This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Now renamed to mbedtls_psa_safer_memcmp, it provides a single location
for buffer comparison.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
The purpose of key_set was to guard the operation structure from being
used for update/finish before a key was set. Now that the implementation
fully adheres to the PSA API, that function is covered by the `alg`
variable instead. It's set to the algorithm in use when a key is set, and
is zero when the operation is reset/invalid.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
* Early return since there's nothing to clean up
* Get rid of unnecessary local variable
* Check algorithm validity for MAC in the PSA core instead of in the driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Apparently it was at some point assumed that there would be
support for MAC algorithms with IV, but that hasn't been
implemented yet. Until that time, these context structure
members are superfluous and can be removed.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Step 3/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of code movement:
* Copied the implementation of safer_memcmp from psa_crypto into
psa_cipher_mac since the mac_verify driver implementation
depends on it, and it isn't available through external linkage
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Step 2/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of code movement:
* Early-return success on input with zero-length to mac_update, to
avoid NULL pointers getting passed into the driver dispatch
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Step 1/x in moving the driver. Separate commits should make for easier
review.
Additional changes on top of just moving code:
* Added a sanity check on the key buffer size for CMAC.
* Transfered responsibility for resetting the core members of the
PSA MAC operation structure back to the core (from the driver
wrapper layer)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This is a temporary measure. Other operations in the PSA Core which rely
on this internal HMAC API should be rewritten to use the MAC API instead,
since they can then leverage accelerated HMAC should a platform provide
such acceleration support.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Move the key buffer size calculation code under
tests to avoid check-names.sh to complain about
"likely macros with typos".
This removes the calculation of key buffer
sizes for the test driver from the wrapper based on
static size data. But the code is still there in test
code to be used when we go back to work on the
generation of the driver wrapper.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
pk_get_pk_alg will either return 0 or a pk error code. This means that
the error code will always be a high level module ID and so we just
return ret.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Add implementation for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
Merging as it has been ready for four days now and I prefer not having to go through other rebases especially given the coming change of scope of development (3.0 rather than 2.2x).
Improve comments explaining error code checking, fix incorrect comments
and make a small formatting fix.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
* group setting of attributes before calling get_builtin_key
* return early instead of going to exit when no resources are allocated yet
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Leverage the fact that the get_builtin_key entrypoint returns a key's
attributes, such that a proper size for the builtin key's buffer can
be calculated through the driver's get_key_buffer_size hook.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Since the loading attempt of a builtin key might be followed by trying
to load a persistent key, we can only wipe the allocated key data, not
the associated metadata.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
The macro always meant 'location', but was mistakenly named 'lifetime'.
Naming it location instead makes much more sense, and drives home the
conceptual differences between location and lifetime values.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Instead of the full attributes struct, it now only takes/returns what it
actually needs to.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Builtin key support for the test driver is always compiled in, and no
longer guarded by MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS.
Parsing the key slot from the buffer by cast and assign instead of memcmp.
For exporting keys, the test driver no longer reaches into the key
identifier in order to check whether a key is builtin, but rather
assumes so based on the key buffer length. It's the driver's
responsibility to be able to detect the key material it returned as part
of the get_builtin_key operation.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
As part of test_psa_crypto_drivers, define a builtin symmetric
plus an ECC key on the test driver lifetime.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
