Commit graph

4427 commits

Author SHA1 Message Date
Chris Jones 7439209bcc Rewrite error addition interface
The previous implementation of the error addition interface did not comply
with the invasive testing architecture guidelines. This commit fixes that
by:

- Renaming functions/macros/variables to follow the mbedtls_error_xxx or
  mbedtls_test_hook_xxx convention.

- Making mbedtls_test_hook_error_add a global variable that can be set
  by the testing code.

- Using a static inline function call, as opposed to macro, to keep
  discrepancies between debug and production version to a minimum.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:24:25 +01:00
Chris Jones 759e30bdb0 Add MBEDTLS_ERROR_C dependency to invasive error code testing
Fix builds where `MBEDTLS_ERROR_C` is not defined but `MBEDTLS_TEST_HOOKS`
is defined. This was previously causing undefined reference errors in
these builds.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones b179b84335 Change set_err_add_hook void pointer to actual function pointer signature
Change the signature of the `hook` parameter of `mbedtls_set_err_add_hook`
to use the actual signature of the function as opposed to `void *`. This
fixes a warning when compiling with clang `-pedantic`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones d86ad60aa5 Change mbedtls_set_err_add_hook to use doxygen style comment
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones ef180af350 Move MBEDTLS_ERR_ADD macro and functions to error.*
`error.c` and  error.h are the more logical place to keep this code and it
prevents issues with building `common.c` and conflicts with other projects
that use mbedtls (such as mbedOS).

`error.c` has been automatically generated by first adding the code to
`error.fmt` and then running `./scripts/generate_errors.pl`.

Also add parenthesis to the addition in `MBEDTLS_ERR_ADD`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones 5e8805afeb Move MBEDTLS_ERR_ADD macro and function to common.*
`error.c` is a file generated from `error.h` and thus cannot contain the code
that was previously added. This commit fixes that issue by moving the
`MBEDTLS_ERR_ADD` macro and associated function and function pointer into
`common.h` and `common.c`.

Also fix a typo in `tests/include/test/helpers.h` where tabs were accidentally
used instead of spaces.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones 96ae73b0ea Add macro for error code addition
Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the
result will not be corrupted. This additional check is only enabled during
testing when `MBEDTLS_TEST_HOOKS` is defined.

Also includes a reference usage example in `rsa.c` where two high-level error
codes could be incorrectly added together under the right conditions. This now
ensures that when this error occurs during testing it will be correctly
reported.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:12:02 +01:00
TRodziewicz c75d9f589b Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 11:38:37 +02:00
Bence Szépkúti 3b1cba82c8 Fix reference to deprecated macro in documentation
The reference was introduced in #4174.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-08 16:10:05 +02:00
Ronald Cron df2e4f22a8
Merge pull request #4290 from ronald-cron-arm/hash-dispatch-follow-up
Hash dispatch follow up
2021-04-08 09:13:19 +02:00
Gilles Peskine b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Gilles Peskine 7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
Ronald Cron 980230e965 psa: include: Update and improve multipart-op struct design notes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron dd3b539573 psa: include: Clarify scope of crypto_builtin/driver_contexts.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron 06c84ca5f8 psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:30 +02:00
Ronald Cron e31fd11ab3 psa: include: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 15:59:57 +02:00
Ronald Cron d3b458c452 tests: psa: Fix expected error code
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:54:50 +02:00
Ronald Cron 48ffe622f9
Merge pull request #4215 from paul-elliott-arm/remove_fallthrough
Remove deliberate fallthrough
2021-03-30 16:40:24 +02:00
Gilles Peskine e5fde54337 Remove incorrect definitions of the dom2() and dom4() prefixes
Implementers and users would have to refer to the RFC for the detailed
specification of the algorithm anyway.

Keep a mention of the curves and hashes involved for avoidance of doubt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 15:08:10 +02:00
Gilles Peskine a00abc6b65 Consistently describe Ed25519 as a 255-bit curve
The coordinates are over $F_{2^{255}-19}$, so by the general
definition of the bit size associated with the curve in the
specification, the value for size attribute of keys is 255.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 7e54a29bea Express DES key sizes in bits
The size attribute of a key is expressed in bits, so use bits in the
documentation. (The documentation of psa_export_key() describes the
export format, so it counts in bytes.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 6a427bf306 Document the general definition of bit sizes for asymmetric keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 27354690cb Use a bit-size in the algorithm name
Call it “SHAKE256-512”, just like SHA3-512 has 512 bits of output.
SHAKE256-64 looks like it's 64 bits of output, but this is 64 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine da7305e472 Avoid collision with SM3 in API specification 1.0.1
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine b13ead816c Make the hash-and-sign nature of Ed25519ph and Ed448ph explicit
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine e36f8aa1b0 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 7962284f78 Mention psa_hash_compute in the documentation of psa_{sign,verify}_hash
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 6d40085177 Don't duplicate the definition of PSA_ALG_IS_HASH_AND_SIGN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Ronald Cron 5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron 6ad554cb83 psa: cipher: Prefer length rather than size for IV/block length
Prefer length rather than size for IV/block length as
per the PSA specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron 02d68b2b8e psa: cipher: Fix comment type
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron 9198e8c259 psa: driver contexts: Fix include order and wrapping
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron 5d9b00dddb psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:07 +01:00
Ronald Cron 7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron d85e98d6f1 psa: config: Add CBC-MAC
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:26 +01:00
Ronald Cron e1f5516025 psa: config: Improve handling of not supported ECC curves
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:19 +01:00
Ronald Cron b9df5ceb8f psa: config: Fix AEAD/CMAC algorithms and ciphers inter-dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 11:01:21 +01:00
Ronald Cron 3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine 398413024d SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine 8276986c3e Curve448 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron 63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Ronald Cron da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
David Brown 3298851d05 Fix alignment of PSA defines
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Steven Cooreman f8e45a4e98 Simplify compilation guards around hash driver testing
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Gilles Peskine 01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length
Correct the maximum generated nonce length for CCM
2021-03-16 10:10:41 +01:00
David Brown eed74df1ee Re-order PSA ECC configs
Arrange these to be in alphabetical order.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:53:57 -06:00
David Brown 110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Steven Cooreman 0f8ffa806b Rename and retype hash test driver context structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman a85e2f835e Guard hash test functions as a block
Replicate the way the internal hash functions are guarded

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman 830aff2a98 Restructure the way driver contexts are declared
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:32 +01:00
Dave Rodgman e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Bence Szépkúti 437035bfe3 Fix revert of PSA_AEAD_UPDATE_OUTPUT_SIZE
Both the original change, and its incomplete revert were introduced in
#3386.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 17:58:26 +01:00
Bence Szépkúti 0153c9436b Correct the maximum generated nonce length for CCM
psa_aead_generate_nonce() could generate a nonce of up to 13 bytes,
depending on the inputs to psa_aead_set_lengths().

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 15:45:17 +01:00
Ronald Cron fc86f3f147
Merge pull request #3386 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size
Add new support macros for output buffer sizes since PSA API 1.0 beta 3
2021-03-11 13:30:42 +01:00
gabor-mezei-arm 5699101ac9
Update PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-11 11:55:03 +01:00
David Brown 9b178deedb Fix typo in PSA ECC curve config option
Fix SEC to SECP as the curve name.  This fixes failing tests that
verified the config option was working.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown 3353f81694 Update psa/crypto_config.h to new names
An earlier commit fixes the names of the PSA_WANT_ECC_ macros.  Update
the crypto_config.h file to match these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown c7b9b2b6d6 Update defines for ECC PSA configs
Use the names as described in
`docs/proposed/psa-conditional-inclusion-c.md which use a transform
like: SECP256R1 -> SECP_R1_256.  The CURVE25519 and CURVE448 become
MONTGOMERY_255 and MONTGOMERY_448.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
David Brown 20a8c4305a Define PSA_WANT definitions for all ECC curves
Mirror the default non-PSA configuration by enabling all supported ECC
curves.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
David Brown 8de143e72d Create PSA configs for ECC curves
For each curve defined MBEDTLS_ECP_DP_xxx_ENABLED, we have a
corrsponding PSA config define PSA_WANT_ECC_xxx.  Along with that is a
value MBEDTLS_PSA_ACCEL_ECC_xxx which can be used to allow HW
acceleration of that particular curve.

If the PSA config requests an unaccelerated curve, the corresponding
MBEDTLS_PSA_BUILTIN_ECC_xxx will also be defined.

This commit defines these for all curves currently defined, with the
defines working in either direction, depending on whether
MBEDTLS_PSA_CRYPTO_CONFIG is defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
Paul Elliott aa5e132df7 Improve include guards for format attribute
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 48438c758a Fix incorrect long long specifier for win64
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott d48d5c6615 Fix size_t and longlong specifiers for MinGW
MinGW and older windows compilers cannot cope with %zu or %lld (there is
a workaround for MinGW, but it involves linking more code, there is no
workaround for Windows compilers prior to 2013). Attempt to work around
this by defining printf specifiers for size_t per platform for the
compilers that cannot use the C99 specifiers.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott abb3af7826 Invert gate on printf attribute
Inverted the logic without thinking.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott f8d733e49a Correct include guard for function __attribute
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 4e589701d8 Declare mbedtls_debug_print_msg as printf-like
We were not getting any warnings on printf format errors, as we do not
explicitly use printf anywhere in the code. Thankfully there is a way
to mark a function as having printf behaviour so that its inputs can be
checked in the same way as printf would be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 36f539d9b3 Remove deliberate fallthrough
Clang 11 has stopped using the old comment system to mark deliberate
fallthrough, and now demands marking of such with
__attribute(fallthrough). Given not every compiler supports such
attributes and these are the only two deliberate fallthrough cases in
the project at the minute, take the easy route and just remove the
fallthrough.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 16:19:46 +00:00
gabor-mezei-arm 9c3b5077e6
Update PSA_CIPHER_ENCRYPT_OUTPUT_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-10 15:57:44 +01:00
Steven Cooreman b1777312da Make the driver context union a defined type
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman dbf8ceda54 Change the way driver context structures are used
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.

This change defines & implements for hashing operations how the context
structures get defined.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman 0e307647e6 Split hashing operations out into an mbedTLS hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Dave Rodgman bfe754947c Bump version to 2.26.0
Executed ./scripts/bump_version.sh --version 2.26.0

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:09:18 +00:00
Gilles Peskine 7ef23bee0e Documentation: fix \p names that diverged from the code
Fix places where Doxygen documentation uses \p to refer to a parameter
name and where the name used did not match the actual parameter name.

I used the following script to detect problematic cases:
```
perl -w -ne 'if (eof) { $. = 0; } if (m!^/\*\*!) { $in_doc = 1; %param = (); %p = (); } if (m!\*/!) { foreach $name (keys %p) { if (!$param{$name}) { foreach $line (@{$p{$name}}) { print "$ARGV:$line: $name\n" } } } $in_doc = 0; } if ($in_doc) { if (/\\param(?: *\[[^\[\]]*\])? +(\w+)/) { $param{$1} = 1; } foreach (/\\p +\*?(\w+)/) { push @{$p{$1}}, $.; } }' include/psa/*.h
```

This commits fixes all the remaining occurrences under include/psa,
which were just trivial name mismatches.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:31 +01:00
Gilles Peskine 364d12cfab Documentation: fix \p used for non-parameters
In Doxygen documentation, use \c rather than \p when discussing
something that isn't a parameter of the current macro or function.
Where needed, explain what the thing is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:15 +01:00
Gilles Peskine 8735343575 Fix copypasta in documentation of an error case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:08 +01:00
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
gabor-mezei-arm 286a36e17d
Fix size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-05 15:59:57 +01:00
Gilles Peskine 9264e01730 Update error codes listed in the net_sockets documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:27:17 +01:00
Steven Cooreman 328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman 37389c768d Update validity domain of min_tag_length / min_mac_length
Review indicated explicit validity domain should be [1, max_alg_length]

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm c6f2480854
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine c8dab5b41e Fix sloppy wording around stricly less-than vs less or equal
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:39:21 +01:00
Gilles Peskine e28f236b6b Document FD_SETSIZE limitation for mbedtls_net_{poll,recv_timeout}
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
gabor-mezei-arm e86bdcaa11
Fix size macros and its documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm fbd9f1e683
Add and update macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm ee6bb560a6
Remove out of scope macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm 8809fb64eb
Add and update size macros for ciphers and keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm 0687b2b236
Add macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm a200ee6098
Move AEAD macros next to each other
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:36 +01:00
Gilles Peskine b15832160b Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine 4337a9cb18 Document mutex usage for RSA
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 478847cca3 Document thread safety for HMAC_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine e39b2192e5 Document mutex invariant for HMAC_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine f305d92480 Document thread safety for CTR_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine da290f9bcd Document mutex invariant for CTR_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 39a1a26d0b Explain the usage of is_valid in pthread mutexes
Document the usage inside the library, and relate it with how it's
additionally used in the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine 60b29fea46 Define WANT symbols for always-supported key types
PSA_KEY_TYPE_RAW_DATA and PSA_KEY_TYPE_DERIVE are always supported.
Make this explicit by declaring PSA_WANT_KEY_TYPE_RAW_DATA and
PSA_WANT_KEY_TYPE_DERIVE unconditionally. This makes it easier to
infer dependencies in a systematic way.

Don't generate not-supported test cases for those key types. They
would always be skipped, which is noise and would make it impossible
to eventually validate that all test cases pass in at least one
configuration over the whole CI.

Don't remove the exception in set_psa_test_dependencies.py for now, to
get less noise in dependencies. This may be revised later if it is
deemed more important to be systematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:52 +01:00
Bence Szépkúti 7921cceec8 Fix typo in config_psa.h
The correct macro is PSA_WANT_ALG_CFB

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-17 11:47:40 +01:00
David Brown 9a594e8023 Update psa crypto_config to include recent configs
Update with CHACHA20_POLY1305, CHACHA20.  Add in CTR, which was missing,
and move ALG_XTS to its proper location alphabetically.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:57 -07:00
David Brown db01e0271f Remove an unnecessary #else and commented line
With the else branch commented out, both lines are unnecessary.  We
could check for the invalid configuration in the future, once tests were
made to exclude this combination.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown be380c1e0f Remove incorrect PSA ECB definition
There is no PSA ALG_ECB, only ALG_ECB_NO_PADDING.  Fix one incorrect
declaration, and remove another that is just redundant.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 8de6437bb6 Cleanup PSA CBC padding defines
Only define MBEDTLS_CIPHER_MODE_CBC if one of the CBC modes is requested
and everything isn't covered by an accelerated version.  This keeps this
from being defined in cases where everything needed would be
accelerated.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 86730a8d50 Add missing MBEDTLS_PSA_BUILTIN for ChaCha20-Poly1305
Add these missing definitions when this configration is chosen.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown fc46818eeb Cleanup PSA ifdefs for CBC block mode
Try to make these definitions clearer given the complexity of the
mapping between the PSA config options and the MBEDTLS ones.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 10cb81c0a0 Add some missing MBEDTLS_PSA_BUILTIN_ definitions
Add a few instances where the builtin macros for these algorithms were
missed.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown f84a0f691e Simplify block cipher PSA definitions
If any of the software block ciphers are selected, define an internal
macro to indicate this.  This eliminates some redundancy that needs to
check for this.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown e1f91f07cd Consolidate PSA ifdefs for block ciphers
Combine some separate ifdef blocks to make it clearer when various
internal values are defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 18658a7896 Disable error on CHACHAPOLY misconfiguration
As the test tries this in multiple configurations, an #error here will
fail CI.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown ac4fa07fa3 Add PSA config support for ChaCha20+Poly1305
Add checks for PSA_WANT_ALG_CHACHA20_POLY1305.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown b16727a603 Add PSA config for ChaCha20
Add checks for PSA_WANT_KEY_TYPE_CHACHA20, both with and without
MBEDTLS_PSA_CRYPTO_CONFIG.  This only adds support for the ciphers
itself, presumably as a stream cipher (and not yet AEAD).

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown b781f75401 Define SW crypto algorithms if block modes need it
Even if there is an accelerated version of a (block) key type, enable
the SW implementation if there are block modes that don't have
acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 5256e69cda Fix typo in psa config comment
Change "are" to "aren't" to avoid making the comment misleading.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 4b9ec7a598 Add checks for HW acceleration of ciphers and padding
Add additional ifdef checks in the PSA config to detect when an
algorithm is entirely implemented in hardware.  If there is any
combination of cipher and padding type that is not supported by the HW
acceleration, enable the SW acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 12f45f99da Add definitions for builtins for cipher modes
Create these definitions for the various cipher modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown da7dbb72ed Add building definitions for non-crypto-config case
Ensure that the builtin definitions are defined when selected by the
traditional configuration options.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown bc1731b24e Fix small error in a comment
Use '||' instead of 'or' for consistency.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown db003f31fc Remove unused definition
PSA defines CBC with no padding, and CBC with PKCS7 padding.  The bare
"ALG_CBC" is not defined, so remove this definition.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 78a429b89a Add _BUILTIN defines for new features
For the new features conditionalized on MBEDTLS_PSA_ACCEL_..., define a
correlated MBEDTLS_PSA_BUILTIN_... if it is not defined.  This prevents
check_names from considering these new defines as typos.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 9984427b4a Add feature support for block modes to PSA crypto config
Add support for supported block modes using the PSA crypto config.
These are mapped to Mbed TLS config options as best as possible.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown a9f1d83d31 Add symmetric ciphers and block modes
Update the psa/crypto_config.h with the newly defined PSA_WANT_
definitions for symmetric ciphers and block modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown b65a7f7b52 Add feature support for DES for PSA crypto config
Basic support for enabling DES through PSA_WANT_KEY_TYPE_DES.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 686e6e83d3 Add feature support for Camelia for PSA crypto config
Basic support for enabling Camelia through PSA_WANT_KEY_TYPE_CAMELIA.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown ec258cfae1 Add feature support for ARC4 for PSA crypto config
Basic support for enabling ARC4 through PSA_WANT_KEY_TYPE_ARC4.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 949330827c Add feature support for AES for PSA crypto config
Basic support for enabling AES through PSA_WANT_KEY_TYPE_AES.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
Gilles Peskine 996f2168b6 Make it possible to include psa_crypto_random_impl.h with psa_util.h
There was some intentional duplication between
library/psa_crypto_random_impl.h and include/mbedtls/psa_util.h, with
the intent that the compiler would complain if one file was edited in
a way that's incompatible with the other file. However, the two files
were never included together, and in fact could not be included
together because some definitions can't be duplicated (type, static
variable).

Now library/psa_crypto_random_impl.h includes
include/mbedtls/psa_util.h, so the compiler will check what it can.
There is less redundancy since it isn't always possible to declare
something twice (specifically, types can't be declared).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 16:50:00 +01:00
Gilles Peskine 2cff7e2a59 Minor clarification in the public documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 16:49:42 +01:00
Gilles Peskine e3ed802138 Expose mbedtls_psa_get_random()
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Steven Cooreman 863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
Steven Cooreman 1f968fdf19 Define the user-configurable PSA config flag in config.h
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:30 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Bence Szépkúti a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Ronald Cron 395889f9b7 psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
when MBEDTLS_PSA_CRYPTO_C is defined and guard
PSA client code only with MBEDTLS_PSA_CRYPTO_CLIENT.

The definition of MBEDTLS_PSA_CRYPTO_CLIENT is done
in crypto_types.h before the definition of
psa_key_attributes_t. That way as PSA crypto client
code is related to key attributes we can be quite
confident that MBEDTLS_PSA_CRYPTO_CLIENT will be
defined when needed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:08 +01:00
Gilles Peskine 2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Ronald Cron a0832d47f7
Merge pull request #3958 from gilles-peskine-arm/fix-tls12-constant-namespace
Fix some PSA-related identifiers
2021-02-05 16:34:26 +01:00
Gilles Peskine d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Gilles Peskine 51b8bb01cb PSA_KEY_TYPE_DERIVE is always available
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine b65db07ae8 Add missing declaration of SHA-224 from MBEDTLS_SHA256_C
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine 47a8933b0f Declare PSA_KEY_TYPE_HMAC as well
HMAC requires both the algorithm and the key type to be effective.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Ronald Cron 3768ac12a8 Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:16:01 +01:00
Gilles Peskine 53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron 318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm bdae918cd9
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-28 14:33:10 +01:00
gabor-mezei-arm 86326a9131
Fix possible error codes in the documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-26 13:48:26 +01:00
Steven Cooreman b587313738 Doesn't make sense to have ECP_NO_FALLBACK when there's no ECP_INTERNAL_ALT.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:59:17 +01:00
Steven Cooreman 6226a12acc Documentation update for MBEDTLS_ECP_NO_FALLBACK
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:58:31 +01:00
gabor-mezei-arm d25ea720fd
Fix rename of output buffer size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:20:21 +01:00
gabor-mezei-arm cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Gilles Peskine 43f958b24d Rename unnamespaced identifiers
Rename the enum constants TLS12_PRF_xxx, which are declared in a
public header but not intended for use in application code, to start
with MBEDTLS_PSA_.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 17:42:25 +01:00
Andrzej Kurek 2a54a6fe1c Refactor the variable buffer length config description
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:21 -05:00
Andrzej Kurek 557289babc Add a missing dependency to config.h
Variable buffer lengths depend on the maximum fragment length extension.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:15 -05:00
Andrzej Kurek 069fa96cd7 Use size_t instead of uint32_t for ssl I/O buffer lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:13:58 -05:00
Steven Cooreman 97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine 88fa5c463e Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:00:53 +01:00
Cédric Meuter f3fab33147 Removed the mode argument from mbedtls_rsa_rsassa_pss_sign_ext()
- This mode argument was deprecated in the original function.

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 09:54:10 +01:00
Cédric Meuter 010ddc2b62 Integrated feedback of first code review
- Fixed code style.
- Clarified the documentation of what happens when saltlen is set to
  MBEDTLS_RSA_SALT_LEN_ANY.
- Added range check on saltlen to reject out of range values.

(Code review done by @gilles-peskine-arm)

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 09:53:04 +01:00
Cedric Meuter 8aa4d75ec9 Introduced mbedtls_rsa_rsassa_pss_sign_ext(..., saltlen, ...)
extension of mbedtls_rsa_rsassa_pss_sign() with an extra argument
'saltlen' which allows to inject the length of the salt to the function,
as opposed to the original function which internally computes the
maximum possible salt length. If MBEDTLS_RSA_SALT_LEN_ANY is passed
the function falls back to the the original behaviour. The original
function mbedtls_rsa_rsassa_pss_sign() can simply defer to it.

This allows to make some CAVP PSS generation tests that require the use
of a salt length which is smaller that the hash length.

Signed-off-by: Cédric Meuter <cedric.meuter@gmail.com>
2020-12-24 09:51:47 +01:00
Manuel Pégourié-Gonnard 575ece0eed
Merge pull request #3576 from gilles-peskine-arm/psa-lifetime-persistence-indicator-tweaks
Tweak documentation about lifetimes
2020-12-15 10:17:39 +01:00
Gilles Peskine 0bb257096a Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 17:36:02 +01:00
Gilles Peskine e39bdaa0ed Specialize some wording from the specification
Some of the material was originally the PSA specification, and
discusses how different implementations might behave. Replace such
statements by a description of how Mbed TLS behaves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 18:47:55 +01:00
Gilles Peskine 9b3e5a7b3e Clarify the explanation of locations
It's about who has access to the key material in plaintext, not directly
where the operation is performed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 18:47:11 +01:00
Janos Follath f3c856536b
Merge pull request #789 from ARMmbed/mbedtls-2.25.0r0
Merge release candidate back to development
2020-12-11 14:36:29 +00:00
Manuel Pégourié-Gonnard a27a4e2f18
Merge pull request #3929 from gilles-peskine-arm/psa-driver-remove-old-accel
Remove old proposed accelerator interfaces
2020-12-10 11:31:47 +01:00
Janos Follath 0cbdc61171 Bump version to Mbed TLS 2.25.0
Executed ./scripts/bump_version.sh --version 2.25.0 --so-crypto 6

Increasing the SO version of the crypto library, because the openless
API improvement came with API/ABI incompatibilities. For example
    - the size of psa_key_handle_t changed
    - the type of a parameter in 18 public functions has changed from
      psa_key_handle_t to mbedtls_svc_key_id_t

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:05:22 +00:00
Janos Follath a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine 2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti 99ffb2b275 Simplify description of PSA_ALG_STREAM_CIPHER
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:09:08 +01:00
Bence Szépkúti cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Bence Szépkúti a294551446 Update PSA Crypto macro values to version 1.0.0
This should be everything that's needed for the stable storage format.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Bence Szépkúti 1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Gilles Peskine e995b9b3f0 Clarify statuses from mbedtls_psa_external_get_random
Add and document PSA_ERROR_INSUFFICIENT_ENTROPY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 20:42:57 +01:00
Ronald Cron 771090659e
Merge pull request #3393 from geecrypt/development
Support set *_drbg reseed interval before seed
2020-12-07 14:29:52 +01:00
Gilles Peskine 3a0535b465
Merge pull request #3916 from jdurkop/psa-crypto-config-hashes-3672
Add support to crypto config for hashes
2020-12-07 13:50:56 +01:00
Manuel Pégourié-Gonnard b23e31d86a Minor documentation/comment fixes
typos, overlong lines

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-07 09:57:35 +01:00
Manuel Pégourié-Gonnard 513c243317 Deprecate mbedtls_cipher_auth_xxcrypt()
This temporarily breaks all.sh '*deprecated*' (deprecated functions still used
in the library), which will be fix in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard f2ffbc4387 Stop supporting NIST_KW in cipher_auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 12:25:09 +01:00
Manuel Pégourié-Gonnard 9cc079db7a Declare cipher_auth_{en,de}crypt_ext()
Work in progress: next steps are to implement and test it.

Compared to the existing non-ext version:

- to separate tag parameter
- explicit output_len parameter

Also, this version will retain support for NIST_KW (hence documents it), while
the non-ext version will lose it in a few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 10:09:44 +01:00
Manuel Pégourié-Gonnard 3ba84d5bd6 Improve documentation of cipher_auth_xxcrypt()
- Document constraints on buffers/pointers NULLability explicitly.
- Simplify terminology around IV/nonce: all AEADs implemented so far call that
  a nonce. Keep the parameter names (iv, iv_len) to avoid having to change the
code (or having different names in the header and C files).
- Align documentation to the code regarding parameter constraints: the
  documentation said the for ciphers with fixed nonce/tag length, the
iv_len/tag_len arguments were ignored, while the code enforced them to be the
expected value. This is more consistent with what's done with GCM/CCM, which
for tag_len for example accept more than one value, but from a relatively
small set, and will return errors for values outside that set. Accepting a
single value is a particular case of that (the set of acceptable value only
has one element).

Don't document behaviour with NIST KW as we're about to change that.

Note: this function is currently only defined if at least one of GCM, CCM or
ChachaPoly is enabled, even though it's supposed to handle NIST KW as well. No
need to fix this as the function will soon no longer support NIST KW.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-12-03 10:01:28 +01:00
John Durkop d62b678473 Minor updates to address review comments
Removed unecessary checks on the ALG_SHA_224 and ALG_SHA_384 since
those are handled in config_psa.h by ensuring the correct _C is
included. Reformatted config_psa.h to be alphabetical and made the
assignments line up correctly for consistency. Fixed the guards
for ALG_SHA_224 and ALG_SHA_384 to be correct in the crypto library
source.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-30 21:06:05 -08:00
Gilles Peskine db6b03b4f2 Remove old-style accelerator and entropy driver interfaces
The driver interfaces described in crypto_accel_driver.h and
crypto_entropy_driver.h are no longer being worked on. We do not
intend to finish the design of these interfaces or to implement them
in Mbed TLS. They have been superseded by the unified driver
interface (docs/proposed/psa-driver-interface.md), which is being
actively worked on both to finalize the specification and to implement
it in Mbed TLS.

The partially implemented dynamic secure element interface is staying
for now.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 17:37:14 +01:00
Gilles Peskine b0a748e340 Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-30 12:01:54 +01:00
Bence Szépkúti d4585ff3c5 Fix removal of deprecated PSA constants
Due to a misplaced #endif, the (non-functional) macro definitions were
not properly removed from crypto_compat.h if MBEDTLS_DEPRECATED_REMOVED
was declared.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-11-27 17:52:56 +01:00
John Durkop fb764a60b9 Add hashes as crypto config by default
This change adds in all the hashes to the crypto config
by default.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 08:43:28 -08:00
Gilles Peskine 2cecfbab8a Support PSA_WANT_xxx and MBEDTLS_PSA_BUILTIN_xxx for hashes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-27 08:18:47 -08:00
Gilles Peskine cd1495c037 In old-style PSA configuration, define PSA_WANT_xxx
When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, if an Mbed TLS crypto
feature is enabled, declare the corresponding PSA feature as enabled,
in addition to enabling its software implementation. This is necessary
for code that uses PSA APIs and relies on PSA_WANT_xxx symbols to know
which features are enabled (application code, our library code using
MBEDTLS_USE_PSA_CRYPTO, our test dependencies, etc.).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-27 08:17:29 -08:00
Gavin Acquroff 6aceb51e43 Support set *_drbg reseed interval before seed
mbedtls_ctr_drbg_set_reseed_interval() and
mbedtls_hmac_drbg_set_reseed_interval() can now be called before
their seed functions and the reseed_interval value will persist.
Previously it would be overwritten with the default value.

*_drbg_reseed_interval is now set in init() and free().

mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now
reset the drbg context to the state immediately after init().

Tests:
- Added test to check that DRBG reseeds when reseed_counter
reaches reseed_interval, if reseed_interval set before seed
and reseed_interval is less than MBEDTLS_CTR_DRBG_RESEED_INTERVAL.

Signed-off-by: gacquroff <gavina352@gmail.com>
2020-11-25 14:25:56 -08:00
gabor-mezei-arm 452b0a32ad Update documentation
The return values of the functions are updated in the documetation.
All possible return values are added including nested functions' return
values. The values which cannot be returned are removed.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-25 13:10:50 +01:00
gabor-mezei-arm fe30924c45 Use PSA_ERROR_DATA_INVALID error code
If the file is read correctly, but it contains data that isn't valid,
the crypto storage code returns PSA_ERROR_DATA_INVALID.
The PSA_ERROR_DATA_CORRUPT and PSA_ERROR_STORAGE_FAILURE error codes are
replaced with PSA_ERROR_DATA_INVALID, except in the ITS subsystem.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-24 13:37:52 +01:00
gabor-mezei-arm 3d8b4f54d3 Add missing error code documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2020-11-24 13:37:52 +01:00
Gilles Peskine c0963010c0 Document mbedtls_psa_external_random_context_t
Note that the implementation here is just a sample, and integrators
are expected to replace it with whatever they need.

But do try to supply a definition that can be somewhat useful (give
room for pointer+size).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine b663a60140 Note the expectations on mbedtls_psa_external_get_random()
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine 89ffb28051 Fix option compatibility check
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine 14c332baee Fix a Doxygen warning
We generate the Doxygen documentation in a configuration where part of
config.h is excluded. See
https://github.com/ARMmbed/mbedtls/issues/520
```
/var/lib/build/include/mbedtls/config.h:3635: warning: documentation for unknown define MBEDTLS_PSA_HMAC_DRBG_MD_TYPE found.
```

This is a more general issue and fixing it is out of scope of my
current work. Therefore, just do something simple to silence Doxygen,
and never mind that this causes the documentation of
`MBEDTLS_PSA_HMAC_DRBG_MD_TYPE` to be omitted from the rendered
documentation. We'll fix that when we fix all the configuration macros
with a similar problem.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine ed03890281 PSA: allow the configuration to favor HMAC_DRBG
Allow the user to configure PSA to use HMAC_DRBG even if CTR_DRBG is
available, or to explicitly select the hash algorithm to use for
HMAC_DRBG, by setting MBEDTLS_PSA_HMAC_DRBG_MD_TYPE in config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine 82e57d1611 PSA: support HMAC_DRBG
Support using HMAC_DRBG instead of CTR_DRBG in the PSA subsystem.

Use HMAC_DRBG if CTR_DRBG is available. Choose between SHA-256 and
SHA-512 based on availability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine 4fc21fdeb6 Implement MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Implement support for MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG.

For test purposes, write an implementation that uses libc rand().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 17:42:54 +01:00
Gilles Peskine b8af22858d Autonomous random driver: declare the type and function
Define a sample type mbedtls_psa_external_random_context_t in
psa/crypto_platform.h and define the prototype of
mbedtls_psa_external_get_random() in a public header.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 16:28:09 +01:00
Gilles Peskine f08b3f8624 Autonomous random driver: create configuration option
Create a configuration option for autonomous random drivers, i.e. PSA
crypto drivers that provide a random generator, that have their own
entropy source and do not support injecting entropy from another
source.

This commit only creates the configuration option. Subsequent commits
will add the implementation and tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 16:28:09 +01:00
Gilles Peskine 383c245142 Move "internal use" sentence attached to the wrong function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-22 13:59:43 +01:00
Gilles Peskine 662deb38d6
Merge pull request #3547 from ronald-cron-arm/psa-openless
Openless PSA crypto APIs implementation
2020-11-20 18:48:33 +01:00
Ronald Cron 1d12d87d18 Improve/fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-20 13:57:15 +01:00
Ronald Cron 1ad1eeeaf1 psa stats: Count locked slots instead of unlocked ones
Count locked slots and not unlocked ones to
align with the other statistics counters.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Ronald Cron 5c522920ba psa: Rename functions to get a key slot
Rename functions to get a key slot:
. to make their naming more consistent
. to emphasize that those functions set a lock on the
  key slot they return to protect it from being wiped
  out and re-used while some part of the library
  is accessing it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-19 16:59:40 +01:00
Gilles Peskine 9a68810405
Merge pull request #3830 from jdurkop/psa-crypto-config-phase2
Phase 2 support for MBDTLS_PSA_CRYPTO_CONFIG
2020-11-19 09:32:23 +01:00
John Durkop 07cc04a8ad Updates to PSA crypto library based on review comments
Moved new check_crypto_config.h file from include/psa to library
directory and the file is now included from *.c instead of the
crypto_config.h file. Fixed guards in PSA crypto library based
on review comments for new PSA crypto config features.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-18 08:09:49 -08:00
John Durkop b6f7afcb5c Move check config feature for PSA_WANT
Moved from doing the dependency checks for MBEDTLS_PSA_BUILTIN to
checking the PSA_WANT macros for the dependency checks. This required
moving the file into the include/psa directory and having the file be
included by crypto_config.h instead of config_psa.h.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-12 11:39:07 -08:00
John Durkop 6ba40d1faa Corrected guards in PSA library based on review comments
Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx
guards based on review comments. Corrected guards in psa
test driver to use _ACCEL version instead of _BUILTIN version.
Updated check_config_psa.h to include additional dependency checks
for more algorithms. Renamed some of the new tests to be a little
more clear on the purpose.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-12 10:21:40 -08:00
Ronald Cron 77c89f5ad6 Fix several typos
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-11 15:12:14 +01:00
Ronald Cron 0c3752a46b psa: slot mgmt: Add unaccessed slots counter in stats
Add a counter of unaccessed slots and use it
in tests to check that at the end of PSA tests
all key slot are unaccessed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:19:59 +01:00
Ronald Cron d98059d599 psa: Fix tests/handling of lifetime incompatible with location
The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.

Fix the impacted tests and add two non regression tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 18:18:15 +01:00
Ronald Cron 4067d1c1e5 psa: Improve key creation documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron 967835596c psa: Fix references to macros in comments
This commit tries to fix the usage of #MACRO_NAME
to reference macros in comments.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron 6b5ff53c01 Add mbedtls_set_key_owner_id API
Add the mbedtls_set_key_owner_id API,
API specific to the MbedTLS PSA implementation.
The API allows to define the owner of
volatile keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:18:07 +01:00
Ronald Cron 5425a21fd2 tests: Adapt PSA tests to openless APIs
psa_key_handle_equal() is removed as not used
anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron c3623dbc76 State PSA_CRYPTO_KEY_ID_ENCODES_OWNER and USE_PSA_CRYPTO incompatibility
Code under MBEDTLS_USE_PSA_CRYPTO define is PSA client
code intended to use key identifiers of type psa_key_id_t.
Thus the MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
configuration option is incompatible with
MBEDTLS_USE_PSA_CRYPTO.

State this in config.h and check_config.h.

As a consequence:
. remove MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER from
  the full configuration, as MBEDTLS_USE_PSA_CRYPTO is
  part of it.

. add a new component in all.sh to keep testing the
  library when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
  is set.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 277a85f1ef Add psa_purge_key API
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron cf56a0a320 psa: Move from key handle to key identifier
Move all the PSA crypto APIs using key handles
to use key identifiers but psa_key_open() and
psa_key_close(). This is done without modifying
any test as key handles and key identifiers are
now the same.

Update the library modules using PSA crypto APIs
to get rid of key handles.

Programs and unit tests are updated to not use
key handles in subsequent commits, not in this
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron c4d1b514ab Define handles as key identifiers
Define psa_key_handle_t to be equal to
mbedtls_svc_key_id_t. Make the handle of a persistent
key be equal to its key identifier. For volatile keys,
make the key handle equal to the volatile key
identifier of the created volatile key.

The unit tests are modified just to make them compile
not to make them run successfully. They are fixed in
the subsequent commits.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 47a85614ed Introduce psa_key_handle_equal inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron c26f8d467a Introduce psa_key_handle_is_null inline function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
Ronald Cron 91e9515424 Introduce PSA_KEY_HANDLE_INIT macro
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-11-10 16:00:41 +01:00
John Durkop 9814fa2b08 Minor updates from review comments
Updated macros in config_psa.h that used ECC_xxx to use KEY_TYPE_ECC_xxx
per comments from review. Implemented a check_config_psa.h to help with
dependency checking of features enabled in config_psa.h. Added
check_config_psa.h to visual studio project.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 06:11:41 -08:00
John Durkop 7fc75eac21 Enable all features in crypto_config.h
In order to pass existing tests like test_psa_crypto_config_basic
and test_psa_crypto_config_no_driver, all the new features need
to be enabled in the default crypto_config.h file. This change
enables those features by default and updates the other new
tests to compensate for everything being enabled by disabling
some features for some of the tests as needed.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 06:11:41 -08:00
John Durkop 0e00519711 Add feature support for RSA for PSA crypto config
In the original attempt to add RSA support to PSA crypto config was too
generic. This set of changes adds support for the following RSA features:
PSA_WANT_ALG_RSA_PKCS1V15_CRYPT, PSA_WANT_ALG_RSA_PKCS1V15_SIGN,
PSA_WANT_ALG_RSA_OAEP, PSA_WANT_ALG_RSA_PSS, PSA_WANT_KEY_TYPE_RSA_KEY_PAIR,
and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY.

There were also some updates to ensure the proper inclusion of PSA crypto
library code when certain features are enabled. These updates were made to
address warnings and errors in builds from the new tests for these
features being added for PSA crypto configuration.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 06:11:41 -08:00
John Durkop f4c4cb008c Added additional support for ECP for PSA_CRYPTO_CONFIG
The KEY_TYPE_ECC_KEY_PAIR and KEY_TYPE_ECC_PUBLIC_KEY were previously
being guarded by MBEDTLS_ECP_C in the PSA crypto library code. This change
moves it to the new MBEDTLS_PSA_BUILTIN_xxx and separates KEY_PAIR
and PUBLIC_KEY as needed. Tests have also been added to validate the new
settings.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 06:11:35 -08:00
John Durkop d032195278 Phase 2 support for MBEDTLS_PSA_CRYPTO_CONFIG
This phase adds in support for the following features being
added to the list of features that can be configured in the
include/psa/crypto_config.h header file using the PSA_WANT_ALG_xxx
macros: ECDH, HMAC, HKDF, and RSA. These changes include changes to
the PSA crypto library to use the appropriate new guards that
will allow the feature to be compiled in or out either using
new PSA_WANT_ALG_xxx or the previous MBEDTLS_xxx macros.

For HKDF and HMAC, most of the PSA library code did not have a
specific matching MBEDTLS_xxx macro for that feature, but was instead
using the generic dependent MBEDTLS_MD_C macro. The ECDH and RSA
features more closely aligned with a direct replacement with a similar
macro.

The new tests for RSA, HMAC, and HKDF would normally unset additional
dependent macros, but when attempting to implement that level of
testing it required removal of too many core features like MD_C, PK_C,
ECP_C and other low level features. This may point to additional phases of
work to complete the transition of these features to the new model.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-10 06:10:29 -08:00
Gilles Peskine 58858b7ce4 Document that MBEDTLS_PSA_CRYPTO_CONFIG requires config_psa.h
Document that enabling MBEDTLS_PSA_CRYPTO_CONFIG requires including
mbedtls/config_psa.h from the configuration file (mbedtls/config.h or
MBEDTLS_USER_CONFIG_FILE).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:26:09 +01:00
Gilles Peskine a26b3e56cb Only include config_psa.h from config.h with new-style PSA configuration
In old-style configuration, do not include mbedtls/config_psa.h from
mbedtls/config.h.

The inclusion should not and did not break any code, but it caused our
testing to miss a break of backward compatibility (fixed in "Include
config_psa.h from psa/crypto.h"). If users have their own config.h
which enabled MBEDTLS_PSA_CRYPTO_C and worked prior to the creation of
config_psa.h and MBEDTLS_PSA_CRYPTO_CONFIG, their config.h must keep
working. By including config_psa.h from config.h in the legacy case,
we weren't testing the legacy configuration mechanism adequately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:25:17 +01:00
Gilles Peskine bce4dc028f Include config_psa.h from psa/crypto.h
When the new PSA crypto configuration mechanism MBEDTLS_PSA_CRYPTO_CONFIG
is disabled, legacy configurations must keep working, even if they don't
include the new header file mbedtls/config_psa.h. Code that uses or
implements PSA crypto interfaces needs some of the symbols defined by the
new header file. Therefore, include the new header file via PSA crypto
headers, which are included everywhere mbedtls/config_psa.h is needed.

Include it early, in psa/crypto_platform.h, just after including
mbedtls/config.h, so that its symbols are available wherever the symbols
from mbedtls/config.h is available.

This fixes the unit tests with configs/config-psa-crypto.h: some unit
tests were failing, revealing that library features controlled with
the new symbols were no longer getting built.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-09 15:17:07 +01:00
Gilles Peskine 52f32c913e
Merge pull request #3787 from bensze01/iv_nonce_size
PSA: Add support macros for IV/nonce sizes
2020-10-30 09:45:11 +01:00
Bence Szépkúti 423d3e7fcf Update support macros for IV/nonce sizes
This commit defines the following new macros added to the PSA Crypto API
between versions 1.0 beta 3 and 1.0.0 final:

PSA_AEAD_NONCE_LENGTH
PSA_AEAD_NONCE_MAX_SIZE
PSA_CIPHER_IV_LENGTH
PSA_CIPHER_IV_MAX_SIZE

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-10-29 11:07:39 +01:00
Johan Pascal 2258a4f481 Do not return a structure, use a return parameter
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal 0dbcd1d3f0 Make API safer
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal 20c7db3a67 API modified so server side can get mki value
+ client side discards self mki if server does not support it

Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal 76fdf1d60e Minor fix and improvements
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00
Johan Pascal d387aa0586 style + missing cast
Signed-off-by: Johan Pascal <johan.pascal@belledonne-communications.com>
2020-10-29 01:14:50 +01:00