Commit graph

6143 commits

Author SHA1 Message Date
Ronald Cron
5c522920ba psa: Rename functions to get a key slot
Rename functions to get a key slot:
. to make their naming more consistent
. to emphasize that those functions set a lock on the
  key slot they return to protect it from being wiped
  out and re-used while some part of the library
  is accessing it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
81709fc78e psa: Move key identifier return to psa_finish_key_creation()
Move the return of the identifier of a created key from
psa_start_key_creation() to psa_finish_key_creation().
That way in case of creation error, it is less likely to
return the identifier that was temporarily assigned to
the key while trying to create it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
5097294be9 psa: Decrement slot access count when finalizing key creation
Decrement the slot access count in psa_finish_key_creation()
when the finalization succeeds instead of in functions calling
psa_finish_key_creation(). That way the decrementation cannot
be forgotten and it reduces the code size.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
cbf6a1d651 psa: slot mgmt: Add access counter overflow check
It adds a bit a code for not much but that way we
are such that a count overflow cannot occur.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
4640c15deb psa: Remove error message output
Remove error message output in case of
unexpected access counter as

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
cbd7beab0d psa: slot mgmt: Simplify psa_validate_key_id
Special handling of volatile key identifiers is not
needed eventually, they can be handled just as
key identifier in the vendor range.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
f473d8b44b psa: slot mgmt: Improve psa_search_key_in_slots implementation
In case of a volatile key identifier, no need to check first
the validity of the key identifier, a volatile key identifier
is valid.

Move to a forward search for non-volatile key identifiers as
now key slots with small index are allocated first by
psa_get_empty_key_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
7587ae49cb Miscellaneous documentation improvements
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-13 09:49:01 +01:00
Ronald Cron
19daca9b2e Prefer persistent over permanent
For consistency across the code base, prefer
persistent over permanent to qualify a key
stored in persistent storage.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-11 15:12:16 +01:00
Ronald Cron
a5b894f7e2 psa: mgmt: Add key slot reuse
When looking for an empty key slot to store
the description of a key, if all key slots
are in use, reuse the first encountered
and unaccessed key slot containing the
description of a permanent key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
f291111007 psa: Do not reset a key slot under access
When psa_close/destroy/purge_key is called, do not
reset a key slot containing the description
of a persistent key if it is currently accessed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
ddd3d05803 psa: Add access counter check in slot wipe
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
0c3752a46b psa: slot mgmt: Add unaccessed slots counter in stats
Add a counter of unaccessed slots and use it
in tests to check that at the end of PSA tests
all key slot are unaccessed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
f95a2b1190 psa: mgmt: Add key slot access counter
Add key slot access counter to be able to
state if a key slot containing the description
of a permanent key can be reset or reset
and re-used.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
54b900827b psa: Forbid creation/registration of keys in vendor range
The identifier of keys created/registred should be in
the application range.

This is by spec for key creation.
This may change for registered key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
65f38a3c2e Add key id check when creating a volatile key
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron
d98059d599 psa: Fix tests/handling of lifetime incompatible with location
The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:18:15 +01:00
Ronald Cron
967835596c psa: Fix references to macros in comments
This commit tries to fix the usage of #MACRO_NAME
to reference macros in comments.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron
3c76a42475 Improve psa_key_start_creation description
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron
513451987d Fix close/purge of a key
In case of persistent keys, do not load the key
in a slot before to close/purge it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron
97c8ad5fee Merge search of loaded volatile and persistent keys
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron
fc9c556127 Forbid volatile key identifiers for non volatile keys
Volatile key identifiers in the vendor range are
reserved to volatile keys thus don't allow them
for persistent keys when creating a key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron
277a85f1ef Add psa_purge_key API
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c4d1b514ab Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.

The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
c26f8d467a Introduce psa_key_handle_is_null inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
98a54ddbd6 psa: slot mgmt: Don't use handles to loop through slot array
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron
2a99315cc5 Add volatile key identifiers
Volatile key identifiers are introduced in
PSA Crypto API v1.0.0. They are returned by the APIs
when importing or generating or deriving a volatile key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:31 +01:00
Ronald Cron
d2ed4815da Split persistence and key id validation
With key usage based on key identifiers and not
key handles (openless APIs), volatile keys will
also have a key identifier. Thus, isolate key
identifier validation from key persistence
validation to clarify that key identifiers
are not specific to persistent keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-09 15:14:38 +01:00
Gilles Peskine
a455e71588
Merge pull request #3780 from stevew817/feature/validate_key_in_driver
Add validate_key hooks and tests
2020-11-02 11:37:42 +01:00
Steven Cooreman
40120f6b76 Address review comments
* zero key buffer on failure
* readability improvements
* psa_finish_key_creation adjustment after removing import_key_into_slot

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-30 10:20:01 +01:00
Steven Cooreman
162ec8758f Detecting bit size is no longer required
Storage format has been changed to always store the key's bit size

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-10-29 12:04:31 +01:00
Johan Pascal
c3ccd98a91 Check transport in the extension parser/writer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
5ef72d214f Style and typos
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
2258a4f481 Do not return a structure, use a return parameter
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
0dbcd1d3f0 Make API safer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
275874bc47 Fix previous commit
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
20c7db3a67 API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
adbd9449ec More minor fix
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
76fdf1d60e Minor fix and improvements
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
d387aa0586 style + missing cast
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal
77696eedac Add bound check in the client ssl_write_use_srtp_ext
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
aae4d22b16 Improve code readability
+micro optimization
+style

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
e79c1e8121 style
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
a455cd9a47 mbedtls_ssl_get_srtp_profile_as_string declared and defined in ssl.h
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
f6417ecf60 mki length feats in a uint16_t
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
253d0263a6 set protection profile API gets a MBEDTLS_TLS_SRTP_UNSET terminated list
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
43f9490a52 SRTP profiles definition use macros only
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00
Johan Pascal
4f099264b5 use_srtp extension shall not interfere in the handshake settings
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:49 +01:00