Commit Graph

241 Commits

Author SHA1 Message Date
Gergely Korcsák
a3c2a8f2a2 Fix driver schema json default type requirements
Signed-off-by: Gergely Korcsák <gergely.korcsak@arm.com>
2024-10-10 13:16:32 +02:00
Gilles Peskine
ae8fa71669 Rename internal function psa_key_production_parameters_are_default
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-08-05 15:52:37 +02:00
Gilles Peskine
f9408282e8 Implement psa_generate_key_custom
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`. These functions replace
`psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`.
They have the same functionality, but a slightly different interface:
the `ext` functions use a structure with a flexible array member to pass
variable-length data, while the `custom` functions use a separate parameter.

Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0.
But make them a thin wrapper around the new `custom` functions.

Duplicate the test code and data. The test cases have to be duplicated
anyway, and the test functions are individually more readable this way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-08-05 15:49:22 +02:00
Ronald Cron
aef8cf3b2e Adjust build systems
Adjust build systems such as we can built
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-07-10 08:10:40 +02:00
Antonio de Angelis
700632eca2 Fix #ifdef guard in driver wrapper template
The #ifdef guard in the get_builtin_key() should be
PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for
multiple drivers to be plugged into the wrapper.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-03-22 11:43:19 +00:00
Bence Szépkúti
0719d7c3d8 Update the MSBuild toolset versions to VS2017
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-03-13 11:23:16 +01:00
Bence Szépkúti
fac1122b85 Rename solution files to referece VS2017
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2024-03-13 11:23:16 +01:00
Gilles Peskine
8988767b0e Use attribute accessor functions in driver wrappers
Fully automated:
```
perl -i -pe 's/(\w+)->core\.(\w+)/psa_get_key_$2($1)/g' scripts/data_files/driver_templates/*.jinja docs/psa-driver-example-and-guide.md
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-28 01:29:13 +01:00
Gilles Peskine
092ce51c47 Rename "key generation method" to "key production parameters"
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295

Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-20 16:18:13 +01:00
Gilles Peskine
69f11c8dfb generate key ext: skip driver invocation with non-default method
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():

* Invoke the built-in code if using a non-default method, even if there
  might be an accelerator. This is ok because we only support non-default
  methods for RSA and we don't support driver-only RSA, therefore a
  non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
  driver.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
c81393b2ed generate/derive key ext: pass method_data_length rather than method_length
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:48 +01:00
Gilles Peskine
7a18f9645c psa_generate_key_ext: RSA: support custom public exponent
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-15 11:57:46 +01:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Paul Elliott
0101f479df Remove logically dead code
All paths in both switch statement lead to a return, therefore the
end block in both of these functions can never be reached. Fix this by
making sure the end block is always called (set status rather than just
return), as its safer for future changes. Found by coverity scan.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-10-06 18:08:46 +01:00
Gilles Peskine
16e9256fe8
Merge pull request #8272 from daverodgman/iar-warnings
Fix IAR warnings
2023-09-29 13:11:03 +00:00
Dave Rodgman
9ac0e72386 Undo not-needed change
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 10:39:31 +01:00
Dave Rodgman
ed9c22d533 Remove redundant code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 10:33:49 +01:00
Dave Rodgman
3572bde9c9 Assume get_num_ops cannot fail
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 19:33:15 +01:00
Dave Rodgman
2bc38a6dfe Fix return type
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:15:58 +01:00
Dave Rodgman
9329252620 Fix IAR statement is unreachable warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:14:53 +01:00
Dave Rodgman
321c7e9ed9 Fix error handling in psa_driver_wrapper_xxx_hash_get_num_ops
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:07:25 +01:00
Xiaokang Qian
9e11126a1b Remove useless empty line
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
c23c351732 Remove the UN_USED_DISABLE attribute
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
fe9666b8c0 Change the extension type of the file psa_crypto_driver_wrapper
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
54a4fdfe91 Automaticly generate psa_crypto_driver_wrappers_no_static.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
9345b2e98f Move functions out of the static file
Move get_key_buf_size/get_builtin_key out of
    the psa wrapper auto generated file
Slot_management.c include the head file instead of the source file

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
b7cc2e2d3b Disable unused warning on visual studio and generate files before lib
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
e518eeada9 Move function psa_driver_wrapper_export_public_key out of auto-generated
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:20 +00:00
Xiaokang Qian
077ffc0991 Ensure build of P256 pass
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Xiaokang Qian
5cb930ff8a Surpress the unsed function warnings
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Thomas Daubney
7046468a02 Define the psa wrapper functions as static inline
This is a commit from Thomas Daubney.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-09-26 09:09:06 +00:00
Minos Galanakis
b17410d975 vs2013 templates: Set bcrypt to be the sole dependency.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:22 +01:00
Minos Galanakis
a277b210ff Code style fixes
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-09-25 14:12:21 +01:00
Simon Butcher
769ee65f99 Fix Visual Studio Release|x64 builds
The shipped Visual Studio project files were misconfigured for build
combinations of 64 bit Release builds.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2023-09-25 14:12:21 +01:00
Simon Butcher
949aa8fa3a Remove redundant Visual Studio 6 data files
Visual Studio 6 is no longer supported by the library.

Signed-off-by: Simon Butcher <simon.butcher@arm.com>
2023-09-25 14:12:21 +01:00
Kevin Kane
0ec1e68548 Replace Windows APIs that are banned in Windows Store apps
CryptGenRandom and lstrlenW are not permitted in Windows Store apps,
meaning apps that use mbedTLS can't ship in the Windows Store.
Instead, use BCryptGenRandom and wcslen, respectively, which are
permitted.

Also make sure conversions between size_t, ULONG, and int are
always done safely; on a 64-bit platform, these types are different
sizes.

Also suppress macro redefinition warning for intsafe.h:

Visual Studio 2010 and earlier generates C4005 when including both
<intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants
are redefined. This is fixed in later versions of Visual Studio.
The constants are guaranteed to be the same between both files,
however, so we can safely suppress the warning when including
intsafe.h.

Signed-off-by: Kevin Kane <kkane@microsoft.com>
2023-09-25 14:12:20 +01:00
Gilles Peskine
efaee9a299 Give a production-sounding name to the p256m option
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-20 20:49:47 +02:00
Manuel Pégourié-Gonnard
5edb942708
Merge pull request #8041 from mpg/tfm-p256m
Test TF-M config with p256-m driver
2023-09-20 16:09:56 +00:00
Manuel Pégourié-Gonnard
138bdb6b17 Add comment to p256-m driver JSON file
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:18 +02:00
Manuel Pégourié-Gonnard
92a386f24c Add JSON file for p256-m driver
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-12 09:50:16 +02:00
Dave Rodgman
787011542b Fully replace mbedtls_psa_safer_memcmp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-29 14:20:18 +01:00
Manuel Pégourié-Gonnard
8550e0f746 Remove "export_key" from transparent driver json
Transparent drivers don't have this entry points. Other entry points
that are only for opaque drivers are not listed here but only in the
opaque_driver.json file, so this was likely a mistake.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-08-08 09:39:39 +02:00
Dave Rodgman
90dfc21f6b Shorten encoding of version features
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 17:06:53 +01:00
Aditya Deshpande
ebd624e691 Minor formatting change to driver wrapper jinja template
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
695e44b5a0 Rename p256m to p256 for uniform function/macro prefixes
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Gilles Peskine
802ff1b116
Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers
Remove driver entry points for psa_{get|set}_max_ops()
2023-03-01 10:46:09 +01:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00