Commit graph

4250 commits

Author SHA1 Message Date
Gilles Peskine
3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
6d40085177 Don't duplicate the definition of PSA_ALG_IS_HASH_AND_SIGN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Ronald Cron
5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
6ad554cb83 psa: cipher: Prefer length rather than size for IV/block length
Prefer length rather than size for IV/block length as
per the PSA specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
02d68b2b8e psa: cipher: Fix comment type
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
9198e8c259 psa: driver contexts: Fix include order and wrapping
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
5d9b00dddb psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:07 +01:00
Ronald Cron
7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
d85e98d6f1 psa: config: Add CBC-MAC
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:26 +01:00
Ronald Cron
e1f5516025 psa: config: Improve handling of not supported ECC curves
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:19 +01:00
Ronald Cron
b9df5ceb8f psa: config: Fix AEAD/CMAC algorithms and ciphers inter-dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 11:01:21 +01:00
Ronald Cron
3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine
398413024d SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine
8276986c3e Curve448 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron
63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine
d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Ronald Cron
da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
David Brown
3298851d05 Fix alignment of PSA defines
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Steven Cooreman
f8e45a4e98 Simplify compilation guards around hash driver testing
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Gilles Peskine
01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length
Correct the maximum generated nonce length for CCM
2021-03-16 10:10:41 +01:00
David Brown
eed74df1ee Re-order PSA ECC configs
Arrange these to be in alphabetical order.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:53:57 -06:00
David Brown
110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Steven Cooreman
0f8ffa806b Rename and retype hash test driver context structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
a85e2f835e Guard hash test functions as a block
Replicate the way the internal hash functions are guarded

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
830aff2a98 Restructure the way driver contexts are declared
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:32 +01:00
Dave Rodgman
e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Bence Szépkúti
437035bfe3 Fix revert of PSA_AEAD_UPDATE_OUTPUT_SIZE
Both the original change, and its incomplete revert were introduced in
#3386.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 17:58:26 +01:00
Bence Szépkúti
0153c9436b Correct the maximum generated nonce length for CCM
psa_aead_generate_nonce() could generate a nonce of up to 13 bytes,
depending on the inputs to psa_aead_set_lengths().

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 15:45:17 +01:00
Ronald Cron
fc86f3f147
Merge pull request #3386 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size
Add new support macros for output buffer sizes since PSA API 1.0 beta 3
2021-03-11 13:30:42 +01:00
gabor-mezei-arm
5699101ac9
Update PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-11 11:55:03 +01:00
David Brown
9b178deedb Fix typo in PSA ECC curve config option
Fix SEC to SECP as the curve name.  This fixes failing tests that
verified the config option was working.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown
3353f81694 Update psa/crypto_config.h to new names
An earlier commit fixes the names of the PSA_WANT_ECC_ macros.  Update
the crypto_config.h file to match these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown
c7b9b2b6d6 Update defines for ECC PSA configs
Use the names as described in
`docs/proposed/psa-conditional-inclusion-c.md which use a transform
like: SECP256R1 -> SECP_R1_256.  The CURVE25519 and CURVE448 become
MONTGOMERY_255 and MONTGOMERY_448.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
David Brown
20a8c4305a Define PSA_WANT definitions for all ECC curves
Mirror the default non-PSA configuration by enabling all supported ECC
curves.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
David Brown
8de143e72d Create PSA configs for ECC curves
For each curve defined MBEDTLS_ECP_DP_xxx_ENABLED, we have a
corrsponding PSA config define PSA_WANT_ECC_xxx.  Along with that is a
value MBEDTLS_PSA_ACCEL_ECC_xxx which can be used to allow HW
acceleration of that particular curve.

If the PSA config requests an unaccelerated curve, the corresponding
MBEDTLS_PSA_BUILTIN_ECC_xxx will also be defined.

This commit defines these for all curves currently defined, with the
defines working in either direction, depending on whether
MBEDTLS_PSA_CRYPTO_CONFIG is defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
Paul Elliott
aa5e132df7 Improve include guards for format attribute
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
48438c758a Fix incorrect long long specifier for win64
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
d48d5c6615 Fix size_t and longlong specifiers for MinGW
MinGW and older windows compilers cannot cope with %zu or %lld (there is
a workaround for MinGW, but it involves linking more code, there is no
workaround for Windows compilers prior to 2013). Attempt to work around
this by defining printf specifiers for size_t per platform for the
compilers that cannot use the C99 specifiers.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
abb3af7826 Invert gate on printf attribute
Inverted the logic without thinking.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
f8d733e49a Correct include guard for function __attribute
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
4e589701d8 Declare mbedtls_debug_print_msg as printf-like
We were not getting any warnings on printf format errors, as we do not
explicitly use printf anywhere in the code. Thankfully there is a way
to mark a function as having printf behaviour so that its inputs can be
checked in the same way as printf would be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
36f539d9b3 Remove deliberate fallthrough
Clang 11 has stopped using the old comment system to mark deliberate
fallthrough, and now demands marking of such with
__attribute(fallthrough). Given not every compiler supports such
attributes and these are the only two deliberate fallthrough cases in
the project at the minute, take the easy route and just remove the
fallthrough.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 16:19:46 +00:00
gabor-mezei-arm
9c3b5077e6
Update PSA_CIPHER_ENCRYPT_OUTPUT_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-10 15:57:44 +01:00
Steven Cooreman
b1777312da Make the driver context union a defined type
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
dbf8ceda54 Change the way driver context structures are used
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.

This change defines & implements for hashing operations how the context
structures get defined.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
0e307647e6 Split hashing operations out into an mbedTLS hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Dave Rodgman
bfe754947c Bump version to 2.26.0
Executed ./scripts/bump_version.sh --version 2.26.0

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:09:18 +00:00
Gilles Peskine
7ef23bee0e Documentation: fix \p names that diverged from the code
Fix places where Doxygen documentation uses \p to refer to a parameter
name and where the name used did not match the actual parameter name.

I used the following script to detect problematic cases:
```
perl -w -ne 'if (eof) { $. = 0; } if (m!^/\*\*!) { $in_doc = 1; %param = (); %p = (); } if (m!\*/!) { foreach $name (keys %p) { if (!$param{$name}) { foreach $line (@{$p{$name}}) { print "$ARGV:$line: $name\n" } } } $in_doc = 0; } if ($in_doc) { if (/\\param(?: *\[[^\[\]]*\])? +(\w+)/) { $param{$1} = 1; } foreach (/\\p +\*?(\w+)/) { push @{$p{$1}}, $.; } }' include/psa/*.h
```

This commits fixes all the remaining occurrences under include/psa,
which were just trivial name mismatches.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:31 +01:00
Gilles Peskine
364d12cfab Documentation: fix \p used for non-parameters
In Doxygen documentation, use \c rather than \p when discussing
something that isn't a parameter of the current macro or function.
Where needed, explain what the thing is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:15 +01:00
Gilles Peskine
8735343575 Fix copypasta in documentation of an error case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:08 +01:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
gabor-mezei-arm
286a36e17d
Fix size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-05 15:59:57 +01:00
Gilles Peskine
9264e01730 Update error codes listed in the net_sockets documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:27:17 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
37389c768d Update validity domain of min_tag_length / min_mac_length
Review indicated explicit validity domain should be [1, max_alg_length]

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm
c6f2480854
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine
c8dab5b41e Fix sloppy wording around stricly less-than vs less or equal
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:39:21 +01:00
Gilles Peskine
e28f236b6b Document FD_SETSIZE limitation for mbedtls_net_{poll,recv_timeout}
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
gabor-mezei-arm
e86bdcaa11
Fix size macros and its documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm
fbd9f1e683
Add and update macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm
ee6bb560a6
Remove out of scope macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm
8809fb64eb
Add and update size macros for ciphers and keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm
0687b2b236
Add macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm
a200ee6098
Move AEAD macros next to each other
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:36 +01:00
Gilles Peskine
b15832160b Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine
4337a9cb18 Document mutex usage for RSA
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
478847cca3 Document thread safety for HMAC_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
e39b2192e5 Document mutex invariant for HMAC_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
f305d92480 Document thread safety for CTR_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
da290f9bcd Document mutex invariant for CTR_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
39a1a26d0b Explain the usage of is_valid in pthread mutexes
Document the usage inside the library, and relate it with how it's
additionally used in the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman
d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine
60b29fea46 Define WANT symbols for always-supported key types
PSA_KEY_TYPE_RAW_DATA and PSA_KEY_TYPE_DERIVE are always supported.
Make this explicit by declaring PSA_WANT_KEY_TYPE_RAW_DATA and
PSA_WANT_KEY_TYPE_DERIVE unconditionally. This makes it easier to
infer dependencies in a systematic way.

Don't generate not-supported test cases for those key types. They
would always be skipped, which is noise and would make it impossible
to eventually validate that all test cases pass in at least one
configuration over the whole CI.

Don't remove the exception in set_psa_test_dependencies.py for now, to
get less noise in dependencies. This may be revised later if it is
deemed more important to be systematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:52 +01:00
Bence Szépkúti
7921cceec8 Fix typo in config_psa.h
The correct macro is PSA_WANT_ALG_CFB

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-17 11:47:40 +01:00
David Brown
9a594e8023 Update psa crypto_config to include recent configs
Update with CHACHA20_POLY1305, CHACHA20.  Add in CTR, which was missing,
and move ALG_XTS to its proper location alphabetically.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:57 -07:00
David Brown
db01e0271f Remove an unnecessary #else and commented line
With the else branch commented out, both lines are unnecessary.  We
could check for the invalid configuration in the future, once tests were
made to exclude this combination.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
be380c1e0f Remove incorrect PSA ECB definition
There is no PSA ALG_ECB, only ALG_ECB_NO_PADDING.  Fix one incorrect
declaration, and remove another that is just redundant.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
8de6437bb6 Cleanup PSA CBC padding defines
Only define MBEDTLS_CIPHER_MODE_CBC if one of the CBC modes is requested
and everything isn't covered by an accelerated version.  This keeps this
from being defined in cases where everything needed would be
accelerated.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
86730a8d50 Add missing MBEDTLS_PSA_BUILTIN for ChaCha20-Poly1305
Add these missing definitions when this configration is chosen.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
fc46818eeb Cleanup PSA ifdefs for CBC block mode
Try to make these definitions clearer given the complexity of the
mapping between the PSA config options and the MBEDTLS ones.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
10cb81c0a0 Add some missing MBEDTLS_PSA_BUILTIN_ definitions
Add a few instances where the builtin macros for these algorithms were
missed.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
f84a0f691e Simplify block cipher PSA definitions
If any of the software block ciphers are selected, define an internal
macro to indicate this.  This eliminates some redundancy that needs to
check for this.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
e1f91f07cd Consolidate PSA ifdefs for block ciphers
Combine some separate ifdef blocks to make it clearer when various
internal values are defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
18658a7896 Disable error on CHACHAPOLY misconfiguration
As the test tries this in multiple configurations, an #error here will
fail CI.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
ac4fa07fa3 Add PSA config support for ChaCha20+Poly1305
Add checks for PSA_WANT_ALG_CHACHA20_POLY1305.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
b16727a603 Add PSA config for ChaCha20
Add checks for PSA_WANT_KEY_TYPE_CHACHA20, both with and without
MBEDTLS_PSA_CRYPTO_CONFIG.  This only adds support for the ciphers
itself, presumably as a stream cipher (and not yet AEAD).

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
b781f75401 Define SW crypto algorithms if block modes need it
Even if there is an accelerated version of a (block) key type, enable
the SW implementation if there are block modes that don't have
acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
5256e69cda Fix typo in psa config comment
Change "are" to "aren't" to avoid making the comment misleading.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
4b9ec7a598 Add checks for HW acceleration of ciphers and padding
Add additional ifdef checks in the PSA config to detect when an
algorithm is entirely implemented in hardware.  If there is any
combination of cipher and padding type that is not supported by the HW
acceleration, enable the SW acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown
12f45f99da Add definitions for builtins for cipher modes
Create these definitions for the various cipher modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00