Thanks to visit codestin.com
Credit goes to github.com

Skip to content

PSA drivers: specification for key derivation #5451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 24 commits into from
Jun 6, 2023
Merged

PSA drivers: specification for key derivation #5451

Changes from 1 commit
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
a2b4159
Draft specification for key derivation
gilles-peskine-arm Jan 24, 2022
220bda7
Rename a function parameter to avoid confusion
gilles-peskine-arm Jan 25, 2022
c2e2910
Fix internal links
gilles-peskine-arm Jun 3, 2022
1a5b830
Fix typos and copypasta
gilles-peskine-arm Jun 3, 2022
3fc9e04
Be more consistent with raw/cooked key derivation terminology
gilles-peskine-arm Jun 3, 2022
54eb068
New function psa_crypto_driver_key_derivation_get_input_type
gilles-peskine-arm Jun 30, 2022
d9645c8
Fix naming confusion with opaque key derivation
gilles-peskine-arm Jun 30, 2022
eda71ce
Key derivation: improve overview of the problem space
gilles-peskine-arm Jan 12, 2023
4e346bd
Fix entry point name
gilles-peskine-arm Jan 12, 2023
635b779
Fix math character used in text mode
gilles-peskine-arm Jan 12, 2023
fd09408
Pass attributes alongside key buffer
gilles-peskine-arm Jan 20, 2023
66b96e2
Copyediting
gilles-peskine-arm May 30, 2023
4e94fea
Key derivation dispatch doesn't depend on the key type
gilles-peskine-arm May 30, 2023
d2fe1d5
Rationale on key derivation inputs and buffer ownership
gilles-peskine-arm May 30, 2023
f787879
Clarify sequencing of long inputs
gilles-peskine-arm May 30, 2023
b319ed6
State explicitly that cooked key derivation uses the export format
gilles-peskine-arm May 30, 2023
e52bff9
Note possible issue with derive_key: who should choose the input length?
gilles-peskine-arm May 30, 2023
24f5229
Key agreement needs an attribute structure for our key
gilles-peskine-arm May 30, 2023
1414bc3
Minor copyediting
gilles-peskine-arm Jun 2, 2023
f96a18e
Probably resolve concern about the input size for derive_key
gilles-peskine-arm Jun 2, 2023
dcaf104
Note that we may want to rename derive_key
gilles-peskine-arm Jun 2, 2023
7df8ba6
Rework the description of key derivation output/verify key
gilles-peskine-arm Jun 2, 2023
8dd1e62
Copyediting
gilles-peskine-arm Jun 5, 2023
f4ba001
Clarify when key derivation entry points are mandatory/permitted
gilles-peskine-arm Jun 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Key agreement needs an attribute structure for our key 
Signed-off-by: Gilles Peskine <[email protected]>
  • Loading branch information
@gilles-peskine-arm
gilles-peskine-arm committed May 30, 2023
commit 24f52296f1e785712f4eb968c19a49e86f507325
6 changes: 5 additions & 1 deletion docs/proposed/psa-driver-interface.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,6 +547,7 @@ In other cases, the core treats `psa_key_derivation_key_agreement()` as if it wa
The entry points related to key agreement have the following prototypes for a driver with the prefix `"acme"`:
```
psa_status_t acme_key_agreement(psa_algorithm_t alg,
const psa_key_attributes_t *our_attributes,
const uint8_t *our_key_buffer,
size_t our_key_buffer_length,
const uint8_t *peer_key,
Expand All @@ -555,16 +556,19 @@ psa_status_t acme_key_agreement(psa_algorithm_t alg,
size_t output_size,
size_t *output_length);
psa_status_t acme_key_agreement_to_key(psa_algorithm_t alg,
const psa_key_attributes_t *attributes,
const psa_key_attributes_t *our_attributes,
const uint8_t *our_key_buffer,
size_t our_key_buffer_length,
const uint8_t *peer_key,
size_t peer_key_length,
const psa_key_attributes_t *shared_secret_attributes,
uint8_t *shared_secret_key_buffer,
size_t shared_secret_key_buffer_size,
size_t *shared_secret_key_buffer_length);
```

Note that unlike most other key creation entry points, in `"acme_key_agreement_to_key"`, the parameters for the shared secret are not placed near the beginning, but rather grouped with the other parameters at the end, to avoid confusion with the keys passed as inputs.

### Driver entry points for key management

The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information.
Expand Down