Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461
...
psa_asymmetric_encrypt() doesn't work with opaque driver
2024-01-22 08:43:08 +00:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
...
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states
...
Implement the new key slot state system within the PSA subsystem.
2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation
...
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
2024-01-17 14:12:33 +00:00
Ryan Everett
7ed542e0f1
Implement delayed deletion in psa_destroy_key and some cleanup
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:40:29 +00:00
Ryan Everett
1d32a57764
Revert change to psa_destroy_key documentation
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
dfe8bf86a8
Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
...
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4
Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
...
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.
Remove the state changing calls that are no longer necessary.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Valerio Setti
5bb454aace
psa_crypto: allow asymmetric encryption/decryption also with opaque keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:43:16 +01:00
Valerio Setti
d36c313b53
psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
ddba51e6c9
psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa"
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
...
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Ryan Everett
1b70a07eca
Replace psa_unlock_key_slot calls in operations which act on FULL slots
...
Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read.
All instances follow a pattern of a call to psa_get_and_lock_key_slot_X,
followed by some code which reads from a slot, followed by a call to psa_unregister_read.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
c70ce576bd
Update psa_destroy_key, psa_purge_key and psa_close_key
...
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
098c6659ad
Update psa_get_and_lock_key_slot_X functions
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
b69118ebd0
Update key creation functions to use the new key slot states
...
Update psa_start_key_creation,
psa_finish_key_creation and psa_fail_key_creation.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
aa33c512cc
Update psa_wipe_key_slot
...
Change psa_wipe_key_slot to use the new state system.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Valerio Setti
384fbde49a
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
Valerio Setti
1fff4f2012
psa: add key_type as input parameter of psa_can_do_cipher()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Manuel Pégourié-Gonnard
cddab78612
Merge pull request #8630 from joerchan/mbedtls-tfm-compat
...
Mbedtls tfm compat
2023-12-15 09:31:27 +00:00
Valerio Setti
c6f004f0e2
psa_crypto: add internal helper to signal that cipher driver is ready
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Joakim Andersson
b349108b99
library: Move mbedtls_ecc helper functions to psa_util
...
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-12-14 13:55:11 +01:00
Manuel Pégourié-Gonnard
1f67363d6a
Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa
...
Add test for driver-only RSA (crypto only)
2023-12-14 11:05:55 +00:00
Pengyu Lv
f75893bb36
Update comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:40:00 +08:00
Pengyu Lv
e9efbc2aa5
Error out when get domain_parameters is not supported
...
From time being, domain_parameters could not be extracted
from driver. We need to return error to indicate this
situation. This is temporary and would be fixed after #6494 .
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:30:26 +08:00
Valerio Setti
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc
psa: free RNG implementation before checking for remaining open key slots
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Dave Rodgman
c94f8f1163
Merge pull request #8551 from daverodgman/sign-conversion-part1
...
Sign conversion part 1
2023-11-24 15:12:00 +00:00
Dave Rodgman
e4a6f5a7ec
Use size_t cast for pointer subtractions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Ryan Everett
975d411d92
Only set slot to OCCUPIED on successful key loading
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-16 13:37:51 +00:00
Ryan Everett
5567e3a34b
Make empty key slots explicit
...
Add new status field to key slots, and use it.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-08 13:28:20 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Valerio Setti
02a634decd
md: remove unnecessary inclusions of mbedtls/md.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:15:58 +02:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016
...
driver-only ECC: curve acceleration macros
2023-09-27 14:39:02 +00:00
Xiaokang Qian
fe9666b8c0
Change the extension type of the file psa_crypto_driver_wrapper
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e9c39c42fd
Enable build of non-static psa wrapper functions
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Thomas Daubney
7046468a02
Define the psa wrapper functions as static inline
...
This is a commit from Thomas Daubney.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Valerio Setti
c437faeaa1
psa_crypto: fix guards in mbedtls_ecc_group_to_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
...
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
...
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
Dave Rodgman
1dab445804
Update guard for ecp
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-02 10:56:44 +01:00
Dave Rodgman
4f47f3dac8
Covert PSA guards to MBEDTLS
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 12:10:00 +01:00
Dave Rodgman
a9a53a05f0
Merge remote-tracking branch 'origin/development' into misc-code-size
2023-08-31 11:53:46 +01:00
Dave Rodgman
dea266f3f5
Use MBEDTLS_MD_LIGHT instead of MBEDTLS_MD_C
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 11:52:43 +01:00
Dave Rodgman
8d706f6b59
Simplify camellia error conversion macros
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 11:48:44 +01:00
Dave Rodgman
09a9e589c1
Add missing error conversion case
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 11:05:22 +01:00
Dave Rodgman
787011542b
Fully replace mbedtls_psa_safer_memcmp
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-29 14:20:18 +01:00
Gilles Peskine
ead1766b5f
Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL
...
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.
Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-20 22:05:16 +02:00
Gilles Peskine
73936868b8
Merge remote-tracking branch 'development' into psa_crypto_config-in-full
...
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
in the development branch.
2023-08-17 19:46:34 +02:00