Skip to content

Crypto API update - slots to handles #13

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Feb 1, 2019
Merged

Crypto API update - slots to handles #13

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d7c3daa
Update example to use crypto key handles APIs
Jan 29, 2019
cde93a5
Fix typo in README.md
Jan 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ The following are the steps required to install the application:

## Compile
To compile the example program use `mbed compile` while specifying the target platform and the compiler.
For example, in order to compile using the ARM GCC compiler and a K64F target platform use: `mbed compile -m K64F -t ARM`.
For example, in order to compile using the ARM GCC compiler and a K64F target platform use: `mbed compile -m K64F -t GCC_ARM`.

Once the compilation is completed successfully a binary file will be created: `./BUILD/K64F/GCC_ARM/mbed-os-example-mbed-crypto.bin`

Expand Down
60 changes: 34 additions & 26 deletions main.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,19 +58,15 @@ int main(void)
}
#else

/* Use key slot 1 for our cipher key. Key slot 0 is reserved as unused. */
static const psa_key_slot_t key_slot_cipher = 1;

static psa_status_t set_key_policy(psa_key_slot_t key_slot,
static psa_status_t set_key_policy(psa_key_handle_t key_handle,
psa_key_usage_t key_usage,
psa_algorithm_t alg)
{
psa_status_t status;
psa_key_policy_t policy;
psa_key_policy_t policy = psa_key_policy_init();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

crypto code uses psa_key_policy_t policy = PSA_KEY_POLICY_INIT;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can do it either way, it's the same

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unless macro hides another stuff. and when the internals will change using macro will still allow abstraction...

Copy link
Contributor Author

@itayzafrir itayzafrir Jan 30, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

psa_key_policy_init() is an API function, it's not internal.

The macro can be only used as an initializer.


psa_key_policy_init(&policy);
psa_key_policy_set_usage(&policy, key_usage, alg);
status = psa_set_key_policy(key_slot, &policy);
status = psa_set_key_policy(key_handle, &policy);
ASSERT_STATUS(status, PSA_SUCCESS);
exit:
return status;
Expand Down Expand Up @@ -111,7 +107,7 @@ static psa_status_t cipher_operation(psa_cipher_operation_t *operation,
return status;
}

static psa_status_t cipher_encrypt(psa_key_slot_t key_slot,
static psa_status_t cipher_encrypt(psa_key_handle_t key_handle,
psa_algorithm_t alg,
uint8_t *iv,
size_t iv_size,
Expand All @@ -127,7 +123,7 @@ static psa_status_t cipher_encrypt(psa_key_slot_t key_slot,
size_t iv_len = 0;

memset(&operation, 0, sizeof(operation));
status = psa_cipher_encrypt_setup(&operation, key_slot, alg);
status = psa_cipher_encrypt_setup(&operation, key_handle, alg);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_cipher_generate_iv(&operation, iv, iv_size, &iv_len);
Expand All @@ -142,7 +138,7 @@ static psa_status_t cipher_encrypt(psa_key_slot_t key_slot,
return status;
}

static psa_status_t cipher_decrypt(psa_key_slot_t key_slot,
static psa_status_t cipher_decrypt(psa_key_handle_t key_handle,
psa_algorithm_t alg,
const uint8_t *iv,
size_t iv_size,
Expand All @@ -157,7 +153,7 @@ static psa_status_t cipher_decrypt(psa_key_slot_t key_slot,
psa_cipher_operation_t operation;

memset(&operation, 0, sizeof(operation));
status = psa_cipher_decrypt_setup(&operation, key_slot, alg);
status = psa_cipher_decrypt_setup(&operation, key_handle, alg);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_cipher_set_iv(&operation, iv, iv_size);
Expand Down Expand Up @@ -187,25 +183,29 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
uint8_t input[block_size];
uint8_t encrypt[block_size];
uint8_t decrypt[block_size];
psa_key_handle_t key_handle = 0;

status = psa_allocate_key(&key_handle);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_generate_random(input, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);

status = set_key_policy(key_slot_cipher,
status = set_key_policy(key_handle,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
alg);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_generate_key(key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
status = psa_generate_key(key_handle, PSA_KEY_TYPE_AES, key_bits,
NULL, 0);
ASSERT_STATUS(status, PSA_SUCCESS);

status = cipher_encrypt(key_slot_cipher, alg, iv, sizeof(iv),
status = cipher_encrypt(key_handle, alg, iv, sizeof(iv),
input, sizeof(input), part_size,
encrypt, sizeof(encrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);

status = cipher_decrypt(key_slot_cipher, alg, iv, sizeof(iv),
status = cipher_decrypt(key_handle, alg, iv, sizeof(iv),
encrypt, output_len, part_size,
decrypt, sizeof(decrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
Expand All @@ -214,7 +214,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block(void)
ASSERT_STATUS(status, PSA_SUCCESS);

exit:
psa_destroy_key(key_slot_cipher);
psa_destroy_key(key_handle);
return status;
}

Expand All @@ -233,25 +233,29 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
size_t output_len = 0;
uint8_t iv[block_size], input[input_size],
encrypt[input_size + block_size], decrypt[input_size + block_size];
psa_key_handle_t key_handle = 0;

status = psa_allocate_key(&key_handle);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_generate_random(input, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);

status = set_key_policy(key_slot_cipher,
status = set_key_policy(key_handle,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
alg);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_generate_key(key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
status = psa_generate_key(key_handle, PSA_KEY_TYPE_AES, key_bits,
NULL, 0);
ASSERT_STATUS(status, PSA_SUCCESS);

status = cipher_encrypt(key_slot_cipher, alg, iv, sizeof(iv),
status = cipher_encrypt(key_handle, alg, iv, sizeof(iv),
input, sizeof(input), part_size,
encrypt, sizeof(encrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);

status = cipher_decrypt(key_slot_cipher, alg, iv, sizeof(iv),
status = cipher_decrypt(key_handle, alg, iv, sizeof(iv),
encrypt, output_len, part_size,
decrypt, sizeof(decrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
Expand All @@ -260,7 +264,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi(void)
ASSERT_STATUS(status, PSA_SUCCESS);

exit:
psa_destroy_key(key_slot_cipher);
psa_destroy_key(key_handle);
return status;
}

Expand All @@ -278,25 +282,29 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
size_t output_len = 0;
uint8_t iv[block_size], input[input_size], encrypt[input_size],
decrypt[input_size];
psa_key_handle_t key_handle = 0;

status = psa_allocate_key(&key_handle);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_generate_random(input, sizeof(input));
ASSERT_STATUS(status, PSA_SUCCESS);

status = set_key_policy(key_slot_cipher,
status = set_key_policy(key_handle,
PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT,
alg);
ASSERT_STATUS(status, PSA_SUCCESS);

status = psa_generate_key(key_slot_cipher, PSA_KEY_TYPE_AES, key_bits,
status = psa_generate_key(key_handle, PSA_KEY_TYPE_AES, key_bits,
NULL, 0);
ASSERT_STATUS(status, PSA_SUCCESS);

status = cipher_encrypt(key_slot_cipher, alg, iv, sizeof(iv),
status = cipher_encrypt(key_handle, alg, iv, sizeof(iv),
input, sizeof(input), part_size,
encrypt, sizeof(encrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);

status = cipher_decrypt(key_slot_cipher, alg, iv, sizeof(iv),
status = cipher_decrypt(key_handle, alg, iv, sizeof(iv),
encrypt, output_len, part_size,
decrypt, sizeof(decrypt), &output_len);
ASSERT_STATUS(status, PSA_SUCCESS);
Expand All @@ -305,7 +313,7 @@ static psa_status_t cipher_example_encrypt_decrypt_aes_ctr_multi(void)
ASSERT_STATUS(status, PSA_SUCCESS);

exit:
psa_destroy_key(key_slot_cipher);
psa_destroy_key(key_handle);
return status;
}

Expand Down