Commit graph

14173 commits

Author SHA1 Message Date
Bence Szépkúti
cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Bence Szépkúti
c6a26c940c Update PSA Crypto persistent key storage tests
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 23:03:59 +01:00
Bence Szépkúti
a294551446 Update PSA Crypto macro values to version 1.0.0
This should be everything that's needed for the stable storage format.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Bence Szépkúti
1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Bence Szépkúti
d4585ff3c5 Fix removal of deprecated PSA constants
Due to a misplaced #endif, the (non-functional) macro definitions were
not properly removed from crypto_compat.h if MBEDTLS_DEPRECATED_REMOVED
was declared.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-11-27 17:52:56 +01:00
Ronald Cron
24a94df428
Merge pull request #3917 from goodwaterwu/development
Remove psa header files in uninstall part
2020-11-27 12:23:20 +01:00
Ronald Cron
214fea097a
Merge pull request #3918 from gilles-peskine-arm/psa-conditional-inclusion-c-20201126
PSA conditional inclusion spec: formatting fix
2020-11-27 09:02:18 +01:00
Ronald Cron
8e72a155db
Merge pull request #3907 from gilles-peskine-arm/sha512-doc-internal-fix
Move "internal use" sentence attached to the wrong function
2020-11-27 08:51:26 +01:00
Gilles Peskine
f0a9721c18 Use GitHub-compatible table formatting
Also fix a stray `.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-26 10:31:32 +01:00
Wu, Jheng-Jhong
89b98142b8 Remove psa header files in uninstall part
Uninstall psa header files which installed to DESTDIR.

Signed-off-by: Wu, Jheng-Jhong <goodwater.wu@gmail.com>
Signed-off-by: Victor Wu <victor_wu@bizlinktech.com>
2020-11-26 09:28:40 +08:00
Gilles Peskine
7af3764f9e
Merge pull request #3877 from chris-jones-arm/development
Fix _POSIX_C_SOURCE typos
2020-11-23 23:41:24 +01:00
Gilles Peskine
9aaa3e164a
Merge pull request #3786 from stevew817/feature/generate_pubkey_in_driver
Add export_public_key entry point for drivers
2020-11-23 11:54:53 +01:00
Gilles Peskine
e13fb810f2 A variable is unused in some configurations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-22 19:33:11 +01:00
Gilles Peskine
c24023649e Rename test_driver_keygen to test_driver_key_management
```
perl -i -pe 's/test_driver_keygen/test_driver_key_management/g' tests/src/drivers/key_management.c tests/suites/test_suite_psa_crypto_driver_wrappers.function
```

Follow-up of c4813a6e80

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-22 19:23:27 +01:00
Gilles Peskine
383c245142 Move "internal use" sentence attached to the wrong function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-22 13:59:43 +01:00
Gilles Peskine
662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Steven Cooreman
0737c09c7b Added changelog
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-11-20 17:31:24 +01:00
Steven Cooreman
b9b844220b Plug in the entry point for public key export through driver
Including test.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-11-20 17:31:24 +01:00
Ronald Cron
cb0a9ee33e
Merge pull request #3868 from gilles-peskine-arm/cscope-make-development
Add makefile target for cscope.out
2020-11-20 16:50:53 +01:00
Ronald Cron
651a8fc3e6
Merge pull request #3844 from oesh/add_cscope_to_gitignore
[minor] Added Cscope to .gitignore
2020-11-20 16:49:56 +01:00
Ronald Cron
3a4f0e3cc4 tests: psa: Reset key attributes where needed
After a call to psa_get_key_attributes() to retrieve
the attributes of a key into a psa_key_attributes_t
structure, a call to psa_reset_key_attributes() is
mandated to free the resources that may be
referenced by the psa_key_attributes_t structure.
Not calling psa_reset_key_attributes() may result in
a memory leak.

When a test function calls psa_get_key_parameters()
the associated key attributes are systematically
reset in the clean-up part of the function with a
comment to emphasize the need for the reset and make
it more visible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-20 13:57:26 +01:00
Ronald Cron
1d12d87d18 Improve/fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-20 13:57:15 +01:00
Gilles Peskine
8346c7a9f0 Add abstract target names for index generation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-20 11:50:08 +01:00
Ronald Cron
a3d9daca92 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
1ad1eeeaf1 psa stats: Count locked slots instead of unlocked ones
Count locked slots and not unlocked ones to
align with the other statistics counters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
5c522920ba psa: Rename functions to get a key slot
Rename functions to get a key slot:
. to make their naming more consistent
. to emphasize that those functions set a lock on the
  key slot they return to protect it from being wiped
  out and re-used while some part of the library
  is accessing it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
ab79bd27b6 tests: slot mgmt: Improve key_slot_eviction_to_import_new_key test
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
81709fc78e psa: Move key identifier return to psa_finish_key_creation()
Move the return of the identifier of a created key from
psa_start_key_creation() to psa_finish_key_creation().
That way in case of creation error, it is less likely to
return the identifier that was temporarily assigned to
the key while trying to create it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
5097294be9 psa: Decrement slot access count when finalizing key creation
Decrement the slot access count in psa_finish_key_creation()
when the finalization succeeds instead of in functions calling
psa_finish_key_creation(). That way the decrementation cannot
be forgotten and it reduces the code size.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
cbf6a1d651 psa: slot mgmt: Add access counter overflow check
It adds a bit a code for not much but that way we
are such that a count overflow cannot occur.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
4640c15deb psa: Remove error message output
Remove error message output in case of
unexpected access counter as

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
c9851141a2 programs: ssl: Fix printf parameter type cast
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
9e12f8f425 tests: psa crypto: Fix lifetime_is_secure_element()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
cbd7beab0d psa: slot mgmt: Simplify psa_validate_key_id
Special handling of volatile key identifiers is not
needed eventually, they can be handled just as
key identifier in the vendor range.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron
f473d8b44b psa: slot mgmt: Improve psa_search_key_in_slots implementation
In case of a volatile key identifier, no need to check first
the validity of the key identifier, a volatile key identifier
is valid.

Move to a forward search for non-volatile key identifiers as
now key slots with small index are allocated first by
psa_get_empty_key_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Gilles Peskine
406a5da4ab
Merge pull request #3697 from gilles-peskine-arm/psa-conditional-inclusion-c-project
PSA C configuration: more concrete information
2020-11-19 13:28:10 +01:00
Gilles Peskine
43818f8614 Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-19 11:24:11 +01:00
Gilles Peskine
9a68810405
Merge pull request #3830 from jdurkop/psa-crypto-config-phase2
Phase 2 support for MBDTLS_PSA_CRYPTO_CONFIG
2020-11-19 09:32:23 +01:00
Gilles Peskine
11ead84049
Merge pull request #3876 from maroneze/development
Fix another use of uinitialized memory in ssl_parse_encrypted_pms
2020-11-18 18:40:47 +01:00
John Durkop
07cc04a8ad Updates to PSA crypto library based on review comments
Moved new check_crypto_config.h file from include/psa to library
directory and the file is now included from *.c instead of the
crypto_config.h file. Fixed guards in PSA crypto library based
on review comments for new PSA crypto config features.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-18 08:09:49 -08:00
André Maroneze
7953329d73 Fix another use of uinitialized memory in ssl_parse_encrypted_pms
Complement to 0a8352b4: peer_pmslen is not initialized when decryption
fails, so '|= peer_pmslen' may access uninitialized memory, as indicated
by Frama-C/Eva.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>
2020-11-18 13:44:24 +01:00
Gilles Peskine
c70431451b
Merge pull request #3867 from gilles-peskine-arm/error-include-string
Fix several configuration-related issues
2020-11-17 20:32:59 +01:00
Gilles Peskine
d8c27ccab0 Fix copypasta; minor wording improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 21:44:23 +01:00
Gilles Peskine
67aed9ada6 Simplify conditional guards in error.c
Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY.

No longer include superfluous headers and definition: platform.h is
only needed for MBEDTLS_ERROR_C; time_t is not needed at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 15:02:16 +01:00
Gilles Peskine
bb483f6af8 Improve explanations around config_psa.h
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 14:35:12 +01:00
Gilles Peskine
198024cd02 Note that application code needs PSA_WANT_xxx too
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 12:04:40 +01:00
Gilles Peskine
1b1f3fb96d Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 12:02:01 +01:00
Gilles Peskine
9e069070de Fix typos
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-16 10:26:01 +01:00
Gilles Peskine
993c249242 Add a section explaining the uses of PSA_WANT_xxx
PSA_WANT_xxx is useful regardless of how the symbols are defined:
explicitly (with MBEDTLS_PSA_CRYPTO_CONFIG) or implicitly (without
MBEDTLS_PSA_CRYPTO_CONFIG).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-13 22:45:13 +01:00
Gilles Peskine
b2679984d9 Note that crypto_sizes.h needs config_psa.h as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-13 22:37:19 +01:00