1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Commit Graph

80 Commits

Author SHA1 Message Date
Gilles Peskine
ad04f962f8 p256-m: allow deterministic ECDSA verification
For ECDSA verification, there is no difference between the deterministic and
randomized algorithm. The PSA core consider the two variants as identical as
far as key policies are concerned, and the built-in implementation accepts
either variant even if only the other variant is supported for signature.

In p256-m, accept to perform an ECDSA verification when the algorithm is
specified as deterministic ECDSA. This makes the behavior identical to the
built-in implementation, which is less surprising for users and saves us
from having to cope with a difference in our testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-11-21 09:48:35 +01:00
Gilles Peskine
52504f8568 Rename internal function psa_key_production_parameters_are_default
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-08-06 13:13:05 +02:00
Gilles Peskine
f36d785188 Implement psa_generate_key_custom
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`. These functions replace
`psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`.
They have the same functionality, but a slightly different interface:
the `ext` functions use a structure with a flexible array member to pass
variable-length data, while the `custom` functions use a separate parameter.

Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0.
But make them a thin wrapper around the new `custom` functions.

Duplicate the test code and data. The test cases have to be duplicated
anyway, and the test functions are individually more readable this way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-08-06 13:12:06 +02:00
Antonio de Angelis
700632eca2 Fix #ifdef guard in driver wrapper template
The #ifdef guard in the get_builtin_key() should be
PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for
multiple drivers to be plugged into the wrapper.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-03-22 11:43:19 +00:00
Gilles Peskine
8988767b0e Use attribute accessor functions in driver wrappers
Fully automated:
```
perl -i -pe 's/(\w+)->core\.(\w+)/psa_get_key_$2($1)/g' scripts/data_files/driver_templates/*.jinja docs/psa-driver-example-and-guide.md
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 01:29:13 +01:00
Gilles Peskine
092ce51c47 Rename "key generation method" to "key production parameters"
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295

Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 16:18:13 +01:00
Gilles Peskine
69f11c8dfb generate key ext: skip driver invocation with non-default method
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():

* Invoke the built-in code if using a non-default method, even if there
  might be an accelerator. This is ok because we only support non-default
  methods for RSA and we don't support driver-only RSA, therefore a
  non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
  driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
c81393b2ed generate/derive key ext: pass method_data_length rather than method_length
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
7a18f9645c psa_generate_key_ext: RSA: support custom public exponent
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:46 +01:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Paul Elliott
0101f479df Remove logically dead code
All paths in both switch statement lead to a return, therefore the
end block in both of these functions can never be reached. Fix this by
making sure the end block is always called (set status rather than just
return), as its safer for future changes. Found by coverity scan.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-10-06 18:08:46 +01:00
Gilles Peskine
16e9256fe8 Merge pull request #8272 from daverodgman/iar-warnings
Fix IAR warnings
2023-09-29 13:11:03 +00:00
Dave Rodgman
9ac0e72386 Undo not-needed change
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 10:39:31 +01:00
Dave Rodgman
ed9c22d533 Remove redundant code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 10:33:49 +01:00
Dave Rodgman
3572bde9c9 Assume get_num_ops cannot fail
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 19:33:15 +01:00
Dave Rodgman
2bc38a6dfe Fix return type
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:15:58 +01:00
Dave Rodgman
9329252620 Fix IAR statement is unreachable warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:14:53 +01:00
Dave Rodgman
321c7e9ed9 Fix error handling in psa_driver_wrapper_xxx_hash_get_num_ops
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:07:25 +01:00
Xiaokang Qian
9e11126a1b Remove useless empty line
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
c23c351732 Remove the UN_USED_DISABLE attribute
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
fe9666b8c0 Change the extension type of the file psa_crypto_driver_wrapper
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
54a4fdfe91 Automaticly generate psa_crypto_driver_wrappers_no_static.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
9345b2e98f Move functions out of the static file
Move get_key_buf_size/get_builtin_key out of
    the psa wrapper auto generated file
Slot_management.c include the head file instead of the source file

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
b7cc2e2d3b Disable unused warning on visual studio and generate files before lib
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e518eeada9 Move function psa_driver_wrapper_export_public_key out of auto-generated
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
077ffc0991 Ensure build of P256 pass
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Xiaokang Qian
5cb930ff8a Surpress the unsed function warnings
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Thomas Daubney
7046468a02 Define the psa wrapper functions as static inline
This is a commit from Thomas Daubney.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Gilles Peskine
efaee9a299 Give a production-sounding name to the p256m option
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-20 20:49:47 +02:00
Dave Rodgman
787011542b Fully replace mbedtls_psa_safer_memcmp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-29 14:20:18 +01:00
Aditya Deshpande
ebd624e691 Minor formatting change to driver wrapper jinja template
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
695e44b5a0 Rename p256m to p256 for uniform function/macro prefixes
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Dave Rodgman
bf4016e5d5 Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Gilles Peskine
802ff1b116 Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers
Remove driver entry points for psa_{get|set}_max_ops()
2023-03-01 10:46:09 +01:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00
Paul Elliott
a3b625b0a1 Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Przemek Stekiel
51a677bb30 Remove support for pake opaque driver
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
f62b3bb087 Optimization of pake core functions
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93 Divide pake operation into two phases collecting inputs and computation.
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
e5e41eb14c Remove redundant line (fix rebase error)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
0c78180ee5 mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
4f0035be29 Add guards for buildin pake set_password function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
2e73649f9c Add pake psa crypto driver wrappers implementation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00