The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
Having a non-const `key` parameter was anotherf defect of
mbedtls_ecp_write_key(). Take this opportunity to fix it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Same as mbedtls_ecp_write_key(), but doesn't require the caller to figure out
the length of the output and possibly distinguish between Weierstrass and
Montgomery curves.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit also fixes pk_psa_wrap_sign_ext() setting the RSA padding
mode so that mbedtls_pk_get_psa_attributes() correctly guesses
the PSA alg to be used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- define mbedtls_psa_random_context_t even when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
is defined
- define mbedtls_psa_legacy_get_random as pointer to function instead
of #define to make "check_names" test happy.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The `flags` field in `psa_key_attributes_t` was a general mechanism that
only ever got used for a single flag: to indicate that the `slot_number`
field has been set. We have switched to a dedicated indicator for that, so
we can now remove `flags`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `psa_key_attributes_t`, keep track of whether `slot_number` has been set
through a dedicated field, rather than using a flag.
This paves the way to removing `flags`, which is not used for anything else.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Access the fields of `psa_key_attributes_t` directly rather than through the
`core` field. This makes the `core` field obsolete.
This commit is fully automated:
```
git ls-files '*.h' '*.c' '*.function' '*.jinja' | xargs perl -l -i -pe '$core = qr/\b(core\b|MBEDTLS_PRIVATE\(core\))/; s/->$core\./->/g; s/&(\w+)\.$core\./&$1./g; s/(\w+)\.$core/$1/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that a key slot contains the full `psa_key_attributes_t, the temporary
local variables holding a copy of core attributes read from the slot are no
longer needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Switch `psa_key_slot_t` to the full `psa_key_attributes_t`, now that this
structure only has psa_core_key_attributes_t`.
To minimize the diff without breaking the build much, temporarily make
`psa_key_attributes_t` contain either the `core` field or all the fields.
This allows both things like `slot->attr.core.type` and `slot->attr.type`
to exist. The build breaks with compilers that don't support anonymous
unions and structs, which are only standard C since C11.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the `slot_number` field of `psa_key_attributes_t` to
`psa_core_key_attributes_t`. This makes ``psa_core_key_attributes_t` core`
the sole field of `psa_key_attributes_t`. This paves the way to unifying
the two structures.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Re-restore mbedtls_x509_string_to_names() to public as our example
programs use it, and it is the reverse of mbedtls_x509_dn_gets().
Add a docstring, so that it is a properly documented public function.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
It means that mbedtls_psa_get_random() goes through the PSA interface
all the times. Fallbacks to CTR_DRBG or HMAC_DRBG are still possible,
but that depends on how the crypto provider is built.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Remove the ability to select a custom public exponent via domain parameters
in RSA key generation. The only way to select a custom public exponent is
now to pass custom production parameters to psa_generate_key_ext().
A subsequent commit will remove domain parameters altogether from the API,
thus this commit does not bother to update the documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The setup calls are the only calls to use a key ID.
The key is then copied into the operation object,
all future API calls use the copy instead of the key in the slot.
Simultaneous API calls on the same operation object are not thread-safe.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
