mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-20 21:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,379 Commits 172 Branches 263 Tags
Commit Graph

1469 Commits

Author SHA1 Message Date
Thomas Daubney
81899aba11 Add buffer protection to psa_raw_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 12:57:26 +00:00
David Horstmann
b539126670
Merge pull request #1156 from Ryan-Everett-arm/key-derivation-buffer-protection 
Add buffer copying to the Key Derivation API
 2024-02-15 11:54:20 +00:00
Thomas Daubney
d2411565ce Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
dedd1006b6 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
51ffac9f40 Implement buffer copy code in psa_hash_compare 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
31d8c0bdb4 Make new internal function static 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
1c5118e58c Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Ryan Everett
ee5920a7d5
Fix error path in psa_key_derivation_output_bytes 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 15:09:28 +00:00
Ryan Everett
5d2e82f0ce Guard memcpy so that it won't fail on null input pointer 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
b41c3c9582 Guard the exit to stop unused label warning 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
da9227de7c Fix psa_key_derivation_output_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
f943e22bb9 Protect key_derivation_output_bytes 
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Ryan Everett
d1e398c374 Protect psa_key_derivation_input_bytes 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-07 17:32:16 +00:00
Dave Rodgman
e883870cc7
Merge branch 'development-restricted' into update-development-r 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-02 18:03:29 +00:00
Ryan Everett
35f68533d8 Conditionally guard exit label to deter unused label error 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
b1d2c67ee0 Protect buffer in psa_export_public_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
45ac526592 Protect the buffer in psa_export_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Ryan Everett
f028fe195b Protect buffer in psa_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-02 10:33:09 +00:00
Thomas Daubney
3e65f52130 Conditionally guard exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:37:25 +00:00
Thomas Daubney
4f8847bb5d Implement safe buffer copying in asymmetric signature API 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric signature API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-01-30 12:17:54 +00:00
Dave Rodgman
047c724c22 Merge remote-tracking branch 'restricted/development-restricted' into update-development-r 
Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh
 2024-01-26 12:42:51 +00:00
Gabor Mezei
1882c51cb3
Add allocate and copy style output buffer handling 
Add a new macro `LOCAL_OUTPUT_ALLOC_WITH_COPY` to support the output buffer
handling of the multipart operations like `psa_cipher_update`. This will
allocate a local buffer and copy the content of the original buffer.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-01-24 13:51:33 +01:00
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461 
psa_asymmetric_encrypt() doesn't work with opaque driver
 2024-01-22 08:43:08 +00:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340 
Export the mbedtls_md_psa_alg_from_type function
 2024-01-18 13:58:55 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764 
Conversion function from ecp group to PSA curve
 2024-01-18 10:28:55 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states 
Implement the new key slot state system within the PSA subsystem.
 2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation 
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
 2024-01-17 14:12:33 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:40:29 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:27:58 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong 
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION 
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:35 +00:00
Valerio Setti
5bb454aace psa_crypto: allow asymmetric encryption/decryption also with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 10:43:16 +01:00
Valerio Setti
d36c313b53 psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Valerio Setti
ddba51e6c9 psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa" 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598 
[G5] Make block_cipher work with PSA
 2024-01-08 08:07:53 +00:00
Ryan Everett
1b70a07eca Replace psa_unlock_key_slot calls in operations which act on FULL slots 
Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read.

All instances follow a pattern of a call to psa_get_and_lock_key_slot_X,
followed by some code which reads from a slot, followed by a call to psa_unregister_read.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-04 16:57:48 +00:00
Ryan Everett
c70ce576bd Update psa_destroy_key, psa_purge_key and psa_close_key 
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-04 16:57:48 +00:00
Ryan Everett
098c6659ad Update psa_get_and_lock_key_slot_X functions 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-04 16:57:48 +00:00
Ryan Everett
b69118ebd0 Update key creation functions to use the new key slot states 
Update psa_start_key_creation,
psa_finish_key_creation and psa_fail_key_creation.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-04 16:57:48 +00:00
Ryan Everett
aa33c512cc Update psa_wipe_key_slot 
Change psa_wipe_key_slot to use the new state system.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-04 16:57:48 +00:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 13:27:32 +01:00
Valerio Setti
1fff4f2012 psa: add key_type as input parameter of psa_can_do_cipher() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:17 +01:00
Manuel Pégourié-Gonnard
cddab78612
Merge pull request #8630 from joerchan/mbedtls-tfm-compat 
Mbedtls tfm compat
 2023-12-15 09:31:27 +00:00
David Horstmann
62a56d966d Tweak the behaviour of copy handling macros 
Specifically:
* Move the creation of the pointer to the copied buffer into the
  DECLARE() macro, to solve warnings about potentially skipping
  initialization.
* Reorder the arguments of the FREE() macro - having a different order
  made it confusing, so keep the order the same throughout.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-14 18:16:02 +00:00
Valerio Setti
c6f004f0e2 psa_crypto: add internal helper to signal that cipher driver is ready 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
David Horstmann
36df4b24d4 Redesign local copy handling macros 
* Separate initialization from allocation.
* Rewrite description of macros to fit the new interface.
* Use a longer name to store the local copy objects, to reduce the risk
  of shadowing.
* Use different names for the original and the copy. Append the suffix
  '_external' to the original argument and use the previous name
  for the copy.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-14 16:09:00 +00:00
Joakim Andersson
b349108b99 library: Move mbedtls_ecc helper functions to psa_util 
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
 2023-12-14 13:55:11 +01:00
Manuel Pégourié-Gonnard
1f67363d6a
Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa 
Add test for driver-only RSA (crypto only)
 2023-12-14 11:05:55 +00:00
David Horstmann
5a945f584e Put local output status in scope 
This means that a unique name is no longer needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-13 14:09:08 +00:00
David Horstmann
d57c0731c9 Remove spaces around token-pasting macro operator 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-13 14:03:40 +00:00