMacroEnumerator:
self.mac_algorithms = set() #type: Set[str]
self.ka_algorithms = set() #type: Set[str]
self.kdf_algorithms = set() #type: Set[str]
self.pake_algorithms = set() #type: Set[str]
self.aead_algorithms = set() #type: Set[str]
# macro name -> list of argument names
self.argspecs = {} #type: Dict[str, List[str]]
@ -364,6 +365,7 @@ enumerate
'asymmetric_signature_algorithm': [],
'asymmetric_signature_wildcard': [self.algorithms],
'asymmetric_encryption_algorithm': [],
'pake_algorithm': [self.pake_algorithms],
'other_algorithm': [],
} #type: Dict[str, List[Set[str]]]
self.arguments_for['mac_length'] += ['1', '63']
@ -389,6 +391,7 @@ enumerate
self.mac_algorithms.add('0x03007fff')
self.ka_algorithms.add('0x09fc0000')
self.kdf_algorithms.add('0x080000ff')
self.pake_algorithms.add('0x0a0000ff')
# For AEAD algorithms, the only variability is over the tag length,
# and this only applies to known algorithms, so don't test an
# unknown algorithm.

3
tests/suites/test_suite_psa_crypto_metadata.data
View File

@ -294,6 +294,9 @@ Key agreement: ECDH, HKDF using SHA-384
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384
key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 )
PAKE: J-PAKE
pake_algorithm:PSA_ALG_JPAKE
Key type: raw data
key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED

26
tests/suites/test_suite_psa_crypto_metadata.function
View File

@ -156,6 +156,7 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Length */
@ -181,6 +182,7 @@ void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Tag length */
@ -220,6 +222,7 @@ void hash_algorithm( int alg_arg, int length_arg )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, 0 );
/* Dependent algorithms */
@ -362,6 +365,7 @@ void cipher_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@ -462,6 +466,7 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@ -491,6 +496,7 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
}
/* END_CASE */
@ -511,6 +517,7 @@ void key_derivation_algorithm( int alg_arg, int classification_flags )
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Check combinations with key agreements */
@ -540,6 +547,7 @@ void key_agreement_algorithm( int alg_arg, int classification_flags,
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
algorithm_classification( alg, classification_flags );
/* Shared secret derivation properties */
@ -548,6 +556,24 @@ void key_agreement_algorithm( int alg_arg, int classification_flags,
}
/* END_CASE */
/* BEGIN_CASE */
void pake_algorithm( int alg_arg )
{
psa_algorithm_t alg = alg_arg;
/* Algorithm classification */
TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) );
}
/* END_CASE */
/* BEGIN_CASE */
void key_type( int type_arg, int classification_flags )
{