Commit graph

4336 commits

Author SHA1 Message Date
Bence Szépkúti 30f91a4bca Mark AEAD compatibility macros as deprecated
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti 670df7a41d Rename AEAD output size macros in crypto_compat.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti 8810fd3250 Copy AEAD output size macros to crypto_compat.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Manuel Pégourié-Gonnard 93c0847914 Revert "Remove deprecated things from hashing modules"
This reverts commit c75d9f589b.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:28:15 +02:00
Manuel Pégourié-Gonnard c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
Chris Jones defe10df52 Add compatibility macro for the inline keyword in error.h
MSVC is not fully compliant with C99 where the 'inline' keyword is defined.
Add a macro to define an alternative for non-compliant compilers.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones ef01852d65 Add missing guard to mbedtls_test_hook_error_add
Add a missing guard for the definition and declaration of
mbedtls_test_hook_error_add.

Also make the declaration always visible when MBEDTLS_TEST_HOOKS is
enabled. This fixes an issue when MBEDTLS_ERROR_C is not defined but
MBEDTLS_TEST_HOOKS is.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones abded0ed39 Improve and fix documentation for error code combination
Improve documentation by:

- Fixing off by one errors in binary representations of error codes.
- Clarifying combinations of zero.
- Linking references to variables/macros via doxygen.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones b7d02e0f15 Fix misc issues with unused parameters and check-names.sh
Fix unused parameter warnings when MBEDTLS_TEST_HOOKS is not enabled.

A few issues were caught by check-names.sh namely:

- mbedtls_error_add was not capitalised.
- mbedtls_test_hook_error_add was being defined multiple times as the
  definition was in a header.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:26:59 +01:00
Chris Jones 7439209bcc Rewrite error addition interface
The previous implementation of the error addition interface did not comply
with the invasive testing architecture guidelines. This commit fixes that
by:

- Renaming functions/macros/variables to follow the mbedtls_error_xxx or
  mbedtls_test_hook_xxx convention.

- Making mbedtls_test_hook_error_add a global variable that can be set
  by the testing code.

- Using a static inline function call, as opposed to macro, to keep
  discrepancies between debug and production version to a minimum.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:24:25 +01:00
Chris Jones 759e30bdb0 Add MBEDTLS_ERROR_C dependency to invasive error code testing
Fix builds where `MBEDTLS_ERROR_C` is not defined but `MBEDTLS_TEST_HOOKS`
is defined. This was previously causing undefined reference errors in
these builds.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones b179b84335 Change set_err_add_hook void pointer to actual function pointer signature
Change the signature of the `hook` parameter of `mbedtls_set_err_add_hook`
to use the actual signature of the function as opposed to `void *`. This
fixes a warning when compiling with clang `-pedantic`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones d86ad60aa5 Change mbedtls_set_err_add_hook to use doxygen style comment
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones ef180af350 Move MBEDTLS_ERR_ADD macro and functions to error.*
`error.c` and  error.h are the more logical place to keep this code and it
prevents issues with building `common.c` and conflicts with other projects
that use mbedtls (such as mbedOS).

`error.c` has been automatically generated by first adding the code to
`error.fmt` and then running `./scripts/generate_errors.pl`.

Also add parenthesis to the addition in `MBEDTLS_ERR_ADD`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones 5e8805afeb Move MBEDTLS_ERR_ADD macro and function to common.*
`error.c` is a file generated from `error.h` and thus cannot contain the code
that was previously added. This commit fixes that issue by moving the
`MBEDTLS_ERR_ADD` macro and associated function and function pointer into
`common.h` and `common.c`.

Also fix a typo in `tests/include/test/helpers.h` where tabs were accidentally
used instead of spaces.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones 96ae73b0ea Add macro for error code addition
Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the
result will not be corrupted. This additional check is only enabled during
testing when `MBEDTLS_TEST_HOOKS` is defined.

Also includes a reference usage example in `rsa.c` where two high-level error
codes could be incorrectly added together under the right conditions. This now
ensures that when this error occurs during testing it will be correctly
reported.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:12:02 +01:00
TRodziewicz c75d9f589b Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 11:38:37 +02:00
Bence Szépkúti 3b1cba82c8 Fix reference to deprecated macro in documentation
The reference was introduced in #4174.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-08 16:10:05 +02:00
Ronald Cron df2e4f22a8
Merge pull request #4290 from ronald-cron-arm/hash-dispatch-follow-up
Hash dispatch follow up
2021-04-08 09:13:19 +02:00
Gilles Peskine b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Gilles Peskine 7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
Ronald Cron 980230e965 psa: include: Update and improve multipart-op struct design notes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron dd3b539573 psa: include: Clarify scope of crypto_builtin/driver_contexts.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron 06c84ca5f8 psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:30 +02:00
Ronald Cron e31fd11ab3 psa: include: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 15:59:57 +02:00
Ronald Cron d3b458c452 tests: psa: Fix expected error code
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:54:50 +02:00
Ronald Cron 48ffe622f9
Merge pull request #4215 from paul-elliott-arm/remove_fallthrough
Remove deliberate fallthrough
2021-03-30 16:40:24 +02:00
Gilles Peskine e5fde54337 Remove incorrect definitions of the dom2() and dom4() prefixes
Implementers and users would have to refer to the RFC for the detailed
specification of the algorithm anyway.

Keep a mention of the curves and hashes involved for avoidance of doubt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 15:08:10 +02:00
Gilles Peskine a00abc6b65 Consistently describe Ed25519 as a 255-bit curve
The coordinates are over $F_{2^{255}-19}$, so by the general
definition of the bit size associated with the curve in the
specification, the value for size attribute of keys is 255.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 7e54a29bea Express DES key sizes in bits
The size attribute of a key is expressed in bits, so use bits in the
documentation. (The documentation of psa_export_key() describes the
export format, so it counts in bytes.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 6a427bf306 Document the general definition of bit sizes for asymmetric keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 27354690cb Use a bit-size in the algorithm name
Call it “SHAKE256-512”, just like SHA3-512 has 512 bits of output.
SHAKE256-64 looks like it's 64 bits of output, but this is 64 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine da7305e472 Avoid collision with SM3 in API specification 1.0.1
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine b13ead816c Make the hash-and-sign nature of Ed25519ph and Ed448ph explicit
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine e36f8aa1b0 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 7962284f78 Mention psa_hash_compute in the documentation of psa_{sign,verify}_hash
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 3a1101a122 Define algorithms for EdDSA
Define algorithms for PureEdDSA and for HashEdDSA, the EdDSA variants
defined by RFC 8032.

The encoding for HashEdDSA needs to encode the hash algorithm so that
the hash can be calculated by passing PSA_ALG_SIGN_GET_HASH(sig_alg)
to psa_hash_compute() or psa_hash_setup(). As a consequence,
Ed25519ph (using SHA-512) and Ed448ph (using SHAKE256) need to have
different algorithm encodings (the key is enough to tell them apart,
but it is not known while hashing). Another consequence is that the
API needs to recognize the Ed448 prehash (64 bytes of SHAKE256 output)
as a hash algorithm.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 67546802fe New elliptic curve family: twisted Edwards
Add an elliptic curve family for the twisted Edwards curves
Edwards25519 and Edwards448 ("Goldilocks"). As with Montgomery curves,
since these are the only two curves in common use, the family has a
generic name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine 6d40085177 Don't duplicate the definition of PSA_ALG_IS_HASH_AND_SIGN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Ronald Cron 5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron 6ad554cb83 psa: cipher: Prefer length rather than size for IV/block length
Prefer length rather than size for IV/block length as
per the PSA specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron 02d68b2b8e psa: cipher: Fix comment type
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron 9198e8c259 psa: driver contexts: Fix include order and wrapping
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron 5d9b00dddb psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:07 +01:00
Ronald Cron 7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron 06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron d85e98d6f1 psa: config: Add CBC-MAC
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:26 +01:00
Ronald Cron e1f5516025 psa: config: Improve handling of not supported ECC curves
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 16:02:19 +01:00
Ronald Cron b9df5ceb8f psa: config: Fix AEAD/CMAC algorithms and ciphers inter-dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 11:01:21 +01:00
Ronald Cron 3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine 398413024d SECP224K1 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine 8276986c3e Curve448 is not yet supported via the PSA API
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron 63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Ronald Cron da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
David Brown 3298851d05 Fix alignment of PSA defines
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Steven Cooreman f8e45a4e98 Simplify compilation guards around hash driver testing
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Gilles Peskine 01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length
Correct the maximum generated nonce length for CCM
2021-03-16 10:10:41 +01:00
David Brown eed74df1ee Re-order PSA ECC configs
Arrange these to be in alphabetical order.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:53:57 -06:00
David Brown 110ea816ca psa: Fix name of BRAINPOOL configs
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Steven Cooreman 0f8ffa806b Rename and retype hash test driver context structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman a85e2f835e Guard hash test functions as a block
Replicate the way the internal hash functions are guarded

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman 830aff2a98 Restructure the way driver contexts are declared
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:32 +01:00
Dave Rodgman e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Bence Szépkúti 437035bfe3 Fix revert of PSA_AEAD_UPDATE_OUTPUT_SIZE
Both the original change, and its incomplete revert were introduced in
#3386.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 17:58:26 +01:00
Bence Szépkúti 0153c9436b Correct the maximum generated nonce length for CCM
psa_aead_generate_nonce() could generate a nonce of up to 13 bytes,
depending on the inputs to psa_aead_set_lengths().

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-03-11 15:45:17 +01:00
Ronald Cron fc86f3f147
Merge pull request #3386 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size
Add new support macros for output buffer sizes since PSA API 1.0 beta 3
2021-03-11 13:30:42 +01:00
gabor-mezei-arm 5699101ac9
Update PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-11 11:55:03 +01:00
David Brown 9b178deedb Fix typo in PSA ECC curve config option
Fix SEC to SECP as the curve name.  This fixes failing tests that
verified the config option was working.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown 3353f81694 Update psa/crypto_config.h to new names
An earlier commit fixes the names of the PSA_WANT_ECC_ macros.  Update
the crypto_config.h file to match these new names.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:50 -07:00
David Brown c7b9b2b6d6 Update defines for ECC PSA configs
Use the names as described in
`docs/proposed/psa-conditional-inclusion-c.md which use a transform
like: SECP256R1 -> SECP_R1_256.  The CURVE25519 and CURVE448 become
MONTGOMERY_255 and MONTGOMERY_448.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
David Brown 20a8c4305a Define PSA_WANT definitions for all ECC curves
Mirror the default non-PSA configuration by enabling all supported ECC
curves.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
David Brown 8de143e72d Create PSA configs for ECC curves
For each curve defined MBEDTLS_ECP_DP_xxx_ENABLED, we have a
corrsponding PSA config define PSA_WANT_ECC_xxx.  Along with that is a
value MBEDTLS_PSA_ACCEL_ECC_xxx which can be used to allow HW
acceleration of that particular curve.

If the PSA config requests an unaccelerated curve, the corresponding
MBEDTLS_PSA_BUILTIN_ECC_xxx will also be defined.

This commit defines these for all curves currently defined, with the
defines working in either direction, depending on whether
MBEDTLS_PSA_CRYPTO_CONFIG is defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-10 13:19:13 -07:00
Paul Elliott aa5e132df7 Improve include guards for format attribute
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 48438c758a Fix incorrect long long specifier for win64
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott d48d5c6615 Fix size_t and longlong specifiers for MinGW
MinGW and older windows compilers cannot cope with %zu or %lld (there is
a workaround for MinGW, but it involves linking more code, there is no
workaround for Windows compilers prior to 2013). Attempt to work around
this by defining printf specifiers for size_t per platform for the
compilers that cannot use the C99 specifiers.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott abb3af7826 Invert gate on printf attribute
Inverted the logic without thinking.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott f8d733e49a Correct include guard for function __attribute
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 4e589701d8 Declare mbedtls_debug_print_msg as printf-like
We were not getting any warnings on printf format errors, as we do not
explicitly use printf anywhere in the code. Thankfully there is a way
to mark a function as having printf behaviour so that its inputs can be
checked in the same way as printf would be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott 36f539d9b3 Remove deliberate fallthrough
Clang 11 has stopped using the old comment system to mark deliberate
fallthrough, and now demands marking of such with
__attribute(fallthrough). Given not every compiler supports such
attributes and these are the only two deliberate fallthrough cases in
the project at the minute, take the easy route and just remove the
fallthrough.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 16:19:46 +00:00
gabor-mezei-arm 9c3b5077e6
Update PSA_CIPHER_ENCRYPT_OUTPUT_SIZE
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-10 15:57:44 +01:00
Steven Cooreman b1777312da Make the driver context union a defined type
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman dbf8ceda54 Change the way driver context structures are used
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.

This change defines & implements for hashing operations how the context
structures get defined.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman 0e307647e6 Split hashing operations out into an mbedTLS hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Dave Rodgman bfe754947c Bump version to 2.26.0
Executed ./scripts/bump_version.sh --version 2.26.0

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:09:18 +00:00
Gilles Peskine 7ef23bee0e Documentation: fix \p names that diverged from the code
Fix places where Doxygen documentation uses \p to refer to a parameter
name and where the name used did not match the actual parameter name.

I used the following script to detect problematic cases:
```
perl -w -ne 'if (eof) { $. = 0; } if (m!^/\*\*!) { $in_doc = 1; %param = (); %p = (); } if (m!\*/!) { foreach $name (keys %p) { if (!$param{$name}) { foreach $line (@{$p{$name}}) { print "$ARGV:$line: $name\n" } } } $in_doc = 0; } if ($in_doc) { if (/\\param(?: *\[[^\[\]]*\])? +(\w+)/) { $param{$1} = 1; } foreach (/\\p +\*?(\w+)/) { push @{$p{$1}}, $.; } }' include/psa/*.h
```

This commits fixes all the remaining occurrences under include/psa,
which were just trivial name mismatches.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:31 +01:00
Gilles Peskine 364d12cfab Documentation: fix \p used for non-parameters
In Doxygen documentation, use \c rather than \p when discussing
something that isn't a parameter of the current macro or function.
Where needed, explain what the thing is.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:15 +01:00
Gilles Peskine 8735343575 Fix copypasta in documentation of an error case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-08 17:26:08 +01:00
Gilles Peskine e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
gabor-mezei-arm 286a36e17d
Fix size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-05 15:59:57 +01:00
Gilles Peskine 9264e01730 Update error codes listed in the net_sockets documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:27:17 +01:00
Steven Cooreman 328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman 5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman 37389c768d Update validity domain of min_tag_length / min_mac_length
Review indicated explicit validity domain should be [1, max_alg_length]

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm c6f2480854
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine c8dab5b41e Fix sloppy wording around stricly less-than vs less or equal
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:39:21 +01:00
Gilles Peskine e28f236b6b Document FD_SETSIZE limitation for mbedtls_net_{poll,recv_timeout}
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
gabor-mezei-arm e86bdcaa11
Fix size macros and its documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm fbd9f1e683
Add and update macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 12:28:32 +01:00
gabor-mezei-arm ee6bb560a6
Remove out of scope macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm 8809fb64eb
Add and update size macros for ciphers and keys
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm 0687b2b236
Add macros for output buffer sizes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:46 +01:00
gabor-mezei-arm a200ee6098
Move AEAD macros next to each other
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-02-25 11:51:36 +01:00
Gilles Peskine b15832160b Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine 4337a9cb18 Document mutex usage for RSA
The mutex is now initialized iff ver != 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 478847cca3 Document thread safety for HMAC_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine e39b2192e5 Document mutex invariant for HMAC_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine f305d92480 Document thread safety for CTR_DRBG
random(), and only this function, is thread-safe.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine da290f9bcd Document mutex invariant for CTR_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine 39a1a26d0b Explain the usage of is_valid in pthread mutexes
Document the usage inside the library, and relate it with how it's
additionally used in the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Gilles Peskine 60b29fea46 Define WANT symbols for always-supported key types
PSA_KEY_TYPE_RAW_DATA and PSA_KEY_TYPE_DERIVE are always supported.
Make this explicit by declaring PSA_WANT_KEY_TYPE_RAW_DATA and
PSA_WANT_KEY_TYPE_DERIVE unconditionally. This makes it easier to
infer dependencies in a systematic way.

Don't generate not-supported test cases for those key types. They
would always be skipped, which is noise and would make it impossible
to eventually validate that all test cases pass in at least one
configuration over the whole CI.

Don't remove the exception in set_psa_test_dependencies.py for now, to
get less noise in dependencies. This may be revised later if it is
deemed more important to be systematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-17 14:50:52 +01:00
Bence Szépkúti 7921cceec8 Fix typo in config_psa.h
The correct macro is PSA_WANT_ALG_CFB

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-17 11:47:40 +01:00
David Brown 9a594e8023 Update psa crypto_config to include recent configs
Update with CHACHA20_POLY1305, CHACHA20.  Add in CTR, which was missing,
and move ALG_XTS to its proper location alphabetically.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:57 -07:00
David Brown db01e0271f Remove an unnecessary #else and commented line
With the else branch commented out, both lines are unnecessary.  We
could check for the invalid configuration in the future, once tests were
made to exclude this combination.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown be380c1e0f Remove incorrect PSA ECB definition
There is no PSA ALG_ECB, only ALG_ECB_NO_PADDING.  Fix one incorrect
declaration, and remove another that is just redundant.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 8de6437bb6 Cleanup PSA CBC padding defines
Only define MBEDTLS_CIPHER_MODE_CBC if one of the CBC modes is requested
and everything isn't covered by an accelerated version.  This keeps this
from being defined in cases where everything needed would be
accelerated.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 86730a8d50 Add missing MBEDTLS_PSA_BUILTIN for ChaCha20-Poly1305
Add these missing definitions when this configration is chosen.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown fc46818eeb Cleanup PSA ifdefs for CBC block mode
Try to make these definitions clearer given the complexity of the
mapping between the PSA config options and the MBEDTLS ones.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 10cb81c0a0 Add some missing MBEDTLS_PSA_BUILTIN_ definitions
Add a few instances where the builtin macros for these algorithms were
missed.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown f84a0f691e Simplify block cipher PSA definitions
If any of the software block ciphers are selected, define an internal
macro to indicate this.  This eliminates some redundancy that needs to
check for this.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown e1f91f07cd Consolidate PSA ifdefs for block ciphers
Combine some separate ifdef blocks to make it clearer when various
internal values are defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 18658a7896 Disable error on CHACHAPOLY misconfiguration
As the test tries this in multiple configurations, an #error here will
fail CI.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown ac4fa07fa3 Add PSA config support for ChaCha20+Poly1305
Add checks for PSA_WANT_ALG_CHACHA20_POLY1305.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown b16727a603 Add PSA config for ChaCha20
Add checks for PSA_WANT_KEY_TYPE_CHACHA20, both with and without
MBEDTLS_PSA_CRYPTO_CONFIG.  This only adds support for the ciphers
itself, presumably as a stream cipher (and not yet AEAD).

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown b781f75401 Define SW crypto algorithms if block modes need it
Even if there is an accelerated version of a (block) key type, enable
the SW implementation if there are block modes that don't have
acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 5256e69cda Fix typo in psa config comment
Change "are" to "aren't" to avoid making the comment misleading.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 4b9ec7a598 Add checks for HW acceleration of ciphers and padding
Add additional ifdef checks in the PSA config to detect when an
algorithm is entirely implemented in hardware.  If there is any
combination of cipher and padding type that is not supported by the HW
acceleration, enable the SW acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 12f45f99da Add definitions for builtins for cipher modes
Create these definitions for the various cipher modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown da7dbb72ed Add building definitions for non-crypto-config case
Ensure that the builtin definitions are defined when selected by the
traditional configuration options.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown bc1731b24e Fix small error in a comment
Use '||' instead of 'or' for consistency.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown db003f31fc Remove unused definition
PSA defines CBC with no padding, and CBC with PKCS7 padding.  The bare
"ALG_CBC" is not defined, so remove this definition.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 78a429b89a Add _BUILTIN defines for new features
For the new features conditionalized on MBEDTLS_PSA_ACCEL_..., define a
correlated MBEDTLS_PSA_BUILTIN_... if it is not defined.  This prevents
check_names from considering these new defines as typos.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 9984427b4a Add feature support for block modes to PSA crypto config
Add support for supported block modes using the PSA crypto config.
These are mapped to Mbed TLS config options as best as possible.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown a9f1d83d31 Add symmetric ciphers and block modes
Update the psa/crypto_config.h with the newly defined PSA_WANT_
definitions for symmetric ciphers and block modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown b65a7f7b52 Add feature support for DES for PSA crypto config
Basic support for enabling DES through PSA_WANT_KEY_TYPE_DES.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 686e6e83d3 Add feature support for Camelia for PSA crypto config
Basic support for enabling Camelia through PSA_WANT_KEY_TYPE_CAMELIA.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown ec258cfae1 Add feature support for ARC4 for PSA crypto config
Basic support for enabling ARC4 through PSA_WANT_KEY_TYPE_ARC4.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 949330827c Add feature support for AES for PSA crypto config
Basic support for enabling AES through PSA_WANT_KEY_TYPE_AES.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
Gilles Peskine 996f2168b6 Make it possible to include psa_crypto_random_impl.h with psa_util.h
There was some intentional duplication between
library/psa_crypto_random_impl.h and include/mbedtls/psa_util.h, with
the intent that the compiler would complain if one file was edited in
a way that's incompatible with the other file. However, the two files
were never included together, and in fact could not be included
together because some definitions can't be duplicated (type, static
variable).

Now library/psa_crypto_random_impl.h includes
include/mbedtls/psa_util.h, so the compiler will check what it can.
There is less redundancy since it isn't always possible to declare
something twice (specifically, types can't be declared).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 16:50:00 +01:00
Gilles Peskine 2cff7e2a59 Minor clarification in the public documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 16:49:42 +01:00
Gilles Peskine e3ed802138 Expose mbedtls_psa_get_random()
Expose whatever RNG the PSA subsystem uses to applications using the
mbedtls_xxx API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00