Commit Graph

723 Commits

Author SHA1 Message Date
Ronald Cron
e907e55f39 psa: export: Check output buffer size earlier
Check output buffer size before doing anything
that requires a clean-up if a failure happens.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:38:50 +01:00
Ronald Cron
fb2ed5bb05 psa: import: Move registered SE support to the driver wrapper
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
bf33c93717 psa: Call import software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
a0fe59f738 psa: Export internally psa_import_key_into_slot()
Export psa_import_key_into_slot from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
2ebfdcce0e psa: Change psa_import_key_into_slot() signature
Change psa_import_key_into_slot() signature to the signature
of an import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
dd04d423b5 psa: import: Move key buffer allocation
Move key buffer allocation from psa_import_key_into_slot()
function up to the two functions calling it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
d6ec3035a4 psa: Move ECP key import to psa_crypto_ecp.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
b14dbbeb92 psa: Rename ECP key import function
Rename ECP key import function before to move
it to psa_crypto_ecp.c to adapt to the naming
of exported functions in psa_crypto_ecp.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
79cc548cf2 psa: Change psa_import_ecp_key() signature
Change psa_import_ecp_key() signature to the signature of an
import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
13f8b098cb psa: ecp: import: Move key buffer allocation
Move key buffer allocation from ECP specific
importation function up to psa_import_key_into_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
abf2aef90f psa: Move RSA key import to psa_crypto_rsa.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
b6420e3797 psa: Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key
Rename psa_import_rsa_key to mbedtls_psa_rsa_import_key to
align its name with the naming conventions of exported
functions in psa_crypto_rsa.c.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
4f2a7f0190 psa: Change psa_import_rsa_key() signature
Change psa_import_rsa_key() signature to the signature of an
import_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
8f813ee8d8 psa: rsa: import: Move key buffer allocation
Move key buffer allocation from RSA specific
importation function up to psa_import_key_into_slot().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
e5ca3d8533 psa: Move RSA/ECP export code to RSA/ECP specific C file
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
152e3f82e7 psa: export: Move registered SE support to the driver wrapper
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
672279829a psa: Call export software implementation as a driver
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
7285cda387 psa: Export internally psa_export_(public_)key_internal
Export psa_export_(public_)key_internal from psa_crypto.c
to make it available to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
d18b5f84c6 psa: Change psa_export_(public_)key_internal signature
Change psa_export_(public_)key_internal signature to
the signature of an export_(public_)key driver entry
point.

This is a preparatory commit to be able to call the
software implementations as a driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
9486f9d8f0 psa: Disentangle public export and export code
Disentangle public export and export code to be
able to move the call to export and public
export operations to the driver wrapper.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
200a52c246 psa: Align naming of export internal functions
Align naming of export internal functions with the way
other psa_crypto.c internal functions are named, ending
with _internal.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
00b7bfc2c4 psa: Move xxx_load_representation functions to RSA/ECP specific modules
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:08 +01:00
Ronald Cron
3c8ca3ad00 psa: Rename psa_export_rsa/ecp_key to mbedtls_psa_rsa/ecp_export_key
Rename psa_export_rsa/ecp_key to
mbedtls_psa_rsa/ecp_export_key before to move them to
RSA/ECP specific PSA crypto C files.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
9085708371 psa: Rename psa_load_rsa/ecp_representation
Rename psa_load_rsa/ecp_representation to
mbedtls_psa_rsa/ecp_load_representation
before to move them in their RSA/ECP
specific PSA crypto C modules.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
84cc99420c psa: Change psa_driver_wrapper_export_public_key() signature
Change psa_driver_wrapper_export_public_key() signature
to the signature of an export_public_key driver entry point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
8328287956 psa: Move from validate_key to import_key entry point
In the course of the development of the PSA unified
driver interface, the validate_key entry point for
opaque drivers has been removed and replaced by an
import_key entry point. This commit takes into account
this change of specification.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Ronald Cron
ea0f8a6d1a psa: se: Create key context in SE key slots
In key slots containing the description of a key of a
dynamically registered Secure Element (SE), store the
key slot number in a key context as defined in the
PSA driver interface for opaque drivers.

That way transparent key data and slot numbers are
, in a key slot, both stored in a dynamically allocated
buffer. The `data` union in structures of type
psa_key_slot_t to distinguish between the storage of
transparent key data and slot numbers is consequently
not necessary anymore and thus removed.

This alignement of some part of the code dedicated to
dynamically registered SE with the PSA driver interface
specification is done to ease the support of both
dynamically registered and statically defined secure
elements.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-02-02 11:29:07 +01:00
Janos Follath
a209f34faf
Merge pull request #3996 from stevew817/feature/allow_reading_external_keys
Allow loading external wrapped keys
2021-01-29 13:34:11 +00:00
Ronald Cron
318515b384
Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0
2021-01-29 09:31:59 +01:00
gabor-mezei-arm
cbcec21684
Rename output buffer size macros
Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-01-21 13:17:25 +01:00
Steven Cooreman
ac3434fc19 Apply review feedback
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-15 20:43:23 +01:00
Steven Cooreman
98435ddf84 Allow loading wrapped keys even when SE support is compiled in
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-01-11 11:33:10 +01:00
Gilles Peskine
dbf6896c82 mbedtls_to_psa_error: prefer dispatching on the low-level error
When an Mbed TLS error code combines a low-level error and a
high-level error, the low-level error is usually closer to the root
cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more
informative than RSA_PRIVATE_FAILED). So prioritize the low-level code
when converting to a PSA error code, rather than the high-level code
as was (rather arbitrarily) done before.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 20:04:23 +01:00
Gilles Peskine
40d8160c8e mbedtls_to_psa_error: fix a copypasta and a missing translation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 18:22:40 +01:00
Gilles Peskine
a51e1dbe76
Merge pull request #3895 from gilles-peskine-arm/psa-external-random
Alternative random generator support for PSA
2021-01-06 17:09:11 +01:00
Gilles Peskine
73d783244f
Merge pull request #3969 from frestr/bugfix/psa_close_key_leak
PSA Crypto: Don't skip key data removal when SE driver is not in use
2021-01-05 16:55:52 +01:00
Gilles Peskine
9c3e060253 Explain the design of mbedtls_psa_get_random better
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 16:03:55 +01:00
Gilles Peskine
0c59ba88cb Fix the error detection in psa_generate_random
If a call to mbedtls_psa_get_random other than the last one failed,
this went undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-05 14:10:59 +01:00
Gilles Peskine
71ddab9154 Simplify the chunk loop in psa_generate_random
Make the code slightly more readable and slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-04 21:01:07 +01:00
Fredrik Strupe
462aa575a4 PSA Crypto: Don't skip key data removal when SE driver is not in use
Closing a wrapped key with the new SE driver interface while
MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not
being freed, even though an old SE driver is not in use, leading to a
memory leak. This is because a wrapped key is also considered external.

This commit extends the check for skipping by checking whether an
old-style SE driver is registered with the provided slot, in addition to
checking whether the key is external.

Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>
2020-12-17 11:05:36 +01:00
Gilles Peskine
b2b64d3642 Rename psa_crypto_random.h to psa_crypto_random_impl.h
Make it clear that this is an abstraction of the random generator
abstraction, and not an abstraction of the PSA random generator.

mbedtls_psa_get_random and MBEDTLS_PSA_RANDOM_STATE are public-facing
definitions and will be moved in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 16:43:58 +01:00
Gilles Peskine
8814fc4a34 Make mbedtls_psa_get_random more usable outside psa_crypto.c
In the external RNG case, don't make mbedtls_psa_get_random() a
static inline function: this would likely result in identical
instances of this function in every module that uses it. Instead, make
it a single function with external linkage.

In the non-external case, instead of a trivial wrapper function, make
mbedtls_psa_get_random a constant pointer to whichever DRBG function
is being used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 15:33:44 +01:00
Gilles Peskine
5894e8e7a4 Replace mbedtls_psa_random_state( ... ) by MBEDTLS_PSA_RANDOM_STATE
Hide the obtention of the pointer to the RNG state behind a macro.

To make it possible to use this macro in a module other than
psa_crypto.c, which will happen in the future, make sure that the
definition of the macro does not reference internal variables of
psa_crypto.c. For this purpose, in the internal-DRBG case, export a
symbol containing the address of the DRBG state.

When the RNG state is a pointer a DRBG state, just keep this pointer
in a variable: there's no need to store a pointer to a larger structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 14:57:24 +01:00
Gilles Peskine
2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti
cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Bence Szépkúti
1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
John Durkop
6ca2327150 Update guards for ALG_SHA_224 and ALG_SHA_384 in crypto library
The previous revision of guards around SHA_224 and SHA_384 were not
correct. This set of changes ensures the proper code is available
when SHA_224 and SHA_384 are enabled for use.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-12-03 06:07:04 -08:00
John Durkop
d62b678473 Minor updates to address review comments
Removed unecessary checks on the ALG_SHA_224 and ALG_SHA_384 since
those are handled in config_psa.h by ensuring the correct _C is
included. Reformatted config_psa.h to be alphabetical and made the
assignments line up correctly for consistency. Fixed the guards
for ALG_SHA_224 and ALG_SHA_384 to be correct in the crypto library
source.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-30 21:06:05 -08:00
John Durkop
ee4e6602bd Use new MBEDTLS_PSA_BUILTIN_ macros for hashes in crypto library
This set of changes converts all the previous MBEDTLS_*_C guards in
the crypto library to use the new MBEDTLS_PSA_BUILTIN_ guards for
hash algorithms.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
2020-11-27 08:48:46 -08:00
Gilles Peskine
bee96c8db9 Explain the conditions for checking DRBG error codes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-11-23 21:00:09 +01:00