Commit graph

3460 commits

Author SHA1 Message Date
Adrian L. Shaw c207ba376e Added missing return codes to psa_aead_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 96f31ada18 Add missing return codes to psa_asymmetric_decrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw f961d5c9e6 Add missing return codes to psa_asymmetric_encrypt 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 53d90c5199 Only return PSA_ERROR_DOES_NOT_EXIST from psa_open_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 9770d0e0f8 Add PSA_ERROR_STORAGE_FAILURE to psa_mac_verify_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 2409ba0429 Added PSA_ERROR_STORAGE_FAILURE to psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 7563ed17ab Remove PSA_ERROR_DOES_NOT_EXIST from psa_mac_sign_setup 2019-09-04 11:30:17 +01:00
Adrian L. Shaw d5ae06b1e3 Add PSA_ERROR_BUFFER_TOO_SMALL to psa_mac_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw dec47b6f9d Added the possibility of PSA_ERROR_BAD_STATE to all functions 2019-09-04 11:30:17 +01:00
Adrian L. Shaw fa591c44af Added PSA_ERROR_STORAGE_FAILURE to psa_mac_compute
In case the key could not be retrieved from
storage.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw f7d852a9d5 Added PSA_ERROR_BUFFER_TOO_SMALL to psa_hash_compute 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 60b0320af0 Add PSA_ERROR_STORAGE_FAILURE to psa_copy_key 2019-09-04 11:30:17 +01:00
Adrian L. Shaw 398b3c27e0 Add PSA_ERROR_STORAGE_FAILURE to psa_export_public_key
The same reason that it is included in psa_export_key
2019-09-04 11:30:17 +01:00
Adrian L. Shaw e926e7370f Removed PSA_DOES_NOT_EXIST from psa_export_public_key
The implementation should return PSA_ERROR_INVALID_HANDLE instead.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 88c51adfc0 Added PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_public_key
For the same reasons that psa_export_key can fail with this error
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 742084ea25 Removed PSA_ERROR_DOES_NOT_EXIST from psa_export_key
If the key doesn't exist by the time this call is made
then the handle is invalid,
which means that PSA_ERROR_INVALID_HANDLE should be
returned rather than "does not exist"
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 0542d595ce Add PSA_ERROR_INSUFFICIENT_MEMORY to psa_export_key
It may be possible that the implementation runs out of
memory when exporting a key from storage or a secure
element. For example, it may not be possible to directly
move the data from storage to the caller, so the implementation
will have to buffer the material temporarily (an issue if dynamic
memory allocation scheme is used). For a large key
this is more likely to return.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 89b7152ed0 Added PSA_ERROR_STORAGE_FAILURE to psa_export_key
It may be possible that an implementation does not
fetch key material until a command like
this is called and such an error may occur if an
off-chip secure storage dependency may have been wiped.
2019-09-04 11:30:17 +01:00
Adrian L. Shaw 29b64073af Added missing return codes to get_key_attributes
Note that PSA_ERROR_NOT_PERMITTED is not included
because I can't think of a scenario where you have
a valid key handle but aren't allowed to read the
attributes
2019-09-04 11:30:17 +01:00
Jaeden Amero 5656623d9e
Merge pull request #240 from Ko-/development
Enable 64-bit bignum limbs and add optimized multiplication for Aarch64
2019-09-04 11:11:51 +01:00
Jaeden Amero f66e7ea7f3
Merge pull request #178 from mpg/sha512-smaller
New config.h option to make SHA-512 smaller
2019-09-04 10:19:28 +01:00
Ko- cb260bb30d Fix -O0 build for Aarch64 bignum multiplication. 2019-09-02 13:44:57 +02:00
Ko- 05cff953c9 Make GNUC-compatible compilers use the right mbedtls_t_udbl again on Aarch64 builds. 2019-09-02 13:44:57 +02:00
Ko- cc1871e674 Add optimized bignum multiplication for Aarch64.
x0-x3 are skipped such that function parameters to not have to be moved.
MULADDC_INIT and MULADDC_STOP are mostly empty because it is more
efficient to keep everything in registers (and that should easily be
possible). I considered a MULADDC_HUIT implementation, but could not
think of something that would be more efficient than basically 8
consecutive MULADDC_CORE. You could combine the loads and stores, but
it's probably more efficient to interleave them with arithmetic,
depending on the specific microarchitecture. NEON allows to do a
64x64->128 bit multiplication (and optional accumulation) in one
instruction, but is not great at handling carries.
2019-09-02 13:44:57 +02:00
Ko- 03d2daf55c Enable 64-bit limbs for all Aarch64 builds.
GCC and Clang do not define __ARMCC_VERSION when building for Aarch64.
Yet they should also use 64-bit limbs for Aarch64 builds.
2019-09-02 13:44:57 +02:00
Jaeden Amero f0716542c4
Merge pull request #140 from yanesca/everest_integration
Everest integration
2019-08-29 16:02:49 +01:00
Jaeden Amero 98d5685b70
Merge pull request #232 from Patater/psa-crypto-api-1.0b3
Make fixes related to using Mbed Crypto as a service
2019-08-29 13:50:10 +01:00
Jaeden Amero 21db2a94a4
Merge pull request #229 from k-stachowiak/IOTCRYPT-791-remove-legacy-psa-key-derivation
Remove legacy psa key derivation
2019-08-29 11:31:23 +01:00
Jaeden Amero 6fa62a5b8f psa: Use application key ID where necessary
Avoid compiler errors when MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
is set by using the application ID type.

    [Error] psa_crypto_slot_management.c@175,9: used type 'psa_key_id_t' (aka 'psa_key_file_id_t') where arithmetic or pointer type is required
2019-08-28 17:24:27 +01:00
Jaeden Amero e3cdf284b2 psa: Adapt set_key_id() for when owner is included 2019-08-28 17:24:27 +01:00
Jaeden Amero 39f03fcf1a psa: Add PSA_KEY_ID_INIT
A macro useful for initializing psa_key_id_t, whether
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER is set or not. Without this
macro, it is necessary to know if
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER as with it the key ID is
non-scalar and needs to be initialized with {0, 0}, and 0 otherwise when
key ID is scalar.
2019-08-28 17:24:27 +01:00
Jaeden Amero f89cc69660 psa: Don't duplicate policy initializer
Use the PSA_KEY_POLICY_INIT macro in the definition of
PSA_CORE_KEY_ATTRIBUTES_INIT in order to avoid duplicating the key
policy initializer.
2019-08-28 17:24:27 +01:00
Jaeden Amero c7529c910b crypto_extra: Use const seed for entropy injection
The crypto.c implementation of psa_inject_entropy() didn't match the
declaration in crypto_extra.h. Use a const seed in both files.
2019-08-28 17:24:27 +01:00
Andrew Thoelke 8824daec6f Editorial fixes. 2019-08-22 15:52:32 +01:00
Andrew Thoelke 3c2b80377b Cross reference 'key handles' from INVALID_HANDLE 2019-08-22 15:52:32 +01:00
Andrew Thoelke 07f16b78ff Update documentation for psa_destroy_key
Define the affect on handles to the key and on active multipart 
operations.
2019-08-22 15:52:32 +01:00
Andrew Thoelke 3daba812d7 Update documentation for psa_close_key
Adjust the wording to permit multiple handles to a single key - closing
a handle does not necessarily release volatile memory associated with
the key, that only occurs when the last handle is closed.
2019-08-22 15:52:32 +01:00
Andrew Thoelke 9741b11440 Update psa_open_key documentation
- Describe the implementation defined behavior for opening multiple 
keys, and provide a reference to the relevant section.

- Describe the use of INSUFFICENT_MEMORY error to indicate additional 
implementation resource constaints.

- Clarify the distinction between DOES_NOT_EXIST and INVALID_HANDLE 
error conditions.
2019-08-22 15:52:32 +01:00
Andrew Thoelke 203491c65d Remove duplicated information in psa_open_key
The information about implmementation keys is duplicated.
2019-08-22 15:52:31 +01:00
Jaeden Amero 8013f44e1a Make crypto_struct C++ compatible
Avoid an error with differing linkages being expressed for
psa_set_key_domain_parameters() between crypto_extra.h and
crypto_struct.h in C++ builds.

    [Error] crypto_extra.h@456,14: conflicting declaration of 'psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t*, psa_key_type_t, const uint8_t *, size_t)' with 'C' linkage
2019-08-21 12:24:40 +01:00
Jaeden Amero b090d5dc2a
Merge pull request #231 from dgreen-arm/api-to-development
Merge psa api branch into development
2019-08-21 11:50:57 +01:00
Darryl Green 572a16e694 Merge branch 'psa-api-1.0-beta' into api-to-development 2019-08-21 10:31:12 +01:00
Unknown e2e19959d7 Rename AEAD macro to not use double underscores
This pattern (identifiers containing a double underscore anywhere in them)
is reserved.
2019-08-21 03:33:04 -04:00
Christoph M. Wintersteiger 19d5c80c33 3rdparty: Added config checks for Everest 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 737df0c755 Fix file permissions 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger ef17e3b59c ECDSA: Fix formatting 2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 5833de7ab2 3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2019-08-19 13:37:46 +01:00
Gilles Peskine d2085f5a17 Document that curve lists can include partially-supported curves
Document that a curve returned by mbedtls_ecp_curve_list() or
mbedtls_ecp_grp_id_list() may lack support for ECDH or ECDSA.

Add a corresponding changelog entry, under "API Changes" because we
have changed the behavior: formerly, these functions skipped ECDH-only
curves, although this was not documented.
2019-08-19 13:37:46 +01:00
Gilles Peskine 20b3ef3cad Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-19 13:37:46 +01:00
Christoph M. Wintersteiger 6ea2dea1c5 3rdparty: Add additional build facilities for 3rd-party code 2019-08-19 13:37:46 +01:00