Commit Graph

15399 Commits

Author SHA1 Message Date
Ronald Cron
df2e4f22a8
Merge pull request #4290 from ronald-cron-arm/hash-dispatch-follow-up
Hash dispatch follow up
2021-04-08 09:13:19 +02:00
TRodziewicz
05942058e7 Remove debug statement
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:24:04 +02:00
TRodziewicz
611f043736 Correct the new tests names
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:19:47 +02:00
TRodziewicz
40de3c99c0 Fix Changelog, add separate test functions for hash of all-zero bits
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 19:16:18 +02:00
Dave Rodgman
6741fc9148
Merge pull request #4306 from daverodgman/fix_mps_trace_macros
Capitalise MPS trace macros
2021-04-07 16:07:50 +01:00
Dave Rodgman
0708974d85
Merge pull request #4309 from daverodgman/check-names-grep-backport
Make check-names.sh accept any grep
2021-04-07 15:27:44 +01:00
Ronald Cron
810eb16831 psa: aead: Make CCM/GCM ordering consistent
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
a1971c3b72 tests: psa: aead: Fix forced error code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
b9349a67a9 psa: aead: Add missing chachapoly context free
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
ecbc068252 psa: aead: Remove from operation ctx members only used in setup
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Steven Cooreman
ea7ab13991 Do validation on the algorithm argument in AEAD
Corresponds better to the validation done in other modules of PSA Crypto.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
9a986165bf psa: aead: Accept opaque keys for encryption/decryption
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
d17dff38e9 tests: driver wrapper: Add AEAD dispatch testing
The aead_encrypt and aead_decrypt are lightly
simplified and tweaked versions of test_suite_psa_crypto
test functions with the same names.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
bfe551d15e tests: Add AEAD transparent test driver hooks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
de82281541 psa: aead: Add driver delegation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
46f9178d85 psa: aead: Move AEAD driver entry points to psa_crypto_aead.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
7ceee8d30a psa: Add psa_crypto_aead.[hc]
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
215633cea4 psa: aead: Implement aead operations as a driver entry point
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:31 +02:00
Ronald Cron
9f31017956 psa: aead: Remove key slot from operation context
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-07 16:03:21 +02:00
Dave Rodgman
95caad3743 Make check-names.sh accept any grep
check-names.sh works fine with GNU and with modern FreeBSD grep
so remove the check for GNU grep.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 15:01:28 +01:00
Dave Rodgman
add60da95b Scan library for enums in list-enum-consts.sh
Add library/*.h to the list of files scanned for enums in
list-enum-consts.sh, consistent with the changes made to
list-macros.sh.

This is needed to ensure that check-names.sh passes for the MPS
trace enums.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 14:48:14 +01:00
Dave Rodgman
b746825418 Capitalise MPS trace macros
Capitalise the MPS trace macros, as per the coding style (and make a slight
change to naming convention to avoid a name collision).

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 12:45:35 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
TRodziewicz
20ad475cc2 Remove trailing spaces
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-07 09:44:45 +02:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
TRodziewicz
5feb6702dd Fix the Changelog and extend tests to cover the hash of all-bits zero
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-06 19:56:42 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Gilles Peskine
5ef0b97f87 Don't comment out dependencies
This was a mistake, there's no reason for the dependencies to be
commented out. The dependencies on PSA_WANT_ALG_EDDSA aren't actually
necessary at the moment, but they might be in certain configurations
if some macros are simplified to save code size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-06 12:49:56 +02:00
Gilles Peskine
a8a7033cb1
Merge pull request #3615 from gilles-peskine-arm/ssl-opt-less-grep-development
Speed up ssl-opt.sh when running a small number of test cases
2021-04-06 11:05:34 +02:00
Ronald Cron
7dbd800f42 psa: aead: Isolate key slot unlock from operation abort
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

Second step in this PR: do not unlock the key slot
as part of operation abort.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
197c2fd0a0 psa: aead: Move key resolution
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

First step in this PR: move key resolution from
aead operation setup to psa_aead_encrypt/decrypt
APIs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
004f917ee8 psa: aead: Fix status initialization
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Ronald Cron
93d356cbe2 psa: Export "internally" mbedtls_cipher_info_from_psa
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-06 09:21:35 +02:00
Gilles Peskine
ff6a32d79c Fix low-probability arithmetic error in ECC
Fix the subtraction in fix_negative, which was incorrectly not looking
for a carry. This caused the result to be wrong when the least
significant limb of N was 0. Fix #4296.

The bug was introduced by d10e8fae9e
"Optimize fix_negative". Thanks to Philippe Antoine (catenacyber) for
reporting the bug which was found by his EC differential fuzzer.
Credit to OSS-Fuzz.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
349b37273e Fix an incorrect comment about fix_negative
We're subtracting multiples of 2^bits, not 2^(bits+32).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
618be2ec41 Add unit tests for fix_negative
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
80ba850e27 Create a header file for ECP internal functions
This header file will contain declarations of functions that are not
part of the public ABI/API, and must not be called from other modules,
but can be called from unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
ca91ee4ed8 Unit test function for mbedtls_ecp_muladd
Write a simple unit test for mbedtls_ecp_muladd().

Add just one pair of test cases. #2 fails since PR #3512. Thanks to
Philippe Antoine (catenacyber) for the test case, found by ecfuzzer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:41 +02:00
Gilles Peskine
80f56733b0 Fix and simplify sign handling in mbedtls_mpi_read_string
Move the handling of the sign out of the base-specific loops. This
both simplifies the code, and corrects an edge case: the code in the
non-hexadecimal case depended on mbedtls_mpi_mul_int() preserving the
sign bit when multiplying a "negative zero" MPI by an integer, which
used to be the case but stopped with PR #2512.

Fix #4295. Thanks to Guido Vranken for analyzing the cause of the bug.
Credit to OSS-Fuzz.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-04 01:10:07 +02:00
Gilles Peskine
b13a26cd8c Add a few unit tests for mbedtls_mpi_read_string with leading zeros
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-03 18:25:29 +02:00
Ronald Cron
6cc6631015 psa: Return in error when requested to copy a key to an opaque driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 12:27:47 +02:00
Ronald Cron
a0bc2cd4f1 tests: psa: Fix copy fail test argument
Fix copy fail test argument for only one of them
to be invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 08:56:20 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007
Reduce the number of allocations in ECP operations
2021-04-02 00:08:35 +02:00
Ronald Cron
980230e965 psa: include: Update and improve multipart-op struct design notes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron
dd3b539573 psa: include: Clarify scope of crypto_builtin/driver_contexts.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron
06c84ca5f8 psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:30 +02:00
Ronald Cron
e31fd11ab3 psa: include: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 15:59:57 +02:00
Ronald Cron
602f986511 Add change log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:55:04 +02:00
Ronald Cron
d3b458c452 tests: psa: Fix expected error code
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:54:50 +02:00
Gilles Peskine
e8a2fc8461 Enforce dhm_min_bitlen exactly, not just the byte size
In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-01 14:20:03 +02:00