Skip to content

Fixes for issues found during PAKE RC1 review #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
athoelke merged 4 commits into from
Jan 29, 2024
Merged

Fixes for issues found during PAKE RC1 review #155

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8b218fe
Fix error documentation for psa_pake_setup
athoelke Jan 19, 2024
84819e2
Fix error documentation for psa_pake_set_role
athoelke Jan 19, 2024
d4692cb
Remove resolved :issue:
athoelke Jan 19, 2024
644cee7
Fix references to PSA_ALG_SHA_256
athoelke Jan 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 14 additions & 11 deletions doc/ext-pake/api/pake.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -691,8 +691,7 @@ Multi-part PAKE operations
* The algorithm in ``cipher_suite`` is not a PAKE algorithm, or encodes an invalid hash algorithm.
* The PAKE primitive in ``cipher_suite`` is not compatible with the PAKE algorithm.
* The key confirmation value in ``cipher_suite`` is not compatible with the PAKE algorithm and primitive.
* The key type for ``password_key`` is not :code:`PSA_KEY_TYPE_PASSWORD` or :code:`PSA_KEY_TYPE_PASSWORD_HASH`.
* ``password_key`` is not compatible with ``cipher_suite``.
* The key type or key size of ``password_key`` is not compatible with ``cipher_suite``.
.. retval:: PSA_ERROR_NOT_SUPPORTED
The following conditions can result in this error:

Expand Down Expand Up @@ -759,9 +758,15 @@ Multi-part PAKE operations
* The operation state is not valid: it must be active, and `psa_pake_set_role()`, `psa_pake_input()`, and `psa_pake_output()` must not have been called yet.
* The library requires initializing by a call to :code:`psa_crypto_init()`.
.. retval:: PSA_ERROR_INVALID_ARGUMENT
``role`` is not a valid PAKE role in the operation's algorithm.
The following conditions can result in this error:

* ``role`` is not a valid PAKE role in the operation's algorithm.
* ``role`` is not compatible with the operation's key type.
.. retval:: PSA_ERROR_NOT_SUPPORTED
``role`` is not a valid PAKE role, or is not supported for the operation's algorithm.
The following conditions can result in this error:

* ``role`` is not a valid PAKE role, or is not supported for the operation's algorithm.
* ``role`` is not supported with the operation's key type.
.. retval:: PSA_ERROR_COMMUNICATION_FAILURE
.. retval:: PSA_ERROR_CORRUPTION_DETECTED

Expand Down Expand Up @@ -1222,7 +1227,7 @@ For example, the following code creates a cipher suite to select J-PAKE using P-

psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT;

psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA256));
psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
psa_pake_cs_set_primitive(&cipher_suite,
PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_SECP_R1, 256));
Expand Down Expand Up @@ -1351,7 +1356,7 @@ After setup, the key exchange flow for J-PAKE is as follows:
psa_key_attributes_t att = PSA_KEY_ATTRIBUTES_INIT;
psa_key_set_type(&att, PSA_KEY_TYPE_DERIVE);
psa_key_set_usage_flags(&att, PSA_KEY_USAGE_DERIVE);
psa_key_set_algorithm(&att, PSA_ALG_HKDF(PSA_ALG_SHA256));
psa_key_set_algorithm(&att, PSA_ALG_HKDF(PSA_ALG_SHA_256));

// Get Ka=Kb=K
psa_key_id_t shared_key;
Expand Down Expand Up @@ -1463,7 +1468,7 @@ For example, the following code creates a cipher suite to select SPAKE2+ using e

psa_pake_cipher_suite_t cipher_suite = PSA_PAKE_CIPHER_SUITE_INIT;

psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_SPAKE2P_HMAC(PSA_ALG_SHA256));
psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_SPAKE2P_HMAC(PSA_ALG_SHA_256));
psa_pake_cs_set_primitive(&cipher_suite,
PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC,
PSA_ECC_FAMILY_TWISTED_EDWARDS, 255));
Expand Down Expand Up @@ -1538,7 +1543,7 @@ The following steps demonstrate the derivation of a SPAKE2+ key pair using PBKDF

.. code-block:: xref

psa_key_derivation_setup(&pbkdf, PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA256));
psa_key_derivation_setup(&pbkdf, PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256));
psa_key_derivation_input_key(&pbkdf, PSA_KEY_DERIVATION_INPUT_PASSWORD, password_key);
psa_key_derivation_input_integer(&pbkdf, PSA_KEY_DERIVATION_INPUT_COST, pbkdf2_params.cost);
psa_key_derivation_input_bytes(&pbkdf, PSA_KEY_DERIVATION_INPUT_SALT,
Expand Down Expand Up @@ -1714,7 +1719,7 @@ After setup, the key exchange and confirmation flow for SPAKE2+ is as follows:
psa_key_attributes_t att = PSA_KEY_ATTRIBUTES_INIT;
psa_key_set_type(&att, PSA_KEY_TYPE_DERIVE);
psa_key_set_usage_flags(&att, PSA_KEY_USAGE_DERIVE);
psa_key_set_algorithm(&att, PSA_ALG_HKDF(PSA_ALG_SHA256));
psa_key_set_algorithm(&att, PSA_ALG_HKDF(PSA_ALG_SHA_256));

// Get K_shared
psa_key_id_t shared_key;
Expand Down Expand Up @@ -1785,8 +1790,6 @@ SPAKE2+ keys
edwards25519, 40
edwards448, 64

:issue:`I think these values are correct?`

* The calculation of :math:`w0`, :math:`w1`, and :math:`L` then proceeds as described in the RFC.

.. admonition:: Implementation note
Expand Down