After a call to psa_get_key_attributes() to retrieve
the attributes of a key into a psa_key_attributes_t
structure, a call to psa_reset_key_attributes() is
mandated to free the resources that may be
referenced by the psa_key_attributes_t structure.
Not calling psa_reset_key_attributes() may result in
a memory leak.
When a test function calls psa_get_key_parameters()
the associated key attributes are systematically
reset in the clean-up part of the function with a
comment to emphasize the need for the reset and make
it more visible.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename functions to get a key slot:
. to make their naming more consistent
. to emphasize that those functions set a lock on the
key slot they return to protect it from being wiped
out and re-used while some part of the library
is accessing it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move the return of the identifier of a created key from
psa_start_key_creation() to psa_finish_key_creation().
That way in case of creation error, it is less likely to
return the identifier that was temporarily assigned to
the key while trying to create it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Decrement the slot access count in psa_finish_key_creation()
when the finalization succeeds instead of in functions calling
psa_finish_key_creation(). That way the decrementation cannot
be forgotten and it reduces the code size.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Special handling of volatile key identifiers is not
needed eventually, they can be handled just as
key identifier in the vendor range.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In case of a volatile key identifier, no need to check first
the validity of the key identifier, a volatile key identifier
is valid.
Move to a forward search for non-volatile key identifiers as
now key slots with small index are allocated first by
psa_get_empty_key_slot().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In cmake version < 3.0, the SOURCES property on targets cannot be
modified after the target is defined. There are several instances in
the code that were using `target_properties()`, which is not available
in the older versions of cmake. Unfortunately, the workaround in #3801
(381c1078fc) assumes that this SOURCES property can be modified.
Work around this by building up any necessary sources before declaring
the target. This is more awkward, but needed to continue to be able to
support the old versions of cmake.
Fixes#3788.
Signed-off-by: David Brown <david.brown@linaro.org>
Moved new check_crypto_config.h file from include/psa to library
directory and the file is now included from *.c instead of the
crypto_config.h file. Fixed guards in PSA crypto library based
on review comments for new PSA crypto config features.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Complement to 0a8352b4: peer_pmslen is not initialized when decryption
fails, so '|= peer_pmslen' may access uninitialized memory, as indicated
by Frama-C/Eva.
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: André Maroneze <maroneze@users.noreply.github.com>
Simplify the guards on MBEDTLS_ERROR_C and MBEDTLS_ERROR_STRERROR_DUMMY.
No longer include superfluous headers and definition: platform.h is
only needed for MBEDTLS_ERROR_C; time_t is not needed at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PSA_WANT_xxx is useful regardless of how the symbols are defined:
explicitly (with MBEDTLS_PSA_CRYPTO_CONFIG) or implicitly (without
MBEDTLS_PSA_CRYPTO_CONFIG).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was one lingering MBEDTLS_MD_C that needed to be removed since
it is no longer needed.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Moved from doing the dependency checks for MBEDTLS_PSA_BUILTIN to
checking the PSA_WANT macros for the dependency checks. This required
moving the file into the include/psa directory and having the file be
included by crypto_config.h instead of config_psa.h.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
Revised the placement of various new MBEDTLS_PSA_BUILTIN_xxx
guards based on review comments. Corrected guards in psa
test driver to use _ACCEL version instead of _BUILTIN version.
Updated check_config_psa.h to include additional dependency checks
for more algorithms. Renamed some of the new tests to be a little
more clear on the purpose.
Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
For consistency across the code base, prefer
persistent over permanent to qualify a key
stored in persistent storage.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When looking for an empty key slot to store
the description of a key, if all key slots
are in use, reuse the first encountered
and unaccessed key slot containing the
description of a permanent key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When psa_close/destroy/purge_key is called, do not
reset a key slot containing the description
of a persistent key if it is currently accessed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add a counter of unaccessed slots and use it
in tests to check that at the end of PSA tests
all key slot are unaccessed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add key slot access counter to be able to
state if a key slot containing the description
of a permanent key can be reset or reset
and re-used.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The identifier of keys created/registred should be in
the application range.
This is by spec for key creation.
This may change for registered key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The lifetime of key attributes now encodes whether a key is
volatile/persistent or not AND its location.
Fix PSA code where the fact that the lifetime encodes
the key location was not taken into account properly.
Fix the impacted tests and add two non regression tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>