Gilles Peskine
4da1f01f88
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Gilles Peskine
d6fc3501c0
Test mbedtls_pk_import_into_psa with different bits
...
This was only tested with opaque keys. Since the code paths are different
depending on the PK type, we also need to test RSA and ECKEY.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 17:15:29 +01:00
Gilles Peskine
68a287dc7a
Use named constants FROM_PAIR/FROM_PUBLIC for readability
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:30:55 +01:00
Gilles Peskine
f50cd59b51
Fix encrypt/decrypt confusion
...
The values are the same for all supported mechanisms (RSA-based), so no
semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:13:26 +01:00
Gilles Peskine
cbd2cbb408
Rename identifier for consistency
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 13:12:44 +01:00
Gilles Peskine
465e4ed56b
Prioritize SHA2 over MD5 for KNOWN_SUPPORTED_HASH_ALG
...
This fixes the ability to exercise keys in configurations where MD5 is
supported for direct use, but not inside some accelerated algorithms. This
is the case in `all.sh test_psa_crypto_config_accel_ecc_ecp_light_only` and
some other accelerated-ECC components of `all.sh`, where the driver is built
without MD5 support but built-in MD5 remains enabled.
This is only a hack, not a theoretically correct fix, but a correct fix is
out of scope of my current work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:54:53 +01:00
Gilles Peskine
34955677e5
Don't exercise if the algorithm is not supported
...
Parsing a key and importing it into PSA may result in a policy that
specifies an algorithm that is not included in the build. This happens if
the key type is supported, but not the algorithm, e.g. in a build with
MBEDTLS_ECP_C but not MBEDTLS_ECDSA_C.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:31:55 +01:00
Gilles Peskine
1d33876d37
Fix some preprocessor guards
...
Fix the build in some configurations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
74860ddec2
Don't define pk_sign_verify in configurations where it's unused
...
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:
```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```
This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
Gilles Peskine
35cb319832
depends.py: set unique configuration names in outcome file
...
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.
Fix #7290
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
157679c0d5
mbedtls_pk_import_into_psa: positive tests with pkparse output
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
10e9c412c0
mbedtls_pk_import_into_psa: negative tests for different ECC curve
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fc3d866ad2
mbedtls_pk_import_into_psa: implement and test
...
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.
Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
Gilles Peskine
fdb809ef86
exercise_key: fix asymmetric encrypt/decrypt with >2028-bit RSA
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:31:03 +01:00
Gilles Peskine
4781bd9773
exercise_key: allow SIGN_MESSAGE/VERIFY_MESSAGE with PSA_ALG_ANY_HASH
...
There was already code to instantiate the wildcard for sign/verify-hash.
Make that work with sign/verify-message as well.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:30:27 +01:00
Gilles Peskine
05ee3fbdc0
mbedtls_pk_import_into_psa: documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Gilles Peskine
48b87ebde3
Choose a curve for tests at compile time
...
This makes it possible to use the curve in test data.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-09 19:31:04 +01:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
...
New test thread interface
2024-02-08 12:35:40 +00:00
Tom Cosgrove
1dbfc8ad3c
Merge pull request #8790 from paul-elliott-arm/fix_ctr_drbg_comment
...
Fix confusing comment in ctr drbg thread test
2024-02-08 11:11:50 +00:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
...
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
...
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
Tom Cosgrove
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem
...
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
Valerio Setti
1910390b4a
psa_util: improve leading zeros check in convert_der_to_raw_single_int()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 16:16:58 +01:00
Paul Elliott
bda577bb0b
Fix confusing comment in ctr drbg thread test
...
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-07 15:13:46 +00:00
Dave Rodgman
9b272ac1c6
Merge pull request #8794 from daverodgman/pr-guidelines
...
Remind contributors not to force-push
2024-02-07 15:08:42 +00:00
Valerio Setti
ef07fa0fc3
test_suite_psa_crypto_util: add more test for raw->der
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:16:45 +01:00
Valerio Setti
affba30833
psa_util: update documentation for mbedtls_ecdsa_raw_to_der()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:03:33 +01:00
Manuel Pégourié-Gonnard
b02c0be06a
Merge pull request #8791 from gilles-peskine-arm/psa-legacy-bridges-ecdsa-bits-first
...
Update ECDSA signature conversion specification
2024-02-07 13:43:29 +00:00
Paul Elliott
292b1dc1e1
Merge pull request #8789 from paul-elliott-arm/fix_tsan_gcc
...
Stop platform test failures with GCC and TSAN
2024-02-07 11:32:39 +00:00
Dave Rodgman
2a6593bbb6
Slightly soften force-push suggestion
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 11:05:47 +00:00
Dave Rodgman
c1a4d1f09a
Remove comments about rebasing vs merging; link to longer RTD document
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 11:04:14 +00:00
Dave Rodgman
2840523ae4
Remind contributors not to force-push
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 10:42:41 +00:00
Gilles Peskine
3f557ad59c
Wording improvement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-07 11:22:16 +01:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030
...
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
Dave Rodgman
57a0957938
Merge pull request #8788 from daverodgman/old-gcc-alignment-bug
...
Change unaligned access method for old gcc
2024-02-07 09:31:45 +00:00
Valerio Setti
447bbce8b4
rsa: remove unnecessary check in priv/pub key parsing
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 08:02:03 +01:00
Gilles Peskine
30a303f1a8
ECDSA signature conversion: put bits first
...
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 19:45:11 +01:00
Paul Elliott
e053cb2f12
Stop platform test failures with GCC and TSAN
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 18:10:43 +00:00
Gilles Peskine
8bdd8cdc4f
Merge pull request #8729 from adeaarm/crypto_struct_client_view
...
Add a client view of the multipart contexts
2024-02-06 17:29:55 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
...
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
...
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
...
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Valerio Setti
1810fd9ac8
add changelog
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 17:03:32 +01:00
Valerio Setti
bb76f80218
pk_wrap: use proper raw buffer length in ecdsa_sign_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:23 +01:00
Valerio Setti
cf81f69977
psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:12 +01:00
Dave Rodgman
91d5fde944
Merge pull request #8745 from adeaarm/trail_key_id_field
...
Put the id field at the end of the psa_key_attributes_s structure
2024-02-06 15:55:56 +00:00
Valerio Setti
6269f3baf4
Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
...
This reverts commit d4fc5d9d1c
.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Valerio Setti
2b6a7b37f4
suite_psa_crypto_util: use 521 bits data and bit-size instead of 528
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:21:44 +01:00
Dave Rodgman
e093281a8b
Pacify check-names
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 15:00:58 +00:00
Valerio Setti
94c5806a64
suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 15:49:06 +01:00