This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Changes for interruptible {sign|verify} hash were not merged at the time of the
previous clang 15 /retval fixes, thus this fixes code added at that time.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.
Move the internal ecp set to before each ecp call.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable
MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the
full PSA crypto feature set. Historically, we didn't have a good place for
configuration modification, so we did this early in the crypto.h include
tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that.
Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before, if psa/crypto_platform.h was overridden and the override didn't
include "mbedtls/build_info.h", it was possible to end up with parts of
the headers not taking the library configuration into account, if no
mbedtls header was included before "psa/crypto.h". Make sure that
the mbedtls configuration is visible from the start, no matter what is
or is not in the platform header.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Needs to be adapted for the clang -Wall -Wextra.
Requirea to explicitly initialize all the members of the struct that is the first member in the union.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Workaround for CI error:
Parsing source code...
Compiling...
=============
All symbols in header: PASS
Naming patterns of public_macros: PASS
Naming patterns of internal_macros: PASS
Naming patterns of enum_consts: FAIL
> include/psa/crypto_extra.h:1857: 'return' does not match the required
pattern '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'.
|
1857 | return cipher_suite->algorithm;
| ^^^^^^
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
Now when logic is moved to core information about `alg` is required.
`computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Make it clear that these functions reset the number of ops, and remove
statements that say they have no effect.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Also make previous changes apply to both interruptible sign hash operation
structures rather than just the one as it was.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
