Commit graph

1411 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461
psa_asymmetric_encrypt() doesn't work with opaque driver
2024-01-22 08:43:08 +00:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states
Implement the new key slot state system within the PSA subsystem.
2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
2024-01-17 14:12:33 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:40:29 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Valerio Setti
5bb454aace psa_crypto: allow asymmetric encryption/decryption also with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:43:16 +01:00
Valerio Setti
d36c313b53 psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
ddba51e6c9 psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Ryan Everett
1b70a07eca Replace psa_unlock_key_slot calls in operations which act on FULL slots
Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read.

All instances follow a pattern of a call to psa_get_and_lock_key_slot_X,
followed by some code which reads from a slot, followed by a call to psa_unregister_read.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
c70ce576bd Update psa_destroy_key, psa_purge_key and psa_close_key
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
098c6659ad Update psa_get_and_lock_key_slot_X functions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
b69118ebd0 Update key creation functions to use the new key slot states
Update psa_start_key_creation,
psa_finish_key_creation and psa_fail_key_creation.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
aa33c512cc Update psa_wipe_key_slot
Change psa_wipe_key_slot to use the new state system.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
Valerio Setti
1fff4f2012 psa: add key_type as input parameter of psa_can_do_cipher()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Manuel Pégourié-Gonnard
cddab78612
Merge pull request #8630 from joerchan/mbedtls-tfm-compat
Mbedtls tfm compat
2023-12-15 09:31:27 +00:00
Valerio Setti
c6f004f0e2 psa_crypto: add internal helper to signal that cipher driver is ready
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Joakim Andersson
b349108b99 library: Move mbedtls_ecc helper functions to psa_util
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-12-14 13:55:11 +01:00
Manuel Pégourié-Gonnard
1f67363d6a
Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa
Add test for driver-only RSA (crypto only)
2023-12-14 11:05:55 +00:00
Pengyu Lv
f75893bb36 Update comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:40:00 +08:00
Pengyu Lv
e9efbc2aa5 Error out when get domain_parameters is not supported
From time being, domain_parameters could not be extracted
from driver. We need to return error to indicate this
situation. This is temporary and would be fixed after #6494.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:30:26 +08:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc psa: free RNG implementation before checking for remaining open key slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Dave Rodgman
c94f8f1163
Merge pull request #8551 from daverodgman/sign-conversion-part1
Sign conversion part 1
2023-11-24 15:12:00 +00:00
Dave Rodgman
e4a6f5a7ec Use size_t cast for pointer subtractions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Ryan Everett
975d411d92 Only set slot to OCCUPIED on successful key loading
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-16 13:37:51 +00:00
Ryan Everett
5567e3a34b Make empty key slots explicit
Add new status field to key slots, and use it.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-08 13:28:20 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Valerio Setti
02a634decd md: remove unnecessary inclusions of mbedtls/md.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:15:58 +02:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016
driver-only ECC: curve acceleration macros
2023-09-27 14:39:02 +00:00
Xiaokang Qian
fe9666b8c0 Change the extension type of the file psa_crypto_driver_wrapper
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e9c39c42fd Enable build of non-static psa wrapper functions
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Thomas Daubney
7046468a02 Define the psa wrapper functions as static inline
This is a commit from Thomas Daubney.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Valerio Setti
c437faeaa1 psa_crypto: fix guards in mbedtls_ecc_group_to_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
Dave Rodgman
1dab445804 Update guard for ecp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-02 10:56:44 +01:00
Dave Rodgman
4f47f3dac8 Covert PSA guards to MBEDTLS
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 12:10:00 +01:00
Dave Rodgman
a9a53a05f0 Merge remote-tracking branch 'origin/development' into misc-code-size 2023-08-31 11:53:46 +01:00
Dave Rodgman
dea266f3f5 Use MBEDTLS_MD_LIGHT instead of MBEDTLS_MD_C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 11:52:43 +01:00
Dave Rodgman
8d706f6b59 Simplify camellia error conversion macros
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 11:48:44 +01:00
Dave Rodgman
09a9e589c1 Add missing error conversion case
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-31 11:05:22 +01:00
Dave Rodgman
787011542b Fully replace mbedtls_psa_safer_memcmp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-29 14:20:18 +01:00
Gilles Peskine
ead1766b5f Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL
"Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of
making an empty salt work. But it didn't fix the case of an empty salt
segment followed by a non-empty salt segment, which still invoked memcpy
with a potentially null pointer as the source. This commit fixes that case,
and also simplifies the logic in the function a little.

Test data obtained with:
```
pip3 install cryptodome
python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-20 22:05:16 +02:00
Gilles Peskine
73936868b8 Merge remote-tracking branch 'development' into psa_crypto_config-in-full
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
  in the development branch.
2023-08-17 19:46:34 +02:00