d93de32267
Move to computation stage only on successfull setup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-24 08:39:49 +01:00
083745e097
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-23 17:28:23 +01:00
5eff1033b6
Remove redundant checks for jpake alg
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
ce131bf5c5
PAKE driver: fix password releasing
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
80a8849903
Adapt conditional compilation flags for jpake alg
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
a54dc69fe0
mbedtls_psa_pake_setup: move driver password and alg init to the common part
...
Also in the core part change stage to computation after return from psa_driver_wrapper_pake_setup() regardless of the result. At this point driver context is active even if init has failed.
Additionally handle deallocation of password on failure in mbedtls_psa_pake_setup(). The plan was to handle deallocation on core level by calling abort on failure.
Unfortunately in this case when mbedtls_psa_pake_setup() fails with an unsupported result the built-in implementation is executed (if available) and it will reallocate the password leading to the memory leak.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
6b64862ef7
Documentation fixes and code adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
251e86ae3f
Adapt names to more suitable and fix conditional compilation flags
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
6d77830c6a
Remove redundant code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
dff21d3429
Move jpake role check to psa_pake_complete_inputs()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
4fcc61eec0
Optimize psa_pake_ecjpake_setup()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
849c35f8b4
Remove pake abort on failure from driver (handled by core)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
e1d51bf3c9
Optimieze psa_pake_complete_inputs()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
3e784d8981
PSA crypto pake: call abort on each failure
...
Adapt driver hook counters in pake driver test.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
d69dca9fc4
Rework psa_pake_abort
...
- Fix potential issue with freeing password
- Clean operation object even if psa_driver_wrapper_pake_abort fails
- Remove redundant code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
f62b3bb087
Optimization of pake core functions
...
Adapt pake test (passing NULL buffers is not allowed).
Passing the null buffer to psa_pake_output results in a hard fault.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
9dd2440c95
Change pake input: key_lifetime -> key attributes
...
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
d5d28a217f
Use operation alg for locking key slot
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
1c3cfb4fb0
Introduce PSA_PAKE_OPERATION_STAGE_SETUP to optimize out alg checks
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
ff01bc496c
Remove j-pake specific checks from psa_pake_setup
...
mbedtls_psa_pake_setup has already check for PSA_PAKE_PRIMITIVE_TYPE_ECC primitive.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
dde6a910bb
Optimize out psa_pake_computation_stage_t
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
5cbca790f7
Make usage of pake input getters
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
18620a3b1c
Make copy of inputs on stack before passing to psa_driver_wrapper_pake_setup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
ca8d2b2589
Add get-data functions for inputs + tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
7b730175b3
Simplify psa_pake_computation_stage_s structure
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:32 +01:00
b09c487546
Combine core pake computation stage(step,sequence,state) into single driver step
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:31 +01:00
9a5b812aa8
Cleanup the code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:31 +01:00
2797d37424
Split handling of memory allocation for password between core and driver
...
Driver is now responsible for creating its own copy of the password in the setup function.
After calling pake setup driver entry point core frees memory for password.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:31 +01:00
e12ed36a6c
Move JPAKE state machine logic from driver to core
...
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
Now when logic is moved to core information about `alg` is required.
`computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:31 +01:00
be5e27b5ad
Remove redundant code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:31 +01:00
ca67483b15
psa_crypto_pake.h: adapt function descriptions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:30:31 +01:00
51eac53b93
Divide pake operation into two phases collecting inputs and computation.
...
Functions that only set inputs do not have driver entry points.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:25:30 +01:00
061f6949fd
Make psa_get_and_lock_key_slot_with_policy() static function
...
psa_get_and_lock_key_slot_with_policy() becomes public temporarily as part of:
https://github.com/Mbed-TLS/mbedtls/pull/6608
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:25:30 +01:00
0c78180ee5
mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:25:30 +01:00
6c7644150a
Adapt pake impl for driver dispatch
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:25:30 +01:00
2e73649f9c
Add pake psa crypto driver wrappers implementation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-02-22 11:25:30 +01:00
5ae609631e
Move the common parameters check code out of the wrapper
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2023-02-22 11:25:30 +01:00
a7d08c3009
Add PSA PAKE api calling the PAKE wrappers
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2023-02-22 11:25:30 +01:00
7da8c56b84
Add PSA PAKE wrappers
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2023-02-22 11:25:30 +01:00
56b8d23ca1
Add mbedtls_ prefix to PSA PAKE over MbedTLS implementation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2023-02-22 11:25:30 +01:00
ffb92b0789
Merge pull request #7105 from davidhorstmann-arm/fix-oid-printing-bug
...
Fix bugs in OID to string conversion
2023-02-21 23:16:44 +01:00
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
...
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
...
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
a1b2bfff46
Add clarifying comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-02-20 14:45:09 +00:00
5b5a0b618c
Change error codes to more appropriate codes
...
The more precise error codes are borrowed from the ASN1 module.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-02-20 14:24:12 +00:00
ec718afb41
Merge pull request #7051 from gabor-mezei-arm/6376_Secp521r1_fast_reduction
...
Add a raw entry point to Secp521r1 fast reduction
2023-02-20 13:03:12 +00:00
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
...
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
f8e5b56ad8
Fix get_num_ops internal code.
...
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-02-19 18:55:10 +00:00
ac70ad6576
Fix coding style
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2023-02-16 19:31:21 +01:00
fc64352253
Adjust position of empty line
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-02-16 16:23:09 +00:00
