Commit graph

29664 commits

Author SHA1 Message Date
Ryan Everett
5c5210f7e1 Remove state transitions in psa_load_X_key_into_slot
These calls otherwise don't abide by our assertions about changing the slot.
psa_get_and_lock_key_slot, the only caller to these, handles the state
transitions already. It also changes the contents of the slot after these calls.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-30 18:27:16 +00:00
Paul Elliott
fad978b232 Fix race condition with test comparison functions
Make sure we hold the mutex whilst making several changes at the same
time, to prevent race condition on writing connected bits of data.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-01-30 18:00:26 +00:00
Ryan Everett
3af9bc18f3 Wrap get_and_lock_key_slot_in_memory calls in mutex
It is useful to do this for the call in get_and_lock_key_slot.
Documenting that get_and_lock_key_slot_in_memory requires the mutex
is not part of this PR

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-30 17:21:57 +00:00
Valerio Setti
91372f5549 test_suite_rsa: add more test cases for RSA key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 17:26:38 +01:00
Dave Rodgman
dae21d3808 Support SHA-512 hwcap detection on old libc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:31:42 +00:00
Valerio Setti
f988f95b9a test_suite_bignum: add test function: mpi_zero_length_buffer_is_null()
The goal is to test all the bignum's functions that accept a buffer
and its length and verify that they do not crash if a NULL pointer
is passed in as buffer and 0 length is specified.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:09 +01:00
Valerio Setti
779a1a5b20 aria: remove leftover in comments
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:09 +01:00
Valerio Setti
76e4c6352d test_suite_aria: remove NOT_DEFINED dependency from aria_invalid_param()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 16:28:06 +01:00
Gilles Peskine
cbb9caead4 Changelog for building SHA-256 and 512 with old libc
Linux/Aarch64: support SHA acceleration detection with older libc

On Linux on aarch64 (64-bit ARMv8) processors, we use getauxval() to detect
whether the runtime environment supports SHA-256 or SHA-512 acceleration.
Some libc do not define the necessary HWCAP_xxx constants to analyze the
result of getauxval(), either because they don't bother or because they're
too old to recognize the values we need (for example, HWCAP_SHA2 appeared in
Glibc 2.24 and HWCAP_SHA512 appeared in Glibc 2.27). In such cases, assume
that the values are the same as in the kernel ABI and define the constants
manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:25:37 +00:00
Gilles Peskine
36dee75368 Update ECDSA signature conversion based on experimentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 16:15:17 +01:00
Valerio Setti
252311d41e test_suite_psa_crypto_util: add test with 0-length for r
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:50:28 +01:00
Valerio Setti
98e1931a0a test_suite_psa_crypto_util: alloc/free buffer inside loop in ecdsa_raw_to_der_incremental()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:46:02 +01:00
Valerio Setti
78da7468ca psa_util: minor improvements to convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 15:08:40 +01:00
Tom Cosgrove
d4c373a597 Refactor all.sh clang version detection code
Prevents a script failure when attempting to run build_aes_armce on a system without clang

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-01-30 13:56:38 +00:00
Tom Cosgrove
9e4eeff6e0 Fix comment about verison of clang required for 'build_aes_armce'
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-01-30 13:51:18 +00:00
Ørjan Malde
2a6cb5c881 fix build for midipix
Signed-off-by: Ørjan Malde <red@foxi.me>
2024-01-30 14:50:23 +01:00
Gilles Peskine
03aa9bc226 Switch pk_setup_for_type() to return MBEDTLS_ERR_xxx
Use mbedtls return codes rather than a boolean "has test not failed?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 11:18:42 +01:00
Gilles Peskine
3da3c0a000 Always call psa_crypto_init when testing mbedtls_pk_get_psa_attributes
mbedtls_pk_get_psa_attributes() actually works without having initialized
the PSA subsystem, because it doesn't call any non-client PSA API functions.
But the function is only useful in conjunction with the PSA API: it's
meant to be followed by importing a key with the resulting attributes. We
don't advertize it to work without an up-and-running PSA subsystem, and
there's no need to test it without an up-and-running PSA subsystem as we
were (accidentally) doing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 10:22:29 +01:00
Gilles Peskine
f8c2cd1489 Update preprocessor guard comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 10:18:36 +01:00
Gilles Peskine
e0c13cffb3 Update some msg descriptions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-30 10:17:49 +01:00
Valerio Setti
307ce2cff5 test_psa_compliance: use the last upstream release of psa-arch-tests
Release: v23.06_API1.5_ADAC_EAC
This fixes all the issues that were previously added as exceptions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-30 09:25:07 +01:00
Ryan Everett
763971f32e Comment on locking strategy in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 17:17:12 +00:00
Valerio Setti
7a795fd951 suite_psa_crypto_util: add more test cases for DER->RAW
- r with MSb set
- Invalid r (only 1 zero byte)

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 18:08:42 +01:00
Ryan Everett
c053d968f2 Make psa_destroy_key threadsafe
We do not require linearizability in the case of destroying a key in use.
Using a key and destroying it simultaneously will not cause any issues
as the user will only use the copy of the key in the slot.
Two simulatenous deletion calls to one key cannot interfere, the first caller
sets the slot's state to PENDING_DELETION, the second caller will back off.
Remove outdated comment about one key being in multiple slots, psa_open_key
does not put the key into a new slot.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 17:06:34 +00:00
Valerio Setti
122c94fd26 psa_util: remove raw_len param from convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 18:02:03 +01:00
Valerio Setti
ee5238fcf4 suite_psa_crypto_util: add more testing for mbedtls_ecdsa_raw_to_der()
A new test function is added, ecdsa_raw_to_der_incremental, that tests
incremental output DER buffer sizes checking that only the correct one
(tested at last) works correctly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:45:18 +01:00
Valerio Setti
9b9b5a52d9 psa_util: some code improvement to convert_der_to_raw_single_int()
This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 17:25:19 +01:00
Ryan Everett
16abd59a62 Update psa_wipe_all_key_slots and document non-thread safety
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00
Ryan Everett
b0821959ae Make psa_purge_key thread safe
Relies on get_and_lock_X being thread safe.
There are two mutex locks here, one in psa_get_and_lock...
Linearization point is the final unlock (or first lock on failure).

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00
Ryan Everett
f23336e040 Make psa_close_key thread safe
There are two mutex locks here, the one performed in get_and_lock.. and the one performed outside.
Linearizes at the final unlock.
(This function is deprecated)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:13:15 +00:00
Valerio Setti
4e048f1749 bignum: removing usage of MPI_VALIDATE_RET()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:21 +01:00
Valerio Setti
ea3a6114e6 aria: replace ARIA_VALIDATE_RET() with a simple "if" block
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:21 +01:00
Valerio Setti
a45a399a6b lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
Symbols defined starting from MBEDTLS_INTERNAL_VALIDATE[_RET]
are removed as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:15 +01:00
Valerio Setti
41f8f733a1 test_psa_compliance: add exception for tests using wrong RSA pub key format
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 11:44:40 +01:00
Valerio Setti
cc0fd47531 platform_util: remove declarations of MBEDTLS_INTERNAL_VALIDATE[_RET]()
These macros end up as being always "empty", so they
can be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 10:19:52 +01:00
Valerio Setti
2bec5df945 psa_crypto_ffdh: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:09 +01:00
Valerio Setti
0a6acf8db4 adjust_legacy_from_psa: use EC pattern for enabling builtin elements of DH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:09 +01:00
Valerio Setti
c22bb7a0a4 adjust_legacy_from_psa: optimize legacy enablement also for EC key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:06 +01:00
Minos Galanakis
8ee1b5f46e programs_benchmark: Updated to use mbedtls_dhm_read_public().
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-01-26 15:00:13 +00:00
Minos Galanakis
97489dc7e5 programs_benchmark: Updated to use mbedtls_dhm_set_group() & mbedtls_dhm_get_len()
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-01-26 15:00:13 +00:00
Minos Galanakis
e29c868ca4 programs_dh_server: Updated to use mbedtls_dhm_set_group() & mbedtls_dhm_get_len().
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-01-26 15:00:13 +00:00
Valerio Setti
18be2fb9df driver-only-builds: improve a sentence in the HMAC section
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 15:07:02 +01:00
Valerio Setti
89d8a12e9c analyze_outcomes: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 15:04:05 +01:00
Valerio Setti
f8ce457fb6 all.sh: fix comment in check_test_dependencies()
MBEDTLS_ASN1_WRITE_C is no more required for ECDSA conversion
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:55:14 +01:00
Paul Elliott
47c74a4773
Merge pull request #8741 from Ryan-Everett-arm/add-locking-macros
Add macros for locking/unlocking the key slot mutex
2024-01-26 13:53:38 +00:00
Valerio Setti
bcf0fc5119 adjust_legacy_crypto: add parenthesis to improve clarity
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:53:28 +01:00
Paul Elliott
12abdde951
Merge pull request #8699 from minosgalanakis/update/rsa_context_in_programs_5014
[MBEDTLS_PRIVATE] Update rsa context in programs 5014
2024-01-26 11:03:43 +00:00
Paul Elliott
c4e911889e
Merge pull request #8751 from trofi/gcc-14-calloc-fix
tests: fix `calloc()` argument list (`gcc-14` fix)
2024-01-26 11:02:53 +00:00
Valerio Setti
48e4167ced adjust_legacy_from_psa: improve pattern for enabling internal symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 10:34:32 +01:00
Valerio Setti
1a54352f5a psa_crypto_ffdh: move dhm.h inclusion to c file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 09:35:18 +01:00