This commit also fixes test_suite_psa_crypto_util.data due to the
change in one of the return values.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Relies on get_and_lock_X being thread safe.
There are two mutex locks here, one in psa_get_and_lock...
Linearization point is the final unlock (or first lock on failure).
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
There are two mutex locks here, the one performed in get_and_lock.. and the one performed outside.
Linearizes at the final unlock.
(This function is deprecated)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The goal is to remove usage of PK return values in order to
completely eliminate that dependency.
This commit also updates pkparse and test_suite_x509parse to
align with this change in return values.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit makes the code arguably slightly simpler and fixes the build
with clang -Wimplicit-fallthrough. No intended semantic change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This isn't officially supported, but it's convenient to build the library
this way for quick testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add code and unit tests for MBEDTLS_PK_ECxxx in
mbedtls_pk_get_psa_attributes().
This commit only supports built-in ECC (MBEDTLS_ECP_C). A subsequent commit
will handle driver-only ECC.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This avoids a possible gotcha when if the application code reuses an
existing attribute structure.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use new functions from the RSA module to parse and write
private and public keys in PKCS#1 format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These functions are meant to be used internally, so their prototype
declaration is kept into rsa_internal.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
