| Gilles Peskine | 6c723a2 | 2020-04-17 16:57:52 +0200 | [diff] [blame] | 1 | .. _design-goals: |
| 2 | |
| 3 | Design goals |
| 4 | ------------ |
| 5 | |
| 6 | Suitable for constrained devices |
| 7 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 8 | |
| 9 | The interface is suitable for a vast range of devices: from special-purpose |
| 10 | cryptographic processors that process data with a built-in key, to constrained |
| 11 | devices running custom application code, such as microcontrollers, and |
| 12 | multi-application devices, such as servers. Consequentially, the interface is |
| 13 | scalable and modular. |
| 14 | |
| 15 | - *Scalable*: devices only need to implement the functionality that they will |
| 16 | use. |
| 17 | - *Modular*: larger devices implement larger subsets of the same interface, |
| 18 | rather than different interfaces. |
| 19 | |
| 20 | In this interface, all operations on unbounded amounts of data |
| 21 | allow *multi-part* processing, as long as the calculations on the data are |
| 22 | performed in a streaming manner. This means that the application does not need |
| 23 | to store the whole message in memory at one time. As a result, this |
| 24 | specification is suitable for very constrained devices, including those where |
| 25 | memory is very limited. |
| 26 | |
| 27 | Memory outside the keystore boundary is managed by the application. An |
| 28 | implementation of the interface is not required to retain any state between |
| 29 | function calls, apart from the content of the keystore and other data that must |
| 30 | be kept inside the keystore security boundary. |
| 31 | |
| 32 | The interface does not expose the representation of keys and intermediate data, |
| 33 | except when required for interchange. This allows each implementation to choose |
| 34 | optimal data representations. Implementations with multiple components are also |
| 35 | free to choose which memory area to use for internal data. |
| 36 | |
| 37 | A keystore interface |
| 38 | ~~~~~~~~~~~~~~~~~~~~ |
| 39 | |
| 40 | The specification allows cryptographic operations to be performed on a key to |
| 41 | which the application does not have direct access. Except where required for |
| 42 | interchange, applications access all keys indirectly, by an identifier. The key |
| 43 | material corresponding to that identifier can reside inside a security boundary |
| 44 | that prevents it from being extracted, except as permitted by a policy that is |
| 45 | defined when the key is created. |
| 46 | |
| 47 | .. _isolation: |
| 48 | |
| 49 | Optional isolation |
| 50 | ~~~~~~~~~~~~~~~~~~ |
| 51 | |
| 52 | Implementations can isolate the cryptoprocessor from the calling application, |
| 53 | and can further isolate multiple calling applications. The interface allows the |
| 54 | implementation to be separated between a frontend and a backend. In an isolated |
| 55 | implementation, the frontend is the part of the implementation that is located |
| 56 | in the same isolation boundary as the application, which the application |
| 57 | accesses by function calls. The backend is the part of the implementation that |
| 58 | is located in a different environment, which is protected from the frontend. |
| 59 | Various technologies can provide protection, for example: |
| 60 | |
| 61 | - Process isolation in an operating system. |
| 62 | - Partition isolation, either with a virtual machine or a partition manager. |
| 63 | - Physical separation between devices. |
| 64 | |
| 65 | Communication between the frontend and backend is beyond the scope of this |
| 66 | specification. |
| 67 | |
| 68 | In an isolated implementation, the backend can serve more than one |
| 69 | implementation instance. In this case, a single backend communicates with |
| 70 | multiple instances of the frontend. The backend must enforce **caller |
| 71 | isolation**: it must ensure that assets of one frontend are not visible to any |
| 72 | other frontend. The mechanism for identifying callers is beyond the scope of this |
| 73 | specification. An implementation that provides caller isolation must document |
| 74 | the identification mechanism. An implementation that provides isolation must |
| 75 | document any implementation-specific extension of the API that enables frontend |
| 76 | instances to share data in any form. |
| 77 | |
| 78 | In summary, there are three types of implementation: |
| 79 | |
| 80 | - No isolation: there is no security boundary between the application and the |
| 81 | cryptoprocessor. For example, a statically or dynamically linked library is |
| 82 | an implementation with no isolation. |
| 83 | - Cryptoprocessor isolation: there is a security boundary between the |
| 84 | application and the cryptoprocessor, but the cryptoprocessor does not |
| 85 | communicate with other applications. For example, a cryptoprocessor chip that |
| 86 | is a companion to an application processor is an implementation with |
| 87 | cryptoprocessor isolation. |
| 88 | - Caller isolation: there are multiple application instances, with a security |
| 89 | boundary between the application instances among themselves, as well as |
| 90 | between the cryptoprocessor and the application instances. For example, a |
| 91 | cryptography service in a multiprocess environment is an implementation with |
| 92 | caller and cryptoprocessor isolation. |
| 93 | |
| 94 | Choice of algorithms |
| 95 | ~~~~~~~~~~~~~~~~~~~~ |
| 96 | |
| 97 | The specification defines a low-level cryptographic interface, where the caller |
| 98 | explicitly chooses which algorithm and which security parameters they use. This |
| 99 | is necessary to implement protocols that are inescapable in various use cases. |
| 100 | The design of the interface enables applications to implement widely-used |
| 101 | protocols and data exchange formats, as well as custom ones. |
| 102 | |
| 103 | As a consequence, all cryptographic functionality operates according to the |
| 104 | precise algorithm specified by the caller. However, this does not apply to |
| 105 | device-internal functionality, which does not involve any form of |
| 106 | interoperability, such as random number generation. The specification does not |
| 107 | include generic higher-level interfaces, where the implementation chooses the |
| 108 | best algorithm for a purpose. However, higher-level libraries can be built on |
| 109 | top of the PSA Crypto API. |
| 110 | |
| 111 | Another consequence is that the specification permits the use of algorithms, key |
| 112 | sizes and other parameters that, while known to be insecure, might be necessary to |
| 113 | support legacy protocols or legacy data. Where major weaknesses are known, the |
| 114 | algorithm descriptions give applicable warnings. However, the lack of a warning |
| 115 | both does not and cannot indicate that an algorithm is secure in all circumstances. |
| 116 | Application developers need to research the security of the protocols and |
| 117 | algorithms that they plan to use to determine if these meet their requirements. |
| 118 | |
| 119 | The interface facilitates algorithm agility. As a consequence, cryptographic |
| 120 | primitives are presented through generic functions with a parameter indicating |
| 121 | the specific choice of algorithm. For example, there is a single function to |
| 122 | calculate a message digest, which takes a parameter that identifies the specific |
| 123 | hash algorithm. |
| 124 | |
| 125 | Ease of use |
| 126 | ~~~~~~~~~~~ |
| 127 | |
| 128 | The interface is designed to be as user-friendly as possible, given the |
| 129 | aforementioned constraints on suitability for various types of devices and on |
| 130 | the freedom to choose algorithms. |
| 131 | |
| 132 | In particular, the code flows are designed to reduce the risk of dangerous |
| 133 | misuse. The interface is designed in part to make it harder to misuse. Where |
| 134 | possible, it is designed so that |
| 135 | typical mistakes result in test failures, rather than subtle security issues. |
| 136 | Implementations avoid leaking data when a function is called with invalid |
| 137 | parameters, to the extent allowed by the C language and by implementation size |
| 138 | constraints. |
| 139 | |
| 140 | Example use cases |
| 141 | ~~~~~~~~~~~~~~~~~ |
| 142 | |
| 143 | This section lists some of the use cases that were considered during the design |
| 144 | of this API. This list is not exhaustive, nor are all implementations required to |
| 145 | support all use cases. |
| 146 | |
| 147 | Network Security (TLS) |
| 148 | ^^^^^^^^^^^^^^^^^^^^^^ |
| 149 | |
| 150 | The API provides all of the cryptographic primitives needed to establish TLS |
| 151 | connections. |
| 152 | |
| 153 | Secure Storage |
| 154 | ^^^^^^^^^^^^^^ |
| 155 | |
| 156 | The API provides all primitives related to storage encryption, block or |
| 157 | file-based, with master encryption keys stored inside a key store. |
| 158 | |
| 159 | Network Credentials |
| 160 | ^^^^^^^^^^^^^^^^^^^ |
| 161 | |
| 162 | The API provides network credential management inside a key store, for example, |
| 163 | for X.509-based authentication or pre-shared keys on enterprise networks. |
| 164 | |
| 165 | Device Pairing |
| 166 | ^^^^^^^^^^^^^^ |
| 167 | |
| 168 | The API provides support for key agreement protocols that are often used for |
| 169 | secure pairing of devices over wireless channels. For example, the pairing of an |
| 170 | NFC token or a Bluetooth device might use key agreement protocols upon |
| 171 | first use. |
| 172 | |
| 173 | Secure Boot |
| 174 | ^^^^^^^^^^^ |
| 175 | |
| 176 | The API provides primitives for use during firmware integrity and authenticity |
| 177 | validation, during a secure or trusted boot process. |
| 178 | |
| 179 | Attestation |
| 180 | ^^^^^^^^^^^ |
| 181 | |
| 182 | The API provides primitives used in attestation activities. Attestation is the |
| 183 | ability for a device to sign an array of bytes with a device private key and |
| 184 | return the result to the caller. There are several use cases; ranging from attestation |
| 185 | of the device state, to the ability to generate a key pair and prove that it has |
| 186 | been generated inside a secure key store. The API provides access to the |
| 187 | algorithms commonly used for attestation. |
| 188 | |
| 189 | Factory Provisioning |
| 190 | ^^^^^^^^^^^^^^^^^^^^ |
| 191 | |
| 192 | Most IoT devices receive a unique identity during the factory provisioning |
| 193 | process, or once they have been deployed to the field. This API provides the APIs necessary for |
| 194 | populating a device with keys that represent that identity. |