Commit graph

29098 commits

Author SHA1 Message Date
Chien Wong
99ff1f505b
Add test cases on GCM AD, input, IV length
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-24 20:52:27 +08:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t)
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-23 21:38:06 +08:00
Chien Wong
858bc65d74
Add comment on impossible overflows
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-22 20:47:26 +08:00
Chien Wong
bf4b5ed7a4
Add back restriction on AD length of GCM
Fixes: bd513bb53d
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-22 20:43:54 +08:00
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461
psa_asymmetric_encrypt() doesn't work with opaque driver
2024-01-22 08:43:08 +00:00
Janos Follath
fb12d9204d
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
Implement the key slot mutex
2024-01-19 20:49:18 +00:00
Ryan Everett
63952b7de5 Fix typo
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 13:45:19 +00:00
Ryan Everett
7aeacc1ec4 Add empty line in register_read comment
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 13:02:58 +00:00
Ryan Everett
558da2ffd3 Move key_slot_mutex to threading.h
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 12:59:28 +00:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Ryan Everett
fb02d57de7 Document the thread safety of the primitive key slot functions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:54:42 +00:00
Ryan Everett
0e3b677cf4 Support PSA_ERROR_SERVICE_FAILURE
To be returned in the case where mbedtls_mutex_lock and
mbedtls_mutex_unlock fail.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:29 +00:00
Ryan Everett
846889355c Initialize and free the key slot mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:05 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial
ECP keypair utility functions
2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Ryan Everett
491f7e5ac3 Define key_slot_mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:21:38 +00:00
Valerio Setti
4f34b155f5 test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private
Only mbedtls_test_opaque_unwrap_key() is actually needed by other
test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key()
can be kept private to test_driver_key_management.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 08:44:13 +01:00
Valerio Setti
43ff242a8b changelog: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 08:42:38 +01:00
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf
Ctr perf
2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states
Implement the new key slot state system within the PSA subsystem.
2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
2024-01-17 14:12:33 +00:00
Ryan Everett
38a2b7a6a3 Extend psa_wipe_key_slot documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:40:29 +00:00
Dave Rodgman
885248c8ee Add header guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-17 11:06:31 +00:00
Valerio Setti
584dc80d96 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 08:06:32 +01:00
Bence Szépkúti
1325942c28
Merge pull request #8707 from bensze01/new_redirect_format
Migrate to new RTD redirect format
2024-01-16 20:22:08 +00:00
Dave Rodgman
9039ba572b Fix test dependencies
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 18:38:55 +00:00
Dave Rodgman
7e5b7f91ca Fix error in ctr_drbg
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 17:28:25 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 16:27:34 +00:00
Bence Szépkúti
333ca8fdfc Migrate to new RTD redirect format
Migrate to the new redirect format introduced by ReadTheDocs in
readthedocs/readthedocs.org#10881

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-01-16 17:06:06 +01:00
Dave Rodgman
9f97566c04 Add Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 13:24:45 +00:00
Valerio Setti
4860a6c7ac test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 16:30:12 +01:00
Valerio Setti
62b6f10f64 test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 16:30:07 +01:00
Valerio Setti
66a827fc83 test_driver_key_management: make opaque [un]wrapping functions public
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 15:00:52 +01:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5 Iterate in 16-byte chunks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Valerio Setti
5bb454aace psa_crypto: allow asymmetric encryption/decryption also with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:43:16 +01:00
Valerio Setti
f202c2968b test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:42:37 +01:00
Dave Rodgman
67223bb501 add support for AES-CTR to benchmark
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-12 18:33:57 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00