Take also MAC's key types into account when computing the size of the
buffer to store key material in static key slot configuration.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Integrators in a client-server architecture need to provide this function on
the client side.
Fixesmbedtls/issues#10341.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
As the definition of psa_pake_operation_s has
been moved the "xyt_t" structure types can not
be used anymore (defined later).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In crypto_extra.h, move PAKE size calculation macros,
the definition of psa_pake_cipher_suite_s and
psa_pake_operation_s just after PAKE type and values
definitions.
This aligns with the order of crypto header inclusions
in crypto.h: crypto_types.h, then crypto_values.h,
then crypto_sizes.h, and then crypto_struct.h.
Take care of keeping them outside of the pake Doxygen
group as they used to be.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
That way when API are declared, the types they use are defined.
This should resolve the issues related to psa_xyz_init functions
returning a structure described in #7087.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This allows any implementer of the PSA client interface to easily
include this header and therefore function's prototype.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Don't list mechanisms that are not implemented in
`include/psa/crypto_config.h`, even commented out. Uncommenting them
wouldn't help anyway: they don't work. Having them listed, even commented
out, causes `find_dependencies_not_implemented()` in `psa_test_case.py` to
consider those mechanisms to be implemented, and thus causes
`generate_psa_tests.py` to generate test cases that cannot be executed.
The affected mechanisms are:
* `PSA_ALG_CBC_MAC` (`PSA_WANT_ALG_CBC_MAC`)
* `PSA_ALG_XTS` (`PSA_WANT_ALG_XTS`)
* `PSA_ECC_FAMILY_SECP_K1` 224-bit (`PSA_WANT_ECC_SECP_K1_224`)
Also remove the affected mechanisms from configuration adjustment files,
since that is code that can never be triggered.
There were already no generated test cases for SECP224K1 because
`PSA_WANT_ECC_SECP_K1_224` was already detected as a dependency that cannot
be implemented, because that is not a valid size: PSA defines SECP224K1 as
225-bit, and `crypto_knowledge.py` follows suite, so `generate_psa_tests.py`
saw `PSA_WANT_ECC_SECP_K1_225` in its enumeration but skipped it because it
was never mentioned in `crypto_config.h`.
This causes generated PSA tests to no longer include positive test cases for
`PSA_ALG_CBC_MAC` and `PSA_ALG_XTS`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should
not be defined in a public header such as "crypto_extra.h".
"psa_crypto_helpers.h" is a better option.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of skipping some tests when !MBEDTLS_PSA_STATIC_KEY_SLOTS,
add a proper check in the depends_on to verify if
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is actually large enough to contain
the key used in such test.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Move the default definition of MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
from psa_crypto_core.h to the public header crypto_extra.h in order
to solve documentation build issues.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps reducing heap memory usage and, if heap memory is
not used anywhere else in an embedded device, it also reduces
code footprint since there is no need for heap management code
in this case.
A new build symbol is added for this purpose, named
MBEDTLS_PSA_STATIC_KEY_SLOTS. It's disabled by default so that
normal usage of Mbed TLS library is not affected.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
We know it's a thin wrapper around psa_generate_key_custom, so we just need
to check that it's passing the information through, we don't need coverage
of the parameter interpretation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't formally deprecate them because we don't do that in a
long-time support branch. But do point readers away from them.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Replace references to the deprecated functions `psa_generate_key_ext()` and
`psa_key_derivation_output_key_ext()` by their replacements
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`. These functions replace
`psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`.
They have the same functionality, but a slightly different interface:
the `ext` functions use a structure with a flexible array member to pass
variable-length data, while the `custom` functions use a separate parameter.
Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0.
But make them a thin wrapper around the new `custom` functions.
Duplicate the test code and data. The test cases have to be duplicated
anyway, and the test functions are individually more readable this way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Restricting the built-in key range would be an API break since applications
can hard-code a built-in key value and expect that it won't clash with
anything else. Make it harder to accidentally break the API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_psa_register_se_key() is not usable with volatile keys, since there
is no way to return the implementation-chosen key identifier which would be
needed to use the key. Document this limitation. Reject an attempt to create
such an unusable key. Fixes#9253.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PSA buffers and their length should follow a pattern for which
the latter is named after the former as <buffer_name>_length,
but this was not the case for psa_key_derivation_verify_bytes().
This makes life of crypto.h parsers (for automatic code generation)
harder. This commit aims at solving this problem.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Some functions has input parameters which are erroneously
reported as "param[out]" in the documentation. This commit
fixes them.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet. This has led some
projects to include configuration adjustment headers manually, but only
partially or in the wrong order, which can result in silent inconsistencies.
Error out if this happens, with a message mentioning check_config.h since
that's the likely root cause.
```
perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Including *adjust*.h directly is likely to cause them to be applied at the
wrong time, resulting in an invalid or unintended configuration.
Including check_config.h at the wrong time is likely to cause spurious
errors.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Mbed TLS implementations of ALG_TLS12_PRF,
ALG_TLS12_PSK_TO_MS, ALG_HKDF, ALG_HKDF_EXTRACT,
ALG_HKDF_EXPAND and ALG_PBKDF2 rely on HMAC
operations through the driver interface. Thus
if one of these algorithms is enabled and not
accelerated, we need ALG_HMAC to be enabled
(PSA_WANT_ALG_HMAC and PSA_WANT_KEY_TYPE_HMAC
defined). As HMAC operations occur through
the driver interface, HMAC operations can be
accelerated even if the caller algorithm
is not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The `flags` field in `psa_key_attributes_t` was a general mechanism that
only ever got used for a single flag: to indicate that the `slot_number`
field has been set. We have switched to a dedicated indicator for that, so
we can now remove `flags`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `psa_key_attributes_t`, keep track of whether `slot_number` has been set
through a dedicated field, rather than using a flag.
This paves the way to removing `flags`, which is not used for anything else.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The `psa_core_key_attributes_t` structure is no longer used. Remove it.
Switch `psa_key_attributes_t` back to a simple struct, now containing
the fields that were formerly inside its `psa_core_key_attributes_t core`
member. This repairs the build with non-C11 compilers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Access the fields of `psa_key_attributes_t` directly rather than through the
`core` field. This makes the `core` field obsolete.
This commit is fully automated:
```
git ls-files '*.h' '*.c' '*.function' '*.jinja' | xargs perl -l -i -pe '$core = qr/\b(core\b|MBEDTLS_PRIVATE\(core\))/; s/->$core\./->/g; s/&(\w+)\.$core\./&$1./g; s/(\w+)\.$core/$1/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Switch `psa_key_slot_t` to the full `psa_key_attributes_t`, now that this
structure only has psa_core_key_attributes_t`.
To minimize the diff without breaking the build much, temporarily make
`psa_key_attributes_t` contain either the `core` field or all the fields.
This allows both things like `slot->attr.core.type` and `slot->attr.type`
to exist. The build breaks with compilers that don't support anonymous
unions and structs, which are only standard C since C11.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the `slot_number` field of `psa_key_attributes_t` to
`psa_core_key_attributes_t`. This makes ``psa_core_key_attributes_t` core`
the sole field of `psa_key_attributes_t`. This paves the way to unifying
the two structures.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
