Hanno Becker
826987f26c
Merge branch 'iotssl-2574-pk-opaque-tls_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:47:21 +00:00
Hanno Becker
7fde035ddc
Merge branch 'iotssl-2580-pk-opaque-psa_CRYPTO' into feature-psa-tls-integration-proposed
2018-11-23 15:47:20 +00:00
Jaeden Amero
dc5f950e25
Merge pull request #223 from ARMmbed/dev/Patater/fix-unused-mac_setup
...
psa: Unused key_bits is OK
2018-11-23 15:35:43 +00:00
Jaeden Amero
82df32e3fd
psa: Unused key_bits is OK
...
When MD or CMAC are disabled, let the compiler know that it is OK that
`key_bits` is set but not used by casting `key_bits` to `(void)`.
2018-11-23 15:20:56 +00:00
Jaeden Amero
565e0bf49d
Merge pull request #212 from ARMmbed/psa-integration-utilities_CRYPTO
...
Mbed TLS integration: Shared code between module-specific integration work
2018-11-23 09:00:22 +00:00
Gilles Peskine
30b4641011
Merge pull request #219 from ARMmbed/enable_entropy_injection
...
always compile mbedtls_psa_inject_entropy (#219 )
2018-11-22 17:50:54 +01:00
Netanel Gonen
596e65e1a5
Fix indentation
2018-11-22 18:41:43 +02:00
Manuel Pégourié-Gonnard
f83d31260d
Implement key_opaque option to ssl_client2
2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard
ca906fb8b9
Add option key_opaque to ssl_client2 (skeleton)
...
This is just the plumbing for the option itself, implementation of the option
will be the next commit.
2018-11-22 16:41:07 +00:00
Manuel Pégourié-Gonnard
e31411a814
Fix test that wasn't actually effective
...
psa_destroy_key() returns success even if the slot is empty.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
72d94be0de
Improve description of a test
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
2614562212
Add test utility function: wrap_as_opaque()
...
The new function is not tested here, but will be in a subsequent PR.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
29a1325b0d
Guard against PSA generating invalid signature
...
The goal is not to double-check everything PSA does, but to ensure that it
anything goes wrong, we fail cleanly rather than by overwriting a buffer.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f4427678ae
Use shared function for error translation
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1e48ebd306
Fix a compliance issue in signature encoding
...
The issue is not present in the normal path because asn1write_mpi() does it
automatically, but we're not using that here...
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
615530728f
Improve documentation of an internal function
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
f127e6080e
Get rid of large stack buffers in PSA sign wrapper
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
fe8607350c
Add new macro to detemine ECDSA signature length
...
Revived from a previous PR by Gilles, see:
https://github.com/ARMmbed/mbedtls/pull/1293/files#diff-568ef321d275f2035b8b26a70ee9af0bR71
This will be useful in eliminating temporary stack buffers for transcoding the
signature: in order to do that in place we need to be able to make assumptions
about the size of the output buffer, which this macro will provide. (See next
commit.)
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
35a7ff9366
Improve documentation of mbedtls_pk_setup_opaque()
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
276cb64e6c
Align names to use "opaque" only everywhere
...
It's better for names in the API to describe the "what" (opaque keys) rather
than the "how" (using PSA), at least since we don't intend to have multiple
function doing the same "what" in different ways in the foreseeable future.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
7d51255ca7
Implement pk_sign() for opaque ECDSA keys
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
99af2f0dd1
Add tests for unsupported operations/functions
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
07b103fe07
Implement can_do for opaque ECC keypairs
...
Unfortunately the can_do wrapper does not receive the key context as an
argument, so it cannot check psa_get_key_information(). Later we might want to
change our internal structures to fix this, but for now we'll just restrict
opaque PSA keys to be ECDSA keypairs, as this is the only thing we need for
now. It also simplifies testing a bit (no need to test each key type).
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
683632b78e
Add support for get_(bit)len on opaque keys
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
06c631859c
Add key generation to opaque test function
...
While at it, clarify who's responsible for destroying the underlying key. That
can't be us because some keys cannot be destroyed and we wouldn't know. So
let's leave that up to the caller.
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
274f521b9a
Implement alloc/free wrappers for pk_opaque_psa
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
3bc2029a33
Clarify return value of pk_check_pair()
2018-11-22 16:39:39 +00:00
Manuel Pégourié-Gonnard
1ecf92c364
Skeleton for PK_OPAQUE_PSA
2018-11-22 16:39:39 +00:00
Hanno Becker
12bd57b8c8
Refer to PSA through MBEDTLS_USE_PSA_CRYPTO, not USE_PSA, in all.sh
2018-11-22 16:27:57 +00:00
Hanno Becker
fc359fd837
Remove double white space
2018-11-22 16:27:57 +00:00
Hanno Becker
47a6291445
Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h
...
This is still an artifact from when psa_util.h was called psa_compat.h.
2018-11-22 16:27:57 +00:00
Hanno Becker
56a78dd4ad
State explicitly that any API depending on PSA is unstable
2018-11-22 16:27:57 +00:00
Hanno Becker
77030426a0
Update VisualC files
2018-11-22 16:27:57 +00:00
Hanno Becker
4d9e1e0ac4
Improve documentation of mbedtls_psa_err_translate_pk()
2018-11-22 16:27:57 +00:00
Hanno Becker
dec64735e2
Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode()
...
In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.
This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.
2018-11-22 16:27:57 +00:00
Hanno Becker
14f78b03bb
Add function to translate PSA errors to PK module errors
2018-11-22 16:27:57 +00:00
Hanno Becker
639a4320ca
Fix Doxygen annotation in psa_util.h
2018-11-22 16:27:57 +00:00
Hanno Becker
06b6f34e9f
Initialize PSA Crypto implementation in ssl_server2
2018-11-22 16:27:57 +00:00
Hanno Becker
50955d1c18
Initialize PSA Crypto implementation in ssl_client2.c
2018-11-22 16:27:56 +00:00
Hanno Becker
eba9993171
Initialize PSA Crypto implementation at the start of each test suite
2018-11-22 16:27:56 +00:00
Hanno Becker
5f48818712
Make PSA utility functions static inline
...
Compilers warn about unused static functions.
2018-11-22 16:27:56 +00:00
Hanno Becker
28b9d35904
Add PSA-to-Mbed TLS translations for cipher module
2018-11-22 16:27:56 +00:00
Hanno Becker
560aeaf26b
Add internal header for PSA utility functions
...
This commit adds the header file mbedtls/psa_util.h which contains
static utility functions `mbedtls_psa_xxx()` used in the integration
of PSA Crypto into Mbed TLS.
Warning: These functions are internal only and may change at any time.
2018-11-22 16:27:56 +00:00
Manuel Pégourié-Gonnard
dde4442581
Add build using PSA to all.sh
2018-11-22 16:27:52 +00:00
Manuel Pégourié-Gonnard
26fd730876
Add config option for X.509/TLS to use PSA
2018-11-22 16:25:36 +00:00
Gilles Peskine
0cfaed1858
fix doxigen issue
...
Co-Authored-By: netanelgonen <netanel.gonen@arm.com>
2018-11-22 17:35:11 +02:00
Netanel Gonen
1d7195f715
always compile mbedtls_psa_inject_entropy
...
In case of dual core this function header must be enable for calling the
SPM entropy inject function without any use of NV_SEED
2018-11-22 16:39:07 +02:00
Gilles Peskine
a678f233a7
Merge pull request #197 from netanelgonen/entropy-inject
...
Add entropy inject API (#197 )
2018-11-21 19:21:05 +01:00
avolinski
0d2c266c06
change MBEDTLS_RANDOM_SEED_ITS define to be PSA_CRYPTO_ITS_RANDOM_SEED_UID
2018-11-21 17:31:07 +02:00
avolinski
1c66205df6
Remove trailing space in psa_crypto.c
2018-11-21 16:54:09 +02:00