Commit graph

10735 commits

Author SHA1 Message Date
Gabor Mezei
716447ff32
Fix limb size calculation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:51 +01:00
Gabor Mezei
ed1acf642c
Apply naming conventions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Gabor Mezei
5221c04b92
Change the p256_raw fuction to be testable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Gabor Mezei
ab6ac91a0a
Extract Secp256r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-08 14:09:50 +01:00
Tom Cosgrove
c15a2b949d Update the text about gcc5 support for Armv8 CE
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 12:55:48 +00:00
Przemek Stekiel
07c5ea348c Add check for buffer overflow and fix style.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 13:31:19 +01:00
Valerio Setti
733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 09:54:00 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors
Unify PSA to Mbed TLS error translation
2023-03-07 19:55:44 +01:00
Gilles Peskine
12e3c8e019
Merge pull request #7168 from mpg/use-md
Use MD (not low-level hash interface) in X.509 and TLS
2023-03-07 19:55:12 +01:00
Valerio Setti
2f1d967643 ssl: fix included pk header file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-07 18:14:34 +01:00
Tom Cosgrove
503d71769c Enable explicit_bzero() on OpenBSD
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 12:51:11 +00:00
Tom Cosgrove
5c8505f061 Fix typos
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 11:39:52 +00:00
Janos Follath
fe780a3c4b
Merge pull request #7184 from gabor-mezei-arm/6349_Secp224r1_fast_reduction
Extract Secp224r1 fast reduction from the prototype
2023-03-07 10:57:58 +00:00
Przemek Stekiel
57580f2539 Use proper enum types for pake state/sequence/step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
4dc83d40af Add check for pake operation buffer overflow
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:00 +01:00
Pengyu Lv
7b6299b49b ssl_cache: Add an interface to remove cache entry by session id
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-07 15:00:22 +08:00
Przemek Stekiel
e3ef3a15cd Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-06 17:24:32 +01:00
Gabor Mezei
97803abd2a
Update comment
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-06 16:32:16 +01:00
Manuel Pégourié-Gonnard
947cee18a1 Fix memory leak.
The function reset_checksum() can be called more than once with the same
handshake context (this happens with DTLS clients, and perhaps in other
cases as well). When that happens, we need to free the old MD contexts
before setting them up again.

Note: the PSA path was already doing the right thing by calling abort,
we just needed to do the same on the MD path.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 11:59:59 +01:00
Manuel Pégourié-Gonnard
228a30d16c
Merge pull request #7120 from mpg/md-light
Define "MD light" subset of MD
2023-03-06 11:02:19 +01:00
Dave Rodgman
4693fd9e9e
Merge pull request #7173 from daverodgman/zeroize-platform
Use platform-provided secure zeroization
2023-03-06 09:16:12 +00:00
Dave Rodgman
b0d96a23a9 Remove not-needed EABI exclusion
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 17:06:09 +00:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Przemek Stekiel
57207711d8 Add MBEDTLS_ASN1_CHK_CLEANUP_ADD macro to be able to release memory on failure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:29 +01:00
Przemek Stekiel
5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Przemek Stekiel
f40de93b1a Remove redundant variable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:10 +01:00
Andrzej Kurek
270b3f9790 Rename error_pair_t to mbedtls_error_pair_t
Required by our coding standards.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:54:13 -05:00
Andrzej Kurek
daf5b56b02 Translate to MD errors in ssl-tls.c
With the introduction of #7047, ssl_tls.c uses 
mbedtls_md_error_from_psa. This complicates
the dependencies for compiling in psa_to_md_errors,
since now these should be ifdeffed also by
MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed
MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA.
Since this mechanism will be removed soon, we can simplify it to
just MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:52:28 -05:00
Andrzej Kurek
747ab4ea5e Introduce error_pair_t to psa utils
This way error handling can be written in a cleaner way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
138b30ac62 Add missing const qualifiers
Also improve documentation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
ba24138e0f Duplicate error logic in pk_wrap deprecated functions
GCC 4.6+ complains if a deprecated function calls another.
Working around this universally would require a lot of
preprocessing, this seems to be an easier solution.
Copy mbedtls_pk_error_from_psa code without duplicates
instead of calling the function.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Gilles Peskine
6def41b146
Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail
Replace CPU modifier check with file scope target cpu modifiers
2023-03-02 15:36:41 +01:00
Dave Rodgman
528bfa640c Whitespace fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 13:54:43 +00:00
Gabor Mezei
aeadc2d731
Apply naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-01 16:53:03 +01:00
Dave Rodgman
6d6a720603 Protect against possible macro redefinition warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-01 15:09:40 +00:00
Paul Elliott
d1cddff71a
Merge pull request #7189 from daverodgman/armcc-fix
Fix macro redefinition warning from armclang
2023-03-01 11:59:26 +00:00
Gilles Peskine
802ff1b116
Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers
Remove driver entry points for psa_{get|set}_max_ops()
2023-03-01 10:46:09 +01:00
Dave Rodgman
914c632646 Whitespace
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-01 09:30:14 +00:00
Gabor Mezei
620f0dc850
Fix for 32-bit
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-28 18:42:33 +01:00
Gabor Mezei
08a94953e1
Apply naming convention for p224
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-28 18:40:57 +01:00
Dave Rodgman
e47899df20 Fix macro redefinition warning from armcc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-28 17:39:03 +00:00
Gilles Peskine
7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite
Remove pkwrite dependency in pk using PSA for ECDSA
2023-02-28 18:17:16 +01:00
Gilles Peskine
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension
Add AES with armv8 crypto extension
2023-02-28 18:16:37 +01:00
Paul Elliott
6a459f5de5
Merge pull request #7143 from paul-elliott-arm/interruptible_sign_hash_codestyle_wipeout
Update psa_wipe_output_buffer() and change name to psa_wipe_tag_output_buffer()
2023-02-28 15:34:06 +00:00
Jerry Yu
608e1093de Improve comment about conflicts between aesce and sha512-crypto
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-28 12:50:00 +08:00
Paul Elliott
15d7d43904 Pacify Clang 15
Changes for interruptible {sign|verify} hash were not merged at the time of the
previous clang 15 /retval fixes, thus this fixes code added at that time.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-27 17:25:57 +00:00
Gabor Mezei
5afb80e00a
Fix coding style issues
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 17:00:34 +01:00
Gabor Mezei
804cfd32ea
Follow the naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:50:09 +01:00
Gabor Mezei
bf506361c4
Revert the illustration and remove unnecessary code
This reverts commit 73e8553273.
Removes the second round of carry reduction from p224.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:37:32 +01:00
Gabor Mezei
73e8553273
Add comments to illustrate the second round of carry reduction is unnecessary
The first round of carry reduction can not generate a carry thus the
secound round is not needed. The comments illustrating when the
carry is 1. The reduction is simmetric so the case when the carry is
-1 is similar.
The illustration is trying to calculate the input value starting with
setting the carry to 1 before the second round of the carry reduction.
It calculates backwords and tries to determine the value range of
each word. It ends up with a contradiction that A10 must have the
value of 0 and UINT32_MAX.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 16:32:42 +01:00
Gabor Mezei
a835d20cde
Add documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-27 15:58:30 +01:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name
Add parsing of x509 RFC822 name + test
2023-02-27 14:16:13 +00:00
Jerry Yu
fc2e128fc9 Fix grammar issues and remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-27 11:16:56 +08:00
Paul Elliott
7118d17df1 Pacify code style checker
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 16:57:05 +00:00
Dave Rodgman
096e72959b Fix case of include header for mingw
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:17:35 +00:00
Dave Rodgman
f5e531a87b Fix code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:17:15 +00:00
Dave Rodgman
703f805f09 Improve explicit_bzero detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 15:19:52 +00:00
Dave Rodgman
fe57a2e008 Remove newlib detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 14:16:34 +00:00
Dave Rodgman
82f3de55b2 tidy up brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 14:08:22 +00:00
Dave Rodgman
828ec905db Improve explicit_bzero detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 13:32:26 +00:00
Dave Rodgman
f0a0e43053 explicit_bzero is not available on arm-none-eabi
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 19:01:48 +00:00
Dave Rodgman
a6fda16a41 Fix re-definition of __STDC_WANT_LIB_EXT1__
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 19:00:38 +00:00
Dave Rodgman
8a7d26f12c Typo fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 18:19:24 +00:00
Paul Elliott
dc42ca8a7e Use psa_wipe_tag_buffer() for MAC and aead code.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 18:11:59 +00:00
Dave Rodgman
8b6eded03d
Tidy-up comment
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 18:07:05 +00:00
Paul Elliott
7bc24cc512 Fix typos in documentation.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 18:04:16 +00:00
Dave Rodgman
4daca63734 Documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:43:00 +00:00
Dave Rodgman
f55182d2bf Use platform-provided secure zeroization call
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:42:43 +00:00
Dave Rodgman
f68402565a Add corresponding fix for mbedtls_ssl_write
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 15:57:30 +00:00
ashesman
937d6d5eab Update library/ssl_msg.c
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 15:57:14 +00:00
Ashley Duncan
358f94a71c Fixed undefined behavior in ssl_read if buf parameter is NULL.
Signed-off-by: Ashley Duncan <ashes.man@gmail.com>
2023-02-24 15:53:07 +00:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00
Manuel Pégourié-Gonnard
02d55d5825 Rename some local variables
The name sha512 might have made sense when it was an
mbedtls_sha512_context, but now it's weird to see things like

    mbedtls_md_setup(&sha512, ...MBEDTLS_MD_SHA384...);

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 13:31:33 +01:00
Manuel Pégourié-Gonnard
f057ecfedf Use MD not low-level sha256/512 in TLS
Same reasoning as in previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 13:30:55 +01:00
Manuel Pégourié-Gonnard
2cd751465c Use MD, not low-level SHA1, in X.509
X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the
!USE_PSA_CRYPTO branch, so we're free to use MD.

This change supports our ability to use MBEDTLS_MD_CAN_xxx macros
everywhere in the future, once they have been introduced.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 12:37:07 +01:00
Manuel Pégourié-Gonnard
0ac71c0d92 Make debug statement more portable
There's little reason for accessing the hash implementation's internal
state, its output contains most of the same information.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 12:13:55 +01:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Przemek Stekiel
d93de32267 Move to computation stage only on successfull setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-24 08:39:49 +01:00
Jerry Yu
ba1e78f1c2 fix code style and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-24 11:18:16 +08:00
Manuel Pégourié-Gonnard
1e57abd3ec Group MD_LIGHT and MD_C parts of md.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 20:45:26 +01:00
Przemek Stekiel
083745e097 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:28:23 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 13:02:13 +01:00
Ronald Cron
1aa6e8d6e9 Restore same PSK length enforcement
Restore same PSK length enforcement in
conf_psk and set_hs_psk, whether the
negotiated protocol is TLS 1.2 or TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-23 09:48:50 +01:00
Manuel Pégourié-Gonnard
f78a10052c
Merge pull request #7047 from mpg/tls-hash-errors
Handle errors from hash functions in TLS code
2023-02-23 08:49:55 +01:00
Valerio Setti
1ad9ef2132 ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 08:15:09 +01:00
Jerry Yu
947bf969e0 Improve readability of expansion size
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-23 11:07:57 +08:00
Jerry Yu
fac5a54f8a fix code style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-23 10:13:40 +08:00
Paul Elliott
59200a22aa Improve psa_wipe_output_buffer
Change name and document to ensure suitability only for "tags" is explicit. Add
support for output size of zero in PSA_SUCCESS case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-22 14:15:31 +00:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup
Bignum: Add named moduli setup
2023-02-22 12:14:33 +00:00
Przemek Stekiel
5eff1033b6 Remove redundant checks for jpake alg
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ce131bf5c5 PAKE driver: fix password releasing
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
80a8849903 Adapt conditional compilation flags for jpake alg
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
a54dc69fe0 mbedtls_psa_pake_setup: move driver password and alg init to the common part
Also in the core part change stage to computation after return from psa_driver_wrapper_pake_setup() regardless of the result. At this point driver context is active even if init has failed.

Additionally handle deallocation of password on failure in mbedtls_psa_pake_setup(). The plan was to handle deallocation on core level by calling abort on failure.
Unfortunately in this case when mbedtls_psa_pake_setup() fails with an unsupported result the built-in implementation is executed (if available) and it will reallocate the password leading to the memory leak.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
6d77830c6a Remove redundant code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
dff21d3429 Move jpake role check to psa_pake_complete_inputs()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
4fcc61eec0 Optimize psa_pake_ecjpake_setup()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
849c35f8b4 Remove pake abort on failure from driver (handled by core)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
e1d51bf3c9 Optimieze psa_pake_complete_inputs()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
3e784d8981 PSA crypto pake: call abort on each failure
Adapt driver hook counters in pake driver test.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
d69dca9fc4 Rework psa_pake_abort
- Fix potential issue with freeing password
- Clean operation object even if psa_driver_wrapper_pake_abort fails
- Remove redundant code

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
f62b3bb087 Optimization of pake core functions
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
d5d28a217f Use operation alg for locking key slot
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
1c3cfb4fb0 Introduce PSA_PAKE_OPERATION_STAGE_SETUP to optimize out alg checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ff01bc496c Remove j-pake specific checks from psa_pake_setup
mbedtls_psa_pake_setup has already check for PSA_PAKE_PRIMITIVE_TYPE_ECC primitive.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
dde6a910bb Optimize out psa_pake_computation_stage_t
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
5cbca790f7 Make usage of pake input getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
18620a3b1c Make copy of inputs on stack before passing to psa_driver_wrapper_pake_setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ca8d2b2589 Add get-data functions for inputs + tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
7b730175b3 Simplify psa_pake_computation_stage_s structure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
2797d37424 Split handling of memory allocation for password between core and driver
Driver is now responsible for creating its own copy of the password in the setup function.
After calling pake setup driver entry point core frees memory for password.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
be5e27b5ad Remove redundant code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
ca67483b15 psa_crypto_pake.h: adapt function descriptions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93 Divide pake operation into two phases collecting inputs and computation.
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
061f6949fd Make psa_get_and_lock_key_slot_with_policy() static function
psa_get_and_lock_key_slot_with_policy() becomes public temporarily as part of:
https://github.com/Mbed-TLS/mbedtls/pull/6608

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
0c78180ee5 mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
6c7644150a Adapt pake impl for driver dispatch
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
2e73649f9c Add pake psa crypto driver wrappers implementation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
5ae609631e Move the common parameters check code out of the wrapper
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
a7d08c3009 Add PSA PAKE api calling the PAKE wrappers
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
7da8c56b84 Add PSA PAKE wrappers
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Neil Armstrong
56b8d23ca1 Add mbedtls_ prefix to PSA PAKE over MbedTLS implementation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2023-02-22 11:25:30 +01:00
Manuel Pégourié-Gonnard
63e33dd175 Fix unchecked return value
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-22 10:09:40 +01:00
Jerry Yu
3304c204ba Improve readabilities
- Add more comments
- Adjust setkey_enc

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-22 14:37:11 +08:00
Jerry Yu
4d786a732b Fix regression issue for clang workaround.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-22 11:01:07 +08:00
Gilles Peskine
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug
Fix bugs in OID to string conversion
2023-02-21 23:16:44 +01:00
Manuel Pégourié-Gonnard
da7979bb91 Restore debug message removed by mistake
Also while at it, fix debug level for existing DEBUG_RET: errors should
always be level 1.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
8e176f747c Fix wrong return statement
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
626aaed213 Fix unused variable warnings in some builds
Found by depends.py MBEDTLS_SHA512_C

In principle, the case where neither SHA-256 nor SHA-384 are available
should never occur, as both TLS 1.2 and TLS 1.3 depend on one of those
being defined. However for now dependencies for TLS 1.2 are not as tight
as they should be; this will be fixed later and is tracked as #6441.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
43cc127d3a Fix code style
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
e1a4caa934 Handle hash errors in calc_finished
That's the last family of functions. All calls to mbedtls_sha* and
psa_hash_* in library/ssl_tls.c are now checked for errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b9b564e64b Handle hash errors in calc_verify
On top on some calls not being checked, the PSA path was missing a call
to abort() on errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
df94901566 Handle hash errors in update_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b72ff498c9 Handle hash errors in reset_checksum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
b8b07aa24a Handle errors from functions that now return int
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
d7a7a23308 Use reset_checksum in reset_transcript_for_hrr
This function was manually resetting just the hash that would be used;
it's simpler to just call the function that resets all hashes. This also
avoids calling low-level code from TLS 1.3.

While at it, remove the guards about SHA-256 || SHA-384 that were around
update_checksum, as they are redundant: update_checksum already has
appropriate guards (and TLS 1.3 already depends on one of those tow
hashes being present anyway).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
537f231fd9 Split hash start out of handshake_params_init
This part can fail, so it shouldn't be intermixed with the part that
can't fail and is there to ensure all structures are in a clean state,
should any error happen.

Fortunately, the part that should be split out already had a function
doing it: reset_checksum. Also, handshake_params_init had only one
calling site to update.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard
226aa15702 Make handshake hashing functions return int
There are three family of functions: update_checksum, calc_verify,
calc_finished, that perform hashing operations and were returning void
so far. This is not correct, as hashing functions can return errors (for
example, on hardware failure when accelerated). Change them to return
int.

This commit just changes the types: for now the functions always return
0, and their return value is not checked; this will be fixed in the
next few commits.

There is a related function in TLS 1.3,
mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and
already returns int but does not correctly check for errors from hashing
functions so far, it will also be handled in the next few commits.

There's a special case with handshake_params_init: _init functions
should return void, so we'll need to split out the part that can return
errors, see the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Ronald Cron
d89360b87b Fix and improve documentation, comments and logs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-21 14:57:25 +01:00
Przemek Stekiel
18904acc93 Adapt the code to support SAN types: uniformResourceIdentifier, dNSName and IPAddress
According to documentation OPCUA requires: uniformResourceIdentifier, dNSName and IPAddress
https://reference.opcfoundation.org/Core/Part6/v105/docs/6.2

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-21 13:42:39 +01:00
Hannes Tschofenig
6b108606fa Added ability to include the SubjectAltName extension to a CSR
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2023-02-21 13:42:39 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
Gabor Mezei
aef0f2de9f
Fix limb size calculation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:35:31 +01:00
Gabor Mezei
e14b5bdba7
Change the ecp_mod_p224_raw to be testable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:35:26 +01:00
Gabor Mezei
66f88a9d22
Extract Secp224r1 from the prototype
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-21 11:32:29 +01:00
Jerry Yu
ba4ec24c79 fix code style failure
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:59:18 +08:00
Jerry Yu
baae4012bf merge setkey_enc* functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:28:03 +08:00
Jerry Yu
c8bcdc8b91 fix various issues
- Improve some function names
- Improve comments
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:16:20 +08:00
Dave Rodgman
a1b2bfff46 Add clarifying comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-20 14:45:09 +00:00
David Horstmann
5b5a0b618c Change error codes to more appropriate codes
The more precise error codes are borrowed from the ASN1 module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-20 14:24:12 +00:00
Przemek Stekiel
82d250d8b0 Use const char for names and adapt style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
5b9e4168cf Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Przemek Stekiel
ecee12f04f Add parsing of SAN: rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Minos Galanakis
a30afe2216 ecp_curves: Minor refactoring.
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:53:06 +00:00
Minos Galanakis
dd556921c9 ecp_curves: Exposed mbedtls_ecp_modulus_setup() through ecp_invasive.h
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:50:41 +00:00
Minos Galanakis
d2ca802329 ecp_curves: Added mbedtls_ecp_modulus_setup().
This patch introduces a new static method, responsible
for automatically initialising an modulus structure,
based on the curve id and a modulus type selector.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:49:46 +00:00
Janos Follath
ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction
Add a raw entry point to Secp521r1 fast reduction
2023-02-20 13:03:12 +00:00
Ronald Cron
4bb6773640 tls13: Apply same preference rules for ciphersuites as for TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Ronald Cron
0a1c504156 tls13: Fix session resumption with 384 bits PSKs
MBEDTLS_PSK_MAX_LEN main purpose is to determine
a miximum size for the TLS 1.2 pre-master secret.

This is not relevant to TLS 1.3 thus disable in
TLS 1.3 case the check against MBEDTLS_PSK_MAX_LEN
when setting during the handshake the PSK through
mbedtls_ssl_set_hs_psk(). This fixes the session
resumption with 384 bits PSKs when MBEDTLS_PSK_MAX_LEN
is smaller than that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Ronald Cron
25e9ec61f0 tls13: server: Select preferred cipher suite
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Ronald Cron
fc7ae87ad4 tls13: server: Check ciphersuite list length parity once
Check ciphersuite list length parity once,
mainly to enable the possibility of getting
out of the loop of the ciphersuites whenever
we want.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Ronald Cron
606671e06e tls13: server: Check mbedtls_ssl_set_hs_psk returned value
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-20 11:42:19 +01:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Paul Elliott
f8e5b56ad8 Fix get_num_ops internal code.
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-19 18:55:10 +00:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 22:30:06 +01:00
Gabor Mezei
ac70ad6576
Fix coding style
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-16 19:31:21 +01:00
Manuel Pégourié-Gonnard
ba2412fd21 Remove internal function md_process()
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.

Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 18:44:46 +01:00
Dave Rodgman
fc64352253 Adjust position of empty line
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-16 16:23:09 +00:00
Paul Elliott
ba70ad4944 Add safety for keys larger than we currently support.
Prevent buffer overflow with keys whos grp.nbits is greater than
PSA_VENDOR_ECC_MAX_CURVE_BITS.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
93d9ca83ea Move num_ops ECP abstraction fully into internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Andrzej Kurek
81b0b89a34 Clarify comments on subjectAltName types
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-16 06:55:10 -05:00
Jerry Yu
a135deeece Move clang bug workaround to the head of file
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 17:56:33 +08:00
Jerry Yu
383cbf42a0 Add minimum version of sha256 for clang
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 15:16:43 +08:00
Jerry Yu
8ae6a0193c Add comments about gcc-5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 15:16:20 +08:00
Jerry Yu
2f2c04956d Add GCC options pop
Reduce the scope of target pragma to meet
behavior of clang.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 14:24:46 +08:00
Jerry Yu
92fc538a22 Add attribute popup
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 11:17:11 +08:00
Paul Elliott
2c9843f2a4 Make mbedtls_sa_ecp_load_public_part return psa_status_t
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
7ef174b285 Correct insufficient memory return documentation.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
a1c9409d88 Move structure init calls as early as possible
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
ebe225cf7b Move num ops update to only point where work can be done.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
53bb312054 Wipe output buffer even when INCOMPLETE is returned.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c569fc268f Switch from nbits to pbits
Correct coordinate size is grp.nbits, not grp.pbits.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
6d99f0c265 Fix errors in psa_wipe_output_buffer() doc comment.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
0290a76fc2 Fix buffer overflow with hashes larger than key size.
Truncate input hashes to curve private key size as that is all that is required
for the internal implementation.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
724bd25f4b Fix missing mbedtls_mpi_free() on signing.
After moving the MPIs used to output from the operation into the complete
function, I failed to move the accompanying free as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
84329464d5 Replace allocated hash buffer with array
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
e6145dc47f Add documentation comment to internal abort functions
Explain the reasoning behind not clearing some variables.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
de1114c883 Fix {sign|verify}_get_num_ops
Move the obfuscation of the internal library only returning a delta of ops done
into the driver wrapper, thus meaning driver wrapper and API call both return
absolute values of work done. Document the differences at the internal
implementation level.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
939bd9485d Move output buffer wiping code to seperate function.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1243f93cca Fix build fails with non ECDSA / restartable builds
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00