Commit graph

111 commits

Author SHA1 Message Date
Paul Elliott
dff6c5d963 Restore internal driver for aead_set_lengths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 11:16:27 +01:00
Paul Elliott
325d374e3d Move set lengths checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
Paul Elliott
b183d56b5f Use safer size for tag checking
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
06b6b8c8d6 Add missing zeroize for sensitive tag data.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Archana
9d17bf4215
Styling and refactoring
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-10 07:16:08 +05:30
Archana
449608bc61
Code style improvements
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:13 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Archana
d8a83dc172
Sizing of key buffer for opaque keys
Create a new sizing function for determining the size required for key
storage based on the input key data.
This is required for key imports where the key length might need to be
derived from the data.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:48 +05:30
Paul Elliott
5d3a3c3ee4 Fix arguments formatting mistake
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-19 19:18:28 +01:00
Paul Elliott
315628d91a Remove internal aead_verify endpoint
The internal verify endpoint was only calling the finish endpoint to get
a tag to compare against the tag passed in. Moved this logic to the
driver wrapper (still allowing a driver to call verify if required) and
removed the internal implementation endpoint.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
gabor-mezei-arm
0a93b665f7
Fix possible unreachable code
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:01 +02:00
gabor-mezei-arm
a9449a0b07
Dispatch cipher functions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
Paul Elliott
d7ab9f1260 Move the setting of id in driver wrappers
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 09:58:05 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
Mateusz Starzyk
2c09c9bca9 Introduce MBEDTLS_PRIVATE macro.
Public structs members are considered private and should not
be used by users application.

MBEDTLS_PRIVATE(member) macro is intended to clearly indicate
which members are private.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-21 18:07:06 +02:00
Paul Elliott
5c656cbf99 Fix missed incorrect include guard
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Gilles Peskine
1905a24488 Fix missing compilation guard around psa_crypto_driver_wrappers.c
Fix #4411.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-19 21:06:01 +02:00
Paul Elliott
cbbde5f28c Split multipart AEAD contexts into two parts
Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
a218ceba93 Merge upstream test driver changes locally
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
fe5480a4c2 Fix transparent driver wrappers
Remove spurious "not supported" returns, and fix same issue that was
encountered with internal implementations - operation needs to be
marked as a type even if the initial call fails, otherwise cleanup won't
get done.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
72baf65819 Ensure operation id gets set even if failure
Although this deviates from the standard "auto-generated" code, the
M-AEAD setup functions set the key and thus allocate memory. If the
failure occurs after this (invalid tag size for example) then not having
the id set to the internal drivers means that abort does not get called,
and this causes the allocated data to leak.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
4bbe82bdcc Add transparent driver tests for M-AEAD
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
5653da0201 Fix errors with missing tests
Return not supported for the time being whilst we don't have the
transparent driver tests done.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
302ff6bdd6 Implement multipart AEAD PSA interface
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
6504aa6451 First pass addition of driver wrappers
Transparent driver test functions not yet implemented.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
gabor-mezei-arm
d5218df572
Enable fallback to software implementation in psa_sign/verify_message driver
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
256443e64e
Change the driver calling logic for psa_sign/verify_messsage
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
b5c1e37aff
Use driver-wrapper functions for psa_sign/verify_message
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
2522c0b1cd
Update macro names
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
50eac35d58
Dispatch sign/verify funtions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
Steven Cooreman
c7f0a576b6 Add testing of the MAC driver entry points
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
e680419791 Migrate MAC setup/abort calls into the software driver
Step 1/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of just moving code:
* Added a sanity check on the key buffer size for CMAC.
* Transfered responsibility for resetting the core members of the
  PSA MAC operation structure back to the core (from the driver
  wrapper layer)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
77e2cc5661 Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
d13a70f2dc Add boilerplate for dispatching MAC operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Ronald Cron
ce1d8d2c4e tests: Revert test_driver.h name change
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 18:49:15 +02:00
Ronald Cron
4607c829d0 tests: psa: Simplify key buffer size calculation
Move the key buffer size calculation code under
tests to avoid check-names.sh to complain about
"likely macros with typos".

This removes the calculation of key buffer
sizes for the test driver from the wrapper based on
static size data. But the code is still there in test
code to be used when we go back to work on the
generation of the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 18:38:20 +02:00
Ronald Cron
7f13fa2454 tests: psa: Add mbedtls/MBEDTLS prefix to test driver symbols
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 18:33:26 +02:00
Ronald Cron
fa036c8024 tests: Add hash transparent test driver hooks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 17:37:28 +02:00
Steven Cooreman
b938b0bb03 Documentation clarification after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
a1ce2f2675 Rename test driver lifetime to location
The macro always meant 'location', but was mistakenly named 'lifetime'.
Naming it location instead makes much more sense, and drives home the
conceptual differences between location and lifetime values.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
1a0fbacde1 Refactor opaque key handling in the test driver
Builtin key support for the test driver is always compiled in, and no
  longer guarded by MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS.
Parsing the key slot from the buffer by cast and assign instead of memcmp.
For exporting keys, the test driver no longer reaches into the key
  identifier in order to check whether a key is builtin, but rather
  assumes so based on the key buffer length. It's the driver's
  responsibility to be able to detect the key material it returned as part
  of the get_builtin_key operation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
203bcbbc47 Style fixes (typos, whitespace, 80 column limit)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
f9a55ffa2c Add test driver implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
As part of test_psa_crypto_drivers, define a builtin symmetric
plus an ECC key on the test driver lifetime.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Steven Cooreman
6801f08973 Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Ronald Cron
de82281541 psa: aead: Add driver delegation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
7b4154df0f psa: wrapper: Fix potential unreachable statement warning
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00