mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-26 03:40:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Style and language updates after review

Browse Source 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This commit is contained in:
Steven Cooreman 2021-02-08 11:44:21 +01:00
parent b3ce8156ce
commit ee18b1f5a4
4 changed files with 54 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ChangeLog.d/psa-crypto-key-policies.txt
View File

@ -1,8 +0,0 @@
Features
* Added PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG and
PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG as usage algorithms for declaring key
usage in PSA Crypto. These algorithm values describe that a key is allowed
to be used with any algorithm that matches the specified base algorithm
(e.g PSA_ALG_CCM for AEAD or PSA_ALG_CMAC for MAC) and has a tag length
which is at least as long as the one encoded in the MINIMUM_TAG_LENGTH
usage algorithm.

7
ChangeLog.d/psa-crypto-new-wildcard-policies.txt Normal file
View File

@ -0,0 +1,7 @@
Features
* Added PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG and
PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG as wildcard algorithms in PSA Crypto.
These algorithm values describe that a key is allowed to be used with any
algorithm that matches the specified base algorithm (e.g PSA_ALG_CCM for
AEAD or PSA_ALG_CMAC for MAC) and has a tag/MAC length which is at least as
long as the one encoded in the MINIMUM_TAG_LENGTH wildcard algorithm.

14
include/psa/crypto.h
View File

@ -264,12 +264,14 @@ static psa_key_usage_t psa_get_key_usage_flags(
* - An algorithm value permits this particular algorithm. * - An algorithm value permits this particular algorithm.
* - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified * - An algorithm wildcard built from #PSA_ALG_ANY_HASH allows the specified
* signature scheme with any hash algorithm. * signature scheme with any hash algorithm.
* - An algorithm value for which PSA_ALG_IS_WILDCARD() evaluates to true * - An algorithm built from #PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG allows
* allows any algorithm specified by that usage algorithm definition. * any MAC algorithm from the same base class (e.g. CMAC) which
* E.g. a usage algorithm built from PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG() * generates/verifies a MAC length greater than or equal to the length
* allows using the key for any algorithm with the same base MAC algorithm as * encoded in the wildcard algorithm.
* long as the used algorithm isn't truncated to less than the minimum tag * - An algorithm built from #PSA_ALG_AEAD_WITH_MINIMUM_LENGTH_TAG allows
* length declared in the usage algorithm. * any AEAD algorithm from the same base class (e.g. CCM) which
* generates/verifies a tag length greater than or equal to the length
* encoded in the wildcard algorithm.
* *
* This function overwrites any algorithm policy * This function overwrites any algorithm policy
* previously set in \p attributes. * previously set in \p attributes.

73
include/psa/crypto_values.h
View File

@ -933,32 +933,36 @@
(((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET) (((mac_alg) & PSA_ALG_MAC_TRUNCATION_MASK) >> PSA_MAC_TRUNCATION_OFFSET)
/* In the encoding of a MAC algorithm, the bit corresponding to /* In the encoding of a MAC algorithm, the bit corresponding to
* PSA_ALG_MAC_MINIMUM_LENGTH_FLAG encodes the fact that the algorithm is * #PSA_ALG_MAC_MINIMUM_LENGTH_FLAG encodes the fact that the algorithm is
* a usage algorithm, which allows any algorithm corresponding to the same * a wildcard algorithm, which allows any algorithm corresponding to the same
* base class and a tag length greater or equal than the one encoded in * base class and having a (potentially truncated) MAC length greater or equal
* PSA_ALG_MAC_TRUNCATION_MASK. */ * than the one encoded in #PSA_ALG_MAC_TRUNCATION_MASK. */
#define PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ((psa_algorithm_t)0x00008000) #define PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
/** Macro to build a MAC minimum-tag-length usage algorithm. /** Macro to build a MAC minimum-MAC-length wildcard algorithm.
* *
* A mininimum-tag-length MAC usage algorithm contains all MAC algorithms * A mininimum-MAC-length MAC wildcard algorithm contains all MAC algorithms
* sharing the same base algorithm, and where the tag length of the specific * sharing the same base algorithm, and where the (potentially truncated) MAC
* algorithm is equal to or larger then the usage's minimum tag length. * length of the specific algorithm is equal to or larger then the wildcard
* algorithm's minimum MAC length.
* *
* \param mac_alg A MAC algorithm identifier (value of type * \param mac_alg A MAC algorithm identifier (value of type
* #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p alg) * #psa_algorithm_t such that #PSA_ALG_IS_MAC(\p mac_alg)
* is true). * is true).
* \param tag_length Desired minimum length of the authentication tag in * \param mac_length Desired minimum length of the message authentication
* bytes. * code in bytes. This must be at most the full length of
* the MAC and must be at least an implementation-specified
* minimum. The implementation-specified minimum
* shall not be zero.
* *
* \return The corresponding MAC usage algorithm with the * \return The corresponding MAC wildcard algorithm with the
* specified minimum length. * specified minimum length.
* \return Unspecified if \p alg is not a supported * \return Unspecified if \p mac_alg is not a supported MAC
* MAC algorithm or if \p tag_length is not valid * algorithm or if \p mac_length is too small or too large
* for the specified MAC algorithm. * for the specified MAC algorithm.
*/ */
#define PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG(mac_alg, tag_length) \ #define PSA_ALG_MAC_WITH_MINIMUM_LENGTH_TAG(mac_alg, mac_length) \
( PSA_ALG_TRUNCATED_MAC(mac_alg, tag_length) | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG ) ( PSA_ALG_TRUNCATED_MAC(mac_alg, mac_length) | PSA_ALG_MAC_MINIMUM_LENGTH_FLAG )
#define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000) #define PSA_ALG_CIPHER_MAC_BASE ((psa_algorithm_t)0x03c00000)
/** The CBC-MAC construction over a block cipher /** The CBC-MAC construction over a block cipher
@ -1178,27 +1182,28 @@
ref : ref :
/* In the encoding of an AEAD algorithm, the bit corresponding to /* In the encoding of an AEAD algorithm, the bit corresponding to
* PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG encodes the fact that the algorithm is * #PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG encodes the fact that the algorithm is
* a usage algorithm, which allows any algorithm corresponding to the same * a wildcard algorithm, which allows any algorithm corresponding to the same
* base class and a tag length greater or equal than the one encoded in * base class and having a tag length greater than or equal to the one encoded
* PSA_ALG_AEAD_TAG_LENGTH_MASK. */ * in #PSA_ALG_AEAD_TAG_LENGTH_MASK. */
#define PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ((psa_algorithm_t)0x00008000) #define PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG ((psa_algorithm_t)0x00008000)
/** Macro to build an AEAD minimum-tag-length usage algorithm. /** Macro to build an AEAD minimum-tag-length wildcard algorithm.
* *
* A mininimum-tag-length AEAD usage algorithm contains all AEAD algorithms * A mininimum-tag-length AEAD wildcard algorithm contains all AEAD algorithms
* sharing the same base algorithm, and where the tag length of the specific * sharing the same base algorithm, and where the tag length of the specific
* algorithm is equal to or larger then the usage's minimum tag length. * algorithm is equal to or larger then the minimum tag length specified by the
* wildcard algorithm.
* *
* \param aead_alg An AEAD algorithm identifier (value of type * \param aead_alg An AEAD algorithm identifier (value of type
* #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p alg) * #psa_algorithm_t such that #PSA_ALG_IS_AEAD(\p aead_alg)
* is true). * is true).
* \param tag_length Desired minimum length of the authentication tag in * \param tag_length Desired minimum length of the authentication tag in
* bytes. * bytes.
* *
* \return The corresponding AEAD usage algorithm with the * \return The corresponding AEAD wildcard algorithm with the
* specified minimum length. * specified minimum length.
* \return Unspecified if \p alg is not a supported * \return Unspecified if \p aead_alg is not a supported
* AEAD algorithm or if \p tag_length is not valid * AEAD algorithm or if \p tag_length is not valid
* for the specified AEAD algorithm. * for the specified AEAD algorithm.
*/ */
@ -1651,14 +1656,14 @@
* \return This macro may return either 0 or 1 if \c alg is not a supported * \return This macro may return either 0 or 1 if \c alg is not a supported
* algorithm identifier. * algorithm identifier.
*/ */
#define PSA_ALG_IS_WILDCARD(alg) \ #define PSA_ALG_IS_WILDCARD(alg) \
(PSA_ALG_IS_HASH_AND_SIGN(alg) ? \ (PSA_ALG_IS_HASH_AND_SIGN(alg) ? \
PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \ PSA_ALG_SIGN_GET_HASH(alg) == PSA_ALG_ANY_HASH : \
(PSA_ALG_IS_MAC(alg) ? \ PSA_ALG_IS_MAC(alg) ? \
(alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG) != 0 : \ (alg & PSA_ALG_MAC_MINIMUM_LENGTH_FLAG) != 0 : \
(PSA_ALG_IS_AEAD(alg) ? \ PSA_ALG_IS_AEAD(alg) ? \
(alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG) != 0 : \ (alg & PSA_ALG_AEAD_MINIMUM_LENGTH_FLAG) != 0 : \
(alg) == PSA_ALG_ANY_HASH))) (alg) == PSA_ALG_ANY_HASH)
/**@}*/ /**@}*/