Commit graph

15882 commits

Author SHA1 Message Date
Dave Rodgman d73e1b0ccd Tidy up logic in psa_mac_sign_finish
Simplify the logic in psa_mac_sign_finish.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:20:57 +01:00
Dave Rodgman db861797c1 Correct coding style issues
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:20:53 +01:00
gabor-mezei-arm 22984de191
Remove comments
These comment cannot bring more information than the code does.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 17:20:22 +02:00
gabor-mezei-arm c31505c351
Test struct initialization
Modify tests to test mbedtls_psa_cipher_operation_t,
mbedtls_transparent_test_driver_cipher_operation_t and
mbedtls_opaque_test_driver_cipher_operation_t struct initialization macros.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:58:27 +02:00
gabor-mezei-arm f67d8af106
Fix struct initialization
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:58:27 +02:00
gabor-mezei-arm c5c8d38d80
Add test for one-shot cipher driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:58:27 +02:00
gabor-mezei-arm 8f8dc4c188
Add changelog entry
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
gabor-mezei-arm fa990b5ffe
Dispatch cipher functions through the driver interface
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
gabor-mezei-arm d086e6e14f
Add tests for one-shot hash cipher functions
Tests for psa_cipher_encrypt and psa_cipher_decrypt functions.
The psa_cipher_encrypt function takes no parameter for IV and always generates
it therefore there will be a randomness in the calculation and cannot be
validated by comparing the actual output with the expected output.
The function is tested by:
 - doing a prtially randomized test with an encryption then a decryption
   and validating the input with output of the decryption
 - validating against the multipart encryption
The combination of this two methods provides enough coverage like a
known answer test.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
gabor-mezei-arm 0ef3b85381
Implement one-shot cipher
Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 16:57:29 +02:00
Dave Rodgman cccb05def4 Call abort on error in psa_mac/cipher setup
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:52:47 +01:00
Dave Rodgman 4e0a82e274 Update multipart hash operations to abort on error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:52:23 +01:00
Dave Rodgman ff8d52b398 Add negative tests for psa_abort in hash functions
Various functions for PSA hash operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:40:08 +01:00
gabor-mezei-arm 9774dcf592
Convert iterators to lists to remove late binding
Remove late binding of iterators to enable the creation of an object
with an actual state of a variable.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 12:39:18 +02:00
gabor-mezei-arm 0bdb84e861
Add type annotations
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 12:37:08 +02:00
gabor-mezei-arm 6439e85094 Do key usage policy extension when loading keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
gabor-mezei-arm 3e5f6cd58f Add test for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
gabor-mezei-arm 4d9009e74f Update tests for extended key usage policies
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:19 +02:00
gabor-mezei-arm eeaeef4d58 Extend PSA_USAGE_SIGN/VERIFY_HASH key policies
According to the PSA specification the PSA_USAGE_SIGN_HASH has the
permission to sign a message as PSA_USAGE_SIGN_MESSAGE. Similarly the
PSA_USAGE_VERIFY_HASH has the permission to verify a message as
PSA_USAGE_VERIFY_MESSAGE. These permission will also be present when
the application queries the usage flags of the key.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-24 11:58:18 +02:00
Dave Rodgman c88b0a57da Update cipher and mac functions to abort on error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 19:05:35 +01:00
Dave Rodgman 34b147d1e6 Add negative tests for psa_abort in cipher and mac functions
Various functions for PSA cipher and mac operations call abort
on failure; test that this is done. The PSA spec does not require
this behaviour, but it makes our implementation more robust in
case the user does not abort the operation as required by the
PSA spec.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 19:05:32 +01:00
Dave Rodgman 33b58eeb36 Fix error in psa_crypto test suite
The cipher_bad_order test happened to pass, but was not testing the
failure case it intended to test.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 14:59:44 +01:00
Ronald Cron eaacabf98d
Merge pull request #4392 from gilles-peskine-arm/psa-storage-format-test-lifetimes
Backport 2.x: PSA storage format: test lifetimes
2021-06-23 15:22:24 +02:00
Gilles Peskine 76dec15d54 Move the inclusion of crypto_spe.h to psa/crypto_platform.h
This makes it easier to ensure that crypto_spe.h is included everywhere it
needs to be, and that it's included early enough to do its job (it must be
included before any mention of psa_xxx() functions with external linkage,
because it defines macros to rename these functions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Gilles Peskine 99a3462785 In the SPM test build, fail if a symbol wasn't renamed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Gilles Peskine 984c19f553 Do a test build with MBEDTLS_PSA_CRYPTO_SPM
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Gilles Peskine d28f293bb0 Import crypto_spe.h from TF-M
https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/plain/secure_fw/partitions/crypto/crypto_spe.h?h=refs/heads/master

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 14:45:17 +02:00
Janos Follath 53d1cf8e2b
Merge pull request #4644 from gilles-peskine-arm/mpi_montmul-null-2.x
Backport 2.x: Fix several bugs with the value 0 in bignum
2021-06-23 13:40:05 +01:00
Gilles Peskine 478ac0bcc1
Merge pull request #4704 from mpg/issue-3990-fix_psa_verify_with_alt-2.x
[Backport 2.x] Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:42 +02:00
Manuel Pégourié-Gonnard 727e1f17dd Mention that mbedtls_rsa_init can set hash_id too
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-23 10:35:55 +02:00
Gilles Peskine df51a13c54
Merge pull request #4394 from gilles-peskine-arm/travis-windows-no-generate-2.x
2.2x only: No longer generate psa_constant_names_generated.c on Windows on Travis
2021-06-22 18:53:58 +02:00
Gilles Peskine 11bd2ac3da
Merge pull request #4705 from ronald-cron-arm/3258_implement_one-shot_MAC_2.x
Backport 2.x: Implement one-shot mac in PSA
2021-06-22 18:53:34 +02:00
Ronald Cron f38646151e Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron 54488c4abc psa: mac: Add driver dispatch tests for psa_mac_verify
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron 4ed836883e psa: mac: Add driver delegation support for psa_mac_verify()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron ef0d8f17f8 psa: mac: Introduce psa_mac_compute_internal
Introduce psa_mac_compute_internal with an
additional `is_sign` parameter compared to
the psa_mac_compute API. The intent is to
call psa_mac_compute_internal() from
psa_mac_verify() as well to compute the
message MAC.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron 93dcd5963f psa: mac: Add driver dispatch tests for psa_mac_compute
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron 882eb780fb psa: mac: Improve MAC finalization code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron dbb8646c2c psa: mac: Add driver delegation support for psa_mac_compute()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron bfdfaa676c psa: mac: Add MAC compute builtin implementation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron def68e722a psa: mac: Improve implementation of psa_mac_finalize_alg_and_key_validation()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron 1c650a1a37 psa: mac: Split psa_mac_setup()
Split out of psa_mac_setup() the final checks on
the requested algorithm and the key attributes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
Ronald Cron 48f875e809 psa: mac: Re-organize psa_mac_setup() internal function
Re-organize psa_mac_setup() to prepare the move
to a dedicated function of the additional checks
on the algorithm and the key attributes done by
this function. We want to move those checks in
a dedicated function to be able to do them
without duplicating them in psa_mac_compute().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
gabor-mezei-arm a93e423739 Add test for one-shot MAC functions
Tests for psa_mac_compute and psa_mac_verify functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-06-22 13:43:13 +02:00
gabor-mezei-arm a00616fc6b Implement one-shot MAC functions
Implement one-shot MAC APIs, psa_mac_compute and psa_mac_verify, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-22 13:43:13 +02:00
Janos Follath 03daae6894 Improve psa_rsa_decode_md_type()
Remove a case that cannot be triggered as PSA_ALG_SIGN_GET_HASH always
returns 0 for raw algorithms.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:05 +02:00
Janos Follath 0e89dafbab Add ChangeLog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:05 +02:00
Janos Follath 02becd90a6 Fix exercise key test
Hash and sign algorithms require the alignment of the input length with
the hash length at verification as well not just when signing.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:04 +02:00
Janos Follath 3af7e8fe3a Fix verify_hash tests for PSA RSA PSS
The psa_verify_hash() is the pre-hashed version of the API and supposed
to work on hashes generated by the user. There were tests passing that
were getting "hashes" of sizes different from the expected.

Transform these into properly failing tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:04 +02:00
Janos Follath b23b5745b5 PSA RSA PSS: pass pre-hash algorithm to Mbed TLS
PSA Crypto always passed MBEDTLS_MD_NONE to Mbed TLS, which worked well
as Mbed TLS does not use this parameter for anything beyond determining
the input lengths.

Some alternative implementations however check the consistency of the
algorithm used for pre-hash and for other uses in verification (verify
operation and mask generation) and fail if they don't match. This makes
all such verifications fail.

Furthermore, the PSA Crypto API mandates that the pre-hash and internal
uses are aligned as well.

Fixes #3990.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-22 12:57:00 +02:00