Skip to content

Documented use of context parameters in PAKE operations#214

Merged
athoelke merged 2 commits into
ARM-software:mainfrom
athoelke:crypto-pake-clarify-context
Sep 13, 2024
Merged

Documented use of context parameters in PAKE operations#214
athoelke merged 2 commits into
ARM-software:mainfrom
athoelke:crypto-pake-clarify-context

Conversation

@athoelke
Copy link
Copy Markdown
Contributor

@athoelke athoelke commented Sep 6, 2024

Following option 3 in #209.

Fixes #209

@athoelke athoelke added bug Something is incorrect or inconsistent in the documentation clarification Something is confusing or missing in the documentation Crypto API Issue or PR related to the Cryptography API labels Sep 6, 2024
@athoelke athoelke added this to the Crypto API 1.3 milestone Sep 6, 2024
@athoelke athoelke self-assigned this Sep 6, 2024
@athoelke
Copy link
Copy Markdown
Contributor Author

athoelke commented Sep 6, 2024

Feedback appreciated from @silabs-Kusumit, @silabs-hannes, @oberon-sk, and @yanesca.

oberon-sk
oberon-sk reviewed Sep 6, 2024
View reviewed changes
Comment thread doc/crypto/api/ops/pake.rst

J-PAKE does not use a context.
A call to `psa_pake_set_context()` for a J-PAKE operation will fail with :code:`PSA_ERROR_INVALID_ARGUMENT`.

Copy link
Copy Markdown
Collaborator

@oberon-sk oberon-sk Sep 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer PSA_ERROR_BAD_STATE in this case. This is analog to psa_cipher_set_iv(), where PSA_ERROR_BAD_STATE shall be returned if the cipher algorithm does not use an IV.

Copy link
Copy Markdown
Contributor Author

@athoelke athoelke Sep 6, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I agree. We should also change the text for psa_pake_set_context() - which currently describes PSA_ERROR_INVALID_ARGUMENT as being returned if the protocol does not support a context.

I do not think that the incompatibility (changing the specific error code) is an issue in practice here.

** Updated:** Re-reading what I wrote in the spec again - psa_pake_set_context() already specifies PSA_ERROR_BAD_STATE for algorithms that do not accept a context. I misread the description for returning PSA_ERROR_INVALID_ARGUMENT when creating this PR.

yanesca
yanesca approved these changes Sep 13, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@yanesca yanesca left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@athoelke athoelke force-pushed the crypto-pake-clarify-context branch from 3c23093 to d72289f Compare September 13, 2024 14:41
@athoelke athoelke merged commit b2eab5e into ARM-software:main Sep 13, 2024
@athoelke athoelke deleted the crypto-pake-clarify-context branch September 13, 2024 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@oberon-sk oberon-sk oberon-sk left review comments

@gilles-peskine-arm gilles-peskine-arm Awaiting requested review from gilles-peskine-arm

@MarcusJGStreets MarcusJGStreets Awaiting requested review from MarcusJGStreets

+1 more reviewer

@yanesca yanesca yanesca approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@athoelke athoelke

Labels

bug Something is incorrect or inconsistent in the documentation clarification Something is confusing or missing in the documentation Crypto API Issue or PR related to the Cryptography API

Projects

PSA Certified API development
Status: Done

Milestone

Crypto API 1.3

Development

Successfully merging this pull request may close these issues.

Missing information about contexts in PAKE protocols

3 participants

@athoelke @yanesca @oberon-sk