Commit Graph

6727 Commits

Author SHA1 Message Date
Ronald Cron
de825e62a6 psa: Fix psa_validate_key_persistence documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Ronald Cron
56c9a9457a psa: hash: Fix is_hash_accelerated signature
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 10:50:03 +02:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175
Fix premature fopen() call in mbedtls_entropy_write_seed_file
2021-03-30 17:33:08 +02:00
Hanno Becker
ecb02fbbc5 Apply suggestions from code review
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
d4d33a1b6b Remove unnecessary check before calling memcpy()
This check was added earlier to avoid useless calls to `memcpy()`
with length `0` in the _frequent_ case where we're not accumulating.
By now, the whole code path has been moved to a branch which is only
executed if the reader is accumulating, and the only time this check
would be relevant is if we happen to feed an empty fragment to the
reader. In this case, the call to memcpy() could be removed, but
since this case is exceptional and the call to memcpy() is still
correct even for a length 0 copy, we remove the check for simplicity
of the code.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
032b352684 Improve naming of local variables in MPS reader implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
43c8f8cf79 Put MPS under the umbrella of the TLS 1.3 experimental configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
61d7eedcb5 Fix Doxygen headers for MPS files
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
2332f8f435 Rename static variable for MPS trace depth
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
77e4f485e1 Move illustration of (un)supported cases in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
97c8e930e2 Fix diagram in documentation of MPS reader
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
1682a8b6fe Don't use abbreviated names for local variables in MPS reader
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
b9c086adc5 Use int pointer for paused param in mbedtls_mps_reader_reclaim()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
fea81b3997 Improve and fix wording in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
f1cfa319c4 Fix typos in documentation of MBEDTLS_ERR_MPS_READER_NEED_MORE
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
d913e2e982 Remove duplicate definition of MBEDTLS_MPS_ERR_BASE
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
4a079c5be7 Fix documentation for mbedtls_mps_[stored_]size_t
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
46101c76f9 Improve wording of documentation of mbedtls_mps_size_t
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
6e3484e123 Clarify documentation of MBEDTLS_MPS_STATE_VALIDATION
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
53314aade1 Adjust spacing for MPS reader entries in library/Makefile
Existing entries use combination of tabs and spaces, for whatever reason.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
3d0db81690 Fix typo in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
8fc107c9fb Clarify wording in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
a408c1719c Clarify wording in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
49cc1317b0 Fix typo in MPS reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
b1855434eb Rename mbedtls_mps_reader::acc_avail -> acc_available
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
f81e41f1e4 Improve readability of MPS reader implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
0bea62f2d7 Fix typo in reader documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
4f84e20eb0 Don't invalidate MPS reader buffers upon commit call
Previously, the semantics of mbedtls_mps_reader_commit() was to invalidate
all buffers previously fetched via mbedtls_mps_reader_get(), forbidding
any further use by the 'consumer'. This was in fact a necessary constraint
for the current implementation, which did some memory moving in
mbedtls_mps_reader_commit().

This commit simplifies the reader's semantics and implementation in
the following way:

- API: A call to mbedtls_mps_reader_commit() does no longer invalidate
       the buffers previously obtained via mbedtls_mps_reader_get().
       Instead, they can continue to be used until
       mbedtls_mps_reader_reclaim() is called.

       Calling mbedtls_mps_reader_commit() now only sets a marker
       indicating which parts of the data received through
       mbedtls_mps_reader_get() need not be backed up once
       mbedtls_mps_reader_reclaim() is called. Allowing the user
       to call mbedtls_mbedtls_reader_commit() multiple times
       before mbedtls_mps_reader_reclaim() is mere convenience:
       We'd get exactly the same functionality if instead of
       mbedtls_mps_reader_commit(), there was an additional argument
       to mbedtls_mps_reader_reclaim() indicating how much data
       to retain. However, the present design is more convenient
       for the user and doesn't appear to introduce any unnecessary
       complexity (anymore), so we stick with it for now.

- Implementation: mbedtls_mps_reader_commit() is now a 1-liner,
                  setting the 'commit-marker', but doing nothing else.

                  Instead, the complexity of mbedtls_mp_reader_reclaim()
                  slightly increases because it has to deal with creating
                  backups from both the accumulator and the current
                  fragment. In the previous implementation, which shifted
                  the accumulator content with every call to
                  mbedtls_mps_reader_commit(), only the backup from the
                  fragment was necessary; with the new implementation
                  which doesn't shift anything in
                  mbedtls_mps_reader_commit(), we need to do the
                  accumulator shift in mbedtls_mps_reader_reclaim().

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
8899396fd1 Move MPS reader to mbedtls_mps_ namespace
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
984fbded58 Move MPS trace macros to MBEDTLS_MPS_ namespace
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
c518c3b7bb Rename MPS files library/mps/xxx.[ch] to library/mps_xxx.[ch]
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
b910016049 Add MPS trace module implementation
This commit adds an implementation of the MPS trace module
based on `printf()`.

The enabling macro MBEDTLS_MPS_TRACE remains unset by default
because MPS tracing is very verbose and consumes unnecessary
space in the CI.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
ac267f3485 Add MPS configuration option for state validation
See the documentation in library/mps/common.h which
this commit modifies.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
447e8a5ecd Add internal header for MPS errors
This commit adds an internal header `library/mps/error.h` related
to error codes in MPS.

For now, those error codes can be considered internal and thus we
don't have to avoid clashes with other Mbed TLS error codes. This
is OK as long as it's true that MPS isn't public API, and its error
codes are never forwarded to the return values of public API calls.

The error code allocation of MPS will likely need revisiting over time.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
75ac1f7b95 Add implementation for MPS assertion macros
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
0ea0db4368 Add MPS reader translation unit to Makefile and CMakeLists
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
d2f9f53f7f Add typedef's for MPS buffer size types
Most buffers that MPS deals with are small and representable
with integer types of width 16-bit or more.

For highly memory constrained systems, it is therefore a potential
for significant memory savings to use 16-bit types for buffer sizes
throughout MPS.

In prepraration for this, this commit introduces typdefs

```
   mbedtls_mps_size_t
   mbedtls_mps_stored_size_t
```

for buffer sizes in the MPS implementation and the MPS structures,
respectively.

So far, those MUST be defined as `size_t`: While an effort has been made
to write most of MPS code in terms of `mbedtls_mps_[stored_]size_t` in a
way that would allow narrower types, those aren't yet supported. Still,
we retain the typedefs in order to avoid unnecessary rewriting of a large
body of the MPS codebase.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
13cd7846a0 Add MPS reader implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
1c0cd10ea8 Add header and documentation for MPS reader
This commit adds the interface fo the MPS reader component as
`library/mps/reader.h`.

Please see the file itself for extensive documentation.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
c809ff6ef6 Add stub implementation for MPS tracing API
MPS' tracing module uses four macros:

1) TRACE( type, fmt, ... )

   This acts like `printf( fmt, ... )` but also allows
   the specification of a type of trace output (comment,
   warning, error, ...)

2) TRACE_INIT

   This acts like TRACE() but increases the level of
   indentation. It will be used at the beginning of
   function calls.

3) RETURN( val )

   Equivalent to `return( val )` plus a decrement in the
   level of indentation. This should be used at the end of
   functions that have been started with TRACE_INIT.

4) TRACE_END

   This combines a trace output with a decrement of the
   level of indentation. It's necessary prior to leaving
   functions which have been started with TRACE_INIT
   but which don't have a return value.

This commit defines those macros as no-op dummies in
`library/mps/trace.h` for now.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
1ae9f756ba Add MPS compile-time option for enabling/disabling tracing
This commit adds an MPS-specific compile-time option
`MBEDTLS_MPS_TRACE` to the internal MPS header `mps/common.h`.

So far -- this may need revisiting -- MPS comes with its own
internal tracing module which allows to track the operation of
MPS' various layers for the purpose of understanding of it workings
as well as for debugging.

The reasons for the introduction of a module separate from SSL debug
are the following:

1) The SSL debug module requires an SSL context to function because
   debug callbacks are part of the runtime configuration of the SSL
   module.

   The MPS tracing module, in contrast, is not supposed to be used
   in production environments, and there is no need for a runtime
   configuration. Instead, a compile-time defined tracing callback
   is used.

2) In the interest of modularity, MPS' tracing module shouldn't
   require having an SSL context around.

3) Purely visually, MPS' tracing module adds support for indentation
   according to call-depth and coloring according to which module is
   being used, which makes it very useful for what's going on; however,
   those features aren't available in the SSL debug module (and they
   shouldn't be).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
6ed183cf00 Add MPS compile time option for enabling/disabling assertions
This commit adds the compile-time option MBEDTLS_MPS_ENABLE_ASSERTIONS
which controls the presence of runtime assertions in MPS code.

See the documentation in the header for more information.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Hanno Becker
108fc84b04 Add MPS configuration header
This commit introduces the internal MPS header `mps/common.h`
which will subsequently be populated with MPS-specific compile-time
options and helper macros. For now, it's a stub.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:19:32 +01:00
Ronald Cron
cfcc3784c1
Merge pull request #4256 from ronald-cron-arm/psa-cipher-iv-size
PSA cipher iv size
CI is OK, just expected ABI-API-checking failure.
2021-03-29 15:02:48 +02:00
Ronald Cron
58946f4a6a
Merge pull request #4229 from ronald-cron-arm/psa-cipher
PSA cipher driver delegation rework
CI is OK, just expected ABI-API-checking failure.
2021-03-29 15:02:14 +02:00
Gilles Peskine
2aff17b8c5
Merge pull request #4098 from gstrauss/remove-redundant-condition
remove ssl_parse_client_hello redundant conditions
2021-03-27 22:47:13 +01:00
Ronald Cron
5618a39fcf psa: cipher: Remove cipher_generate_iv driver entry point
Remove cipher_generate_iv driver entry point as there
is no known use case to delegate this to a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
a0d6817838 psa: cipher: Add bound check of the IV length in the core
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
c17e8a9bf2 psa: cipher: Use PSA_CIPHER_IV_LENGTH to compute the IV length
The IV length computed in the cipher PSA implementation is
the default IV length thus use the PSA macro PSA_CIPHER_IV_LENGTH
defined to do that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
6ad554cb83 psa: cipher: Prefer length rather than size for IV/block length
Prefer length rather than size for IV/block length as
per the PSA specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:58:25 +01:00
Ronald Cron
f2381aaa43 psa: cipher: Use psa_generate_random to generate IVs
Use psa_generate_random() to generate IVs instead of
mbedtls_psa_get_random(). mbedtls_psa_get_random() is
meant to be used as the f_rng argument of Mbed TLS
library functions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
7b4154df0f psa: wrapper: Fix potential unreachable statement warning
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
75e6ae25ef Move mbedtls_cipher_info_from_psa to psa_crypto_cipher.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
1f0db80c78 psa: cipher: Fix symmetric key management
Symmetric key management is not intended to be
delegated to drivers. Thus, key management code
for a given symmetric key type should be included
in the library whether or not the support for
cryptographic operations based on that type of
symmetric key may be delegated to drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:13 +01:00
Ronald Cron
5d9b00dddb psa: cipher: Include Mbed TLS cipher driver only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 15:48:07 +01:00
Ronald Cron
3522e32132 psa: cipher: Add transparent driver test specific entry points
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
8287e6b078 psa: cipher: Add utility functions
Isolate the Mbed TLS cipher driver interfaces.
Do the actual cipher operations in utility
functions that are just called by the interface
functions.

The utility functions are intended to be also called
by the cipher test driver interface functions (to be
introduced subsequently) and allow to test the case
where cipher operations are fully accelerated with no
fallback (component test_psa_crypto_config_basic of
all.sh).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
7cb9c3d360 psa: cipher: Move to driver operation context application allocation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6e412a71ee psa: cipher: Pass Mbed TLS implementation its operation ctx
As per drivers, pass to the Mbed TLS implementation of
the cipher multi-part operation its operation context
and not the PSA operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
937dfee92c psa: cipher: Re-organize multi-part operation context
Move members that are of no use to the PSA crypto core
to the Mbed TLS implementation specific operation context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
49fafa98b1 psa: cipher: Dispatch based on driver identifier
For cipher multi-part operations, dispatch based on
the driver identifier even in the case of the
Mbed TLS software implementation (viewed as a driver).
Also use the driver identifier to check that an
cipher operation context is active or not.

This aligns the way hash and cipher multi-part
operations are dispatched.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
06aa442bef psa: cipher: Remove unused key_set operation field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
dd24c9bbd9 psa: Call cipher operations software implementations as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6056fe8a81 psa: driver wrapper: Change cipher_xyz signature
Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
6d05173359 psa: Add mbedtls_psa_cipher_xyz() APIs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
0b80559827 psa: Call cipher setup implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
a4af55f14f psa: driver wrapper: Change cipher_*_setup signatures
Change the signature of
psa_driver_wrapper_cipher_encrypt/decrypt_setup to
that of a PSA driver cipher_encrypt/decrypt_setup
entry point.

Change the operation context to the PSA one to be
able to call the software implementation from
the driver wrapper later on.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
d6d28885f0 psa: Add mbedtls_psa_cipher_encrypt/decrypt_setup functions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
7986f7e14b psa: Export "internally" mbedtls_cipher_info_from_psa
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
ab99ac2f33 psa: Rework psa_cipher_setup (2)
Split out the cipher setup based on cipher.c
in psa_cipher_setup_internal() whose signature
is that of a PSA driver cipher_setup entry
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
590d3e56e9 psa: Rework psa_cipher_setup (1)
Rework psa_cipher_setup in preparation of
calling the cipher setup based on cipher.c
through the interface of a PSA driver
cipher_setup entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
0ff579590d psa: Add psa_crypto_cipher.[ch]
Add psa_crypto_cipher.[ch] files to contain the
Mbed TLS implementation of PSA driver cipher driver
entry points.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
c45b4afc63 Fix PSA SE driver tests
Fix PSA SE driver tests in configuration
full + MBEDTLS_PSA_CRYPTO_DRIVERS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-26 11:38:40 +01:00
Ronald Cron
51a3b7d79c psa: config: Add CAMELLIA to the list of possible CMAC ciphers
Camellia-CMAC is valid PSA configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-25 14:25:46 +01:00
Ronald Cron
9e3926a295 psa: config: Remove check on ARIA in GCM prerequisites
ARIA is not supported yet through the PSA API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 15:57:21 +01:00
Ronald Cron
4501c98fc2 psa: sign: Return INVALID_ARGUMENT instead of NOT_SUPPORTED
To run succesfully the test
"PSA sign: invalid algorithm for ECC key" of
test_suite_psa_crypto when ECDSA support is not included
in the library, always return INVALID_ARGUMENT
in case of an ECC key not used for ECDSA, whether
ECDSA support is present or not.

Then apply the same logic to RSA sign RSA and RSA/ECC
verify for the sake of consistency.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-24 12:05:51 +01:00
Ronald Cron
3d471814bc psa: Add missing PSA configs
Add missing PSA_WANT_CCM/GCM/CMAC. This completes
the set of PSA_WANT config options given the
current support of PSA crypto in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-23 16:47:46 +01:00
Gilles Peskine
71f45ba0e8 Fix unused parameter warning in some configurations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 14:17:55 +01:00
Gilles Peskine
a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
Gilles Peskine
d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Maulik Patel
c1bfcdda58 Fix:4162 Return correct error type for invalid key
Return PSA_ERROR_INVALID_HANDLE instead of
PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
2021-03-17 13:41:07 +00:00
TRodziewicz
782a7eab14 ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-03-17 11:36:31 +01:00
Steven Cooreman
f8e45a4e98 Simplify compilation guards around hash driver testing
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Steven Cooreman
b6bf4bbf95 Clear up language on zeroizing driver context at setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 19:00:14 +01:00
Steven Cooreman
aa87fd0012 Make driver IDs always visible
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 18:54:03 +01:00
Steven Cooreman
61bb8fc693 remove superfluous calls to hash_abort
The PSA Core is already calling psa_hash_abort, so the driver doesn't
have to do that explicitly.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:35:17 +01:00
Steven Cooreman
5e4c18f6d9 Reorder the driver wrapper switch-case content
Reordered the cases to be in numeric order.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:26:07 +01:00
Steven Cooreman
893232fbde Ensure the full driver structure is zeroized at setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:23:37 +01:00
Steven Cooreman
fa952958a5 Don't void actually used arguments
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:16:25 +01:00
Steven Cooreman
0f8ffa806b Rename and retype hash test driver context structure
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
5f88e776c3 Move mbedtls_md_info_from_psa into the mbedtls hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
a85e2f835e Guard hash test functions as a block
Replicate the way the internal hash functions are guarded

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
830aff2a98 Restructure the way driver contexts are declared
Drivers (both built-in and external) need to declare their context
structures in a way such that they are accessible by the
to-be-autogenerated crypto_driver_contexts.h file. That file lives in
include/psa, which means all builtin driver context structure
declarations also need to live in include/psa.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:32 +01:00
Steven Cooreman
0d58666395 Reuse already-defined MBEDTLS_PSA_BUILTIN_HASH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:36:55 +01:00
Steven Cooreman
fbe09284cf Set output length to 0 at start of function
This behaviour was present previously, and is depended on by the
test suites.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:34:56 +01:00
Steven Cooreman
f66d5fd2bd Apply same argument checking as in psa_hash_setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 10:34:56 +01:00
Dave Rodgman
e483a77c85
Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
2021-03-12 16:55:26 +00:00
Gilles Peskine
b76517b764 Cosmetic improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:44:28 +01:00
Gilles Peskine
e1bba7ce48 Fix semantically meaningful typos in comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-10 23:44:10 +01:00
Paul Elliott
b744990717 Fix missed size_t printf
Code was missed due to rework moving duplicated code into a function

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 18:17:12 +00:00
Paul Elliott
d48d5c6615 Fix size_t and longlong specifiers for MinGW
MinGW and older windows compilers cannot cope with %zu or %lld (there is
a workaround for MinGW, but it involves linking more code, there is no
workaround for Windows compilers prior to 2013). Attempt to work around
this by defining printf specifiers for size_t per platform for the
compilers that cannot use the C99 specifiers.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
3891caf1ce Misc review requested fixes
Style fixes and cast certain defines to size_t

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
3a5a107fa7 Correct fix for potential truncation
This was a false positive caused by the compiler seeing the %08lx
specifiers and judging the output on that, rather than the numbers being
fed in. Given these are going to be maximum 32 bit numbers, then better
to use %08x, which keeps -Wformat-truncation=2 happy as well.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
9e3256aead Adding printf format warning flags to makefiles
Add printf format warning flags that are supported by GCC 3.0 or later
to the makefiles

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
9f35211774 Fixes for invalid printf format specifiers
Fixes for printf format specifiers, where they have been flagged as
invalid sizes by coverity, and new build flags to enable catching these
errors when building using CMake. Note that this patch uses %zu, which
requires C99 or later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
dd9e8f6dd0 Fix potential buffer overflow in printf
Printf could potentially produce 2 64 bit numbers here when there is
only space for one, thus causing a buffer overflow. This was caught by
the new warning flags.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Paul Elliott
4e589701d8 Declare mbedtls_debug_print_msg as printf-like
We were not getting any warnings on printf format errors, as we do not
explicitly use printf anywhere in the code. Thankfully there is a way
to mark a function as having printf behaviour so that its inputs can be
checked in the same way as printf would be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-10 17:00:32 +00:00
Steven Cooreman
83f300e2f7 Restructure the hash driver content
Apply the right define guards for the right purpose. The 'core' hash
driver is included if any hash algorithm is either to be tested through
the test driver, or if it is requested by a user and not accelerated
(i.e. 'fallback'/'software' driver requested for the algorithm).

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
25555227e5 Rename hash test driver functions to match auto-naming scheme
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
d029b60770 Move test driver hash function declarations to software driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
4f7d0586e1 Setup internal dependency macros for software hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
0eeb794a2e Initialize status with CORRUPTION_DETECTED and update fallthrough
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
5adf52c72d Correctly void potentially unused arguments
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
b1777312da Make the driver context union a defined type
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
f763810e58 Add test driver for hash operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
c8288354a2 move hash update zero-length-input check back into the core
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
dbf8ceda54 Change the way driver context structures are used
Apparently there's a goal to make the PSA Crypto core free from
dynamic memory allocations. Therefore, all driver context structures
need to be known at compile time in order for the core to know their
final size.

This change defines & implements for hashing operations how the context
structures get defined.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
8e9e407fed Clarify documentation of internal hash software driver interface
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
1e58235d8b Dispatch hashing calls through the driver wrapper layer
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
84d670d20c Make psa_hash_compare go through hash_compute
It's more efficient when dealing with hardware drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Steven Cooreman
0e307647e6 Split hashing operations out into an mbedTLS hash driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-10 13:00:25 +01:00
Manuel Pégourié-Gonnard
17605f072b
Merge pull request #4151 from ronald-cron-arm/psa-sign_verify-hash
PSA sign and verify hash rework
2021-03-10 10:08:50 +01:00
paul-elliott-arm
0135516d55
Merge pull request #4203 from paul-elliott-arm/memsan_fix_build
Fix memsan build with Clang 11
2021-03-09 16:31:31 +00:00
Dave Rodgman
bfe754947c Bump version to 2.26.0
Executed ./scripts/bump_version.sh --version 2.26.0

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-03-09 16:09:18 +00:00
Dave Rodgman
5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Steven Cooreman
1fb691aea9 Remove superfluous check
mac size is previously checked to not be less than 4, so it can't be zero
anymore at this point.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-08 14:00:34 +01:00
Steven Cooreman
cd64093222 Language & code readability updates
No functional/behavioral changes in this commit

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-08 14:00:29 +01:00
Paul Elliott
fb91a48616 Fix memsan build with clang 11
Memsan build was reporting a false positive use of uninitialised memory
in x509_crt.c on a struct filled by an _stat function call. According to
the man pages, the element reported has to be filled in by the call, so
to be safe, and keep memsan happy, zero the struct first.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-05 14:24:03 +00:00
Janos Follath
477a463684
Merge pull request #4168 from stevew817/fix/unreferenced_function_in_ecp_c
Remove unreferenced static functions when ECP_NO_FALLBACK is used
2021-03-05 08:51:13 +00:00
TRodziewicz
9edff740e1 Fix EC J-PAKE failing when the payload is all-bits-zero
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.

Fix #1792

Signed-off-by: TRodziewicz <rodziewicz@gmail.com>
2021-03-04 18:19:48 +01:00
Ronald Cron
bb9cbc7a23 psa: ecdsa: Prefer NOT_SUPPORTED error code
When ECDSA is not supported by the library, prefer
to return NOT_SUPPORTED than INVALID_ARGUMENT when
asked for an ECDSA signature.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 17:43:31 +01:00
Paul Elliott
be165bd32b Code style fixups
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:34:50 +00:00
Ronald Cron
9103d490e8 psa: ecdsa: Rework deterministic support check
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().

This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.

Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Janos Follath
d0b0ba8179
Merge pull request #4173 from gilles-peskine-arm/net_poll-fd_setsize-development
Fix stack corruption in mbedtls_net_poll with large file descriptor
2021-03-04 12:16:33 +00:00
Ronald Cron
566899eefa psa: Remove outdated comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 09:52:03 +01:00
Ronald Cron
cbc135599e psa: wrapper: Remove unnecessary compiler warning workarounds
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 09:46:45 +01:00
Steven Cooreman
31a876da09 Clarify some policy-handling code comments
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 20:47:40 +01:00
Steven Cooreman
f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Paul Elliott
07fa1f1a39 Fix carelessly copy pasted comment
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:21:17 +00:00
Paul Elliott
3ffd13465a Fix constant flow mask maths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:11:32 +00:00
Paul Elliott
88f2eb664f Remove multiplication from conditional assignments
Multiplication is not constant flow on any CPU we are generally
targetting, so replace this with bit twiddling.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 15:31:17 +00:00
Steven Cooreman
4ff9a29686 Check truncation length explicitly
Comparing algorithm with its FULL_LENGTH_MAC version doesn't work in
cases where algorithm is a wildcard. Wildcard input is not specified in
the documentation of the function, but in order to test the function
using the same test as PSA_MAC_LENGTH we're mimicking that behaviour here.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 12:07:20 +01:00
Steven Cooreman
58c94d39ae Make psa_get_mac_output_length testable and test it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Steven Cooreman
7d4b0d778f Reuse PSA_MAC_LENGTH in psa_get_mac_output_length
Avoid code duplication. Also update the guarantees made by the function
doc to match the guarantees given by PSA_MAC_LENGTH.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
5a17267442 Add a note about why key_type is required
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
1ac5ce3b91 Make psa_key_policy_algorithm_intersection MAC-length aware
This makes it more in-line with how psa_key_policy_permits works. It
also adds consistency: the intersection of MAC with default length and
MAC with exact-length is now computed correctly in case the exact length
equals the default length of the algorithm when used with the given
key type.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:39:26 +01:00
Steven Cooreman
15472f8c70 Clean up psa_mac_setup now that we have an output length calculator
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
e538896ad8 Remove unreferenced static functions when ECP_NO_FALLBACK is used
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 10:14:24 +01:00
Paul Elliott
0544d49330 Fix Non CF access to table in base64 decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 19:15:43 +00:00
Paul Elliott
6e152fa362 Optimise unneccesary cf table accesses away
Also fix missed bare access of base_64_dec_map

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 18:33:09 +00:00
Paul Elliott
717ba77e52 Fix incorrect assumptions about the size of size_t
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 17:49:42 +00:00
Steven Cooreman
d788fab4ff Clarify usage of psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
7de9e2db1f Language / verbiage fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
0348802247 Remove generic wildcard checks after review feedback
Applied specific wildcard checks instead.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	library/psa_crypto.c
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
Gilles Peskine
34045c1d6a
Merge pull request #4145 from stevew817/fix_return_code
Return NOT_SUPPORTED according to the API contract for psa_key_derivation_setup
2021-03-01 13:20:50 +01:00
Gilles Peskine
c8dab5b41e Fix sloppy wording around stricly less-than vs less or equal
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:39:21 +01:00
Gilles Peskine
ddf4374879 Fix stack buffer overflow in net functions with large file descriptor
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.

Fix #4169

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Paul Elliott
3e7908189a Fixes for MSVC warnings
Also added a couple of missing comment blocks.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-25 12:28:49 +00:00
Gilles Peskine
2091f3afb7 Fix wrong \file name in Doxygen comments
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 20:29:38 +01:00
Gilles Peskine
b15832160b Make entropy double-free work
Although the library documentation does not guarantee that calling
mbedtls_entropy_free() twice works, it's a plausible assumption and it's
natural to write code that frees an object twice. While this is uncommon for
an entropy context, which is usually a global variable, it came up in our
own unit tests (random_twice tests in test_suite_random).

Announce this in the same changelog entry as for RSA because it's the same
bug in the two modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-23 11:27:03 +01:00
Gilles Peskine
5e40a7cfa0 Fix mutex leak in RSA
mbedtls_rsa_gen_key() was not freeing the RSA object, and specifically
not freeing the mutex, in some error cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
eb94059edd Fix mutex double-free in RSA
When MBEDTLS_THREADING_C is enabled, RSA code protects the use of the
key with a mutex. mbedtls_rsa_free() frees this mutex by calling
mbedtls_mutex_free(). This does not match the usage of
mbedtls_mutex_free(), which in general can only be done once.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
e39b2192e5 Document mutex invariant for HMAC_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
b791dc66ce Fix mutex leak in HMAC_DRBG
mbedtls_hmac_drbg_free() left a mutex in the initialized state. This
caused a resource leak on platforms where mbedtls_mutex_init()
allocates resources.

To fix this, mbedtls_hmac_drbg_free() no longer reinitializes the
mutex. To preserve the property that mbedtls_hmac_drbg_free() leaves
the object in an initialized state, which is generally true throughout
the library except regarding mutex objects on some platforms, no
longer initialize the mutex in mbedtls_hmac_drbg_init(). Since the
mutex is only used after seeding, and seeding is only permitted once,
call mbedtls_mutex_init() as part of the seeding process.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
da290f9bcd Document mutex invariant for CTR_DRBG
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
f4b3429782 Fix mutex leak in CTR_DRBG
mbedtls_ctr_drbg_free() left a mutex in the initialized state. This
caused a resource leak on platforms where mbedtls_mutex_init()
allocates resources.

To fix this, mbedtls_ctr_drbg_free() no longer reinitializes the
mutex. To preserve the property that mbedtls_ctr_drbg_free() leaves
the object in an initialized state, which is generally true throughout
the library except regarding mutex objects on some platforms, no
longer initialize the mutex in mbedtls_ctr_drbg_init(). Since the
mutex is only used after seeding, and seeding is only permitted once,
call mbedtls_mutex_init() as part of the seeding process.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
39a1a26d0b Explain the usage of is_valid in pthread mutexes
Document the usage inside the library, and relate it with how it's
additionally used in the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Dave Rodgman
d6ee36ed04
Merge pull request #4110 from gilles-peskine-arm/psa-external-random-in-mbedtls
Expose the PSA RNG in mbedtls
2021-02-22 14:47:29 +00:00
Ronald Cron
b5399a8346 psa: Rework ECDSA sign/verify support in the transparent test driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
8a494f3ebd psa: Post move adjustments to psa_sign/verify_hash_internal
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
072722ccb0 psa: Move ECDSA sign/verify to PSA ECP specific file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
d1cb91c603 psa: Change psa_ecdsa_sign/verify signature
Change psa_ecdsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_ecp.c ECP specific file.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:12 +01:00
Ronald Cron
d2fb85479a psa: Add RSA sign/verify hash support to the transparent test driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-18 15:45:06 +01:00
Ronald Cron
7bdbca33b2 psa: Move RSA sign/verify hash to the PSA RSA specific file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:52:26 +01:00
Ronald Cron
a99bcc0e17 psa: Change psa_rsa_sign/verify signature
Change psa_rsa_sign/verify signature to that of
a sign/verify_hash driver entry point before to
move them to the psa_crypto_rsa.c RSA specific file.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:52:26 +01:00
Ronald Cron
fce9df2cad psa: Call sign/verify hash software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:52:24 +01:00
Ronald Cron
36f641bd16 psa: Export "internally" mbedtls_md_info_from_psa()
Export mbedtls_md_info_from_psa() from psa_crypto.c
to make it available to psa_crypto_rsa/ecp.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:51:46 +01:00
Ronald Cron
67b1eb309b psa: Export "internally" psa_sign/verify_hash_internal
Export psa_sign/verify_hash_internal from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:51:46 +01:00
Ronald Cron
9f17aa48c2 psa: Change psa_driver_wrapper_sign/verify_hash signature
Change psa_driver_wrapper_sign/verify_hash signature
to that of a sign/verify_hash driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:51:43 +01:00
Ronald Cron
1865993763 psa: sign/verify_hash: Wrap software implementation
Wrap sign/verify_hash software implementation into
psa_sign/verify_hash_internal() functions whose
signature is that of a sign/verify_hash driver
entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:50:19 +01:00
Ronald Cron
99b8ed7fda psa: Prepare sign/verify code for software implementation split
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-17 10:46:07 +01:00
David Brown
1bfe4d7fca Use new PSA builtin defines for CHACHA20
Change the psa_crypto use of the CHACHA20 cipher to also use the new
MBEDTLS_PSA_BUILTIN_KE_TYPE_CHACHA20.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:57 -07:00
David Brown
8107e31b74 Fix 2 endif comments
Two endif comments didn't match the ifdef.  Fix these to match.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:56 -07:00
David Brown
12ca50307f Change some conditionals of PSA to use BUILTIN
Change a few conditionals in the psa library to be based on the
MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES instead of the WANT macros.  Future
additions of HW acceleration will need to be mindful of these
definitions if any of this code is needed in those instances.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:26:20 -07:00
David Brown
7807bf7404 Use proper conditional for software DES
When converting definitions to use the new PSA defines, one erroneously
was conditionalized on the WANT macro instead of on the BUILTIN macro.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
288a96e169 Fix mistyped endif comment
Correct the endif comment to match the condition used in the ifdef.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:34 -07:00
David Brown
0baa7b5e98 Change ifdefs in psa_crypto.c to new WANT macros
There are a few instances of MBEDTLS_*_C (specifically for DES) in
psa_crypto.c.  Change to the PSA_WANT_KEY_TYPE_DES macros to reflect the
new PSA crypto config.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:25:32 -07:00
David Brown
63ca260827 Change psa_crypto.c ifdefs for cipher modes
Change to use the MBEDTLS_PSA_BUILTIN... macros defined by the cipher
modes.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00
David Brown
e04acc271c Use PSA definitions in PSA file
This file will always be used with the PSA configurations, so use the
MBEDTLS_PSA_BUILTIN... definitions for the symmetric cyphers.

Signed-off-by: David Brown <david.brown@linaro.org>
2021-02-16 13:24:19 -07:00