Same as mbedtls_ecp_write_key(), but doesn't require the caller to figure out
the length of the output and possibly distinguish between Weierstrass and
Montgomery curves.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Re-restore mbedtls_x509_string_to_names() to public as our example
programs use it, and it is the reverse of mbedtls_x509_dn_gets().
Add a docstring, so that it is a properly documented public function.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Remove the ability to select a custom public exponent via domain parameters
in RSA key generation. The only way to select a custom public exponent is
now to pass custom production parameters to psa_generate_key_ext().
A subsequent commit will remove domain parameters altogether from the API,
thus this commit does not bother to update the documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The setup calls are the only calls to use a key ID.
The key is then copied into the operation object,
all future API calls use the copy instead of the key in the slot.
Simultaneous API calls on the same operation object are not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The only interaction with key IDs here is in the changed function.
Simultaneous API calls on the same operation object are not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
One can input a key using a key identifier through the two changed functions.
Inputted keys are copied into the operation object.
Any material inputted in byte form is separate to the key slot system.
Outputting a key is threadsafe as per the key loading work.
The verification API is yet to be implemented.
Simultaneous API calls on the same operation object are not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Within setup we create a copy of the key and put it in the operation field.
After setup, we only ever use the new copy,
and do not interact with any key slots.
Therefore we need only register as a reader of the key during setup,
then unregister after we stop accessing the key.
Simultaneous API calls on the same operation object are not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
We copy the key from a slot to the operation object in _start.
_complete and _abort do not access any key slots, instead using
the local copy.
Concurrently using the same operation object is not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
We copy the key from a slot to the operation object in _start.
_complete and _abort do not access any key slots, instead using
the local copy.
Concurrently using the same operation object is not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Within setup we create a copy of the key and put it in the operation field.
After setup, we only ever use the new copy - and do not interact with any key slots.
Therefore we need only register as a reader of the key during setup,
then unregister after we stop accessing the key.
Simultaneous API calls on the same operation object are not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This function should be internal, being exposed only via functions like
mbedtls_x509write_crt_set_subject_name().
Signed-off-by: David Horstmann <david.horstmann@arm.com>
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295
Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH instead of
MBEDTLS_ERR_PEM_BAD_INPUT_DATA in case of errors.
This commit also fix related failures in test pkparse and
pem test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Fix the workaround for the weirdness of mbedtls_ecp_write_key(), which
assumed a Weierstrass key.
This fixes the Montgomery private key parse tests in test_suite_pkparse.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():
* Invoke the built-in code if using a non-default method, even if there
might be an accelerator. This is ok because we only support non-default
methods for RSA and we don't support driver-only RSA, therefore a
non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
driver.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement and unit-test the new functions psa_generate_key_ext() and
psa_key_derivation_output_key_ext(), only for the default method.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This means we can hold the mutex around the call to reserve_free_key_slot
in get_and_lock_key_slot, avoiding inefficient rework.
(Changes to get_and_lock_key_slot are not in scope in this PR)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Hold the mutex for the entirety of the call.
We need the mutex for the wipe, also hold it for aborting driver transactions as this
may have side effects.
We can't use the macros here as this function returns void.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>