Commit graph

1134 commits

Author SHA1 Message Date
Paul Elliott
e4030f2cd1 Replace function with macro that already exists
I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:47 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Gilles Peskine
36ff66c4b4
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
Implement one-shot MAC
2021-06-22 12:18:25 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Ronald Cron
a587cbc3a4 psa: mac: Add driver delegation support for psa_mac_verify()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
cd989b5598 psa: mac: Introduce psa_mac_compute_internal
Introduce psa_mac_compute_internal with an
additional `is_sign` parameter compared to
the psa_mac_compute API. The intent is to
call psa_mac_compute_internal() from
psa_mac_verify() as well to compute the
message MAC.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
c3dd75f71b psa: mac: Improve MAC finalization code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
51131b53fe psa: mac: Add driver delegation support for psa_mac_compute()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:09 +02:00
Ronald Cron
79bdd82eaa psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 22:18:06 +02:00
Ronald Cron
2dff3b2a18 psa: mac: Split psa_mac_setup()
Split out of psa_mac_setup() the final checks on
the requested algorithm and the key attributes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 22:09:28 +02:00
Ronald Cron
28ea050cf4 psa: mac: Re-organize psa_mac_setup() internal function
Re-organize psa_mac_setup() to prepare the move
to a dedicated function of the additional checks
on the algorithm and the key attributes done by
this function. We want to move those checks in
a dedicated function to be able to do them
without duplicating them in psa_mac_compute().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 21:02:32 +02:00
Gilles Peskine
e96c5854d0 Move the inclusion of crypto_spe.h to psa/crypto_platform.h
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:43:58 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
gabor-mezei-arm
4076d3e9f3 Implement one-shot MAC functions
Implement one-shot MAC APIs, psa_mac_compute and psa_mac_verify, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-16 16:28:07 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
b1edaec18f Fix missing state check for tls12_prf output
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:41:46 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:10 +02:00
TRodziewicz
58d6eb5024 Removing unneeded comment
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-02 14:43:11 +02:00
Paul Elliott
40ef3a9454 Fix state logic and return codes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-01 17:17:58 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
TRodziewicz
062f353804 Changes after code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:34:14 +02:00
TRodziewicz
cc7074128a Remove MBEDTLS_CHECK_PARAMS option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:33:32 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
Paul Elliott
f47b0957ab Set tag to 'impossible' value on failure to encrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Paul Elliott
6eb959854b Improve state logic
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Paul Elliott
6981fbcf10 Remove unneccessary guard for key unlock
Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Paul Elliott
e715f88d9d Fix key slot being used uninitialised on error
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 21:55:39 +01:00
Paul Elliott
1a98acac1c Properly handle GCM's range of nonce sizes
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
ee4ffe0079 Move AEAD length checks to PSA core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
b91da71db1 Remove unrequired initialisation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
ac1b3fd5b6 Ensure that key gets unlocked in case of error
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
cee785cd72 Seperate id checks from other state checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Jaeden Amero
424fa93efd psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-20 17:08:59 +01:00
Gilles Peskine
864b425156
Merge pull request #4488 from tom-daubney-arm/remove_rsa_mode_params
Remove rsa mode params part 1
2021-05-17 13:49:19 +02:00
Thomas Daubney
141700f057 Removes mode param from mbedtls_rsa_rsaes_oaep_encrypt
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
2177277dda Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Paul Elliott
a559b3ce56 Remove key_set and use id instead
In keeping with the other PSA multipart operations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
bbe90b5f7f Formatting fixes for psa_crypto.c
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
81231f33f0 Return invalid argument for unsupported algorithm
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
39dc6b8aa5 Add abort call to all failure points
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
cbbde5f28c Split multipart AEAD contexts into two parts
Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
2df40057b3 Fix excessive line lengths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
c4e1dcf006 Fix incorrect PSA key usage
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
302ff6bdd6 Implement multipart AEAD PSA interface
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
gabor-mezei-arm
f048618b43
Unify variable type and rename to be unambiguous
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
474a35f635
Return error if algorithm is not hash-then-sign for psa_sign_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
8b3e88614c
Use bool variable instead of enum values
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
12b4f34fff
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
6cdf637f88
Use switch-case for error handling
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
f9820f92cf
Fix for algorithms other than hash-then-sign
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
b5c1e37aff
Use driver-wrapper functions for psa_sign/verify_message
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
0f62240942
Enable algorithms other than hash-then-sign
For psa_hash/verify_message other algorithms than hash-then-sign is
enabled like PureEdDSA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
46c23a051c
Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
50eac35d58
Dispatch sign/verify funtions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
5b44652593
Unify similar functions
Use common funtion for psa_sign_hash and psa_sign_message and one for
psa_verify_hash and psa_verify_message to unify them.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
4a21019653 Implement psa_sign_message and psa_verify_message functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:49 +02:00
Thomas Daubney
d21e0b780a Remove mode parameter from mbedtls_rsa_rsaes_oaep_decrypt function
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.

Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:49:41 +01:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
Steven Cooreman
8af5c5c7de Be explicit about why the zero-length check is there
Since a valid mac operation context would guarantee that the stored
mac size is >= 4, it wasn't immediately obvious that the zero-length
check is meant for static analyzers and a bit of robustness.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 11:09:13 +02:00
Steven Cooreman
d1a68f10c0 Supply actual key bits to PSA_MAC_LENGTH during MAC setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:14 +02:00
Steven Cooreman
72f736a191 Move is_sign and mac_size checking back to PSA core scope
It makes sense to do the length checking in the core rather than expect
each driver to deal with it themselves. This puts the onus on the core to
dictate which algorithm/key combinations are valid before calling a driver.

Additionally, this commit also updates the psa_mac_sign_finish function
to better deal with output buffer sanitation, as per the review comments
on #4247.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:13 +02:00
Steven Cooreman
094a77e79c Code flow and style improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
a6df6040ee Base the PSA implementation of TLS 1.2 PRF on the MAC API
This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1ed1d935f Make HKDF use the generic MAC API
Such that the underlying HMAC can be accelerated if such a driver is present

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
dd1a915c0f Rename HMAC operation structure
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
36876a01a4 Make safer_memcmp available to all compile units under PSA
Now renamed to mbedtls_psa_safer_memcmp, it provides a single location
for buffer comparison.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
ba9a5bf5e7 Code flow/readability improvements after review
* Early return since there's nothing to clean up
* Get rid of unnecessary local variable
* Check algorithm validity for MAC in the PSA core instead of in the driver

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1955af5df Rename internal HMAC structure type to match convention
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
4fdf060a81 Complete, document and fully use internal HMAC API
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
a5b860a5f8 Migrate MAC finish calls into the software driver
Step 3/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Copied the implementation of safer_memcmp from psa_crypto into
  psa_cipher_mac since the mac_verify driver implementation
  depends on it, and it isn't available through external linkage

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
6e7f291bb5 Migrate MAC update call into the software driver
Step 2/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Early-return success on input with zero-length to mac_update, to
  avoid NULL pointers getting passed into the driver dispatch

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
e680419791 Migrate MAC setup/abort calls into the software driver
Step 1/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of just moving code:
* Added a sanity check on the key buffer size for CMAC.
* Transfered responsibility for resetting the core members of the
  PSA MAC operation structure back to the core (from the driver
  wrapper layer)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
82c66b6b8b Move internal HMAC implementation into internal MAC driver
This is a temporary measure. Other operations in the PSA Core which rely
on this internal HMAC API should be rewritten to use the MAC API instead,
since they can then leverage accelerated HMAC should a platform provide
such acceleration support.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
77e2cc5661 Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Manuel Pégourié-Gonnard
805251b70c Update psa_validate_key_policy() for the new policy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 09:49:59 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
Tomasz Rodziewicz
9a97a13d3e
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-22 12:53:15 +02:00
Manuel Pégourié-Gonnard
f6b677ea98
Merge pull request #4349 from mpg/apply-4334-3.0
Apply 4334 to development-3.0
2021-04-22 12:42:40 +02:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
Gilles Peskine
ee259130e4 Merge branch 'development' into development_3.0
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
2021-04-19 10:51:59 +02:00
Steven Cooreman
7ddee7f7c5 Use remove_key_data_from_memory instead of wipe_key_slot
Since the loading attempt of a builtin key might be followed by trying
to load a persistent key, we can only wipe the allocated key data, not
the associated metadata.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
7609b1ff6c leverage psa_allocate_buffer_to_slot from slot management
It makes the implementation of psa_load_builtin_key_into_slot a lot
cleaner.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
TRodziewicz
136b3989cb Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-15 12:34:09 +02:00
Manuel Pégourié-Gonnard
93c0847914 Revert "Remove deprecated things from hashing modules"
This reverts commit c75d9f589b.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:28:15 +02:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
Gilles Peskine
09c916afba
Merge pull request #4257 from ronald-cron-arm/psa-aead
Add PSA crypto driver delegation for AEAD single shot PSA APIs - 1
2021-04-14 14:07:51 +02:00
TRodziewicz
dd82502b56 Remove deprecated error codes. Some still remain - question asked in issue comment
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 23:28:23 +02:00
TRodziewicz
c75d9f589b Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 11:38:37 +02:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Steven Cooreman
ea7ab13991 Do validation on the algorithm argument in AEAD
Corresponds better to the validation done in other modules of PSA Crypto.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
9a986165bf psa: aead: Accept opaque keys for encryption/decryption
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
de82281541 psa: aead: Add driver delegation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
46f9178d85 psa: aead: Move AEAD driver entry points to psa_crypto_aead.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
215633cea4 psa: aead: Implement aead operations as a driver entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
9f31017956 psa: aead: Remove key slot from operation context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:21 +02:00
Ronald Cron
7dbd800f42 psa: aead: Isolate key slot unlock from operation abort
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

Second step in this PR: do not unlock the key slot
as part of operation abort.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
197c2fd0a0 psa: aead: Move key resolution
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

First step in this PR: move key resolution from
aead operation setup to psa_aead_encrypt/decrypt
APIs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
004f917ee8 psa: aead: Fix status initialization
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
6cc6631015 psa: Return in error when requested to copy a key to an opaque driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 12:27:47 +02:00
Ronald Cron
77e412cd71 psa: Fix error code when creating/registering a key with invalid id
When creating a persistent key or registering a key
with an invalid key identifier return
PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
a0d6817838 psa: cipher: Add bound check of the IV length in the core
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
75e6ae25ef Move mbedtls_cipher_info_from_psa to psa_crypto_cipher.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
1f0db80c78 psa: cipher: Fix symmetric key management
Symmetric key management is not intended to be
delegated to drivers. Thus, key management code
for a given symmetric key type should be included
in the library whether or not the support for
cryptographic operations based on that type of
symmetric key may be delegated to drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
dd24c9bbd9 psa: Call cipher operations software implementations as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6056fe8a81 psa: driver wrapper: Change cipher_xyz signature
Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6d05173359 psa: Add mbedtls_psa_cipher_xyz() APIs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
0b80559827 psa: Call cipher setup implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
a4af55f14f psa: driver wrapper: Change cipher_*_setup signatures
Change the signature of
psa_driver_wrapper_cipher_encrypt/decrypt_setup to
that of a PSA driver cipher_encrypt/decrypt_setup
entry point.

Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
d6d28885f0 psa: Add mbedtls_psa_cipher_encrypt/decrypt_setup functions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
7986f7e14b psa: Export "internally" mbedtls_cipher_info_from_psa
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
ab99ac2f33 psa: Rework psa_cipher_setup (2)
Split out the cipher setup based on cipher.c
in psa_cipher_setup_internal() whose signature
is that of a PSA driver cipher_setup entry
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
590d3e56e9 psa: Rework psa_cipher_setup (1)
Rework psa_cipher_setup in preparation of
calling the cipher setup based on cipher.c
through the interface of a PSA driver
cipher_setup entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
c45b4afc63 Fix PSA SE driver tests
Fix PSA SE driver tests in configuration
full + MBEDTLS_PSA_CRYPTO_DRIVERS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
4501c98fc2 psa: sign: Return INVALID_ARGUMENT instead of NOT_SUPPORTED
To run succesfully the test
"PSA sign: invalid algorithm for ECC key" of
test_suite_psa_crypto when ECDSA support is not included
in the library, always return INVALID_ARGUMENT
in case of an ECC key not used for ECDSA, whether
ECDSA support is present or not.

Then apply the same logic to RSA sign RSA and RSA/ECC
verify for the sake of consistency.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 12:05:51 +01:00
Ronald Cron
3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine
71f45ba0e8 Fix unused parameter warning in some configurations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 14:17:55 +01:00
Gilles Peskine
a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
Steven Cooreman
b6bf4bbf95 Clear up language on zeroizing driver context at setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 19:00:14 +01:00
Steven Cooreman
893232fbde Ensure the full driver structure is zeroized at setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:23:37 +01:00
Steven Cooreman
5f88e776c3 Move mbedtls_md_info_from_psa into the mbedtls hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
fbe09284cf Set output length to 0 at start of function
This behaviour was present previously, and is depended on by the
test suites.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:34:56 +01:00
Steven Cooreman
f66d5fd2bd Apply same argument checking as in psa_hash_setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:34:56 +01:00
Chris Jones
ea0a865c69 Move entropy_poll.h to library
`entropy_poll.h` is not supposed to be used by application code and
is therefore being made internal.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
daacb59c2e Rename <pk/md/cipher>_internal.h to *_wrap.h
Revert changes introduced in 50518f4195
as it is now clear that these headers are internal without the
`*_internal.h` suffix.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Steven Cooreman
c8288354a2 move hash update zero-length-input check back into the core
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
dbf8ceda54 Change the way driver context structures are used
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.

This change defines & implements for hashing operations how the context
structures get defined.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
1e58235d8b Dispatch hashing calls through the driver wrapper layer
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
84d670d20c Make psa_hash_compare go through hash_compute
It's more efficient when dealing with hardware drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
0e307647e6 Split hashing operations out into an mbedTLS hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Manuel Pégourié-Gonnard
17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
Steven Cooreman
1fb691aea9 Remove superfluous check
mac size is previously checked to not be less than 4, so it can't be zero
anymore at this point.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-08 14:00:34 +01:00
Steven Cooreman
cd64093222 Language & code readability updates
No functional/behavioral changes in this commit

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-08 14:00:29 +01:00
Ronald Cron
bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Ronald Cron
9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Ronald Cron
566899eefa psa: Remove outdated comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 09:52:03 +01:00
Steven Cooreman
31a876da09 Clarify some policy-handling code comments
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 20:47:40 +01:00
Steven Cooreman
f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Steven Cooreman
4ff9a29686 Check truncation length explicitly
Comparing algorithm with its FULL_LENGTH_MAC version doesn't work in
cases where algorithm is a wildcard. Wildcard input is not specified in
the documentation of the function, but in order to test the function
using the same test as PSA_MAC_LENGTH we're mimicking that behaviour here.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 12:07:20 +01:00
Steven Cooreman
58c94d39ae Make psa_get_mac_output_length testable and test it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Steven Cooreman
7d4b0d778f Reuse PSA_MAC_LENGTH in psa_get_mac_output_length
Avoid code duplication. Also update the guarantees made by the function
doc to match the guarantees given by PSA_MAC_LENGTH.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
5a17267442 Add a note about why key_type is required
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
1ac5ce3b91 Make psa_key_policy_algorithm_intersection MAC-length aware
This makes it more in-line with how psa_key_policy_permits works. It
also adds consistency: the intersection of MAC with default length and
MAC with exact-length is now computed correctly in case the exact length
equals the default length of the algorithm when used with the given
key type.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:39:26 +01:00
Steven Cooreman
15472f8c70 Clean up psa_mac_setup now that we have an output length calculator
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
d788fab4ff Clarify usage of psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
7de9e2db1f Language / verbiage fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
0348802247 Remove generic wildcard checks after review feedback
Applied specific wildcard checks instead.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	library/psa_crypto.c
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine
34045c1d6a
Merge pull request #4145 from stevew817/fix_return_code
Return NOT_SUPPORTED according to the API contract for psa_key_derivation_setup
2021-03-01 13:20:50 +01:00
Ronald Cron
8a494f3ebd psa: Post move adjustments to psa_sign/verify_hash_internal
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
072722ccb0 psa: Move ECDSA sign/verify to PSA ECP specific file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
d1cb91c603 psa: Change psa_ecdsa_sign/verify signature
Change psa_ecdsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_ecp.c ECP specific file.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
7bdbca33b2 psa: Move RSA sign/verify hash to the PSA RSA specific file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:52:26 +01:00
Ronald Cron
a99bcc0e17 psa: Change psa_rsa_sign/verify signature
Change psa_rsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_rsa.c RSA specific file.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:52:26 +01:00
Ronald Cron
fce9df2cad psa: Call sign/verify hash software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:52:24 +01:00
Ronald Cron
36f641bd16 psa: Export "internally" mbedtls_md_info_from_psa()
Export mbedtls_md_info_from_psa() from psa_crypto.c
to make it available to psa_crypto_rsa/ecp.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:51:46 +01:00
Ronald Cron
67b1eb309b psa: Export "internally" psa_sign/verify_hash_internal
Export psa_sign/verify_hash_internal from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:51:46 +01:00
Ronald Cron
9f17aa48c2 psa: Change psa_driver_wrapper_sign/verify_hash signature
Change psa_driver_wrapper_sign/verify_hash signature
to that of a sign/verify_hash driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:51:43 +01:00
Ronald Cron
1865993763 psa: sign/verify_hash: Wrap software implementation
Wrap sign/verify_hash software implementation into
psa_sign/verify_hash_internal() functions whose
signature is that of a sign/verify_hash driver
entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:50:19 +01:00
Ronald Cron
99b8ed7fda psa: Prepare sign/verify code for software implementation split
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:46:07 +01:00
David Brown
1bfe4d7fca Use new PSA builtin defines for CHACHA20
Change the psa_crypto use of the CHACHA20 cipher to also use the new
MBEDTLS_PSA_BUILTIN_KE_TYPE_CHACHA20.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:57 -07:00
David Brown
8107e31b74 Fix 2 endif comments
Two endif comments didn't match the ifdef.  Fix these to match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:56 -07:00
David Brown
12ca50307f Change some conditionals of PSA to use BUILTIN
Change a few conditionals in the psa library to be based on the
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES instead of the WANT macros.  Future
additions of HW acceleration will need to be mindful of these
definitions if any of this code is needed in those instances.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:20 -07:00
David Brown
7807bf7404 Use proper conditional for software DES
When converting definitions to use the new PSA defines, one erroneously
was conditionalized on the WANT macro instead of on the BUILTIN macro.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
288a96e169 Fix mistyped endif comment
Correct the endif comment to match the condition used in the ifdef.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
0baa7b5e98 Change ifdefs in psa_crypto.c to new WANT macros
There are a few instances of MBEDTLS_*_C (specifically for DES) in
psa_crypto.c.  Change to the PSA_WANT_KEY_TYPE_DES macros to reflect the
new PSA crypto config.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:32 -07:00
David Brown
63ca260827 Change psa_crypto.c ifdefs for cipher modes
Change to use the MBEDTLS_PSA_BUILTIN... macros defined by the cipher
modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown
e04acc271c Use PSA definitions in PSA file
This file will always be used with the PSA configurations, so use the
MBEDTLS_PSA_BUILTIN... definitions for the symmetric cyphers.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
Ronald Cron
d81ab56c84 psa: Avoid empty block
Avoid empty block to ease maintenance.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron
3772afef0f psa: key generation: Use PSA_EXPORT_KEY_OUTPUT_SIZE
Use PSA_EXPORT_KEY_OUTPUT_SIZE macro to compute the
size of the buffer to contain the generated key
instead of computing it alongside the key type and
size validation.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron
7023db5273 Move ECP key generation code to the PSA ECP specific C file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:07:46 +01:00
Ronald Cron
9e18fc1cf9 Move RSA key generation code to the PSA RSA specific C file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
977c247048 Call software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
5c4d38639d psa: Extend psa_get_key_buffer_size scope
When generating transparent keys, we need to be able
to compute the size of the key buffer whether the
key is generated by the Mbed TLS library or by an
accelerator. Thus, change the RSA/ECP
MBEDTLS_PSA_BUILTIN_... compilation guards with
their PSA_WANT_... counterparts.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
55ed0591c8 Export "internally" psa_generate_key_internal()
Export psa_generate_key_internal() to make it
available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
2a38a6b98f Change psa_generate_key_internal() signature
Change psa_generate_key_internal() signature to
that of a PSA driver generate_key entry point.

That way, this function can be called by the
driver wrapper when a software fallback is
necessary.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
2b56bc84f5 Move key buffer allocation out of psa_generate_key_internal()
Preparatory commit to eventually change
psa_generate_key_internal() signature to that of
a PSA driver generate_key entry point.

To be able to change the signature, the buffer to
store the generated key has to be allocated before
the call to psa_generate_key_internal().

This commit moves the allocation and clean-up in
case of error of the buffer to store the generated
key from psa_generate_key_internal() to
psa_generate_key().

This has the nice benefit of factorizing the key
buffer allocation and clean-up.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
01b2aba924 Move key buffer size computation out of psa_generate_key_internal()
Preparatory commit to eventually change
psa_generate_key_internal() signature to that of
a PSA driver generate_key entry point.

To be able to change the signature, the buffer to
store the key has to be allocated before the call
to psa_generate_key_internal() thus its size has
to be calculed beforehand as well.

This is the purpose of this commit: to move the
computation of the key size in bytes out of
psa_generate_key_internal().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:50 +01:00
Ronald Cron
f3bb761c00 Improve psa_generate_key_internal()
Small improvements to psa_generate_key_internal()
implementation:
. declare only once the status local variable and
  initialize it to PSA_ERROR_CORRUPTION_DETECTED
  to improve robustness against FI attacks.
. remove an unnecessary assignment.
. use type local variable instead of its global
  variable equivalent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-16 09:04:49 +01:00
Steven Cooreman
932ffb7ab2 Return NOT_SUPPORTED according to the API contract
"retval = PSA_ERROR_NOT_SUPPORTED if alg is not supported"

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 12:19:53 +01:00
Gilles Peskine
59ad77032f
Merge pull request #4131 from paul-elliott-arm/fix_crypto_leak
Fix memory leak in error case in psa_crypto
2021-02-15 11:38:13 +01:00
Gilles Peskine
9d5abfed8b
Merge pull request #4137 from stevew817/fix/unused_argument_warnings
Fix/unused argument warnings
2021-02-15 11:20:58 +01:00
Ronald Cron
5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Bence Szépkúti
a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Steven Cooreman
74afe47cc8 Fix unused variables in PSA core when no KDF algorithm is present
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:19:22 +01:00
Steven Cooreman
7196fefeef Fix unused variable in PSA core when no AEAD algorithm is present
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-10 17:18:39 +01:00
Paul Elliott
da3e7db495 Fix memory leak in error case in psa_crypto
In psa_generate_derived_key_internal() an error case was returning
directly rather than jumping to the exit label, which meant that an
allocated buffer would not be free'd.

Found via coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-09 19:03:47 +00:00
Gilles Peskine
2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Ronald Cron
a0832d47f7
Merge pull request #3958 from gilles-peskine-arm/fix-tls12-constant-namespace
Fix some PSA-related identifiers
2021-02-05 16:34:26 +01:00
Gilles Peskine
d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Ronald Cron
e907e55f39 psa: export: Check output buffer size earlier
Check output buffer size before doing anything
that requires a clean-up if a failure happens.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Ronald Cron
fb2ed5bb05 psa: import: Move registered SE support to the driver wrapper
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
bf33c93717 psa: Call import software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
a0fe59f738 psa: Export internally psa_import_key_into_slot()
Export psa_import_key_into_slot from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
2ebfdcce0e psa: Change psa_import_key_into_slot() signature
Change psa_import_key_into_slot() signature to the signature
of an import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
dd04d423b5 psa: import: Move key buffer allocation
Move key buffer allocation from psa_import_key_into_slot()
function up to the two functions calling it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
d6ec3035a4 psa: Move ECP key import to psa_crypto_ecp.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
b14dbbeb92 psa: Rename ECP key import function
Rename ECP key import function before to move
it to psa_crypto_ecp.c to adapt to the naming
of exported functions in psa_crypto_ecp.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
79cc548cf2 psa: Change psa_import_ecp_key() signature
Change psa_import_ecp_key() signature to the signature of an
import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
13f8b098cb psa: ecp: import: Move key buffer allocation
Move key buffer allocation from ECP specific
importation function up to psa_import_key_into_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
abf2aef90f psa: Move RSA key import to psa_crypto_rsa.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
b6420e3797 psa: Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key
Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key to
align its name with the naming conventions of exported
functions in psa_crypto_rsa.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
4f2a7f0190 psa: Change psa_import_rsa_key() signature
Change psa_import_rsa_key() signature to the signature of an
import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
8f813ee8d8 psa: rsa: import: Move key buffer allocation
Move key buffer allocation from RSA specific
importation function up to psa_import_key_into_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
e5ca3d8533 psa: Move RSA/ECP export code to RSA/ECP specific C file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
152e3f82e7 psa: export: Move registered SE support to the driver wrapper
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
672279829a psa: Call export software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
7285cda387 psa: Export internally psa_export_(public_)key_internal
Export psa_export_(public_)key_internal from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
d18b5f84c6 psa: Change psa_export_(public_)key_internal signature
Change psa_export_(public_)key_internal signature to
the signature of an export_(public_)key driver entry
point.

This is a preparatory commit to be able to call the
software implementations as a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
9486f9d8f0 psa: Disentangle public export and export code
Disentangle public export and export code to be
able to move the call to export and public
export operations to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
200a52c246 psa: Align naming of export internal functions
Align naming of export internal functions with the way
other psa_crypto.c internal functions are named, ending
with _internal.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
00b7bfc2c4 psa: Move xxx_load_representation functions to RSA/ECP specific modules
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
3c8ca3ad00 psa: Rename psa_export_rsa/ecp_key to mbedtls_psa_rsa/ecp_export_key
Rename psa_export_rsa/ecp_key to
mbedtls_psa_rsa/ecp_export_key before to move them to
RSA/ECP specific PSA crypto C files.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
9085708371 psa: Rename psa_load_rsa/ecp_representation
Rename psa_load_rsa/ecp_representation to
mbedtls_psa_rsa/ecp_load_representation
before to move them in their RSA/ECP
specific PSA crypto C modules.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
84cc99420c psa: Change psa_driver_wrapper_export_public_key() signature
Change psa_driver_wrapper_export_public_key() signature
to the signature of an export_public_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
8328287956 psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
ea0f8a6d1a psa: se: Create key context in SE key slots
In key slots containing the description of a key of a
dynamically registered Secure Element (SE), store the
key slot number in a key context as defined in the
PSA driver interface for opaque drivers.

That way transparent key data and slot numbers are
, in a key slot, both stored in a dynamically allocated
buffer. The `data` union in structures of type
psa_key_slot_t to distinguish between the storage of
transparent key data and slot numbers is consequently
not necessary anymore and thus removed.

This alignement of some part of the code dedicated to
dynamically registered SE with the PSA driver interface
specification is done to ease the support of both
dynamically registered and statically defined secure
elements.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
21b5616ea3 psa: Move PSA client code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:17:06 +01:00
Janos Follath
a209f34faf
Merge pull request #3996 from stevew817/feature/allow_reading_external_keys
Allow loading external wrapped keys
2021-01-29 13:34:11 +00:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm
86326a9131
Fix possible error codes in the documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-26 13:48:26 +01:00
gabor-mezei-arm
cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Gilles Peskine
43f958b24d Rename unnamespaced identifiers
Rename the enum constants TLS12_PRF_xxx, which are declared in a
public header but not intended for use in application code, to start
with MBEDTLS_PSA_.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 17:42:25 +01:00
Steven Cooreman
ac3434fc19 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-15 20:43:23 +01:00
Steven Cooreman
98435ddf84 Allow loading wrapped keys even when SE support is compiled in
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 11:33:10 +01:00
Gilles Peskine
dbf6896c82 mbedtls_to_psa_error: prefer dispatching on the low-level error
When an Mbed TLS error code combines a low-level error and a
high-level error, the low-level error is usually closer to the root
cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more
informative than RSA_PRIVATE_FAILED). So prioritize the low-level code
when converting to a PSA error code, rather than the high-level code
as was (rather arbitrarily) done before.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:04:23 +01:00
Gilles Peskine
40d8160c8e mbedtls_to_psa_error: fix a copypasta and a missing translation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
Gilles Peskine
9c3e060253 Explain the design of mbedtls_psa_get_random better
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 16:03:55 +01:00
Gilles Peskine
0c59ba88cb Fix the error detection in psa_generate_random
If a call to mbedtls_psa_get_random other than the last one failed,
this went undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 14:10:59 +01:00
Gilles Peskine
71ddab9154 Simplify the chunk loop in psa_generate_random
Make the code slightly more readable and slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:01:07 +01:00
Fredrik Strupe
462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Gilles Peskine
b2b64d3642 Rename psa_crypto_random.h to psa_crypto_random_impl.h
Make it clear that this is an abstraction of the random generator
abstraction, and not an abstraction of the PSA random generator.

mbedtls_psa_get_random and MBEDTLS_PSA_RANDOM_STATE are public-facing
definitions and will be moved in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 16:43:58 +01:00