Commit graph

13861 commits

Author SHA1 Message Date
John Durkop 76228acfb9 Fix typo in define in comment
This fixes error in check-names.sh test.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-29 22:33:49 -07:00
John Durkop 714e3a1318 Minor cleanup to fix errors with some unit tests
With the new feature MBEDTLS_PSA_CRYPTO_CONFIG, needed to
add support that when the feature is disabled, if there
are defines like MBEDTLS_ECDSA_C defined, then the PSA_WANT_
equivalent define is also enabled. This ensures the guards in
the library psa_crypto will work properly.

Also fixed an error return code in the driver wrapper for cipher
encrypt setup so it will properly pass unit tests.

Ensured config.py full works properly with the new
MBEDTLS_PSA_CRYPTO_CONFIG, it should not be set when the full
option is used.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-29 22:07:04 -07:00
John Durkop 736eb1de47 Update to VS project file for PSA crypto config
The new header files to support PSA crypto config needed to be
added to the VS project file.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 21:11:10 -07:00
John Durkop 39e09672a3 Update version_features for new PSA crypto config
The version features library needed updating to support the new
MBEDTLS_PSA_CRYPTO_CONFIG definition.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 21:09:25 -07:00
John Durkop 2542c21ba8 Add MBEDTLS_PSA_CRYPTO_CONFIG to test program
Since the recent changes required the addition of a new definition
in mbedtls/config.h, we also need to update query_config.c to account
for the new MBEDTLS_PSA_CRYPTO_CONFIG setting.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 21:06:35 -07:00
John Durkop 2dfaf9ca23 Update how MBEDTLS_PSA_CRYPTO_CONFIG is handled
Originally, MBEDTLS_PSA_CRYPTO_CONFIG was being used to allow
inclusion of mbedlts/config_psa.h, but that needed to be updated
so that mbedtls/config_psa.h is always included and the definitions
specific to PSA configuration are now guarded by
MBEDTLS_PSA_CRYPTO_CONFIG. This will allow for the standard setup
to continue working while new PSA configuration items to also work.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 05:01:17 -07:00
John Durkop d8959390c5 Add ECDSA support to PSA crypto configuration
Initial changes to PSA crypto core to support configuration
of ECDSA algorithm using PSA crypto configuration mechanism.
Guards using MBEDTLS_ECDSA_C and MBEDTLS_ECDSA_DETERMINISTIC have
been changed to be based off PSA_WANT_ALG_ECDSA and
PSA_WANT_ALG_ECDSA_DETERMINISTIC. Added new tests to all.sh to
confirm new settings are working properly. Current code does not
pass the tests since built in signature verification is not in place.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 05:01:17 -07:00
John Durkop 7758c858ae Update requires for MBEDTLS_PSA_CRYPTO_DRIVERS
In order to test various PSA crypto settings the Requires section
needed updating to require MBEDTLS_PSA_CRYPTO_C or
MBEDTLS_PSA_CRYPTO_CONFIG.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 05:01:17 -07:00
John Durkop 6e33dbe9fd Created infrastructure for MBEDTLS_PSA_CRYPTO_CONFIG
In order to prepare for PSA cryptographic mechanism for conditional
inclusion of various modules, there needs to be some updates to
the mbedtls configuration to enable that feature to work. This initial
set of changes just lays the ground work and future changes will
implement the functional features.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-09-24 05:01:17 -07:00
Gilles Peskine 9b33eb3284
Merge pull request #3705 from ctron/feature/fix_return_code_1
Fix return code expression in pkparse
2020-09-22 18:51:49 +02:00
Jens Reimann 9ad4a33a54 fix return code
Signed-off-by: Jens Reimann <jreimann@redhat.com>
2020-09-22 11:57:16 +02:00
Gilles Peskine 5cb54f7b27
Merge pull request #3542 from gilles-peskine-arm/psa-unified-driver-specs-20200807
PSA unified driver specification: minor updates
2020-09-18 22:53:46 +02:00
Gilles Peskine 1d9c11081a
Merge pull request #3667 from Jongy/fix-docs
Fix docs to desribe written-into buffer parameter as writable
2020-09-17 00:02:08 +02:00
Janos Follath 2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1
TLS 1.3: Add HKDF-based key derivation functionality
2020-09-16 11:40:06 +01:00
Hanno Becker 531fe3054c Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-16 09:50:17 +01:00
Hanno Becker 61baae7c9f Minor fixes and improvements in TLS 1.3 key schedule documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-16 09:47:47 +01:00
Gilles Peskine dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Gilles Peskine 7107e661b8
Merge pull request #3644 from stevew817/feature/transparent_multipart_driver
Add multipart cipher accelerator support and test driver
2020-09-15 09:51:24 +02:00
Ronald Cron 7424f0d998 psa: Move key identifier related macros and functions
Move key identifier related macros and functions from
crypto_types.h to crypto_values.h as the latter is
the intended file to put them in.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron cb54610e97 Set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in baremetal configuration
No obvious reason to not enable owner identifier encoding
in baremetal as multi-client support is expected to be needed
for some embedded platforms. Thus enable it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron 9a2511e78f Fix key owner identifier documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron 5eba579c6c Remove unnecessary inline definition
Define inline for some compiling environment only
in crypto_platform.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:48:15 +02:00
Steven Cooreman 6d81f7e119 Final feedback from @ronald-cron-arm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman ef8575e1bf Apply review feedback
* Reworked the cipher context once again to be more robustly defined
* Removed redundant memset
* Unified behaviour on failure between driver and software in cipher_finish
* Cipher test driver setup function now also returns early when its status
  is overridden, like the other test driver functions
* Removed redundant test cases
* Added bad-order checking to verify the driver doesn't get called where
  the spec says it won't.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman 89e54f2edc Add mock and negative testing to cipher driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman a07b9970c6 Update semantics around driver context use in psa_cipher_setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:39 +02:00
Steven Cooreman eca33c60f8 Add testing of fallback to cipher operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman fe0ab55c61 Implement one-shot cipher in test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman e55f3e8de4 Make sure to not call mbedtls_cipher_free on an uninitialised context
As pointed out by Gilles

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman b5e52f2e31 Remove superfluous call in PSA cipher setup
As pointed out by Ronald. The key slot is populated using
get_key_from_slot, and after calling the driver the slot is
validated to not contain an external key, so calling
get_transparent_key is superfluous.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman 16afd3d9b4 Unify cipher setup function inside test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman 7df0292f5a Check & set operation flags for both driver and software in the core
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:30 +02:00
Steven Cooreman cfeea8fa1e Unify driver context struct handling
Added zeroization of the wrapper context on failure/abort, and reliance on
the crypto core to not call an uninitialised wrapper.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:32:50 +02:00
Steven Cooreman 150c99b884 Simplify cipher setup wrapper body
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:32:50 +02:00
Steven Cooreman fb81aa5889 Only pass the driver-relevant portion of the context struct
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 5240e8b519 Style and language fixes from review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman acb5a100a7 Structify cipher test driver hook variables
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 435beeaef3 Add new files to IDE project
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman a32193fae8 Add changelog entry
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman d53c1bf6f2 Exercise the AES-CTR multipart driver and check it gets called
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 8b12225717 Add a working implementation of a multipart AES-CTR test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 3ec4018e2b Update license texts
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:57 +02:00
Steven Cooreman d3feccd3a5 Restructure cipher context object to contain driver switch
Once an operation has been 'accepted' by a driver, the remainder is bound
to the same driver, since driver-specific context structs cannot be shared.
This provides a pretty good gate mechanism for the fallback logic, too.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:52 +02:00
Steven Cooreman 37941cb5e1 Add initial pass on a multi-part test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:30:14 +02:00
Gilles Peskine b1d3f2779b
Merge pull request #3480 from stevew817/feature/aes-ecb
Added support for AES-ECB to the PSA Crypto implementation
2020-09-14 14:45:14 +02:00
Gilles Peskine a0a210fc1b
Merge pull request #3628 from gilles-peskine-arm/psa-conditional-inclusion-c-proposal
Pure C configuration of PSA crypto mechanisms
2020-09-12 00:33:08 +02:00
Yonatan Goldschmidt 6e2af094b0 Fix docs to desribe written-into buffer parameter as writable
Signed-off-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
2020-09-12 01:24:45 +03:00
Gilles Peskine 2a739c41bd
Merge pull request #3569 from cm6n/fix_mbedtlssslsetbio_description
Fix typo in mbedtls_ssl_set_bio description.
2020-09-11 21:17:37 +02:00
Janos Follath 963c9e41e8
Merge pull request #3588 from guidovranken/fix-clang12-Wstring-concatenation
Prevent triggering Clang 12 -Wstring-concatenation warning
2020-09-11 15:27:52 +01:00
Gilles Peskine a75a06bde6
Merge pull request #3630 from mpg/rm-useless-cast-x509
x509.c: Remove one unnecessary cast
2020-09-10 22:01:52 +02:00