Commit graph

29202 commits

Author SHA1 Message Date
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Ryan Everett
fb02d57de7 Document the thread safety of the primitive key slot functions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:54:42 +00:00
Ryan Everett
0e3b677cf4 Support PSA_ERROR_SERVICE_FAILURE
To be returned in the case where mbedtls_mutex_lock and
mbedtls_mutex_unlock fail.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:29 +00:00
Ryan Everett
846889355c Initialize and free the key slot mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:05 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial
ECP keypair utility functions
2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Ryan Everett
491f7e5ac3 Define key_slot_mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:21:38 +00:00
Valerio Setti
4f34b155f5 test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private
Only mbedtls_test_opaque_unwrap_key() is actually needed by other
test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key()
can be kept private to test_driver_key_management.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 08:44:13 +01:00
Valerio Setti
43ff242a8b changelog: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 08:42:38 +01:00
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf
Ctr perf
2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states
Implement the new key slot state system within the PSA subsystem.
2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
2024-01-17 14:12:33 +00:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 12:58:25 +01:00
Ryan Everett
38a2b7a6a3 Extend psa_wipe_key_slot documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:40:29 +00:00
Gilles Peskine
42a025dc9c Reference filed issues
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 12:35:31 +01:00
Dave Rodgman
885248c8ee Add header guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-17 11:06:31 +00:00
Gilles Peskine
5a64c42693 Reference ongoing work
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-17 10:07:55 +01:00
Valerio Setti
584dc80d96 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 08:06:32 +01:00
Bence Szépkúti
1325942c28
Merge pull request #8707 from bensze01/new_redirect_format
Migrate to new RTD redirect format
2024-01-16 20:22:08 +00:00
Dave Rodgman
9039ba572b Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 18:38:55 +00:00
Dave Rodgman
7e5b7f91ca Fix error in ctr_drbg
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 17:28:25 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 16:27:34 +00:00
Bence Szépkúti
333ca8fdfc Migrate to new RTD redirect format
Migrate to the new redirect format introduced by ReadTheDocs in
readthedocs/readthedocs.org#10881

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-01-16 17:06:06 +01:00
Dave Rodgman
9f97566c04 Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Valerio Setti
4860a6c7ac test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 16:30:12 +01:00
Valerio Setti
62b6f10f64 test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 16:30:07 +01:00
Valerio Setti
66a827fc83 test_driver_key_management: make opaque [un]wrapping functions public
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 15:00:52 +01:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5 Iterate in 16-byte chunks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Valerio Setti
5bb454aace psa_crypto: allow asymmetric encryption/decryption also with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:43:16 +01:00
Valerio Setti
f202c2968b test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:42:37 +01:00
Dave Rodgman
67223bb501 add support for AES-CTR to benchmark
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-12 18:33:57 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00