Commit graph

15272 commits

Author SHA1 Message Date
Ronald Cron a4af55f14f psa: driver wrapper: Change cipher_*_setup signatures
Change the signature of
psa_driver_wrapper_cipher_encrypt/decrypt_setup to
that of a PSA driver cipher_encrypt/decrypt_setup
entry point.

Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron d6d28885f0 psa: Add mbedtls_psa_cipher_encrypt/decrypt_setup functions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 7986f7e14b psa: Export "internally" mbedtls_cipher_info_from_psa
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron ab99ac2f33 psa: Rework psa_cipher_setup (2)
Split out the cipher setup based on cipher.c
in psa_cipher_setup_internal() whose signature
is that of a PSA driver cipher_setup entry
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 590d3e56e9 psa: Rework psa_cipher_setup (1)
Rework psa_cipher_setup in preparation of
calling the cipher setup based on cipher.c
through the interface of a PSA driver
cipher_setup entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 0ff579590d psa: Add psa_crypto_cipher.[ch]
Add psa_crypto_cipher.[ch] files to contain the
Mbed TLS implementation of PSA driver cipher driver
entry points.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron c45b4afc63 Fix PSA SE driver tests
Fix PSA SE driver tests in configuration
full + MBEDTLS_PSA_CRYPTO_DRIVERS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron ac5db4da0e
Merge pull request #4246 from ronald-cron-arm/finalize-psa-config-support
Finalize PSA config support
2021-03-25 18:12:17 +01:00
Ronald Cron d85e98d6f1 psa: config: Add CBC-MAC
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:26 +01:00
Ronald Cron e1f5516025 psa: config: Improve handling of not supported ECC curves
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:19 +01:00
Mateusz Starzyk 5172605c49 Move URL matching regex to method definition.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-25 14:50:57 +01:00
Ronald Cron 51a3b7d79c psa: config: Add CAMELLIA to the list of possible CMAC ciphers
Camellia-CMAC is valid PSA configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 14:25:46 +01:00
Mateusz Starzyk c8f4489fa5 Use raw string + binary matching for URL regex.
Long URLs are allowed only if they are alone on their lines.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-25 14:06:50 +01:00
Ronald Cron b9df5ceb8f psa: config: Fix AEAD/CMAC algorithms and ciphers inter-dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 11:01:21 +01:00
Ronald Cron 29394a1c7c
Merge pull request #4252 from gilles-peskine-arm/fix-ubsan-in-psa-cipher-tests
Fix NULL+0 in test code
2021-03-25 10:16:00 +01:00
Ronald Cron 9e3926a295 psa: config: Remove check on ARIA in GCM prerequisites
ARIA is not supported yet through the PSA API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 15:57:21 +01:00
Mateusz Starzyk 9ee8166148 Compile URL matching regex before using it in the loop.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-24 12:51:15 +01:00
Mateusz Starzyk 6e47055a0b Allow changelog entries to have URLs exceeding 80 char limit.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-24 12:25:58 +01:00
Ronald Cron 4501c98fc2 psa: sign: Return INVALID_ARGUMENT instead of NOT_SUPPORTED
To run succesfully the test
"PSA sign: invalid algorithm for ECC key" of
test_suite_psa_crypto when ECDSA support is not included
in the library, always return INVALID_ARGUMENT
in case of an ECC key not used for ECDSA, whether
ECDSA support is present or not.

Then apply the same logic to RSA sign RSA and RSA/ECC
verify for the sake of consistency.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 12:05:51 +01:00
Ronald Cron 9f97c6ecdf Update PSA crypto test dependencies
Given the PSA_WANT_* config options added lately,
update set_psa_test_dependencies.py and run it
on test_suite_psa_crypto*.data files but the SE
and generated ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:26:44 +01:00
Ronald Cron 9838dc2702 tests: Fine tune handling of policy negative tests
Fine tune handling of policy negative tests when
setting automatically PSA crypto unit tests
dependencies.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:18:23 +01:00
Ronald Cron 6ac020d797 tests: Treat PSA_WANT_ECC_* as manual dependencies
For the time being, it is not possible to determine
the size of ECC keys from the arguments of all test
cases thus treat them as dependencies that are not
systematic. Such dependencies are not generated nor
deleted by set_psa_test_dependencies.py.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 09:03:56 +01:00
Gilles Peskine 0c510f36dd Fix NULL+0 in test code
Fix likely harmless undefined behavior in cipher tests pointed out by
UBSan with recent compilers (e.g. Clang 10). When the complete output
is empty, the output buffer is NULL. Adding an integer to a null
pointer is undefined behavior even when the integer is 0, so make a
special case for that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-24 00:41:51 +01:00
Ronald Cron ee414c7383 Update dependencies in PSA test code
Replace MBEDTLS_* config options for which there is
an associated PSA_WANT_* to the PSA_WANT_* one. That
way the tests are also run when the dependency is
provided by a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Ronald Cron 3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Ronald Cron 49eee980c3
Merge pull request #4250 from gilles-peskine-arm/psa-curves-fix-tests
PSA: don't run tests for unsupported curves
2021-03-23 16:31:35 +01:00
Gilles Peskine 71f45ba0e8 Fix unused parameter warning in some configurations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 14:17:55 +01:00
Gilles Peskine defdc3bc53 SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the ssl-opt.sh test case that uses it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:59:58 +01:00
Gilles Peskine a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
Gilles Peskine 398413024d SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine 8276986c3e Curve448 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron 63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine 01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
PSA storage format test case generator
2021-03-22 12:16:17 +01:00
Ronald Cron 5cb08a8e61
Merge pull request #4202 from paul-elliott-arm/changelog_linelength_enforcement
Make assemble changelog script enforce line length
2021-03-19 12:26:31 +01:00
Paul Elliott d75773e941 Pythonify and fix reported line number
Use enumerate to give the line number and use the correct offset to
actually calculate it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-18 18:09:34 +00:00
Gilles Peskine d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Maulik Patel 3240c9d2ec Update tests for other invalid key operations.
Update expected return values of psa_get_key_attributes(),
psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE
for invalid key.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 16:11:05 +00:00
Maulik Patel 02a1750098 Update tests for psa_close_key for invalid key.
Update expected return values of psa_close_key() to
PSA_ERROR_INVALID_HANDLE for invalid key handle operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 15:05:13 +00:00
Maulik Patel f65ad8ccc1 Update psa_open_key tests for invalid key.
Update expected return values of psa_open_key() to
PSA_ERROR_DOES_NOT_EXIST for invalid key handle operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 14:55:45 +00:00
Maulik Patel c1bfcdda58 Fix:4162 Return correct error type for invalid key
Return PSA_ERROR_INVALID_HANDLE instead of
PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 13:41:07 +00:00
Gilles Peskine 6cc510ea89
Merge pull request #4075 from rrlapointe/dtls_demo_use_read_timeout
Actually use the READ_TIMEOUT_MS in the example DTLS client and server
2021-03-17 14:39:50 +01:00
Paul Elliott 2065a8d8af Reduce level of -Wformat-truncation
Reduce level of format truncation warnings due to issues with false
positives (an unknown size buffer is always treated as size 1)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-17 13:12:22 +00:00
Paul Elliott 29b641688d Fix printf format issue in programs
Fix issues that were missed as part of previous printf attribute
cleanup

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-17 13:08:10 +00:00
Gilles Peskine 0e7b6ebb64 Fix typos in comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-17 13:46:59 +01:00
Ronald Cron da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
Gilles Peskine d86bc52d78 Cover encodings of algorithms without parameters
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.

This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 22:29:12 +01:00
David Brown 3298851d05 Fix alignment of PSA defines
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Gilles Peskine 74a7f93c94 Add BUGS.md
Instructions on how to report a bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:05:44 +01:00
Gilles Peskine 92042d9bc4 The 2.7 branch is retired
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:05:30 +01:00
Gilles Peskine 991bbe7f5e Mention the master branch as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:05:16 +01:00