Merge pull request #4317 from yanesca/psa-jpake-interface

J-PAKE interface definition for PSA Crypto
2025-07-30 22:43:08 +03:00 · 2021-06-11 13:47:25 +01:00
parent 57864faf84 1f0131844c
commit 21f84643f8
6 changed files with 1080 additions and 76 deletions
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@ -112,12 +112,6 @@ psa_status_t psa_crypto_init(void);
 * This macro returns a suitable initializer for a key attribute structure
 * of type #psa_key_attributes_t.
 */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
 * Implementations should define a suitable value in `crypto_struct.h`.
 */
 #define PSA_KEY_ATTRIBUTES_INIT {0}
 #endif
 /** Return an initial value for a key attributes structure.
 */
@ -938,8 +932,8 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
 *   \endcode
 *
 * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
+ * make any assumptions about the content of this structure.
- * as directed by the documentation of a specific implementation. */
+ * Implementation details can change in future versions without notice. */
 typedef struct psa_hash_operation_s psa_hash_operation_t;
 /** \def PSA_HASH_OPERATION_INIT
@ -947,12 +941,6 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
 * This macro returns a suitable initializer for a hash operation object
 * of type #psa_hash_operation_t.
 */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
 * Implementations should define a suitable value in `crypto_struct.h`.
 */
 #define PSA_HASH_OPERATION_INIT {0}
 #endif
 /** Return an initial value for a hash operation object.
 */
@ -1307,9 +1295,10 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key,
 *   operation = psa_mac_operation_init();
 *   \endcode
 *
 *
 * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
+ * make any assumptions about the content of this structure.
- * as directed by the documentation of a specific implementation. */
+ * Implementation details can change in future versions without notice. */
 typedef struct psa_mac_operation_s psa_mac_operation_t;
 /** \def PSA_MAC_OPERATION_INIT
@ -1317,12 +1306,6 @@ typedef struct psa_mac_operation_s psa_mac_operation_t;
 * This macro returns a suitable initializer for a MAC operation object of type
 * #psa_mac_operation_t.
 */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
 * Implementations should define a suitable value in `crypto_struct.h`.
 */
 #define PSA_MAC_OPERATION_INIT {0}
 #endif
 /** Return an initial value for a MAC operation object.
 */
@ -1732,8 +1715,8 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
 *   \endcode
 *
 * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
+ * make any assumptions about the content of this structure.
- * as directed by the documentation of a specific implementation. */
+ * Implementation details can change in future versions without notice. */
 typedef struct psa_cipher_operation_s psa_cipher_operation_t;
 /** \def PSA_CIPHER_OPERATION_INIT
@ -1741,12 +1724,6 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t;
 * This macro returns a suitable initializer for a cipher operation object of
 * type #psa_cipher_operation_t.
 */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
 * Implementations should define a suitable value in `crypto_struct.h`.
 */
 #define PSA_CIPHER_OPERATION_INIT {0}
 #endif
 /** Return an initial value for a cipher operation object.
 */
@ -2261,8 +2238,8 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
 *   \endcode
 *
 * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
+ * make any assumptions about the content of this structure.
- * as directed by the documentation of a specific implementation. */
+ * Implementation details can change in future versions without notice. */
 typedef struct psa_aead_operation_s psa_aead_operation_t;
 /** \def PSA_AEAD_OPERATION_INIT
@ -2270,12 +2247,6 @@ typedef struct psa_aead_operation_s psa_aead_operation_t;
 * This macro returns a suitable initializer for an AEAD operation object of
 * type #psa_aead_operation_t.
 */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
 * Implementations should define a suitable value in `crypto_struct.h`.
 */
 #define PSA_AEAD_OPERATION_INIT {0}
 #endif
 /** Return an initial value for an AEAD operation object.
 */
@ -3260,8 +3231,8 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
 *   \endcode
 *
 * This is an implementation-defined \c struct. Applications should not
- * make any assumptions about the content of this structure except
+ * make any assumptions about the content of this structure.
- * as directed by the documentation of a specific implementation.
+ * Implementation details can change in future versions without notice.
 */
 typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
@ -3270,12 +3241,6 @@ typedef struct psa_key_derivation_s psa_key_derivation_operation_t;
 * This macro returns a suitable initializer for a key derivation operation
 * object of type #psa_key_derivation_operation_t.
 */
 #ifdef __DOXYGEN_ONLY__
 /* This is an example definition for documentation purposes.
 * Implementations should define a suitable value in `crypto_struct.h`.
 */
 #define PSA_KEY_DERIVATION_OPERATION_INIT {0}
 #endif
 /** Return an initial value for a key derivation operation object.
 */
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@ -92,7 +92,7 @@ struct psa_hash_operation_s
    psa_driver_hash_context_t ctx;
 };
-#define PSA_HASH_OPERATION_INIT {0, {0}}
+#define PSA_HASH_OPERATION_INIT { 0, { 0 } }
 static inline struct psa_hash_operation_s psa_hash_operation_init( void )
 {
    const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@ -117,7 +117,7 @@ struct psa_cipher_operation_s
    psa_driver_cipher_context_t ctx;
 };
-#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}}
+#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
 static inline struct psa_cipher_operation_s psa_cipher_operation_init( void )
 {
    const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@ -142,7 +142,7 @@ struct psa_mac_operation_s
    psa_driver_mac_context_t ctx;
 };
-#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}}
+#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
 static inline struct psa_mac_operation_s psa_mac_operation_init( void )
 {
    const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@ -163,7 +163,7 @@ struct psa_aead_operation_s
    } ctx;
 };
-#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}}
+#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } }
 static inline struct psa_aead_operation_s psa_aead_operation_init( void )
 {
    const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@ -223,7 +223,7 @@ typedef struct psa_tls12_prf_key_derivation_s
    uint8_t Ai[PSA_HASH_MAX_SIZE];
-    /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */
+    /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */
    uint8_t output_block[PSA_HASH_MAX_SIZE];
 } psa_tls12_prf_key_derivation_t;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
@ -249,8 +249,9 @@ struct psa_key_derivation_s
 };
 /* This only zeroes out the first byte in the union, the rest is unspecified. */
-#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}}
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
-static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void )
+static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
        void )
 {
    const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
    return( v );
@ -264,7 +265,7 @@ struct psa_key_policy_s
 };
 typedef struct psa_key_policy_s psa_key_policy_t;
-#define PSA_KEY_POLICY_INIT {0, 0, 0}
+#define PSA_KEY_POLICY_INIT { 0, 0, 0 }
 static inline struct psa_key_policy_s psa_key_policy_init( void )
 {
    const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
@ -276,7 +277,7 @@ static inline struct psa_key_policy_s psa_key_policy_init( void )
 typedef uint16_t psa_key_bits_t;
 /* The maximum value of the type used to represent bit-sizes.
 * This is used to mark an invalid key size. */
-#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) )
+#define PSA_KEY_BITS_TOO_LARGE          ( ( psa_key_bits_t ) -1 )
 /* The maximum size of a key in bits.
 * Currently defined as the maximum that can be represented, rounded down
 * to a whole number of bytes.
@ -317,7 +318,10 @@ typedef struct
    psa_key_attributes_flag_t flags;
 } psa_core_key_attributes_t;
-#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0}
+#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0,            \
                                       PSA_KEY_LIFETIME_VOLATILE,       \
                                       MBEDTLS_SVC_KEY_ID_INIT,         \
                                       PSA_KEY_POLICY_INIT, 0 }
 struct psa_key_attributes_s
 {
@ -330,9 +334,9 @@ struct psa_key_attributes_s
 };
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
 #else
-#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0}
+#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
 #endif
 static inline struct psa_key_attributes_s psa_key_attributes_init( void )
@ -358,7 +362,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
 }
 static inline mbedtls_svc_key_id_t psa_get_key_id(
-    const psa_key_attributes_t *attributes)
+    const psa_key_attributes_t *attributes )
 {
    return( attributes->core.id );
 }
@ -371,8 +375,8 @@ static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes,
 }
 #endif
-static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
+static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
-                                        psa_key_lifetime_t lifetime)
+                                        psa_key_lifetime_t lifetime )
 {
    attributes->core.lifetime = lifetime;
    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
@ -386,44 +390,44 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
 }
 static inline psa_key_lifetime_t psa_get_key_lifetime(
-    const psa_key_attributes_t *attributes)
+    const psa_key_attributes_t *attributes )
 {
    return( attributes->core.lifetime );
 }
-static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes,
-                                           psa_key_usage_t usage_flags)
+                                           psa_key_usage_t usage_flags )
 {
    attributes->core.policy.usage = usage_flags;
 }
 static inline psa_key_usage_t psa_get_key_usage_flags(
-    const psa_key_attributes_t *attributes)
+    const psa_key_attributes_t *attributes )
 {
    return( attributes->core.policy.usage );
 }
-static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
+static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
-                                         psa_algorithm_t alg)
+                                         psa_algorithm_t alg )
 {
    attributes->core.policy.alg = alg;
 }
 static inline psa_algorithm_t psa_get_key_algorithm(
-    const psa_key_attributes_t *attributes)
+    const psa_key_attributes_t *attributes )
 {
    return( attributes->core.policy.alg );
 }
 /* This function is declared in crypto_extra.h, which comes after this
 * header file, but we need the function here, so repeat the declaration. */
-psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes,
+psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
                                           psa_key_type_t type,
                                           const uint8_t *data,
-                                           size_t data_length);
+                                           size_t data_length );
-static inline void psa_set_key_type(psa_key_attributes_t *attributes,
+static inline void psa_set_key_type( psa_key_attributes_t *attributes,
-                                    psa_key_type_t type)
+                                    psa_key_type_t type )
 {
    if( attributes->domain_parameters == NULL )
    {
@ -441,13 +445,13 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes,
 }
 static inline psa_key_type_t psa_get_key_type(
-    const psa_key_attributes_t *attributes)
+    const psa_key_attributes_t *attributes )
 {
    return( attributes->core.type );
 }
-static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
+static inline void psa_set_key_bits( psa_key_attributes_t *attributes,
-                                    size_t bits)
+                                    size_t bits )
 {
    if( bits > PSA_MAX_KEY_BITS )
        attributes->core.bits = PSA_KEY_BITS_TOO_LARGE;
@ -456,7 +460,7 @@ static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
 }
 static inline size_t psa_get_key_bits(
-    const psa_key_attributes_t *attributes)
+    const psa_key_attributes_t *attributes )
 {
    return( attributes->core.bits );
 }
--- a/scripts/mbedtls_dev/macro_collector.py
+++ b/scripts/mbedtls_dev/macro_collector.py
@ -95,6 +95,7 @@ class PSAMacroEnumerator:
        self.mac_algorithms = set() #type: Set[str]
        self.ka_algorithms = set() #type: Set[str]
        self.kdf_algorithms = set() #type: Set[str]
        self.pake_algorithms = set() #type: Set[str]
        self.aead_algorithms = set() #type: Set[str]
        # macro name -> list of argument names
        self.argspecs = {} #type: Dict[str, List[str]]
@ -364,6 +365,7 @@ enumerate
            'asymmetric_signature_algorithm': [],
            'asymmetric_signature_wildcard': [self.algorithms],
            'asymmetric_encryption_algorithm': [],
            'pake_algorithm': [self.pake_algorithms],
            'other_algorithm': [],
        } #type: Dict[str, List[Set[str]]]
        self.arguments_for['mac_length'] += ['1', '63']
@ -389,6 +391,7 @@ enumerate
        self.mac_algorithms.add('0x03007fff')
        self.ka_algorithms.add('0x09fc0000')
        self.kdf_algorithms.add('0x080000ff')
        self.pake_algorithms.add('0x0a0000ff')
        # For AEAD algorithms, the only variability is over the tag length,
        # and this only applies to known algorithms, so don't test an
        # unknown algorithm.
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@ -294,6 +294,9 @@ Key agreement: ECDH, HKDF using SHA-384
 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384
 key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 )
 PAKE: J-PAKE
 pake_algorithm:PSA_ALG_JPAKE
 Key type: raw data
 key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED
--- a/tests/suites/test_suite_psa_crypto_metadata.function
+++ b/tests/suites/test_suite_psa_crypto_metadata.function
@ -156,6 +156,7 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags,
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
    /* Length */
@ -181,6 +182,7 @@ void aead_algorithm_core( psa_algorithm_t alg, int classification_flags,
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
    /* Tag length */
@ -220,6 +222,7 @@ void hash_algorithm( int alg_arg, int length_arg )
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, 0 );
    /* Dependent algorithms */
@ -362,6 +365,7 @@ void cipher_algorithm( int alg_arg, int classification_flags )
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
 }
 /* END_CASE */
@ -462,6 +466,7 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags )
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
 }
 /* END_CASE */
@ -491,6 +496,7 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags )
    TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
 }
 /* END_CASE */
@ -511,6 +517,7 @@ void key_derivation_algorithm( int alg_arg, int classification_flags )
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
    /* Check combinations with key agreements */
@ -540,6 +547,7 @@ void key_agreement_algorithm( int alg_arg, int classification_flags,
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) );
    algorithm_classification( alg, classification_flags );
    /* Shared secret derivation properties */
@ -548,6 +556,24 @@ void key_agreement_algorithm( int alg_arg, int classification_flags,
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void pake_algorithm( int alg_arg )
 {
    psa_algorithm_t alg = alg_arg;
    /* Algorithm classification */
    TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) );
    TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) );
    TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) );
 }
 /* END_CASE */
 /* BEGIN_CASE */
 void key_type( int type_arg, int classification_flags )
 {