From 251e86ae3f19c3866650b517f61a80cd881f44a3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 17 Feb 2023 14:30:50 +0100 Subject: [PATCH] Adapt names to more suitable and fix conditional compilation flags Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 4 +-- include/psa/crypto_builtin_composites.h | 8 +++--- .../psa/crypto_driver_contexts_composites.h | 2 +- .../psa/crypto_driver_contexts_primitives.h | 2 -- include/psa/crypto_extra.h | 11 +++++--- library/psa_crypto.c | 6 ++--- library/psa_crypto_driver_wrappers.h | 4 +-- library/psa_crypto_pake.c | 26 ++++++++++--------- library/psa_crypto_pake.h | 4 +-- .../psa_crypto_driver_wrappers.c.jinja | 4 +-- tests/include/test/drivers/pake.h | 8 +++--- tests/src/drivers/test_driver_pake.c | 8 +++--- 12 files changed, 46 insertions(+), 41 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 1b941cede0..07f198908d 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -410,7 +410,7 @@ The pointer output by `psa_crypto_driver_pake_get_password_key` is only valid un ``` psa_status_t acme_pake_output(acme_pake_operation_t *operation, -                              psa_pake_driver_step_t step, +                              psa_crypto_driver_pake_step_t step,                               uint8_t *output,                               size_t output_size,                               size_t *output_length); @@ -437,7 +437,7 @@ For `PSA_ALG_JPAKE` the following steps are available for output operation: #### PAKE driver input ``` psa_status_t acme_pake_input(acme_pake_operation_t *operation, -                            psa_pake_driver_step_t step, +                            psa_crypto_driver_pake_step_t step,                              uint8_t *input,                              size_t input_size); ``` diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 3221a64234..f331ec5f48 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -191,23 +191,25 @@ typedef struct { /* Note: the format for mbedtls_ecjpake_read/write function has an extra * length byte for each step, plus an extra 3 bytes for ECParameters in the * server's 2nd round. */ -#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) +#define MBEDTLS_PSA_JPAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) typedef struct { psa_algorithm_t MBEDTLS_PRIVATE(alg); -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) uint8_t MBEDTLS_PRIVATE(role); - uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); + uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]); size_t MBEDTLS_PRIVATE(buffer_length); size_t MBEDTLS_PRIVATE(buffer_offset); #endif /* Context structure for the Mbed TLS EC-JPAKE implementation. */ union { unsigned int MBEDTLS_PRIVATE(dummy); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); +#endif } MBEDTLS_PRIVATE(ctx); } mbedtls_psa_pake_operation_t; diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 4d0e9848d3..6c56a51dbc 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -93,7 +93,7 @@ typedef mbedtls_psa_aead_operation_t typedef libtestdriver1_mbedtls_psa_pake_operation_t mbedtls_transparent_test_driver_pake_operation_t; -typedef libtestdriver1_psa_pake_operation_t +typedef libtestdriver1_mbedtls_psa_pake_operation_t mbedtls_opaque_test_driver_pake_operation_t; #define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index f1463f34d0..620a4b3a77 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -45,8 +45,6 @@ #include #endif -#include "mbedtls/ecjpake.h" - #if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 8b8cb042e7..39ef52cbec 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -429,7 +429,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) -/** EC-JPAKE operation stages. */ +/** PAKE operation stages. */ #define PSA_PAKE_OPERATION_STAGE_SETUP 0 #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 @@ -1895,7 +1895,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * psa_pake_operation_t. */ #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \ - { { 0, 0, 0, 0 } }, { { 0 } } } + { 0 }, { { 0 } } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -2002,7 +2002,7 @@ enum psa_jpake_sequence { PSA_PAKE_SEQ_END = 7, }; -typedef enum psa_pake_driver_step { +typedef enum psa_crypto_driver_pake_step { PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ PSA_JPAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */ @@ -2016,7 +2016,7 @@ typedef enum psa_pake_driver_step { PSA_JPAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ -} psa_pake_driver_step_t; +} psa_crypto_driver_pake_step_t; struct psa_jpake_computation_stage_s { @@ -2042,7 +2042,10 @@ struct psa_pake_operation_s { uint8_t MBEDTLS_PRIVATE(stage); /* Holds computation stage of the PAKE algorithms. */ union { + uint8_t MBEDTLS_PRIVATE(dummy); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); +#endif } MBEDTLS_PRIVATE(computation_stage); union { psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c57583aef3..2c1a910fbd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7407,7 +7407,7 @@ exit: } /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ -static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( +static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { switch (stage->state) { @@ -7843,7 +7843,7 @@ psa_status_t psa_pake_get_implicit_key( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; + uint8_t shared_key[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]; size_t shared_key_len = 0; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { @@ -7874,7 +7874,7 @@ psa_status_t psa_pake_get_implicit_key( shared_key, shared_key_len); - mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); exit: abort_status = psa_pake_abort(operation); return status == PSA_SUCCESS ? abort_status : status; diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 11a95e3a00..65d0d3f078 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -421,14 +421,14 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index fdfbd16fbf..73032c6a8a 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -163,6 +163,7 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) } #endif +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) { @@ -187,6 +188,7 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati return PSA_SUCCESS; } +#endif psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs) @@ -237,7 +239,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, operation->role = role; operation->alg = cipher_suite.algorithm; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; @@ -259,7 +261,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, static psa_status_t mbedtls_psa_pake_output_internal( mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -288,7 +290,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_PAKE_BUFFER_SIZE, + MBEDTLS_PSA_JPAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -300,7 +302,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( } else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_PAKE_BUFFER_SIZE, + MBEDTLS_PSA_JPAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -350,7 +352,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( /* Reset buffer after ZK_PROOF sequence */ if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) || (step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) { - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; } @@ -367,7 +369,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( } psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -380,7 +382,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, static psa_status_t mbedtls_psa_pake_input_internal( mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -441,7 +443,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( operation->buffer, operation->buffer_length); - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; if (ret != 0) { @@ -452,7 +454,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( operation->buffer, operation->buffer_length); - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; if (ret != 0) { @@ -471,7 +473,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( } psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -491,7 +493,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( if (operation->alg == PSA_ALG_JPAKE) { ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_PAKE_BUFFER_SIZE, + MBEDTLS_PSA_JPAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -520,7 +522,7 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) operation->password = NULL; operation->password_len = 0; operation->role = PSA_PAKE_ROLE_NONE; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; mbedtls_ecjpake_free(&operation->ctx.pake); diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index dc6ad7b54f..365855601b 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -96,7 +96,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); @@ -143,7 +143,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index cf08794c60..b287b37a1d 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2865,7 +2865,7 @@ psa_status_t psa_driver_wrapper_pake_setup( } psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length ) @@ -2901,7 +2901,7 @@ psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length ) { diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 23cb98aa43..d082d6e5ed 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -57,14 +57,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); @@ -101,14 +101,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 9d51ea10b7..615f7ef8a1 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -64,7 +64,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -112,7 +112,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -260,7 +260,7 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -276,7 +276,7 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) {