Commit graph

9072 commits

Author SHA1 Message Date
Gilles Peskine f603c718c9 New function psa_copy_key
Copy a key from one slot to another.

Implemented and smoke-tested.
2019-01-28 14:41:11 +01:00
Jaeden Amero 43bafcca94
Merge pull request #15 from gilles-peskine-arm/psa-signature_policy_wildcard
Support wildcard hash in signature policies
2019-01-28 13:31:14 +00:00
Gilles Peskine 763fb9a150 Improve the description of PSA_ALG_ANY_HASH
Make it clearer what PSA_ALG_ANY_HASH can and cannot be used for.
2019-01-28 13:29:01 +01:00
Jaeden Amero d46548c833
Merge pull request #23 from orenc17/its_update
Update usage of PSA ITS to comply with v1.0
2019-01-28 12:06:26 +00:00
Jaeden Amero 37a8c0c144
Merge pull request #27 from hanno-arm/crypto_submodule_update_prs_6_18_19_sibling
PSA integration sibling: Update crypto submodule (Hash clone, Key Policy Init, Key slot alloc)
2019-01-28 11:33:28 +00:00
Oren Cohen 23a6784cb9 Update usage of PSA ITS to comply with v1.0 2019-01-27 10:19:18 +02:00
Hanno Becker 2169a5e54d PSA: Adapt pk.c, pk_wrap.c, cipher.c to new key policy init API 2019-01-25 14:36:28 +00:00
Hanno Becker 242da1e2c2 PSA: Adapt cipher.c, pk.c, pk_wrap.c to new key slot allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker 330b9a4586 PSA: Adapt ssl_server2 to modified key allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker f3adecf479 PSA: Adapt ssl_server2 to hew key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker 2261a0ff52 PSA: Adapt ssl_client2 to new key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker d74dfc2984 PSA: Adapt ssl_client2 to modified key slot allocation API 2019-01-25 14:36:28 +00:00
Hanno Becker a814ae6f92 PSA: Adapt PK test suite to new key policy initialization API 2019-01-25 14:36:28 +00:00
Hanno Becker fcf659b12d PSA: Adapt PK test suite to modified key slot allocation mechanism 2019-01-25 14:36:28 +00:00
Jaeden Amero 4d69cf1a84
Merge pull request #13 from Patater/pubkey-format
Simplify RSA and EC public key formats
2019-01-25 10:09:40 +00:00
Gilles Peskine eb2d4b9037 Test that HASH_ANY is not meaningful for OAEP
PSA_ALG_HASH_ANY is specified as meaningful only for signature.
2019-01-24 13:05:36 +01:00
Jaeden Amero 21fec0c1c5 psa: Expand documentation for psa_key_agreement()
Document `peer_key` parameter requirements, including an explanation of
how the peer key is used and an example for EC keys.
2019-01-23 17:39:46 +00:00
Jaeden Amero c67200d0e6 psa: Remove extra status handling from import
Remove extra status handling code from psa_import_key_into_slot(). This
helps save a tiny amount of code space, but mainly serves to improve the
readability of the code.
2019-01-23 17:39:46 +00:00
Jaeden Amero cd09d8c83a psa: Refactor psa_import_rsa_key() pk-using code
Move pk-using code to inside psa_import_rsa_key(). This aligns the shape
of psa_import_rsa_key() to match that of psa_import_ec_private_key() and
psa_import_ec_public_key().
2019-01-23 17:39:46 +00:00
Jaeden Amero ccdce90adb psa: Simplify EC public key format
Remove front matter from our EC key format, to make it just the contents
of an ECPoint as defined by SEC1 section 2.3.3.

As a consequence of the simplification, remove the restriction on not
being able to use an ECDH key with ECDSA. There is no longer any OID
specified when importing a key, so we can't reject importing of an ECDH
key for the purpose of ECDSA based on the OID.
2019-01-23 17:39:46 +00:00
Jaeden Amero 97271b37c8 psa: Use psa_status_t in psa_key_agreement_ecdh()
Use the PSA-native status type in psa_key_agreement_ecdh() in
preparation for us calling PSA functions (and not just Mbed TLS
functions) and still being able to return a psa_status_t (without having
to translate it to a Mbed TLS error and then back again).
2019-01-23 17:31:50 +00:00
Jaeden Amero 25384a236e psa: Simplify RSA public key format
Remove pkcs-1 and rsaEncryption front matter from RSA public keys. Move
code that was shared between RSA and other key types (like EC keys) to
be used only with non-RSA keys.
2019-01-23 17:31:50 +00:00
Jaeden Amero 0b6b871056
Merge pull request #22 from ARMmbed/iotssl-2697-psa-key-allocation-crypto
Adapting to the new PSA key slot allocation mechanism
2019-01-23 15:00:19 +00:00
Jaeden Amero cfb7ae9318
Merge pull request #16 from itayzafrir/spm-support-crypto-handles-api
Support for slots to handles crypto API changes under SPM
2019-01-23 13:38:50 +00:00
Andrzej Kurek 54c139f141 Remove unnecessary "#" sign from PSA macros 2019-01-23 06:23:53 -05:00
Andrzej Kurek f410a5c251 Fix indentation of documentation 2019-01-23 06:23:31 -05:00
Andrzej Kurek e1a8187df9 pk_wrap: pass curve size instead of a larger size of the exported key
Whitespace fixes
2019-01-23 06:23:21 -05:00
Andrzej Kurek 1ec0fee458 pk: wrap curve_id before passing it to PSA
Add a helper function in PSA utils
2019-01-23 06:23:12 -05:00
Andrzej Kurek 08dfceaba4 cipher: fixed key ownership scope
Indicate key ownership earlier, so that it gets destroyed on faulty policy setting.
2019-01-23 06:22:42 -05:00
Andrzej Kurek c750932f2c Adapt to the new key allocation mechanism 2019-01-23 06:22:32 -05:00
Gilles Peskine 870f5dc656 Add missing test dependency 2019-01-23 10:42:23 +01:00
Jaeden Amero 494624d299
Merge pull request #18 from gilles-peskine-arm/psa-hash_clone
New function psa_hash_clone
2019-01-22 17:35:25 +00:00
Gilles Peskine eb35d78a11 Style fix 2019-01-22 17:56:16 +01:00
Jaeden Amero 9c0c79e877
Merge pull request #19 from gilles-peskine-arm/psa-no_type_on_allocate_key
Don't require a type and size when creating a key slot
2019-01-22 14:37:08 +00:00
Gilles Peskine e43aa39397 hash_clone: Fix copypasta and add a functional description 2019-01-21 14:50:37 +01:00
Gilles Peskine d40c1fbd50 Don't require a type and size when creating a key slot
Remove the type and bits arguments to psa_allocate_key() and
psa_create_key(). They can be useful if the implementation wants to
know exactly how much space to allocate for the slot, but many
implementations (including ours) don't care, and it's possible to work
around their lack by deferring size-dependent actions to the time when
the key material is created. They are a burden to applications and
make the API more complex, and the benefits aren't worth it.

Change the API and adapt the implementation, the units test and the
sample code accordingly.
2019-01-19 12:20:52 +01:00
Gilles Peskine ebb2c3e419 New function psa_hash_clone
Clone a hash operation.

Test good cases as part as multipart tests. Add new test functions for
the state machine.
2019-01-19 12:03:41 +01:00
itayzafrir 14e7678790 Documentation update regarding SPM integration 2019-01-16 11:16:39 +02:00
itayzafrir 99974e344a SPM integration update due to crypto API changes
When MBEDTLS_PSA_CRYPTO_SPM is defined, the code is being built for SPM (Secure Partition Manager)
integration which separates the code into two parts: NSPE (Non-Secure Processing Environment) and SPE
(Secure Processing Environment). When building for the SPE, an additional header file should be included.
2019-01-16 11:13:19 +02:00
Gilles Peskine 30f77cdfc1 Add a hash wildcard value for hash-and-sign algorithm
You can use PSA_ALG_ANY_HASH to build the algorithm value for a
hash-and-sign algorithm in a policy. Then the policy allows usage with
this hash-and-sign family with any hash.

Test that PSA_ALG_ANY_HASH-based policies allow a specific hash, but
not a different hash-and-sign family. Test that PSA_ALG_ANY_HASH is
not valid for operations, only in policies.
2019-01-14 19:38:56 +01:00
Gilles Peskine d35b489ce5 New macro PSA_ALG_IS_HASH_AND_SIGN
Test for a subclass of public-key algorithm: those that perform
full-domain hashing, i.e. algorithms that can be broken down as
sign(key, hash(message)).
2019-01-14 16:02:15 +01:00
Jaeden Amero 8d4be19517
Merge pull request #7 from gilles-peskine-arm/all_sh-mbedcrypto
[mbedcrypto] all.sh: make it possible to run a subset of the components
2019-01-14 10:47:20 +00:00
Jaeden Amero d3a0c2c779 psa: Document requirements for psa_export_public_key()
Copy the nice and clear documentation from psa_export_key() as to what
implementations are allowed to do regarding key export formats, as the
same applies to public keys.
2019-01-11 17:15:56 +00:00
Jaeden Amero 005401e6a7
Merge pull request #8 from NirSonnenschein/fix_check-names.sh
modify check-names.sh and list-macros.sh to work with PSA constants
2019-01-11 13:22:54 +00:00
Jaeden Amero 83d293951c psa: Call init when importing private EC keys
Previously we weren't initializing the freshly allocated ECP keypair
when importing private EC keys. This didn't seem to cause problems, at
least according to our current test coverage, but it's better to ensure
we don't have a partially initialized object by explicitly initializing
the keypair.
2019-01-10 20:25:55 +00:00
Gilles Peskine e87898709c Rename test_memcheck to test_valgrind
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:36:20 +01:00
Gilles Peskine a49b00f2ed Support wildcard patterns with a positive list of components to run
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:36:20 +01:00
Gilles Peskine d692e11309 Delete $OUT_OF_SOURCE_DIR under --force
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta and then removed when Yotta support was removed.
Bring it back.
2019-01-10 18:36:20 +01:00
Gilles Peskine add1d23b26 Fix sometimes-spurious warning about changed config.h
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. Use `git diff` instead: it actually reads the file.
2019-01-10 18:36:20 +01:00
Gilles Peskine 92bff7f9bf all.sh: Update the maintainer documentation 2019-01-10 18:36:16 +01:00