Commit Graph

11572 Commits

Author SHA1 Message Date
Gilles Peskine
b84b6a68c7 Add some negative tests for policy checks
Add a few test cases to ensure that alg=0 in policy does not allow
using the key for an operation.

Add a test case to ensure that ANY_HASH does not have a wildcard
meaning for HMAC.
2019-07-30 11:38:35 +02:00
Jaeden Amero
aad3dabd2b
Merge pull request #165 from gilles-peskine-arm/storage_spec-1.1.0-release
Correct version number in storage format spec
2019-07-30 10:12:44 +01:00
Gilles Peskine
fc321f1a5e SE keys: test that the bit size is saved and loaded correctly 2019-07-29 18:12:34 +02:00
Gilles Peskine
e60d1d08a4 SE keys: save the bit size in storage
For a key in a secure element, save the bit size alongside the slot
number.

This is a quick-and-dirty implementation where the storage format
depends on sizeof(size_t), which is fragile. This should be replaced
by a more robust implementation before going into production.
2019-07-29 18:11:09 +02:00
Gilles Peskine
1801740a7c SE driver: report the bit size on key import
Add a parameter to the key import method of a secure element driver to
make it report the key size in bits. This is necessary (otherwise the
core has no idea what the bit-size is), and making import report it is
easier than adding a separate method (for other key creation methods,
this information is an input, not an output).
2019-07-29 18:07:09 +02:00
Gilles Peskine
dc5bfe9784 SE keys: implement and test psa_get_key_attributes 2019-07-29 18:07:03 +02:00
k-stachowiak
d8727230f7 Add negative tests for empty buffer decoding for certain ciphers 2019-07-29 17:46:29 +02:00
Gilles Peskine
424f89453b SE keys: store the bit size internally (partial implementation)
This commit blindingly copies the size from the attributes. This is
not correct for copy and import.
2019-07-29 17:06:06 +02:00
k-stachowiak
c5899a0fca Fix dependencies for some GCM empty buffer decoding tests 2019-07-29 15:11:16 +02:00
k-stachowiak
8e88a8f4ea Remove redundant empty buffer decoding test 2019-07-29 15:09:29 +02:00
Gilles Peskine
adb1c52149
Merge pull request #157 from gilles-peskine-arm/psa-se_driver-create_key
Secure element key creation foundation
2019-07-26 14:39:55 +02:00
Gilles Peskine
66be51c35d If starting a transaction fails, wipe the transaction data
Nothing has been saved to disk yet, but there is stale data in
psa_crypto_transaction. This stale data should not be reused, but do
wipe it to reduce the risk of it mattering somehow in the future.
2019-07-26 13:23:51 +02:00
Gilles Peskine
2ea06fd48d Improve documentation of transaction storage 2019-07-26 13:23:51 +02:00
Gilles Peskine
f9bb29ec26 Add boilerplate to recover a transaction during init 2019-07-25 17:52:59 +02:00
Gilles Peskine
4aea1036c6 Bug fix: don't start a transaction for non-SE keys 2019-07-25 17:38:34 +02:00
Darryl Green
762351be1b Change worktree_rev to HEAD for rev-parse
Due to how the checking script is run in docker, worktree_rev is
ambiguous when running rev-parse. We're running it in the checked
out worktree, so we can use HEAD instead, which is unambiguous.
2019-07-25 14:33:33 +01:00
Gilles Peskine
340b127ed1 psa_destroy_se_key: explain why the error is NOT_PERMITTED 2019-07-25 14:13:24 +02:00
Gilles Peskine
0c3ae1f0b4 Improve documentation of SE driver persistent state
Explain what it can be used for and when it is saved to storage.
2019-07-25 14:04:38 +02:00
Gilles Peskine
2e0f388d2a Don't explicitly dereference function pointers
Be stylistically consistent.
2019-07-25 11:42:19 +02:00
Gilles Peskine
60450a4812 Improve comments 2019-07-25 11:32:45 +02:00
Gilles Peskine
725f22a545 Bug fix: save the driver's persistent data in destroy_key 2019-07-25 11:32:27 +02:00
Gilles Peskine
adad813d7b psa_key_slot_is_external exists. Use it. 2019-07-25 11:32:27 +02:00
Gilles Peskine
6a3dd89a64 Improve alignment in comments 2019-07-25 10:56:39 +02:00
Gilles Peskine
f77a6acf83 Fix indentation 2019-07-25 10:51:03 +02:00
Jaeden Amero
456674d585
Merge pull request #186 from simonqhughes/psa-storage-and-cmake-fix
Add CMake option for explicitly link library to trusted_storage
2019-07-24 15:52:21 +01:00
Gilles Peskine
4b73422318 Transaction support: be more future-proof
If there's ever a non-SE-related transaction, make sure it gets
handled during init.
2019-07-24 15:56:31 +02:00
Gilles Peskine
75c126b958 Explain some non-obvious parts of the code
Comment changes only.
2019-07-24 15:56:01 +02:00
Gilles Peskine
f96aefe3ad Test with secure element support
Test with default config + SE with Clang and with full config + SE
with GCC, for variety. Full+Clang+Asan has known issues so don't do
that.
2019-07-24 14:58:38 +02:00
Gilles Peskine
d0e66b00fb Turn off secure element support by default
Secure element support is not yet usable in the real world. Only part
of the feature is implemented and the part that's implemented is not
sufficient for real-world uses. A lot of error handling is missing,
and there are no tests.

This commit should be reverted once the feature has stabilized.
2019-07-24 13:52:51 +02:00
Gilles Peskine
105736653f SE keys: test that no function goes crazy
Run all functions that take a key handle as input with a key that is
in a secure element. All calls are expected to error out one way or
another (not permitted by policy, invalid key type, method not
implemented in the secure element, ...). The goal of this test is to
ensure that nothing bad happens (e.g. invalid pointer dereference).

Run with various key types and algorithms to get good coverage.
2019-07-24 13:45:36 +02:00
Gilles Peskine
d1cd766e96 SE keys: test NOT_SUPPORTED error from generate_key 2019-07-24 13:45:02 +02:00
Gilles Peskine
f4ee662868 SE keys: error out in key creation function that lack support 2019-07-24 13:44:30 +02:00
Gilles Peskine
89870eb123 Cosmetic improvements in SE driver tests 2019-07-24 13:44:03 +02:00
Gilles Peskine
28f8f3068f SE keys: ensure that functions that lack support properly error out
Introduce a new function psa_get_transparent_key which returns
NOT_SUPPORTED if the key is in a secure element. Use this function in
functions that don't support keys in a secure element.

After this commit, all functions that access a key slot directly via
psa_get_key_slot or psa_get_key_from_slot rather than via
psa_get_transparent_key have at least enough support for secure
elements not to crash or otherwise cause undefined behavior. Lesser
bad behavior such as wrong results or resource leakage is still
possible in error cases.
2019-07-24 13:30:31 +02:00
Moshe Shahar
6763fe4a12 Change LINK_WITH_TRUSTED_STORAGE option to OFF 2019-07-24 14:19:35 +03:00
Moshe Shahar
7e36765945 Add CMake option for explicitly link library to trusted_storage (#2)
option name: LINK_WITH_TRUSTED_STORAGE
default value: ON
2019-07-24 13:32:13 +03:00
Jaeden Amero
b992313f47
Merge pull request #180 from simonqhughes/feature-psa-storage
PSA Storage: Add psa_trusted_storage_linux persistent storage support for v1.0.0 APIs
2019-07-24 11:19:32 +01:00
Gilles Peskine
573bbc1b4e Error out if a driver tries to store more than ITS can handle
Cast explicitly for the sake of MSVC which otherwise (usefully!) warns
about the truncation.
2019-07-23 20:23:16 +02:00
Gilles Peskine
831ac72338 Add transaction file and driver storage; new key file format
Update the storage architecture with the new features introduced for
secure element support:

* Lifetime field in key files.
* Slot number in key files for keys in a secure element.
* Transaction file (name and format).
* Persistent storage for secure element drivers (name and format).

The version number is not determined yet.
2019-07-23 19:32:21 +02:00
Gilles Peskine
105f67f0fa Move the definition of psa_key_attributes_t to crypto_types.h
psa_key_attributes_t is used in the SE driver HAL, so it must be
defined in a common header, not in the API-only header crypto.h.
2019-07-23 18:43:28 +02:00
Gilles Peskine
9dd125d8bb Fix overly complex Doxygen markup 2019-07-23 18:43:28 +02:00
Simon D Hughes
bda5a21112 Add psa_trusted_storage_linux persistent storage support for v1.0.0 APIs
The following provides more information on this PR:
- PSA stands for Platform Security Architecture.
- Add support for use of psa_trusted_storage_api internal_trusted_storage.h v1.0.0
  as the interface to the psa_trusted_storage_linux backend (i.e. for persistent
  storage when MBEDTLS_PSA_ITS_FILE_C is not defined). This requires changes
  to psa_crypto_its.h and psa_crypto_storage.c to migrate to the new API.
2019-07-23 17:30:37 +01:00
Gilles Peskine
1d04b05fae Dear check-names, where you accept struct, also accept union. 2019-07-23 17:38:41 +02:00
Gilles Peskine
8b96cad204 SE drivers: implement persistent storage
Store the persistent data of secure element drivers.

This is fully implemented, but not at all tested.
2019-07-23 17:38:08 +02:00
Gilles Peskine
1df83d4f5b SE keys: implement persistent storage
For a key in a secure element, persist the key slot.

This is implemented in the nominal case. Failures may not be handled
properly.
2019-07-23 16:13:14 +02:00
Gilles Peskine
0e8d495bd9 Add the lifetime to the key storage format
Stored keys must contain lifetime information. The lifetime used to be
implied by the location of the key, back when applications supplied
the lifetime value when opening the key. Now that all keys' metadata
are stored in a central location, this location needs to store the
lifetime explicitly.
2019-07-23 14:46:52 +02:00
Gilles Peskine
bfd322ff34 Use a key attribute structure in the internal storage interface
Pass information via a key attribute structure rather than as separate
parameters to psa_crypto_storage functions. This makes it easier to
maintain the code when the metadata of a key evolves.

This has negligible impact on code size (+4B with "gcc -Os" on x86_64).
2019-07-23 13:31:54 +02:00
Gilles Peskine
274a2637f2 Make whitespace consistent 2019-07-23 11:29:06 +02:00
Gilles Peskine
6032673b39 Fix Doxygen reference
Pass doxygen.sh
2019-07-22 20:10:36 +02:00
Gilles Peskine
fc76265385 Do secure element key creation and destruction in a transaction
Key creation and key destruction for a key in a secure element both
require updating three pieces of data: the key data in the secure
element, the key metadata in internal storage, and the SE driver's
persistent data. Perform these actions in a transaction so that
recovery is possible if the action is interrupted midway.
2019-07-22 19:46:22 +02:00