730dea31cb
Rewrite incorrect description of psa_exercise_key
...
And clarify our potential use of it as a starting point for writing
memory poisoning tests from scratch.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 20:35:35 +01:00
6c51207602
Add notes about configuration of poisoning tests
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 20:25:14 +01:00
8f905c289d
Add reference to test hooks in detailed design
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 20:08:38 +01:00
806055edbf
Refactor note on preferred poison-test approach
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 19:53:30 +01:00
52df620736
Use ASan for memory poisoning as well as Valgrind
...
Also add information about ASan from Microsoft docs.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 19:49:00 +01:00
c61ddb2089
Add C language annotation to code block
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 19:18:50 +01:00
cbf068dbee
Fix broken reference
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 19:03:10 +01:00
f889e0fa0a
Replace vague 'above' with a reference for ease-of-navigation
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 19:01:21 +01:00
ded14a2c02
Add example wrapper function implementation
...
Give an example wrapper foir psa_aead_update for the transparent testing
option.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 18:58:41 +01:00
16dac00cb9
Add skeleton of detailed design rewrite
...
In light of choosing Valgrind/ASan over mprotect()-based poisoning,
update the detailed design of copy validation.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-23 18:57:01 +01:00
be868347f4
Rewrite design exploration of copy validation
...
Main changes:
* New tests are easier to write than first stated
* Use of existing tests is ledd beneficial
* But using existing tests is a benefit if it can be done transparently
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-20 19:25:11 +01:00
51fc6cf378
Explore sanitizers for memory poisoning
...
Consider MSan, ASan and Valgrind as options for implementing memory
poisoning tests. Come to the altered conclusion that Valgrind is the
best option.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-20 18:40:15 +01:00
17b3716c5a
Tweak compiler optimization evaluation section
...
* Remove references to the platform - this is unlikely to affect whether
copies are optimized.
* Note that the evaluation should test extreme optimisation settings.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-20 18:39:14 +01:00
4e54abf182
Add section on possible use of Valgrind tracing
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-19 17:59:45 +01:00
05ca3d9a1b
Expand design for validation of careful access
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-19 16:45:37 +01:00
a72b4ca734
Modify optimize-testing instructions
...
Mention -flto and whole-program optimization as this is the most
important aspect.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-19 15:22:15 +01:00
3f7e42a750
Move implementation by module table earlier
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-19 15:14:50 +01:00
dae0ad439f
Add more detail in design of memory poisoning
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-19 15:12:34 +01:00
0bd87f5959
Change unsigned int to uint8_t
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-19 13:45:21 +01:00
23661cc232
Detailed design of memory protection strategy
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-10-18 18:20:33 +01:00
df62f1a010
Merge pull request #1106 from gilles-peskine-arm/psa-shared-buffers-requirements
...
PSA shared buffers requirements
2023-10-17 20:38:00 +02:00
8ebeb9c180
Test for read-read inconsistency with mprotect and ptrace/gdb
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-16 18:37:02 +02:00
87889ebe86
Fix editorial error with semantic consequences
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-16 15:40:02 +02:00
a3ce6437bf
Typos
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-16 15:39:37 +02:00
1f2802c403
Suggest validating copy by memory poisoning
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 21:49:17 +02:00
6998721c69
Add a section skeleton for copy bypass
...
It's something we're likely to want to do at some point.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 20:05:32 +02:00
7bc1bb65e9
Short explanations of what is expected in the design sections
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 20:05:25 +02:00
35de1f7a7d
Distinguish whole-message signature from other asymmetric cryptography
...
Whole-message signature may process the message multiple times (EdDSA
signature does it).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 20:04:16 +02:00
9cad3b3a70
Design change for cipher/AEAD
...
There are many reasons why a driver might violate the security requirements
for plaintext or ciphertext buffers, so mandate copying.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 20:03:18 +02:00
2859267a27
Clarify terminology: built-in driver
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 20:02:00 +02:00
db00543b3a
Add a section on write-read feedback
...
It's a security violation, although it's not clear whether it really needs
to influence the design.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 19:57:53 +02:00
352095ca86
Simplify the relaxed output-output rule
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 19:56:22 +02:00
60c453ee72
Expand explanations of the vulnerabilities
...
Add a few more examples.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 19:07:56 +02:00
8daedaeac9
Fix typos and copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-13 18:47:29 +02:00
f7806ca782
Analyze requirements for protection of arguments in shared memory
...
Propose a dual-approach strategy where some buffers are copied and others
can remain shared.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-12 16:00:11 +02:00
bb5d907aa9
Automatically pick up all Markdown files
...
Assume GNU make. We already do with the toplevel makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-11 20:47:44 +02:00
32743619a2
Merge pull request #8114 from yanesca/threading_requirements_update
...
Refine thread safety requirements
2023-10-09 11:22:59 +00:00
db3035b8bc
Fix a typo in psa-crypto-implementation-structure.md
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-09-26 09:09:20 +00:00
76e55a20dd
Change the documenti about psa_crypto_driver_wrappers.c{h}
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-09-26 09:09:20 +00:00
1198e43644
Change the description of auto-generated driver dispatch files
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-09-26 09:09:20 +00:00
845693c513
Change comments to psa_crypto_driver_wrappers.h
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-09-26 09:09:20 +00:00
b4527fbd82
Add clarifications to the threading requirements
...
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-08-31 14:01:24 +01:00
b6954730f0
Fix typo
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-08-31 13:54:21 +01:00
35633dd977
Add threading non-requirement
...
State explicitly the non-requirement that it's ok for psa_destroy_key to
block waiting for a driver.
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-08-31 08:31:19 +01:00
15d9ec29be
Improve thread safety presentation
...
- Use unique section titles so that there are unique anchors
- Make list style consistent between similar sections
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-08-31 08:22:21 +01:00
0385c2815c
Tighten thread safety requirements
...
We shouldn't violate the requirement that the key identifier can be
reused. In practice, a key manager may destroy a key that's in use by
another process, and the privileged world containing the key manager and
the crypto service should not be perturbed by an unprivileged process.
With respect to blocking, again, a key manager should not be blocked
indefinitely by an unprivileged application.
These are desirable properties even in the short term.
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-08-30 16:44:04 +01:00
7ec993d804
Refine thread safety requirements
...
Split and refine short term requirements for key deletion.
Signed-off-by: Janos Follath <janos.follath@arm.com >
2023-08-23 16:04:48 +01:00
33291ba35f
Merge pull request #5538 from gilles-peskine-arm/psa-thread_safety-doc
...
PSA thread safety requirements
2023-08-10 16:21:55 +02:00
9aa93c8e78
Added a note about new primitives for secure destruction
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-08-07 16:32:09 +02:00
584bf985f5
Elaborate on psa_destroy_key requirements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-08-07 16:29:19 +02:00
