3f1606a1f6
Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA.
...
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com >
2022-11-07 09:22:52 +00:00
40c05cc8e4
Newlines at end of file + trim trailing whitespace
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com >
2022-10-14 16:46:51 +01:00
17845b8f71
Add driver wrapper function for raw key agreement, along with test call for transparent drivers.
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com >
2022-10-14 16:46:00 +01:00
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
...
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
...
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
...
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
6ab50762e0
psa_aead_setup: validate tag length before calling driver setup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-10-08 17:54:30 +02:00
86679c7bd8
psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-10-07 08:24:19 +02:00
8a05a646f4
Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-10-06 17:01:58 +02:00
ff1efc9a84
psa_aead_check_nonce_length: Fix unused variable warining
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-10-06 16:53:47 +02:00
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
4c49927bad
Fix unused variables warnings in default + stream cipher only build
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-27 15:04:14 +02:00
b510cd2c50
Fix a copy-paste error - wrong macro used
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-26 10:50:22 -04:00
5603efd525
Improve readability and formatting
...
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-26 10:49:16 -04:00
7763829c5c
Add missing ifdef when calculating operation capacity
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-16 12:24:52 -04:00
3c4c514302
Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-16 07:24:14 -04:00
b093650033
Add proper capacity calculation for EC J-PAKE to PMS KDF
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-16 07:13:00 -04:00
702776f7cc
Restrict the EC J-PAKE to PMS input type to secret
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-16 06:22:44 -04:00
e9b55929dc
Remove useless platform macro redefinitions: automatic part
...
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.
This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-15 20:34:15 +02:00
08d34b8693
Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
...
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978 .
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-14 08:39:26 -04:00
4b5710f8a0
Allow KEY_TYPE_PASSWORD/KEY_TYPE_PASSWORD_HASH to be imported
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-08-31 10:49:18 +02:00
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
...
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
69c4679b22
Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-14 11:13:32 +02:00
75fe3fb1d7
psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-09 14:44:55 +02:00
b57a44bf9b
is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-06 11:26:43 +02:00
cde3f783f5
Make info valid only after secret for HKDF-EXPAND + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-06 11:26:02 +02:00
0586f4c4ea
Make salt mandatory for HKDF-EXTRACT + adapt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-06 11:25:43 +02:00
3e8249cde0
Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-03 16:18:15 +02:00
a29b488296
Optimize code by adding PSA_ALG_IS_ANY_HKDF macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-03 16:18:09 +02:00
459ee35062
Fix typo and style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-02 11:16:52 +02:00
03d948c47f
Refacor code for HKDF-Extract algorithm
...
Solution provided by @mpg.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-19 11:45:20 +02:00
2fb0dcd403
psa_hkdf_input: use more suitable condition and add comments
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-19 10:34:37 +02:00
b398d8693f
Update descryption of HKDF-Extract/Expand algs and fix comment
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-18 15:43:54 +02:00
3e56130fb9
psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
...
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.
The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.
Fixes #5735 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-05-16 19:37:54 +02:00
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-05-11 21:25:54 +01:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
17520fe2c5
PSA: Add support for HKDF-Extend and HKDF-Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-11 12:17:03 +02:00
b743d95051
Do not erase input key in psa_tls12_prf_psk_to_ms_set_key()
...
When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct
but the following derivations output data is incorrect.
This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key()
since commit 03faf5d2c103faf5d2c1narmstrong@baylibre.com >
2022-05-04 11:06:22 +02:00
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
...
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
4e47a91d2e
Fix indentation issues
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-21 11:53:57 +02:00
03faf5d2c1
psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-21 11:53:57 +02:00
937b90febf
Add null check for pms allocation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-21 11:53:57 +02:00
e47201b34a
rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-21 11:53:57 +02:00
2503f7e4cb
Handle empty other secret when passed with input bytes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-21 11:53:57 +02:00
d7a28646bc
psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-12 11:27:00 +02:00
a7695a2d76
psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-12 11:27:00 +02:00
c8fa5a1bdd
psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-12 11:26:47 +02:00
e3ee221893
Free other secret in tls12_prf context
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-07 15:41:56 +02:00
23650286ac
Add psa_tls12_prf_set_other_key() function to store other secret input
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-07 15:41:46 +02:00
a9b6c8074a
Fix psa_mac_verify() returning BUFFER_TOO_SMALL
...
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-05 15:03:39 +02:00
