Commit graph

1104 commits

Author SHA1 Message Date
Paul Elliott
355f59edbe Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
e716e6c00b Switch cipher enabled macros
Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
baff51c8b7 Make sure nonce length checks use base algorithm
Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 17:47:24 +01:00
Paul Elliott
bb0f9e1740 Move all nonce length checks to PSA Core
Remove duplicated code from oneshot API

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 11:16:27 +01:00
Paul Elliott
4ed1ed18d2 Move nonce size checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
325d374e3d Move set lengths checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
Paul Elliott
90fdc117dd Make NULL tag check more explicit
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
70618b22a9 Change sizeof to variable rather than struct
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Gilles Peskine
6c12a1e9f2 Add ARIA to the PSA API
Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-21 11:59:39 +02:00
Paul Elliott
ec95cc9489 Add safety for NULL tag being passed to finish
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 22:39:06 +01:00
Paul Elliott
4c916e8d74 Improve comment on buffer clearing
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
69bf5fc901 Const correctness
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
70f447dfe5 Replace individual zeroization with memset
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Archana
9d17bf4215
Styling and refactoring
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-10 07:16:08 +05:30
Archana
374fe5b8d2
Handle zeroed attributes key bits and type in copy
The target attributes for key copy could have key bits and
type zeroed. If so, they need to be overwritten/ inherited
from the source key.
This is now forcefully overwritten after validating the
optional attributes. As a result assigning attributes type
and bits after copy are no longer necessary.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:09:19 +05:30
Archana
449608bc61
Code style improvements
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:13 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
6ed4bda2c6
pre-existing validation extended
The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:00 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Archana
d8a83dc172
Sizing of key buffer for opaque keys
Create a new sizing function for determining the size required for key
storage based on the input key data.
This is required for key imports where the key length might need to be
derived from the data.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:48 +05:30
Ronald Cron
3b097eb68f
psa: Remove psa_key_slot_is_external()
Remove psa_key_slot_is_external() that is not used anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:41 +05:30
Ronald Cron
9b8b69c30a
psa: Remove buggy report of RSA public exponent for opaque keys
The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:32 +05:30
Ronald Cron
512ad81318
psa: Fix slot number key attribute
Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:26 +05:30
Ronald Cron
ddae0f5642
Clarify psa_get_and_lock_transparent_key_slot_with_policy() purpose
Clarify the purpose of
psa_get_and_lock_transparent_key_slot_with_policy() and
define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled
for the purpose of static drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:20 +05:30
Paul Elliott
3d7d52c2ed Formatting fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Paul Elliott
3242f6c8ef Fix formatting issue
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
b8db2c5726 Remove extra blank lines
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
daf5c8954c Remove extraneous state checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
d9343f2f0f Refactor is_encrypt into aead setup arguments
Avoid touching the operation until later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Mateusz Starzyk
ce0e6a9dea Require MESSAGE flag in PSA MAC setup.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-20 11:33:51 +02:00
Paul Elliott
e0a12bd852 Refactor aead setup functions into single function
Move common encrypt / decrypt code into common function, and roll in
previously refactored setup checks function, as this is now the only
place it is called.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-19 19:18:28 +01:00
Joe Subbiani
5ecac217f0 Prefixed macros with MBEDTLS
As per tests/scripts/check-names.sh, macros in
library/ header files should be prefixed with
MBEDTLS_
The macro functions in common.h where also indented
to comply with the same test

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
50dde56543 Implement byte reading macros into library/
To improve readability by saving horizontal and vertical space.
Removed unecessary & 0xFF.
Byte reading macros implemented in library/common.h, All files
containing "& 0xff" were modified.
Comments/Documentation not yet added to the macro definitions.

Fixes #4274

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Paul Elliott
814fffbd72 Remove overly strict final checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-16 18:44:42 +01:00
Paul Elliott
32925b9e5b Make sure unused parts of tag buffer are cleared
We already did this on failure, but make sure the buffer does not leak
what was in it previously on success

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
Paul Elliott
a561444561 Add missing space
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-07-21 18:51:23 +01:00
TRodziewicz
c9890e9a8c Rewording comments
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-14 10:16:26 +02:00
TRodziewicz
18cddc08c7 Reverting comments deleted in previous PR
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-13 12:19:15 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-09 14:27:04 +02:00
TRodziewicz
d9be65277d Corrections to the new functions names and error message wording
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 15:16:00 +02:00
TRodziewicz
053b99b90b Re-introduction of key slot chekcs
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-07-05 12:06:03 +02:00
gabor-mezei-arm
3f860e4c18
Remove invalid buffer overflow check
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:55:24 +02:00
gabor-mezei-arm
258ae07fb0
Add checks for buffer size
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
6f4e5bbe37
Initialize output buffer length to 0
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
0dfeaaf5c9
Remove confising comments
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9951b50b8a
Remove comments
These comment cannot bring more information than the code does.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:49:00 +02:00
gabor-mezei-arm
a9449a0b07
Dispatch cipher functions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:48:59 +02:00
gabor-mezei-arm
ba0fa75eae
Implement one-shot cipher
Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 19:14:34 +02:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Dave Rodgman
63ad854de8
Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error
Psa cipher and mac abort on error
2021-06-25 15:39:59 +01:00
Dave Rodgman
90d1cb83a0 Use more standard label name
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-25 09:09:02 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
f9f1bdfa7b Translate MBEDTLS_ERR_PK_BUFFER_TOO_SMALL for PSA
The error is currently never returned to any function that PSA calls,
but keep mbedtls_to_psa_error up to date in case this changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Paul Elliott
ed68d7464d Move buffer size checks up to psa_crypto layer
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-24 20:40:47 +01:00
Paul Elliott
c2b7144da0 Simplify logic and factor out initial checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-24 20:40:47 +01:00
Paul Elliott
7f429b747b Remove code duplication and fix formatting
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-24 20:40:47 +01:00
Dave Rodgman
8036bddb01 Tidy up logic in psa_mac_sign_finish
Simplify the logic in psa_mac_sign_finish.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:19:08 +01:00
Dave Rodgman
b5dd7c794d Correct coding style issues
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:17:43 +01:00
Dave Rodgman
54648243cd Call abort on error in psa_mac/cipher setup
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:49:45 +01:00
Dave Rodgman
685b6a742b Update multipart hash operations to abort on error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:49:14 +01:00
Dave Rodgman
38e62aebc3 Update cipher and mac functions to abort on error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 18:59:17 +01:00
Paul Elliott
95271f10c3 Call set_nonce direct rather than by wrapper
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 18:30:20 +01:00
Gilles Peskine
f9a046ecb5 Remove duplicate wipe call in psa_destroy_key
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:53:56 +02:00
Gilles Peskine
6687cd07f3 Refuse to destroy read-only keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Paul Elliott
ad53dcc975 Move common final checks to function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-23 08:51:29 +01:00
Paul Elliott
534d0b4484 Finish / Verify state checks
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
f88a565f18 Better tag size default for m-aead finish
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
d89304ebb7 Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
e4030f2cd1 Replace function with macro that already exists
I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 22:14:47 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-22 16:31:09 +01:00
Gilles Peskine
36ff66c4b4
Merge pull request #4316 from gabor-mezei-arm/3258_implement_one-shot_MAC
Implement one-shot MAC
2021-06-22 12:18:25 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Ronald Cron
a587cbc3a4 psa: mac: Add driver delegation support for psa_mac_verify()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
cd989b5598 psa: mac: Introduce psa_mac_compute_internal
Introduce psa_mac_compute_internal with an
additional `is_sign` parameter compared to
the psa_mac_compute API. The intent is to
call psa_mac_compute_internal() from
psa_mac_verify() as well to compute the
message MAC.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
c3dd75f71b psa: mac: Improve MAC finalization code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:22 +02:00
Ronald Cron
51131b53fe psa: mac: Add driver delegation support for psa_mac_compute()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-21 09:19:09 +02:00
Ronald Cron
79bdd82eaa psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 22:18:06 +02:00
Ronald Cron
2dff3b2a18 psa: mac: Split psa_mac_setup()
Split out of psa_mac_setup() the final checks on
the requested algorithm and the key attributes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 22:09:28 +02:00
Ronald Cron
28ea050cf4 psa: mac: Re-organize psa_mac_setup() internal function
Re-organize psa_mac_setup() to prepare the move
to a dedicated function of the additional checks
on the algorithm and the key attributes done by
this function. We want to move those checks in
a dedicated function to be able to do them
without duplicating them in psa_mac_compute().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-18 21:02:32 +02:00
Gilles Peskine
e96c5854d0 Move the inclusion of crypto_spe.h to psa/crypto_platform.h
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-17 11:43:58 +02:00
Gilles Peskine
532327b429
Merge pull request #4576 from gilles-peskine-arm/psa_key_derivation-bad_workflow-20210527
PSA key derivation bad-workflow tests
2021-06-17 09:55:39 +02:00
gabor-mezei-arm
4076d3e9f3 Implement one-shot MAC functions
Implement one-shot MAC APIs, psa_mac_compute and psa_mac_verify, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-16 16:28:07 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
b1edaec18f Fix missing state check for tls12_prf output
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-11 22:41:46 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-08 14:11:10 +02:00
TRodziewicz
58d6eb5024 Removing unneeded comment
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-02 14:43:11 +02:00
Paul Elliott
40ef3a9454 Fix state logic and return codes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-06-01 17:17:58 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead
Conflicts:
* None
2021-06-01 17:13:19 +01:00
TRodziewicz
062f353804 Changes after code review
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:34:14 +02:00
TRodziewicz
cc7074128a Remove MBEDTLS_CHECK_PARAMS option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:33:32 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix
psa: Support RSA signature without MBEDTLS_GENPRIME
2021-05-27 14:19:24 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2
Remove rsa mode params part 2
2021-05-25 20:36:33 +02:00
Paul Elliott
f47b0957ab Set tag to 'impossible' value on failure to encrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Paul Elliott
6eb959854b Improve state logic
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Paul Elliott
6981fbcf10 Remove unneccessary guard for key unlock
Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-21 18:05:04 +01:00
Paul Elliott
e715f88d9d Fix key slot being used uninitialised on error
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 21:55:39 +01:00
Paul Elliott
1a98acac1c Properly handle GCM's range of nonce sizes
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
ee4ffe0079 Move AEAD length checks to PSA core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
b91da71db1 Remove unrequired initialisation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
ac1b3fd5b6 Ensure that key gets unlocked in case of error
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Paul Elliott
cee785cd72 Seperate id checks from other state checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-20 18:39:58 +01:00
Jaeden Amero
424fa93efd psa: Support RSA signature without MBEDTLS_GENPRIME
On space-constrained platforms, it is a useful configuration to be able
to import/export and perform RSA key pair operations, but to exclude RSA
key generation, potentially saving flash space. It is not possible to
express this with the PSA_WANT_ configuration system at the present
time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it
was possible to configure a software PSA implementation which was
capable of making RSA signatures but not capable of generating RSA keys.
To do this, one unset MBEDTLS_GENPRIME.

Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this
expressivity was lost. Expressing that you wanted to work with RSA key
pairs forced you to include the ability to generate key pairs as well.

Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if
MBEDTLS_GENPRIME is also set. This restores the configuration behavior
present in Mbed TLS v2.24.0 and earlier versions.

It left as a future exercise to add the ability to PSA to be able to
express a desire for a software or accelerator configuration that
includes RSA key pair operations, like signature, but excludes key pair
generation.

Without this change, linker errors will occur when attempts to call,
which doesn't exist when MBEDTLS_GENPRIME is unset.
    psa_crypto_rsa.c.obj: in function `rsa_generate_key':
    psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key'

Fixes #4512

Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
2021-05-20 17:08:59 +01:00
Gilles Peskine
864b425156
Merge pull request #4488 from tom-daubney-arm/remove_rsa_mode_params
Remove rsa mode params part 1
2021-05-17 13:49:19 +02:00
Thomas Daubney
141700f057 Removes mode param from mbedtls_rsa_rsaes_oaep_encrypt
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
2177277dda Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Paul Elliott
a559b3ce56 Remove key_set and use id instead
In keeping with the other PSA multipart operations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
bbe90b5f7f Formatting fixes for psa_crypto.c
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
81231f33f0 Return invalid argument for unsupported algorithm
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
39dc6b8aa5 Add abort call to all failure points
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
cbbde5f28c Split multipart AEAD contexts into two parts
Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
2df40057b3 Fix excessive line lengths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
c4e1dcf006 Fix incorrect PSA key usage
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
Paul Elliott
302ff6bdd6 Implement multipart AEAD PSA interface
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-05-14 19:03:26 +01:00
gabor-mezei-arm
f048618b43
Unify variable type and rename to be unambiguous
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
474a35f635
Return error if algorithm is not hash-then-sign for psa_sign_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
8b3e88614c
Use bool variable instead of enum values
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
12b4f34fff
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
6cdf637f88
Use switch-case for error handling
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
f9820f92cf
Fix for algorithms other than hash-then-sign
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
b5c1e37aff
Use driver-wrapper functions for psa_sign/verify_message
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
0f62240942
Enable algorithms other than hash-then-sign
For psa_hash/verify_message other algorithms than hash-then-sign is
enabled like PureEdDSA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
46c23a051c
Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
50eac35d58
Dispatch sign/verify funtions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
5b44652593
Unify similar functions
Use common funtion for psa_sign_hash and psa_sign_message and one for
psa_verify_hash and psa_verify_message to unify them.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:57 +02:00
gabor-mezei-arm
4a21019653 Implement psa_sign_message and psa_verify_message functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:49 +02:00
Thomas Daubney
d21e0b780a Remove mode parameter from mbedtls_rsa_rsaes_oaep_decrypt function
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.

Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:49:41 +01:00
Thomas Daubney
c7feaf349c Remove mode param from mbedtls_rsa_pkcs1_decrypt
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-12 18:43:06 +01:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
Steven Cooreman
8af5c5c7de Be explicit about why the zero-length check is there
Since a valid mac operation context would guarantee that the stored
mac size is >= 4, it wasn't immediately obvious that the zero-length
check is meant for static analyzers and a bit of robustness.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-11 11:09:13 +02:00
Steven Cooreman
d1a68f10c0 Supply actual key bits to PSA_MAC_LENGTH during MAC setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:14 +02:00
Steven Cooreman
72f736a191 Move is_sign and mac_size checking back to PSA core scope
It makes sense to do the length checking in the core rather than expect
each driver to deal with it themselves. This puts the onus on the core to
dictate which algorithm/key combinations are valid before calling a driver.

Additionally, this commit also updates the psa_mac_sign_finish function
to better deal with output buffer sanitation, as per the review comments
on #4247.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-10 11:29:13 +02:00
Steven Cooreman
094a77e79c Code flow and style improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
a6df6040ee Base the PSA implementation of TLS 1.2 PRF on the MAC API
This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1ed1d935f Make HKDF use the generic MAC API
Such that the underlying HMAC can be accelerated if such a driver is present

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
dd1a915c0f Rename HMAC operation structure
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
36876a01a4 Make safer_memcmp available to all compile units under PSA
Now renamed to mbedtls_psa_safer_memcmp, it provides a single location
for buffer comparison.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
ba9a5bf5e7 Code flow/readability improvements after review
* Early return since there's nothing to clean up
* Get rid of unnecessary local variable
* Check algorithm validity for MAC in the PSA core instead of in the driver

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:33:50 +02:00
Steven Cooreman
d1955af5df Rename internal HMAC structure type to match convention
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
4fdf060a81 Complete, document and fully use internal HMAC API
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
a5b860a5f8 Migrate MAC finish calls into the software driver
Step 3/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Copied the implementation of safer_memcmp from psa_crypto into
  psa_cipher_mac since the mac_verify driver implementation
  depends on it, and it isn't available through external linkage

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
6e7f291bb5 Migrate MAC update call into the software driver
Step 2/x in moving the driver. Separate commits should make for easier
review.

Additional changes on top of code movement:
* Early-return success on input with zero-length to mac_update, to
  avoid NULL pointers getting passed into the driver dispatch

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
e680419791 Migrate MAC setup/abort calls into the software driver
Step 1/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of just moving code:
* Added a sanity check on the key buffer size for CMAC.
* Transfered responsibility for resetting the core members of the
  PSA MAC operation structure back to the core (from the driver
  wrapper layer)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
82c66b6b8b Move internal HMAC implementation into internal MAC driver
This is a temporary measure. Other operations in the PSA Core which rely
on this internal HMAC API should be rewritten to use the MAC API instead,
since they can then leverage accelerated HMAC should a platform provide
such acceleration support.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Steven Cooreman
77e2cc5661 Move the MAC operation structure into the driver headers
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Manuel Pégourié-Gonnard
805251b70c Update psa_validate_key_policy() for the new policy
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 09:49:59 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00