Add a client view layout (and update related initializers)
for PSA sign/verify hash interruptible operation struct and
PAKE operation struct
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Make sure the layout of psa_key_attributes_s is commented
enough so that it does not accidentally get reorganized
by mistake in the future.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Putting the id at the of the psa_key_attributes_s structure allows
for a more efficient marshalling of the parameters around a transport
channel which provides separation between a client view and a service
view of the key parameters.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.
In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.
They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.
This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.
Add a warning to PKCS 1.5 decryption to warn users about this.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The initializatio macros need to be updated to support the case
where the crypto client view of the structures is being initialized
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
In case MBEDTLS_PSA_CRYPTO_CLIENT is defined and MBEDTLS_PSA_CRYPTO_C
is not, a client view of the multipart operation contexts is provided
through an handle object that allows mapping to the corresponding
service side data structures.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We can't have a public header or library file reference our test
environment (except possibly under test-only options, and even so, it would
be with great reluctance). This breaks the build for other people.
Fix#8259.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Centralize it in a new file psa/config_adjust_keypair_types.h. I think
this file indeed belongs in include/psa (as opposed to include/mbedtls)
because it only touches PSA_WANT symbols (no MBEDTLS_PSA symbols), and
implements things that are described in psa-conditional-inclusion.md.
The code is not new, just moved from config_psa.h and
config_adjust_legacy_from_psa.h where is was intermingled with handling
of ACCEL/BUILTIN symbols. (git's --color-moved option will hardly help
in checking that assertion, due to the way things were intermixed.)
Note: the parts about BUILTIN in config_psa.h were not moved, just
removed for now. They belong to
include/mbedtls/config_adjust_legacy_from_psa.h and will be
re-added there in a future commit which will completely re-organize the
handling or ACCEL/BUILTIN for ECC.
See comments inside the commit about placement of this file relative to
others.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Only document it with the PSA configuration, not for
MBEDTLS_ECP_DP_SECP256R1_ENABLED, since p256m can't be used with the classic
API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
`PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
from `development`, and add the `u` suffix to the relevant constants.
aca31654e6 removed a sentence with copypasta
refering to PBKDF2 instead of XTS. Restore that comment but fix the
copypasta.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
