Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.
This commit updates the tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.
This commit updates the Mbed TLS implementation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that lifetimes have structures and secure element drivers handle
all the lifetimes with a certain location, update driver registration
to take a location as argument rather than a lifetime.
This commit updates the PSA specification draft.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Applications need this to combine implementation-specific values of
persistence levels and location indicators.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Call persistence "default" because that is genuinely the default that
applications should use if they don't know better. It's slightly
misleading in that the default persistence when you create a key is
volatile, not this: "default" is the default persistence for
persistent keys, not the default persistence for keys in general. But
we haven't found a better name.
Introduce the term "primary local storage" to designate the default
storage location.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The link pointed to the website, this information is out of date, the
correct place to start discussions is the mailing list.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Most of the documentation and some of the function names use
"asymmetric", so use "asymmetric" everywhere. Mention "public-key" in
key places to make the relevant functions easy to find if someone is
looking for that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On dual world platforms, we want to run the PK module (pk.c) on the NS
side so TLS can use PSA APIs via the PK interface. PK currently has a
hard dependency on mbedtls_ecc_group_to_psa() which is declared in
crypto_extra.h, but only defined in psa_crypto.c, which is only built
for the S side.
Without this change, dual world platforms get error messages like the
following.
[Error] @0,0: L6218E: Undefined symbol mbedtls_ecc_group_to_psa (referred from BUILD/LPC55S69_NS/ARM/mbed-os/features/mbedtls/mbed-crypto/src/pk.o)
Make mbedtls_ecc_group_to_psa() inline within crypto_extra.h so that it
is available to both NS and S world code.
Fixes#3300
Signed-off-by: Darryl Green <darryl.green@arm.com>
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
Clear bits in mbedtls_ecc_group_to_psa() to avoid static analyzers and
possibly compilers from warning that bits may be used uninitialized in
certain code paths.
For example, if mbedtls_ecc_group_to_psa() were to be inlined in
crypto_extra.h, the following compiler warning is likely.
In file included from ../include/psa/crypto.h:3774:0,
from ../include/mbedtls/pk.h:49,
from pk.c:29:
pk.c: In function 'mbedtls_pk_wrap_as_opaque':
../include/psa/crypto_struct.h:460:33: error: 'bits' may be used uninitialized in this function [-Werror=maybe-uninitialized]
attributes->core.bits = (psa_key_bits_t) bits;
^~~~~~~~~~~~~~~~~~~~~
pk.c:608:12: note: 'bits' was declared here
size_t bits;
^~~~
Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>
The Cortex-A build is similar to Debian armel. The Cortex-M0+ is a
handy point of comparison for code size. Put that one last so that
it's easy to find in the log.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is supposed to be for GCC (or a compiler with a compatible
command line interface) targeting arm-none-eabi, so name it
accordingly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>