Commit graph

4103 commits

Author SHA1 Message Date
David Brown f84a0f691e Simplify block cipher PSA definitions
If any of the software block ciphers are selected, define an internal
macro to indicate this.  This eliminates some redundancy that needs to
check for this.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown e1f91f07cd Consolidate PSA ifdefs for block ciphers
Combine some separate ifdef blocks to make it clearer when various
internal values are defined.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 18658a7896 Disable error on CHACHAPOLY misconfiguration
As the test tries this in multiple configurations, an #error here will
fail CI.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown ac4fa07fa3 Add PSA config support for ChaCha20+Poly1305
Add checks for PSA_WANT_ALG_CHACHA20_POLY1305.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown b16727a603 Add PSA config for ChaCha20
Add checks for PSA_WANT_KEY_TYPE_CHACHA20, both with and without
MBEDTLS_PSA_CRYPTO_CONFIG.  This only adds support for the ciphers
itself, presumably as a stream cipher (and not yet AEAD).

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown b781f75401 Define SW crypto algorithms if block modes need it
Even if there is an accelerated version of a (block) key type, enable
the SW implementation if there are block modes that don't have
acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 5256e69cda Fix typo in psa config comment
Change "are" to "aren't" to avoid making the comment misleading.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown 4b9ec7a598 Add checks for HW acceleration of ciphers and padding
Add additional ifdef checks in the PSA config to detect when an
algorithm is entirely implemented in hardware.  If there is any
combination of cipher and padding type that is not supported by the HW
acceleration, enable the SW acceleration.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 12f45f99da Add definitions for builtins for cipher modes
Create these definitions for the various cipher modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown da7dbb72ed Add building definitions for non-crypto-config case
Ensure that the builtin definitions are defined when selected by the
traditional configuration options.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown bc1731b24e Fix small error in a comment
Use '||' instead of 'or' for consistency.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown db003f31fc Remove unused definition
PSA defines CBC with no padding, and CBC with PKCS7 padding.  The bare
"ALG_CBC" is not defined, so remove this definition.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 78a429b89a Add _BUILTIN defines for new features
For the new features conditionalized on MBEDTLS_PSA_ACCEL_..., define a
correlated MBEDTLS_PSA_BUILTIN_... if it is not defined.  This prevents
check_names from considering these new defines as typos.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 9984427b4a Add feature support for block modes to PSA crypto config
Add support for supported block modes using the PSA crypto config.
These are mapped to Mbed TLS config options as best as possible.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown a9f1d83d31 Add symmetric ciphers and block modes
Update the psa/crypto_config.h with the newly defined PSA_WANT_
definitions for symmetric ciphers and block modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown b65a7f7b52 Add feature support for DES for PSA crypto config
Basic support for enabling DES through PSA_WANT_KEY_TYPE_DES.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 686e6e83d3 Add feature support for Camelia for PSA crypto config
Basic support for enabling Camelia through PSA_WANT_KEY_TYPE_CAMELIA.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown ec258cfae1 Add feature support for ARC4 for PSA crypto config
Basic support for enabling ARC4 through PSA_WANT_KEY_TYPE_ARC4.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown 949330827c Add feature support for AES for PSA crypto config
Basic support for enabling AES through PSA_WANT_KEY_TYPE_AES.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
Gilles Peskine bb86d0c61c
Merge pull request #3995 from stevew817/feature/psa_configurable_static_ram_usage
Allow tweaking PSA_KEY_SLOT_COUNT
2021-02-16 12:52:24 +01:00
Steven Cooreman 863470a5f9 Rename PSA_KEY_SLOT_COUNT to MBEDTLS_PSA_KEY_SLOT_COUNT
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:44 +01:00
Steven Cooreman 1f968fdf19 Define the user-configurable PSA config flag in config.h
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-02-15 14:26:30 +01:00
Ronald Cron 5cd00d28bf
Merge pull request #4092 from ronald-cron-arm/psa-crypto-client
Psa crypto client
2021-02-15 10:46:35 +01:00
Bence Szépkúti a63b20d28b Rename AEAD tag length macros
This brings them in line with PSA Crypto API 1.0.0

PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH -> PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG
PSA_ALG_AEAD_WITH_TAG_LENGTH         -> PSA_ALG_AEAD_WITH_SHORTENED_TAG

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-02-11 11:39:31 +01:00
Ronald Cron 395889f9b7 psa: Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
Make sure MBEDTLS_PSA_CRYPTO_CLIENT is defined
when MBEDTLS_PSA_CRYPTO_C is defined and guard
PSA client code only with MBEDTLS_PSA_CRYPTO_CLIENT.

The definition of MBEDTLS_PSA_CRYPTO_CLIENT is done
in crypto_types.h before the definition of
psa_key_attributes_t. That way as PSA crypto client
code is related to key attributes we can be quite
confident that MBEDTLS_PSA_CRYPTO_CLIENT will be
defined when needed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-09 15:36:08 +01:00
Gilles Peskine 2fa6b5f503 ECC import: more useful choice of INVALID_ARGUMENT vs NOT_SUPPORTED
Attempting to create an ECC key with a curve specification that is not
valid can plausibly fail with PSA_ERROR_INVALID_ARGUMENT ("this is not
a curve specification at all") or PSA_ERROR_NOT_SUPPORTED ("this may
be a curve specification, but not one I support"). The choice of error
is somewhat subjective.

Before this commit, due to happenstance in the implementation, an
attempt to use a curve that is declared in the PSA API but not
implemented in Mbed TLS returned PSA_ERROR_INVALID_ARGUMENT, whereas
an attempt to use a curve that Mbed TLS supports but for which support
was disabled at compile-time returned PSA_ERROR_NOT_SUPPORTED. This
inconsistency made it difficult to write negative tests that could
work whether the curve is implemented via Mbed TLS code or via a
driver.

After this commit, any attempt to use parameters that are not
recognized fails with NOT_SUPPORTED, whether a curve with the
specified size might plausibly exist or not, because "might plausibly
exist" is not something Mbed TLS can determine.

To keep returning INVALID_ARGUMENT when importing an ECC key with an
explicit "bits" attribute that is inconsistent with the size of the
key material, this commit changes the way mbedtls_ecc_group_of_psa()
works: it now works on a size in bits rather than bytes, with an extra
flag indicating whether the bit-size must be exact or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-08 18:43:26 +01:00
Ronald Cron a0832d47f7
Merge pull request #3958 from gilles-peskine-arm/fix-tls12-constant-namespace
Fix some PSA-related identifiers
2021-02-05 16:34:26 +01:00
Gilles Peskine d945871c55
Merge pull request #3872 from gabor-mezei-arm/3275_use_PSA_ERROR_DATA_INVALID_where_warranted
Use PSA_ERROR_DATA_INVALID where warranted
2021-02-03 20:54:46 +01:00
Gilles Peskine 51b8bb01cb PSA_KEY_TYPE_DERIVE is always available
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine b65db07ae8 Add missing declaration of SHA-224 from MBEDTLS_SHA256_C
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Gilles Peskine 47a8933b0f Declare PSA_KEY_TYPE_HMAC as well
HMAC requires both the algorithm and the key type to be effective.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-01 13:19:26 +01:00
Ronald Cron 3768ac12a8 Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-01 13:16:01 +01:00
Gilles Peskine 53943ca434
Merge pull request #3992 from stevew817/feature/ecp_no_fallback
Add a flag for disabling software fallback in ecp.c
2021-01-29 16:08:51 +01:00
Ronald Cron 318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm bdae918cd9
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-28 14:33:10 +01:00
gabor-mezei-arm 86326a9131
Fix possible error codes in the documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-26 13:48:26 +01:00
Steven Cooreman b587313738 Doesn't make sense to have ECP_NO_FALLBACK when there's no ECP_INTERNAL_ALT.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:59:17 +01:00
Steven Cooreman 6226a12acc Documentation update for MBEDTLS_ECP_NO_FALLBACK
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-21 13:58:31 +01:00
gabor-mezei-arm d25ea720fd
Fix rename of output buffer size macros
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:20:21 +01:00
gabor-mezei-arm cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Gilles Peskine 43f958b24d Rename unnamespaced identifiers
Rename the enum constants TLS12_PRF_xxx, which are declared in a
public header but not intended for use in application code, to start
with MBEDTLS_PSA_.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-20 17:42:25 +01:00
Andrzej Kurek 2a54a6fe1c Refactor the variable buffer length config description
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:21 -05:00
Andrzej Kurek 557289babc Add a missing dependency to config.h
Variable buffer lengths depend on the maximum fragment length extension.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:14:15 -05:00
Andrzej Kurek 069fa96cd7 Use size_t instead of uint32_t for ssl I/O buffer lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-01-11 09:13:58 -05:00
Steven Cooreman 97b4984657 Add a flag for disabling fallback in ecp.c
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-08 16:43:43 +01:00
Gilles Peskine a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine 88fa5c463e Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:00:53 +01:00
Manuel Pégourié-Gonnard 575ece0eed
Merge pull request #3576 from gilles-peskine-arm/psa-lifetime-persistence-indicator-tweaks
Tweak documentation about lifetimes
2020-12-15 10:17:39 +01:00
Gilles Peskine 0bb257096a Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 17:36:02 +01:00
Gilles Peskine e39bdaa0ed Specialize some wording from the specification
Some of the material was originally the PSA specification, and
discusses how different implementations might behave. Replace such
statements by a description of how Mbed TLS behaves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 18:47:55 +01:00