Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move NIST_KW to PSA API #9382

Open
gilles-peskine-arm opened this issue Jul 9, 2024 · 0 comments
Open

Move NIST_KW to PSA API #9382

gilles-peskine-arm opened this issue Jul 9, 2024 · 0 comments
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-crypto Crypto primitives and low-level interfaces size-s Estimated task size: small (~2d)

Comments

@gilles-peskine-arm
Copy link
Contributor

Migrate the NIST KW/KWP interface (nist_kw.h) to rely on the PSA API instead of cipher.h.

Justification: KW/KWP are an encrypted authentication modes built on a block cipher (currently only AES). They doesn't fit the PSA crypto API well (no nonce, no AEAD, awkward to make multipart), so at least for the time being we aren't exposing it through a PSA API. The implementation relies on the block cipher in ECB mode. Currently, nist_kw.c relies on mbedtls_cipher_xxx functions for AES-ECB. The goal of this task is to make the implementation rely on psa_cipher_encrypt/psa_cipher_decrypt instead.

New prototypes:

psa_status_t mbedtls_nist_kw_wrap(psa_key_id_t key,
                                  mbedtls_nist_kw_mode_t mode,
                                  const unsigned char *input, size_t input_length,
                                  unsigned char *output, size_t output_size, size_t *output_length);
psa_status_t mbedtls_nist_kw_unwrap(psa_key_id_t key,
                                    mbedtls_nist_kw_mode_t mode,
                                    const unsigned char *input, size_t input_length,
                                    unsigned char *output, size_t output_size, size_t *output_length);

The changes are:

  • Use a PSA key instead of a context. There is no more context type and context management functions.
  • Use the same parameter order as PSA APIs (output buffer size before output length).

Validation: check that the key type is PSA_KEY_TYPE_AES. This isn't really necessary, but expanding support to other 128-bit block ciphers is out of scope, even if all it would take is to add test cases.

Implementation: use the psa_cipher_xxx multipart API. Return PSA error codes instead of legacy error codes.
@gilles-peskine-arm gilles-peskine-arm added component-crypto Crypto primitives and low-level interfaces api-break This issue/PR breaks the API and must wait for a new major version size-s Estimated task size: small (~2d) labels Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
api-break This issue/PR breaks the API and must wait for a new major version component-crypto Crypto primitives and low-level interfaces size-s Estimated task size: small (~2d)
Projects
Mbed TLS 4.0 planning
Status: Implementation needed
Mbed TLS Backlog
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@gilles-peskine-arm