Commit graph

6974 commits

Author SHA1 Message Date
Steven Cooreman
72f736a191 Move is_sign and mac_size checking back to PSA core scope
It makes sense to do the length checking in the core rather than expect
each driver to deal with it themselves. This puts the onus on the core to
dictate which algorithm/key combinations are valid before calling a driver.

Additionally, this commit also updates the psa_mac_sign_finish function
to better deal with output buffer sanitation, as per the review comments
on #4247.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:13 +02:00
Steven Cooreman
f45f071f01 Minor documentation and language fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
3409b02b27 Remove superfluous check
As psa_mac_sign_finish / psa_mac_verify_finish already checks that the
operation structure is valid (id is non-zero), the driver itself doesn't
have to check for that anymore. If the operation has a driver ID assigned,
it means that driver has returned success from its setup function, so the
algorithm value will be set correctly.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
8f37004bd7 Remove unused variable from MAC driver structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
dcd0811501 Remove superfluous length check
The key passed to the driver has been imported by the PSA Core, meaning
its length has already been verified, and the driver can rely on the
buffer length and key attributes being consistent.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
094a77e79c Code flow and style improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
a6df6040ee Base the PSA implementation of TLS 1.2 PRF on the MAC API
This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1ed1d935f Make HKDF use the generic MAC API
Such that the underlying HMAC can be accelerated if such a driver is present

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
dd1a915c0f Rename HMAC operation structure
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
36876a01a4 Make safer_memcmp available to all compile units under PSA
Now renamed to mbedtls_psa_safer_memcmp, it provides a single location
for buffer comparison.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
a4638e708e Remove redundant key_set from MAC operation structure
The purpose of key_set was to guard the operation structure from being
used for update/finish before a key was set. Now that the implementation
fully adheres to the PSA API, that function is covered by the `alg`
variable instead. It's set to the algorithm in use when a key is set, and
is zero when the operation is reset/invalid.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
ba9a5bf5e7 Code flow/readability improvements after review
* Early return since there's nothing to clean up
* Get rid of unnecessary local variable
* Check algorithm validity for MAC in the PSA core instead of in the driver

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
02fc62a6fa Remove unused items from MAC operation context structure
Apparently it was at some point assumed that there would be
support for MAC algorithms with IV, but that hasn't been
implemented yet. Until that time, these context structure
members are superfluous and can be removed.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
c7f0a576b6 Add testing of the MAC driver entry points
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1955af5df Rename internal HMAC structure type to match convention
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
4fdf060a81 Complete, document and fully use internal HMAC API
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
a5b860a5f8 Migrate MAC finish calls into the software driver
Step 3/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Copied the implementation of safer_memcmp from psa_crypto into
  psa_cipher_mac since the mac_verify driver implementation
  depends on it, and it isn't available through external linkage

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
6e7f291bb5 Migrate MAC update call into the software driver
Step 2/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Early-return success on input with zero-length to mac_update, to
  avoid NULL pointers getting passed into the driver dispatch

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
e680419791 Migrate MAC setup/abort calls into the software driver
Step 1/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of just moving code:
* Added a sanity check on the key buffer size for CMAC.
* Transfered responsibility for resetting the core members of the
  PSA MAC operation structure back to the core (from the driver
  wrapper layer)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
82c66b6b8b Move internal HMAC implementation into internal MAC driver
This is a temporary measure. Other operations in the PSA Core which rely
on this internal HMAC API should be rewritten to use the MAC API instead,
since they can then leverage accelerated HMAC should a platform provide
such acceleration support.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
77e2cc5661 Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
d13a70f2dc Add boilerplate for dispatching MAC operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Flavio Ceolin
b02570372f Check if feature macro is defined before define it
Zephyr's native posix port define _POSIX_C_SOURCE with a higher value
during the build, so when mbedTLS defines it with a different value
breaks the build.

As Zephyr is already defining a higher value is guaranteed that mbedTLS
required features will be available. So, just define it in case it was
not defined before.

[taken from Zephyr mbedtls module:
76dcd6eeca]

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
Signed-off-by: David Brown <david.brown@linaro.org>
2021-05-07 13:17:06 -06:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
Remove deprecated functions and constants.
2021-05-07 10:05:30 +02:00
paul-elliott-arm
5b416e95b2
Merge pull request #3910 from hanno-arm/post_handshake_handling
Introduce helper for handling of post-handshake handshake messages in TLS <=1.2
2021-05-06 17:13:03 +01:00
TRodziewicz
c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 00:53:22 +02:00
Ronald Cron
6ab1f81af1
Merge pull request #4312 from ronald-cron-arm/psa-hash-dispatch-testing
Add PSA hash driver dispatch specific testing
2021-05-04 18:17:07 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
2021-05-04 17:20:36 +02:00
Manuel Pégourié-Gonnard
cae1fd0392
Merge pull request #4187 from hanno-arm/out_ctr_update_tls
Keep pointer to TLS record sequence number static
2021-05-04 12:44:39 +02:00
Martino Facchin
0ec05ec75b mbed-os: allow storing certificates in filesystem
mbed-os doesn't provide "dirent.h"; replace it with "mbed_retarget.h" in case MBEDTLS_FS_IO is defined

Part of https://github.com/ARMmbed/mbed-os/pull/13863.

Fixes https://github.com/ARMmbed/mbed-os/pull/13863/files#r601617986

Signed-off-by: Martino Facchin <m.facchin@arduino.cc>
2021-05-04 11:51:05 +02:00
Manuel Pégourié-Gonnard
805251b70c Update psa_validate_key_policy() for the new policy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 09:49:59 +02:00
Ronald Cron
ce1d8d2c4e tests: Revert test_driver.h name change
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 18:49:15 +02:00
Ronald Cron
4607c829d0 tests: psa: Simplify key buffer size calculation
Move the key buffer size calculation code under
tests to avoid check-names.sh to complain about
"likely macros with typos".

This removes the calculation of key buffer
sizes for the test driver from the wrapper based on
static size data. But the code is still there in test
code to be used when we go back to work on the
generation of the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 18:38:20 +02:00
Ronald Cron
7f13fa2454 tests: psa: Add mbedtls/MBEDTLS prefix to test driver symbols
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 18:33:26 +02:00
Ronald Cron
fa036c8024 tests: Add hash transparent test driver hooks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-05-01 17:37:28 +02:00
Hanno Becker
f26cc72e7b Reintroduce comment on state of renegotiation after post HS message
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-01 06:17:49 +01:00
Hanno Becker
fae12cf1ef Use error corruption detection as initial return value
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-01 06:17:49 +01:00
Hanno Becker
cad3dbaf45 Add missing static qualification for post-HS HS message handler
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-01 06:17:49 +01:00
Hanno Becker
b03f88f06c Introduce helper for handling of post-handshake handshake messages
Handling the receipt of a handshake record after the initial handshake
requires non-trivial logic depending on the protocol version and the
endpoint. This logic is currently embedded in mbedtls_ssl_read().

With the introduction of support for [D]TLS 1.3, the logic will become
even more complex, since [D]TLS 1.3 drops support for renegotiation --
which in [D]TLS 1.2 is the main purpose of post-handshake handshake
messages -- but instead introduces numerous other post-handshake
handshake messages.

In order to pave the way for those changes, this commit improves
readability and maintainability of mbedtls_ssl_read() by moving
the TLS <=1.2 logic for handling post-handshake handshake messages
into a separate helper function ssl_handle_hs_message_post_handshake().

The logic of the code is entirely unchanged.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-01 06:17:49 +01:00
TRodziewicz
7e9422db95 Removing tabs and fixing doxygen formatting
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 10:32:58 +02:00
Hanno Becker
3268d84313 Remove unused error code MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
After the previous commit, the code is no longer used and can be
removed for Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:41:12 +01:00
Hanno Becker
9cfe6e977d Assert presence of server certificate in Certificate writer
The server-side `Certificate` handshake message writer checks
whether a certificate is present, and if not fails with:

```
   MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
```

This should never happen, since the library checks the presence
of a suitable certificate before picking a ciphersuite. It is
therefore more suitable to convert this check into an assertion,
and fail with MBEDTLS_ERR_SSL_INTERNAL_ERROR upon failure.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:38:24 +01:00
Hanno Becker
56ee9e5f14 Remove MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
This commit removes the unused error code

```
MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
```

from the public API for Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:37:19 +01:00
Hanno Becker
6c78046960 Remove uses of MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
The error code MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH is only
returned from the internal function

```
   mbedtls_ssl_set_calc_verify_md()
```

Moreover, at every call-site of this function, it is only
checked whether the return value is 0 or not, while the
exact return value is irrelevant.

The behavior the library is therefore unchanged if we return 1
instead of MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH in
`mbedtls_ssl_set_calc_verify_md()`. This commit makes this change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:37:11 +01:00
Hanno Becker
91e1cc3bd7 Remove MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE error code
This error is used when the output buffer isn't large enough
to hold our own certificate.

In the interest of cleaning up the error space for 3.0, this commit
removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single
use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:32:41 +01:00
Hanno Becker
eca840f71d Remove unused MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
The SSL error code MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED is unused.

Remove it for Mbed TLS 3.0.

The code being unused comes as a surprise, at is seems to be
reasonable to report it to the user upon peer CRT verification
failure. However, this study (can potentially re-introduction
of the code) can be left for 3.x, while the error code removal
can only happen in 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:19:55 +01:00
Hanno Becker
b86e588911 Remove unused MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
The SSL error code MBEDTLS_ERR_SSL_UNKNOWN_CIPHER is unused.

Remove it for Mbed TLS 3.0 and leave a comment indicating the
gap in the error code space it creates.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:17:38 +01:00
TRodziewicz
85dfc4de20 Applying current changes
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Ronald Cron
1a85d3b122
Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt
Allow CMAC self-test to skip tests for unsupported primitives (2)
2021-04-29 16:04:39 +02:00
Gilles Peskine
85f023b007
Merge pull request #3950 from gilles-peskine-arm/dhm_min_bitlen-bits
Enforce dhm_min_bitlen exactly
2021-04-29 14:55:30 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
Reduce ROM usage due to X.509 info
2021-04-28 17:31:55 +01:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development
Add macro to check error code additions/combinations
2021-04-28 16:47:29 +02:00
Chris Jones
4d01c5b5c3 Remove dead code from pk_parse_key_pkcs8_unencrypted_der
pk_get_pk_alg will either return 0 or a pk error code. This means that
the error code will always be a high level module ID and so we just
return ret.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-28 14:12:07 +01:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 13:30:40 +02:00
Ronald Cron
3e7481e6a2
Merge pull request #4219 from stevew817/fix_missing_parenthesis
Add missing parenthesis when MBEDTLS_ECP_NORMALIZE_MXZ_ALT is declared

@mpg comment has been addressed thus this can be merged.
2021-04-28 08:35:00 +02:00
Hanno Becker
88c2bf311a Minor style improvements
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
7ac83f91bf Print X.509 verify info strings even if MBEDTLS_X509_REMOVE_INFO
The new compile-time option MBEDTLS_X509_REMOVE_INFO removes various
X.509 debugging strings and functionality, including

```
  mbedtls_x509_crt_verify_info()
```

which ssl_client2.c and ssl_server2.c use to print human readable
descriptions of X.509 verification failure conditions. Those
conditions are also grepped for in numerous ssl-opt.sh tests.

Instead of disabling those tests if MBEDTLS_X509_REMOVE_INFO is set,
this commit essentially moves mbedtls_x509_crt_verify_info() to
ssl_client2.c and ssl_server2.c. However, instead of just copy-pasting
the code from x509_crt.c, the following approach is used:

A macro MBEDTLS_X509_CRT_ERROR_INFO_LIST is introduced which for each
verification failure condition invokes a user-defined macro X509_CRT_ERROR_INFO
with (a) the numerical error code, (b) the string presentation of the
corresponding error macro, (c) the info string for the error condition.
This macro can thus be used to generate code which somehow iterates over
the verifiation failure conditions, but the list of error conditions and
information strings is nowhere duplicated.

This is then used to re-implement mbedtls_x509_crt_verify_info() in
x509_crt.c and to provide a functionally equivalent (yet slightly different)
version in ssl_client2.c and ssl_server2.c in case MBEDTLS_X509_REMOVE_INFO
is set.

This way, little changes to ssl-opt.sh will be necessary in case
MBEDTLS_X509_REMOVE_INFO is set because the info strings for the
verification failure conditions will be printed regardless of whether
MBEDTLS_X509_REMOVE_INFO is set or not.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
612a2f1504 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:18:52 +01:00
Peter Kolbus
9a969b66c1 Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Ronald Cron
cee427002b Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
Fix 4416

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-27 09:34:14 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Ronald Cron
b5939e814e
Merge pull request #4160 from stevew817/feature/driver_builtin_keys
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS

Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
2021-04-23 09:40:31 +02:00
Chris Jones
e11e81413d Improve documentation for error code checking
Improve comments explaining error code checking, fix incorrect comments
and make a small formatting fix.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-22 15:28:56 +01:00
Tomasz Rodziewicz
9a97a13d3e
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-22 12:53:15 +02:00
Manuel Pégourié-Gonnard
f6b677ea98
Merge pull request #4349 from mpg/apply-4334-3.0
Apply 4334 to development-3.0
2021-04-22 12:42:40 +02:00
TRodziewicz
e022938ec7 error.c re-generated once more
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-21 13:14:04 +02:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
TRodziewicz
1fbdb25d60 error.c re-generated
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-21 12:24:59 +02:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-21 11:05:00 +02:00
Hanno Becker
2ed3dced8f Implement new semantics for static PSK configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-21 07:05:34 +01:00
Paul Elliott
986b55af03 Style Fix
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-04-20 21:46:29 +01:00
Paul Elliott
7725a63c24 Fix unchecked return in bignum
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-04-20 19:01:46 +01:00
Gilles Peskine
ee259130e4 Merge branch 'development' into development_3.0
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
2021-04-19 10:51:59 +02:00
Manuel Pégourié-Gonnard
0bbb38c67e
Merge pull request #4199 from TRodziewicz/mul_shortcut_fix
Fix ECDSA failing when the hash is all-bits-zero
2021-04-19 09:54:12 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
Steven Cooreman
966db26779 Minor code flow improvements
* group setting of attributes before calling get_builtin_key
* return early instead of going to exit when no resources are allocated yet

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-16 11:22:17 +02:00
Gilles Peskine
295fc13ef3 Split mbedtls_gcm_update_ad out of mbedtls_gcm_starts
The GCM interface now has separate functions to start the operation
and to pass the associated data.

This is in preparation for allowing the associated data to be passed
in chunks with repeatated calls to mbedtls_gcm_update_ad().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 21:34:33 +02:00
Gilles Peskine
a56c448636 Add output length parameters to mbedtls_gcm_update
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output length parameter to
mbedtls_gcm_update() to allow such implementations to delay the output
of partial blocks. With the software implementation, there is no such
delay.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 21:34:33 +02:00
Gilles Peskine
9461e45a17 Add output parameter to mbedtls_gcm_finish
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output parameter to
mbedtls_gcm_finish() to allow such implementations to pass the final
partial block back to the caller. With the software implementation,
this final output is always empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 18:41:38 +02:00
Gilles Peskine
58fc272af9 Remove alignment requirement for mbedtls_gcm_update: implementation
mbedtls_gcm_update now accepts inputs of arbitrary size. There is no
longer a requirement that all calls except the last one pass a
multiple of 16 bytes.

This commit updates the library code and adjusts the GCM tests to
exercise arbitrarily aligned input sizes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 18:41:38 +02:00
Hanno Becker
aee4cc4cbb Use sizeof() instead of magic constant
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 16:49:32 +01:00
Hanno Becker
a5b1a3945b Don't use 0-initializer for structs
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 16:48:01 +01:00
Bence Szépkúti
ec174e292d Update all uses of old AEAD output size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:06 +02:00
Steven Cooreman
ce48702448 Get a builtin key's attributes in order to correctly get its size
Leverage the fact that the get_builtin_key entrypoint returns a key's
attributes, such that a proper size for the builtin key's buffer can
be calculated through the driver's get_key_buffer_size hook.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
7ddee7f7c5 Use remove_key_data_from_memory instead of wipe_key_slot
Since the loading attempt of a builtin key might be followed by trying
to load a persistent key, we can only wipe the allocated key data, not
the associated metadata.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
7609b1ff6c leverage psa_allocate_buffer_to_slot from slot management
It makes the implementation of psa_load_builtin_key_into_slot a lot
cleaner.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
0bb653600f If no storage backend is available, don't even attempt key loading
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
b938b0bb03 Documentation clarification after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
a1ce2f2675 Rename test driver lifetime to location
The macro always meant 'location', but was mistakenly named 'lifetime'.
Naming it location instead makes much more sense, and drives home the
conceptual differences between location and lifetime values.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
c8b9534378 Change signature of mbedtls_psa_platform_get_builtin_key
Instead of the full attributes struct, it now only takes/returns what it
actually needs to.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
1a0fbacde1 Refactor opaque key handling in the test driver
Builtin key support for the test driver is always compiled in, and no
  longer guarded by MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS.
Parsing the key slot from the buffer by cast and assign instead of memcmp.
For exporting keys, the test driver no longer reaches into the key
  identifier in order to check whether a key is builtin, but rather
  assumes so based on the key buffer length. It's the driver's
  responsibility to be able to detect the key material it returned as part
  of the get_builtin_key operation.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
e384252cb7 Move include to top of file
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
649a8f4301 replace memcpy of structure with regular assignment
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
ffc7fc9b71 Move variable declarations to top of function
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
85d554a99b Use different variables for buffer size and data length
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
203bcbbc47 Style fixes (typos, whitespace, 80 column limit)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
e5e30859b7 Remove potentially unused exit label
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
f9a55ffa2c Add test driver implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
As part of test_psa_crypto_drivers, define a builtin symmetric
plus an ECC key on the test driver lifetime.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Steven Cooreman
6801f08973 Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
Mateusz Starzyk
f5c535139d Remove remaining comments and strings refering to removed features.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-15 13:28:52 +02:00
TRodziewicz
c22f50a2fe fix error.c - second try
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-15 12:35:04 +02:00
TRodziewicz
c28d2ae676 fix error.c - now it's autogenerated
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-15 12:34:50 +02:00
TRodziewicz
136b3989cb Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-15 12:34:09 +02:00
Manuel Pégourié-Gonnard
93c0847914 Revert "Remove deprecated things from hashing modules"
This reverts commit c75d9f589b.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:28:15 +02:00
Manuel Pégourié-Gonnard
149211146f Revert "fix error.c - now it's autogenerated"
This reverts commit 48f6d0d6e5.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:28:06 +02:00
Manuel Pégourié-Gonnard
30dcdf40b4 Revert "fix error.c - second try"
This reverts commit 9a86843470.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:27:59 +02:00
Chris Jones
fdb588b3a7 Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der
An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.

Apply the same fix from ae3741e8a to fix the bug.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-15 11:19:56 +01:00
Chris Jones
9f7a693f2c Apply MBEDTLS_ERROR_ADD to library
Replace all occurences of error code addition in the library with the new
MBEDTLS_ERROR_ADD macro.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-15 11:19:47 +01:00
Hanno Becker
7e6eb9fa27 Simplify SSL session cache implementation via session serialization
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
f938c436fb Add helper function to find entry in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
02a68ebc0e Add helper function to finding a fresh entry in the SSL cache
This commit improves the readability of the SSL session cache
reference implementation of mbedtls_ssl_cache_set() by moving
the logic for finding a suitable free slot for the session to
store into a static helper function.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
ccdaf6ed22 Add session ID as explicit parameter to SSL session cache API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
a637ff6ddd Introduce typedef for SSL session cache callbacks
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
64ce974180 Don't check ciphersuite and compression in SSL session cache lookup
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.

This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.

This commit
- adds an explicit ciphersuite and compression consistency check after
  the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
  Mbed TLS' session cache reference implementation.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
Gilles Peskine
09c916afba
Merge pull request #4257 from ronald-cron-arm/psa-aead
Add PSA crypto driver delegation for AEAD single shot PSA APIs - 1
2021-04-14 14:07:51 +02:00
Chris Jones
ef01852d65 Add missing guard to mbedtls_test_hook_error_add
Add a missing guard for the definition and declaration of
mbedtls_test_hook_error_add.

Also make the declaration always visible when MBEDTLS_TEST_HOOKS is
enabled. This fixes an issue when MBEDTLS_ERROR_C is not defined but
MBEDTLS_TEST_HOOKS is.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones
b7d02e0f15 Fix misc issues with unused parameters and check-names.sh
Fix unused parameter warnings when MBEDTLS_TEST_HOOKS is not enabled.

A few issues were caught by check-names.sh namely:

- mbedtls_error_add was not capitalised.
- mbedtls_test_hook_error_add was being defined multiple times as the
  definition was in a header.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:26:59 +01:00
Chris Jones
7439209bcc Rewrite error addition interface
The previous implementation of the error addition interface did not comply
with the invasive testing architecture guidelines. This commit fixes that
by:

- Renaming functions/macros/variables to follow the mbedtls_error_xxx or
  mbedtls_test_hook_xxx convention.

- Making mbedtls_test_hook_error_add a global variable that can be set
  by the testing code.

- Using a static inline function call, as opposed to macro, to keep
  discrepancies between debug and production version to a minimum.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:24:25 +01:00
Chris Jones
b179b84335 Change set_err_add_hook void pointer to actual function pointer signature
Change the signature of the `hook` parameter of `mbedtls_set_err_add_hook`
to use the actual signature of the function as opposed to `void *`. This
fixes a warning when compiling with clang `-pedantic`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
ef180af350 Move MBEDTLS_ERR_ADD macro and functions to error.*
`error.c` and  error.h are the more logical place to keep this code and it
prevents issues with building `common.c` and conflicts with other projects
that use mbedtls (such as mbedOS).

`error.c` has been automatically generated by first adding the code to
`error.fmt` and then running `./scripts/generate_errors.pl`.

Also add parenthesis to the addition in `MBEDTLS_ERR_ADD`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
808b7c8a8a Fix building with MBEDTLS_TEST_HOOKS enabled
Fix building by adding `common.c` to the build scripts (both make and Cmake).

Also reworks the hook function pointer (also renamed to `err_add_hook`) to be
a static local to `common.c` with a setter function to set the pointer to a
checking function.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
5e8805afeb Move MBEDTLS_ERR_ADD macro and function to common.*
`error.c` is a file generated from `error.h` and thus cannot contain the code
that was previously added. This commit fixes that issue by moving the
`MBEDTLS_ERR_ADD` macro and associated function and function pointer into
`common.h` and `common.c`.

Also fix a typo in `tests/include/test/helpers.h` where tabs were accidentally
used instead of spaces.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
713e4e77b4 Expand use of MBEDTLS_ERR_ADD to the rest of rsa.c
All occurences of manual error code addition/combination, in `rsa.c`, have
been replaced with the `MBEDTLS_ERR_ADD` macro.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:35 +01:00
Chris Jones
96ae73b0ea Add macro for error code addition
Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the
result will not be corrupted. This additional check is only enabled during
testing when `MBEDTLS_TEST_HOOKS` is defined.

Also includes a reference usage example in `rsa.c` where two high-level error
codes could be incorrectly added together under the right conditions. This now
ensures that when this error occurs during testing it will be correctly
reported.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:12:02 +01:00
TRodziewicz
e148b6884c error.c re-generated.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 15:00:30 +02:00
TRodziewicz
b579ccd529 The still used deprecated error codes replaced with _PLATFORM_ ones
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 14:29:29 +02:00
TRodziewicz
dd82502b56 Remove deprecated error codes. Some still remain - question asked in issue comment
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 23:28:23 +02:00
TRodziewicz
9a86843470 fix error.c - second try
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 15:13:10 +02:00
TRodziewicz
48f6d0d6e5 fix error.c - now it's autogenerated
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 14:49:55 +02:00
TRodziewicz
c75d9f589b Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 11:38:37 +02:00
Gilles Peskine
9a1c092f8b
Merge pull request #4297 from gilles-peskine-arm/ecp-add-fix-202104
Fix ECP arithmetic bug and read of zero-padded negative number
2021-04-09 16:46:06 +02:00
Gilles Peskine
392d1010dc Clarify some comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-09 15:46:51 +02:00
Ronald Cron
df2e4f22a8
Merge pull request #4290 from ronald-cron-arm/hash-dispatch-follow-up
Hash dispatch follow up
2021-04-08 09:13:19 +02:00
Dave Rodgman
3b5e6f0b30 Fix some errors relating to header file renames
Fix some errors due to renaming of header files in the 3.0 branch.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 16:36:53 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Ronald Cron
810eb16831 psa: aead: Make CCM/GCM ordering consistent
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
b9349a67a9 psa: aead: Add missing chachapoly context free
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
ecbc068252 psa: aead: Remove from operation ctx members only used in setup
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Steven Cooreman
ea7ab13991 Do validation on the algorithm argument in AEAD
Corresponds better to the validation done in other modules of PSA Crypto.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
9a986165bf psa: aead: Accept opaque keys for encryption/decryption
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
de82281541 psa: aead: Add driver delegation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
46f9178d85 psa: aead: Move AEAD driver entry points to psa_crypto_aead.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
7ceee8d30a psa: Add psa_crypto_aead.[hc]
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
215633cea4 psa: aead: Implement aead operations as a driver entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
9f31017956 psa: aead: Remove key slot from operation context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:21 +02:00
Dave Rodgman
b746825418 Capitalise MPS trace macros
Capitalise the MPS trace macros, as per the coding style (and make a slight
change to naming convention to avoid a name collision).

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 12:45:35 +01:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Ronald Cron
7dbd800f42 psa: aead: Isolate key slot unlock from operation abort
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

Second step in this PR: do not unlock the key slot
as part of operation abort.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
197c2fd0a0 psa: aead: Move key resolution
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

First step in this PR: move key resolution from
aead operation setup to psa_aead_encrypt/decrypt
APIs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
004f917ee8 psa: aead: Fix status initialization
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
93d356cbe2 psa: Export "internally" mbedtls_cipher_info_from_psa
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Gilles Peskine
ff6a32d79c Fix low-probability arithmetic error in ECC
Fix the subtraction in fix_negative, which was incorrectly not looking
for a carry. This caused the result to be wrong when the least
significant limb of N was 0. Fix #4296.

The bug was introduced by d10e8fae9e
"Optimize fix_negative". Thanks to Philippe Antoine (catenacyber) for
reporting the bug which was found by his EC differential fuzzer.
Credit to OSS-Fuzz.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
349b37273e Fix an incorrect comment about fix_negative
We're subtracting multiples of 2^bits, not 2^(bits+32).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
618be2ec41 Add unit tests for fix_negative
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
80ba850e27 Create a header file for ECP internal functions
This header file will contain declarations of functions that are not
part of the public ABI/API, and must not be called from other modules,
but can be called from unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
80f56733b0 Fix and simplify sign handling in mbedtls_mpi_read_string
Move the handling of the sign out of the base-specific loops. This
both simplifies the code, and corrects an edge case: the code in the
non-hexadecimal case depended on mbedtls_mpi_mul_int() preserving the
sign bit when multiplying a "negative zero" MPI by an integer, which
used to be the case but stopped with PR #2512.

Fix #4295. Thanks to Guido Vranken for analyzing the cause of the bug.
Credit to OSS-Fuzz.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:07 +02:00
Ronald Cron
6cc6631015 psa: Return in error when requested to copy a key to an opaque driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 12:27:47 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007
Reduce the number of allocations in ECP operations
2021-04-02 00:08:35 +02:00
Ronald Cron
06c84ca5f8 psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:30 +02:00
Gilles Peskine
e8a2fc8461 Enforce dhm_min_bitlen exactly, not just the byte size
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-01 14:20:03 +02:00
Ronald Cron
77e412cd71 psa: Fix error code when creating/registering a key with invalid id
When creating a persistent key or registering a key
with an invalid key identifier return
PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
de825e62a6 psa: Fix psa_validate_key_persistence documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Ronald Cron
56c9a9457a psa: hash: Fix is_hash_accelerated signature
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 10:50:03 +02:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175
Fix premature fopen() call in mbedtls_entropy_write_seed_file
2021-03-30 17:33:08 +02:00
Hanno Becker
ecb02fbbc5 Apply suggestions from code review
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
d4d33a1b6b Remove unnecessary check before calling memcpy()
This check was added earlier to avoid useless calls to `memcpy()`
with length `0` in the _frequent_ case where we're not accumulating.
By now, the whole code path has been moved to a branch which is only
executed if the reader is accumulating, and the only time this check
would be relevant is if we happen to feed an empty fragment to the
reader. In this case, the call to memcpy() could be removed, but
since this case is exceptional and the call to memcpy() is still
correct even for a length 0 copy, we remove the check for simplicity
of the code.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
032b352684 Improve naming of local variables in MPS reader implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
43c8f8cf79 Put MPS under the umbrella of the TLS 1.3 experimental configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
61d7eedcb5 Fix Doxygen headers for MPS files
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
2332f8f435 Rename static variable for MPS trace depth
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
77e4f485e1 Move illustration of (un)supported cases in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
97c8e930e2 Fix diagram in documentation of MPS reader
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
1682a8b6fe Don't use abbreviated names for local variables in MPS reader
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
b9c086adc5 Use int pointer for paused param in mbedtls_mps_reader_reclaim()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
fea81b3997 Improve and fix wording in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
f1cfa319c4 Fix typos in documentation of MBEDTLS_ERR_MPS_READER_NEED_MORE
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
d913e2e982 Remove duplicate definition of MBEDTLS_MPS_ERR_BASE
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
4a079c5be7 Fix documentation for mbedtls_mps_[stored_]size_t
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
46101c76f9 Improve wording of documentation of mbedtls_mps_size_t
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
6e3484e123 Clarify documentation of MBEDTLS_MPS_STATE_VALIDATION
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
53314aade1 Adjust spacing for MPS reader entries in library/Makefile
Existing entries use combination of tabs and spaces, for whatever reason.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
3d0db81690 Fix typo in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
8fc107c9fb Clarify wording in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
a408c1719c Clarify wording in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
49cc1317b0 Fix typo in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
b1855434eb Rename mbedtls_mps_reader::acc_avail -> acc_available
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
f81e41f1e4 Improve readability of MPS reader implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
0bea62f2d7 Fix typo in reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
4f84e20eb0 Don't invalidate MPS reader buffers upon commit call
Previously, the semantics of mbedtls_mps_reader_commit() was to invalidate
all buffers previously fetched via mbedtls_mps_reader_get(), forbidding
any further use by the 'consumer'. This was in fact a necessary constraint
for the current implementation, which did some memory moving in
mbedtls_mps_reader_commit().

This commit simplifies the reader's semantics and implementation in
the following way:

- API: A call to mbedtls_mps_reader_commit() does no longer invalidate
       the buffers previously obtained via mbedtls_mps_reader_get().
       Instead, they can continue to be used until
       mbedtls_mps_reader_reclaim() is called.

       Calling mbedtls_mps_reader_commit() now only sets a marker
       indicating which parts of the data received through
       mbedtls_mps_reader_get() need not be backed up once
       mbedtls_mps_reader_reclaim() is called. Allowing the user
       to call mbedtls_mbedtls_reader_commit() multiple times
       before mbedtls_mps_reader_reclaim() is mere convenience:
       We'd get exactly the same functionality if instead of
       mbedtls_mps_reader_commit(), there was an additional argument
       to mbedtls_mps_reader_reclaim() indicating how much data
       to retain. However, the present design is more convenient
       for the user and doesn't appear to introduce any unnecessary
       complexity (anymore), so we stick with it for now.

- Implementation: mbedtls_mps_reader_commit() is now a 1-liner,
                  setting the 'commit-marker', but doing nothing else.

                  Instead, the complexity of mbedtls_mp_reader_reclaim()
                  slightly increases because it has to deal with creating
                  backups from both the accumulator and the current
                  fragment. In the previous implementation, which shifted
                  the accumulator content with every call to
                  mbedtls_mps_reader_commit(), only the backup from the
                  fragment was necessary; with the new implementation
                  which doesn't shift anything in
                  mbedtls_mps_reader_commit(), we need to do the
                  accumulator shift in mbedtls_mps_reader_reclaim().

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
8899396fd1 Move MPS reader to mbedtls_mps_ namespace
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
984fbded58 Move MPS trace macros to MBEDTLS_MPS_ namespace
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
c518c3b7bb Rename MPS files library/mps/xxx.[ch] to library/mps_xxx.[ch]
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
b910016049 Add MPS trace module implementation
This commit adds an implementation of the MPS trace module
based on `printf()`.

The enabling macro MBEDTLS_MPS_TRACE remains unset by default
because MPS tracing is very verbose and consumes unnecessary
space in the CI.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
ac267f3485 Add MPS configuration option for state validation
See the documentation in library/mps/common.h which
this commit modifies.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
447e8a5ecd Add internal header for MPS errors
This commit adds an internal header `library/mps/error.h` related
to error codes in MPS.

For now, those error codes can be considered internal and thus we
don't have to avoid clashes with other Mbed TLS error codes. This
is OK as long as it's true that MPS isn't public API, and its error
codes are never forwarded to the return values of public API calls.

The error code allocation of MPS will likely need revisiting over time.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
75ac1f7b95 Add implementation for MPS assertion macros
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
0ea0db4368 Add MPS reader translation unit to Makefile and CMakeLists
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
d2f9f53f7f Add typedef's for MPS buffer size types
Most buffers that MPS deals with are small and representable
with integer types of width 16-bit or more.

For highly memory constrained systems, it is therefore a potential
for significant memory savings to use 16-bit types for buffer sizes
throughout MPS.

In prepraration for this, this commit introduces typdefs

```
   mbedtls_mps_size_t
   mbedtls_mps_stored_size_t
```

for buffer sizes in the MPS implementation and the MPS structures,
respectively.

So far, those MUST be defined as `size_t`: While an effort has been made
to write most of MPS code in terms of `mbedtls_mps_[stored_]size_t` in a
way that would allow narrower types, those aren't yet supported. Still,
we retain the typedefs in order to avoid unnecessary rewriting of a large
body of the MPS codebase.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
13cd7846a0 Add MPS reader implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
1c0cd10ea8 Add header and documentation for MPS reader
This commit adds the interface fo the MPS reader component as
`library/mps/reader.h`.

Please see the file itself for extensive documentation.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
c809ff6ef6 Add stub implementation for MPS tracing API
MPS' tracing module uses four macros:

1) TRACE( type, fmt, ... )

   This acts like `printf( fmt, ... )` but also allows
   the specification of a type of trace output (comment,
   warning, error, ...)

2) TRACE_INIT

   This acts like TRACE() but increases the level of
   indentation. It will be used at the beginning of
   function calls.

3) RETURN( val )

   Equivalent to `return( val )` plus a decrement in the
   level of indentation. This should be used at the end of
   functions that have been started with TRACE_INIT.

4) TRACE_END

   This combines a trace output with a decrement of the
   level of indentation. It's necessary prior to leaving
   functions which have been started with TRACE_INIT
   but which don't have a return value.

This commit defines those macros as no-op dummies in
`library/mps/trace.h` for now.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
1ae9f756ba Add MPS compile-time option for enabling/disabling tracing
This commit adds an MPS-specific compile-time option
`MBEDTLS_MPS_TRACE` to the internal MPS header `mps/common.h`.

So far -- this may need revisiting -- MPS comes with its own
internal tracing module which allows to track the operation of
MPS' various layers for the purpose of understanding of it workings
as well as for debugging.

The reasons for the introduction of a module separate from SSL debug
are the following:

1) The SSL debug module requires an SSL context to function because
   debug callbacks are part of the runtime configuration of the SSL
   module.

   The MPS tracing module, in contrast, is not supposed to be used
   in production environments, and there is no need for a runtime
   configuration. Instead, a compile-time defined tracing callback
   is used.

2) In the interest of modularity, MPS' tracing module shouldn't
   require having an SSL context around.

3) Purely visually, MPS' tracing module adds support for indentation
   according to call-depth and coloring according to which module is
   being used, which makes it very useful for what's going on; however,
   those features aren't available in the SSL debug module (and they
   shouldn't be).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
6ed183cf00 Add MPS compile time option for enabling/disabling assertions
This commit adds the compile-time option MBEDTLS_MPS_ENABLE_ASSERTIONS
which controls the presence of runtime assertions in MPS code.

See the documentation in the header for more information.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
108fc84b04 Add MPS configuration header
This commit introduces the internal MPS header `mps/common.h`
which will subsequently be populated with MPS-specific compile-time
options and helper macros. For now, it's a stub.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Ronald Cron
cfcc3784c1
Merge pull request #4256 from ronald-cron-arm/psa-cipher-iv-size
PSA cipher iv size
CI is OK, just expected ABI-API-checking failure.
2021-03-29 15:02:48 +02:00
Ronald Cron
58946f4a6a
Merge pull request #4229 from ronald-cron-arm/psa-cipher
PSA cipher driver delegation rework
CI is OK, just expected ABI-API-checking failure.
2021-03-29 15:02:14 +02:00
Manuel Pégourié-Gonnard
4dfb83c0d7
Merge pull request #4164 from chris-jones-arm/move-internal-headers
Unify internal headers in library/
2021-03-29 11:18:54 +02:00
Gilles Peskine
2aff17b8c5
Merge pull request #4098 from gstrauss/remove-redundant-condition
remove ssl_parse_client_hello redundant conditions
2021-03-27 22:47:13 +01:00
Ronald Cron
5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
a0d6817838 psa: cipher: Add bound check of the IV length in the core
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
c17e8a9bf2 psa: cipher: Use PSA_CIPHER_IV_LENGTH to compute the IV length
The IV length computed in the cipher PSA implementation is
the default IV length thus use the PSA macro PSA_CIPHER_IV_LENGTH
defined to do that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
6ad554cb83 psa: cipher: Prefer length rather than size for IV/block length
Prefer length rather than size for IV/block length as
per the PSA specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
f2381aaa43 psa: cipher: Use psa_generate_random to generate IVs
Use psa_generate_random() to generate IVs instead of
mbedtls_psa_get_random(). mbedtls_psa_get_random() is
meant to be used as the f_rng argument of Mbed TLS
library functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
7b4154df0f psa: wrapper: Fix potential unreachable statement warning
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
75e6ae25ef Move mbedtls_cipher_info_from_psa to psa_crypto_cipher.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
1f0db80c78 psa: cipher: Fix symmetric key management
Symmetric key management is not intended to be
delegated to drivers. Thus, key management code
for a given symmetric key type should be included
in the library whether or not the support for
cryptographic operations based on that type of
symmetric key may be delegated to drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
5d9b00dddb psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:07 +01:00
Ronald Cron
3522e32132 psa: cipher: Add transparent driver test specific entry points
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
8287e6b078 psa: cipher: Add utility functions
Isolate the Mbed TLS cipher driver interfaces.
Do the actual cipher operations in utility
functions that are just called by the interface
functions.

The utility functions are intended to be also called
by the cipher test driver interface functions (to be
introduced subsequently) and allow to test the case
where cipher operations are fully accelerated with no
fallback (component test_psa_crypto_config_basic of
all.sh).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6e412a71ee psa: cipher: Pass Mbed TLS implementation its operation ctx
As per drivers, pass to the Mbed TLS implementation of
the cipher multi-part operation its operation context
and not the PSA operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
dd24c9bbd9 psa: Call cipher operations software implementations as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6056fe8a81 psa: driver wrapper: Change cipher_xyz signature
Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6d05173359 psa: Add mbedtls_psa_cipher_xyz() APIs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
0b80559827 psa: Call cipher setup implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
a4af55f14f psa: driver wrapper: Change cipher_*_setup signatures
Change the signature of
psa_driver_wrapper_cipher_encrypt/decrypt_setup to
that of a PSA driver cipher_encrypt/decrypt_setup
entry point.

Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
d6d28885f0 psa: Add mbedtls_psa_cipher_encrypt/decrypt_setup functions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
7986f7e14b psa: Export "internally" mbedtls_cipher_info_from_psa
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
ab99ac2f33 psa: Rework psa_cipher_setup (2)
Split out the cipher setup based on cipher.c
in psa_cipher_setup_internal() whose signature
is that of a PSA driver cipher_setup entry
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
590d3e56e9 psa: Rework psa_cipher_setup (1)
Rework psa_cipher_setup in preparation of
calling the cipher setup based on cipher.c
through the interface of a PSA driver
cipher_setup entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
0ff579590d psa: Add psa_crypto_cipher.[ch]
Add psa_crypto_cipher.[ch] files to contain the
Mbed TLS implementation of PSA driver cipher driver
entry points.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
c45b4afc63 Fix PSA SE driver tests
Fix PSA SE driver tests in configuration
full + MBEDTLS_PSA_CRYPTO_DRIVERS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
51a3b7d79c psa: config: Add CAMELLIA to the list of possible CMAC ciphers
Camellia-CMAC is valid PSA configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 14:25:46 +01:00
Ronald Cron
9e3926a295 psa: config: Remove check on ARIA in GCM prerequisites
ARIA is not supported yet through the PSA API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 15:57:21 +01:00
Ronald Cron
4501c98fc2 psa: sign: Return INVALID_ARGUMENT instead of NOT_SUPPORTED
To run succesfully the test
"PSA sign: invalid algorithm for ECC key" of
test_suite_psa_crypto when ECDSA support is not included
in the library, always return INVALID_ARGUMENT
in case of an ECC key not used for ECDSA, whether
ECDSA support is present or not.

Then apply the same logic to RSA sign RSA and RSA/ECC
verify for the sake of consistency.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 12:05:51 +01:00
Ronald Cron
3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine
71f45ba0e8 Fix unused parameter warning in some configurations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 14:17:55 +01:00
Gilles Peskine
a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
Gilles Peskine
d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Maulik Patel
c1bfcdda58 Fix:4162 Return correct error type for invalid key
Return PSA_ERROR_INVALID_HANDLE instead of
PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 13:41:07 +00:00