Commit graph

29098 commits

Author SHA1 Message Date
Valerio Setti
6def24ce73 test_suite_[pkparse/rsa]: move RSA private key parsing tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:42:32 +01:00
Valerio Setti
1533c3f660 test_suite_rsa: improve rsa_parse_write_pkcs1_key() adding more checks
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:42:29 +01:00
Valerio Setti
a5f36fcaae rsa: write documentation of new functions for parse/writing RSA priv/pub keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
18dd00052e pk_wrap: use RSA module functions to write priv/pub key in RSA wrappers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
c6d7f53adc all.sh: update common_test_psa_crypto_config_accel_ecc_some_curves()
Do not disable RSA_C and related modules because now it does not
automatically re-enable PK module.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
2ddabb34d6 config_adjust_legacy: do not auto-enable PK when RSA is enabled in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Valerio Setti
dccfd3612d rsa: update return values of priv/pub parse/write functions
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:34 +01:00
Valerio Setti
7b7ffd3bb9 psa_crypt_rsa: remove dependency from the PK module
Use new functions from the RSA module to parse and write
private and public keys in PKCS#1 format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 16:14:18 +01:00
Valerio Setti
b054e449c9 test_suite_psa_crypto: remove tests for importing an RSA key in PEM format
This feature was an unofficial extension which was never documented.
Now that we are removing the PK dependency in order to use only
functions from RSA module, PEM support is unavailable. Therefore
we explicitly remove it.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 16:12:27 +01:00
Valerio Setti
8e6093dd9f test_suite_rsa: add some basic testing of new parse/write priv/pub keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 15:19:07 +01:00
Valerio Setti
b328c44932 pk/rsa: move RSA parse/write private/public key functions to rsa module
These functions are meant to be used internally, so their prototype
declaration is kept into rsa_internal.h.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 15:18:57 +01:00
Valerio Setti
429cd50ac8 pkwrite: split pk_write_rsa_der() with a dedicated function for non-opaque RSA key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 09:10:22 +01:00
Valerio Setti
fd49a46a36 pkparse: rename RSA key and pubkey parsing functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-23 08:35:11 +01:00
Janos Follath
fb12d9204d
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
Implement the key slot mutex
2024-01-19 20:49:18 +00:00
Ryan Everett
63952b7de5 Fix typo
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 13:45:19 +00:00
Ryan Everett
7aeacc1ec4 Add empty line in register_read comment
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 13:02:58 +00:00
Ryan Everett
558da2ffd3 Move key_slot_mutex to threading.h
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 12:59:28 +00:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Ryan Everett
fb02d57de7 Document the thread safety of the primitive key slot functions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:54:42 +00:00
Ryan Everett
0e3b677cf4 Support PSA_ERROR_SERVICE_FAILURE
To be returned in the case where mbedtls_mutex_lock and
mbedtls_mutex_unlock fail.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:29 +00:00
Ryan Everett
846889355c Initialize and free the key slot mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:05 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial
ECP keypair utility functions
2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Ryan Everett
491f7e5ac3 Define key_slot_mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:21:38 +00:00
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf
Ctr perf
2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states
Implement the new key slot state system within the PSA subsystem.
2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
2024-01-17 14:12:33 +00:00
Ryan Everett
38a2b7a6a3 Extend psa_wipe_key_slot documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:40:29 +00:00
Dave Rodgman
885248c8ee Add header guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-17 11:06:31 +00:00
Bence Szépkúti
1325942c28
Merge pull request #8707 from bensze01/new_redirect_format
Migrate to new RTD redirect format
2024-01-16 20:22:08 +00:00
Dave Rodgman
9039ba572b Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 18:38:55 +00:00
Dave Rodgman
7e5b7f91ca Fix error in ctr_drbg
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 17:28:25 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 16:27:34 +00:00
Bence Szépkúti
333ca8fdfc Migrate to new RTD redirect format
Migrate to the new redirect format introduced by ReadTheDocs in
readthedocs/readthedocs.org#10881

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-01-16 17:06:06 +01:00
Dave Rodgman
9f97566c04 Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5 Iterate in 16-byte chunks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Dave Rodgman
67223bb501 add support for AES-CTR to benchmark
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-12 18:33:57 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00