Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Interruptible APIs for key agreement use cases #199

Open
wants to merge 22 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
a7ca5f7
Add an overview of interruptible operation functionality
athoelke Sep 25, 2023
2e35fe4
Add PSA_OPERATION_INCOMPLETE
athoelke Sep 25, 2023
799d17d
crypto: Add interruptible asymmetric signature API
athoelke Oct 12, 2023
c05ae6c
Xref interruptible operations from key usage flags
athoelke Nov 9, 2023
3228171
Rework the addition of Interruptible operations to the functionality …
athoelke May 13, 2024
0f391ea
fixup: Incorrect section level
athoelke May 13, 2024
4b92a27
fixup: Fix residual uses of 'starting' state
athoelke May 13, 2024
79f7de3
Resolve some issues and todos
athoelke May 14, 2024
f910088
Updated naming pattern for interruptible APIs:
athoelke Jun 11, 2024
7f711da
Resolve the TODO for interruptible signature.
athoelke Jun 11, 2024
66ed971
Fix: missing BAD_STATE errors in iop setup functions
athoelke Jun 18, 2024
2d995d8
Add versionadded placeholders for the new APIs
athoelke Dec 16, 2024
31b2559
crypto: Add interruptible operations for key agreement use cases
athoelke Jun 19, 2024
de87572
Added new functionality to change log
athoelke Jun 20, 2024
fe7c96e
Rename interruptible operation graphic
athoelke Jun 20, 2024
91d4580
Updated Functionality chapter to describe both basic and complex inte…
athoelke Jun 21, 2024
960595e
Deferred allocation of key ids
athoelke Jun 26, 2024
ca46ff2
Adopt the key attribute clarifications for key creation functions fro…
athoelke Jul 30, 2024
8c4bbcc
Note that incremental key generation might only be available for some…
athoelke Aug 6, 2024
01196f5
Add versionadded placeholders for new API
athoelke Dec 16, 2024
4c6cdda
Fix hyphenation
athoelke Dec 16, 2024
28344b7
Clarify when the ops value is reset
athoelke Dec 17, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 73 additions & 0 deletions doc/crypto/api.db/psa/crypto.h
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@ typedef uint32_t psa_algorithm_t;
typedef /* implementation-defined type */ psa_cipher_operation_t;
typedef uint8_t psa_dh_family_t;
typedef uint8_t psa_ecc_family_t;
typedef /* implementation-defined type */ psa_export_public_key_iop_t;
typedef /* implementation-defined type */ psa_generate_key_iop_t;
typedef /* implementation-defined type */ psa_hash_operation_t;
typedef /* implementation-defined type */ psa_key_agreement_iop_t;
typedef /* implementation-defined type */ psa_key_attributes_t;
typedef /* implementation-defined type */ psa_key_derivation_operation_t;
typedef uint16_t psa_key_derivation_step_t;
Expand All @@ -24,6 +27,8 @@ typedef uint32_t psa_pake_primitive_t;
typedef uint8_t psa_pake_primitive_type_t;
typedef uint8_t psa_pake_role_t;
typedef uint8_t psa_pake_step_t;
typedef /* implementation-defined type */ psa_sign_iop_t;
typedef /* implementation-defined type */ psa_verify_iop_t;
typedef struct psa_custom_key_parameters_t {
uint32_t flags;
} psa_custom_key_parameters_t;
Expand Down Expand Up @@ -232,9 +237,11 @@ typedef struct psa_custom_key_parameters_t {
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
/* implementation-defined value */
#define PSA_EXPORT_KEY_PAIR_MAX_SIZE /* implementation-defined value */
#define PSA_EXPORT_PUBLIC_KEY_IOP_INIT /* implementation-defined value */
#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE /* implementation-defined value */
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
/* implementation-defined value */
#define PSA_GENERATE_KEY_IOP_INIT /* implementation-defined value */
#define PSA_HASH_BLOCK_LENGTH(alg) /* implementation-defined value */
#define PSA_HASH_LENGTH(alg) /* implementation-defined value */
#define PSA_HASH_MAX_SIZE /* implementation-defined value */
Expand All @@ -246,6 +253,8 @@ typedef struct psa_custom_key_parameters_t {
/* specification-defined value */
#define PSA_HASH_SUSPEND_OUTPUT_MAX_SIZE /* implementation-defined value */
#define PSA_HASH_SUSPEND_OUTPUT_SIZE(alg) /* specification-defined value */
#define PSA_IOP_MAX_OPS_UNLIMITED UINT32_MAX
#define PSA_KEY_AGREEMENT_IOP_INIT /* implementation-defined value */
#define PSA_KEY_ATTRIBUTES_INIT /* implementation-defined value */
#define PSA_KEY_DERIVATION_INPUT_CONTEXT /* implementation-defined value */
#define PSA_KEY_DERIVATION_INPUT_COST /* implementation-defined value */
Expand Down Expand Up @@ -376,10 +385,12 @@ typedef struct psa_custom_key_parameters_t {
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
/* implementation-defined value */
#define PSA_SIGNATURE_MAX_SIZE /* implementation-defined value */
#define PSA_SIGN_IOP_INIT /* implementation-defined value */
#define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \
/* implementation-defined value */
#define PSA_TLS12_ECJPAKE_TO_PMS_OUTPUT_SIZE 32
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE /* implementation-defined value */
#define PSA_VERIFY_IOP_INIT /* implementation-defined value */
psa_status_t psa_aead_abort(psa_aead_operation_t * operation);
psa_status_t psa_aead_decrypt(psa_key_id_t key,
psa_algorithm_t alg,
Expand Down Expand Up @@ -525,13 +536,29 @@ psa_status_t psa_export_public_key(psa_key_id_t key,
uint8_t * data,
size_t data_size,
size_t * data_length);
psa_status_t psa_export_public_key_iop_abort(psa_export_public_key_iop_t * operation);
psa_status_t psa_export_public_key_iop_complete(psa_export_public_key_iop_t * operation,
uint8_t * data,
size_t data_size,
size_t * data_length);
uint32_t psa_export_public_key_iop_get_num_ops(psa_export_public_key_iop_t * operation);
psa_export_public_key_iop_t psa_export_public_key_iop_init(void);
psa_status_t psa_export_public_key_iop_setup(psa_export_public_key_iop_t * operation,
psa_key_id_t key);
psa_status_t psa_generate_key(const psa_key_attributes_t * attributes,
psa_key_id_t * key);
psa_status_t psa_generate_key_custom(const psa_key_attributes_t * attributes,
const psa_custom_key_parameters_t * custom,
const uint8_t * custom_data,
size_t custom_data_length,
mbedtls_svc_key_id_t * key);
psa_status_t psa_generate_key_iop_abort(psa_generate_key_iop_t * operation);
psa_status_t psa_generate_key_iop_complete(psa_generate_key_iop_t * operation,
psa_key_id_t * key);
uint32_t psa_generate_key_iop_get_num_ops(psa_generate_key_iop_t * operation);
psa_generate_key_iop_t psa_generate_key_iop_init(void);
psa_status_t psa_generate_key_iop_setup(psa_generate_key_iop_t * operation,
const psa_key_attributes_t * attributes);
psa_status_t psa_generate_random(uint8_t * output,
size_t output_size);
psa_algorithm_t psa_get_key_algorithm(const psa_key_attributes_t * attributes);
Expand Down Expand Up @@ -580,12 +607,25 @@ psa_status_t psa_import_key(const psa_key_attributes_t * attributes,
const uint8_t * data,
size_t data_length,
psa_key_id_t * key);
uint32_t psa_iop_get_max_ops(void);
void psa_iop_set_max_ops(uint32_t max_ops);
psa_status_t psa_key_agreement(psa_key_id_t private_key,
const uint8_t * peer_key,
size_t peer_key_length,
psa_algorithm_t alg,
const psa_key_attributes_t * attributes,
psa_key_id_t * key);
psa_status_t psa_key_agreement_iop_abort(psa_key_agreement_iop_t * operation);
psa_status_t psa_key_agreement_iop_complete(psa_key_agreement_iop_t * operation,
psa_key_id_t * key);
uint32_t psa_key_agreement_iop_get_num_ops(psa_key_agreement_iop_t * operation);
psa_key_agreement_iop_t psa_key_agreement_iop_init(void);
psa_status_t psa_key_agreement_iop_setup(psa_key_agreement_iop_t * operation,
psa_key_id_t private_key,
const uint8_t * peer_key,
size_t peer_key_length,
psa_algorithm_t alg,
const psa_key_attributes_t * attributes);
psa_key_attributes_t psa_key_attributes_init(void);
psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t * operation);
psa_status_t psa_key_derivation_get_capacity(const psa_key_derivation_operation_t * operation,
Expand Down Expand Up @@ -724,6 +764,23 @@ psa_status_t psa_sign_hash(psa_key_id_t key,
uint8_t * signature,
size_t signature_size,
size_t * signature_length);
psa_status_t psa_sign_iop_abort(psa_sign_iop_t * operation);
psa_status_t psa_sign_iop_complete(psa_sign_iop_t * operation,
uint8_t * signature,
size_t signature_size,
size_t * signature_length);
uint32_t psa_sign_iop_get_num_ops(psa_sign_iop_t * operation);
psa_status_t psa_sign_iop_hash(psa_sign_iop_t * operation,
const uint8_t * hash,
size_t hash_length);
psa_sign_iop_t psa_sign_iop_init(void);
psa_status_t psa_sign_iop_setup(psa_sign_iop_t * operation,
psa_key_id_t key,
psa_algorithm_t alg);
psa_status_t psa_sign_iop_setup_complete(psa_sign_iop_t * operation);
psa_status_t psa_sign_iop_update(psa_sign_iop_t * operation,
const uint8_t * input,
size_t input_length);
psa_status_t psa_sign_message(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
Expand All @@ -737,6 +794,22 @@ psa_status_t psa_verify_hash(psa_key_id_t key,
size_t hash_length,
const uint8_t * signature,
size_t signature_length);
psa_status_t psa_verify_iop_abort(psa_verify_iop_t * operation);
psa_status_t psa_verify_iop_complete(psa_verify_iop_t * operation);
uint32_t psa_verify_iop_get_num_ops(psa_verify_iop_t * operation);
psa_status_t psa_verify_iop_hash(psa_verify_iop_t * operation,
const uint8_t * hash,
size_t hash_length);
psa_verify_iop_t psa_verify_iop_init(void);
psa_status_t psa_verify_iop_setup(psa_verify_iop_t * operation,
psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t * signature,
size_t signature_length);
psa_status_t psa_verify_iop_setup_complete(psa_verify_iop_t * operation);
psa_status_t psa_verify_iop_update(psa_verify_iop_t * operation,
const uint8_t * input,
size_t input_length);
psa_status_t psa_verify_message(psa_key_id_t key,
psa_algorithm_t alg,
const uint8_t * input,
Expand Down
Loading