Commit Graph

32561 Commits

Author SHA1 Message Date
Waleed Elmelegy
4cffd5d4f3 Add implementaion for psa_export_public_key_iop_complete()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
2cfce63fe6 Fix status variable type in mbedtls_psa_ecp_export_public_key_iop_setup()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
af2595b4a7 Add implementation for mbedtls_psa_ecp_export_public_key_iop_complete()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Waleed Elmelegy
c1fc136b14 Add Header for mbedtls_psa_ecp_export_public_key_iop_complete()
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-12-09 18:12:16 +00:00
Gilles Peskine
c3e0e8fe97 Fix copypasta
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
e7e704ac83 p256-m: allow deterministic ECDSA verification
For ECDSA verification, there is no difference between the deterministic and
randomized algorithm. The PSA core consider the two variants as identical as
far as key policies are concerned, and the built-in implementation accepts
either variant even if only the other variant is supported for signature.

In p256-m, accept to perform an ECDSA verification when the algorithm is
specified as deterministic ECDSA. This makes the behavior identical to the
built-in implementation, which is less surprising for users and saves us
from having to cope with a difference in our testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
de7aae1ba0 PSA interruptible sign/verify: detect unsupported mechanism in start
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
27c604af08 Add missing resource cleanup on test failure
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
eafc2751e6 Fix edge case with half-supported ECDSA (manual test cases)
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.

In this commit:

* Add manually written not-supported test cases for the signature
  operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
  operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
  (https://github.com/Mbed-TLS/mbedtls/issues/9592).

A commit in the framework will take care of automatically generated test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
070fbca351 Add some missing test case dependencies
Following "PSA sign/verify: more uniform error on an unsupported hash", some
error cases are detected earlier, so there is some sloppiness in test case
dependencies that is not longer acceptable.

* In test_suite_psa_crypto, one test case for a hash+sign algorithm now
  returns NOT_SUPPORTED rather than INVALID_ARGUMENT when the hash is not
  supported and the key is invalid.
* In test_suite_psa_crypto_se_driver_hal_mocks, some test cases now error
  out before reaching the mocks rather than after when they attempt to
  use an unsupported hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
8a4ff2f338 import_not_supported: edge case of unsupported curves
Allow imports of an ECC public key on an unsupported curve to return
INVALID_ARGUMENT rather than NOT_SUPPORTED. This can happen in our library
code in edge cases when only certain curve families are supported, and it's
acceptable.

The new code does not trigger yet, but it will be useful for a future commit
"Do run not-supported test cases on not-implemented mechanisms"
(forward port of 995d7d4c15).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Gilles Peskine
c5f518357d PSA sign/verify: more uniform error on an unsupported hash
Uniformly return PSA_ERROR_NOT_SUPPORTED if given an algorithm that includes
a hash, but that hash algorithm is not supported. This will make it easier
to have a uniform treatment of unsupported hashes in automatically generated
tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-12-09 18:31:59 +01:00
Elena Uziunaite
827e2a9391 Update submodule
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:36:38 +00:00
Elena Uziunaite
9f5487406d Adapt paths for scripts/quiet
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:35:04 +00:00
Elena Uziunaite
d92e24e83f Adapt paths for output_env.sh
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:35:04 +00:00
Elena Uziunaite
7b51437f8c Move files out of Mbed TLS
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-12-09 15:35:04 +00:00
Ronald Cron
2ce86b0a1b
Merge pull request #9792 from gabor-mezei-arm/9157_minimal_tf_psa_crypto_config.py
Minimal `config.py` for TF-PSA-Crypto
2024-12-09 11:47:12 +00:00
Manuel Pégourié-Gonnard
4a8e8f84d9
Merge pull request #9666 from Harry-Ramsey/remove-obsolete-ci-scripts-development
Remove obsolete CI Scripts
2024-12-09 10:49:45 +00:00
Gabor Mezei
d1a5bb22ce
Update framework
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-09 10:29:31 +01:00
Ronald Cron
a13d4049ba
Merge pull request #9717 from Harry-Ramsey/move-programs-psa-tf-psa-crypto-development
Move programs/psa to tf-psa-crypto
2024-12-09 07:38:16 +00:00
Gabor Mezei
5034a1f597
Fix PSA macro identification regexp
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 19:06:19 +01:00
Gabor Mezei
2e3f17a40f
Remove not TF-PSA-Cripto related symbol
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 18:59:11 +01:00
Gabor Mezei
c716aade4f
Make the file path generation more transparent
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 18:59:11 +01:00
Gabor Mezei
fc719d6e8c
Unify PSA symbol identification
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 18:59:11 +01:00
Ronald Cron
ce3c2dd30c
Merge pull request #9806 from ronald-cron-arm/finalize-split-preparation-1
Finalize split preparation-1
2024-12-05 13:23:09 +00:00
Gabor Mezei
1a7bbe1ca8
Handle the _ALT macros in the full adapter
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:17:13 +01:00
Gabor Mezei
fb36814669
Use default value for the filename parameter
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:11:46 +01:00
Gabor Mezei
75c7e13fa7
Update framework
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:02:39 +01:00
Gabor Mezei
a53712d21d
Rename tf_psa_crypto_config.py to config.py
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:41 +01:00
Gabor Mezei
680a7c30c2
Use only one config file in config.py
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:41 +01:00
Gabor Mezei
37bf61ee96
Fix crypto config path
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:41 +01:00
Gabor Mezei
1044a8066b
Use better config name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:41 +01:00
Gabor Mezei
afc5fa5ad2
Rename TfPSA to TFPSA
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:41 +01:00
Gabor Mezei
871cde613d
Add full adapter for tf-psa_crypto_config.py
Add the `full` adapter to enable most of the config feature.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:40 +01:00
Gabor Mezei
3191144e22
Add config.py for TF PSA Crypto
Add minimal required classes to use `get`, `set` and `unset` operations.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:40 +01:00
Gabor Mezei
c707ac56fa
Add python module serach path library for TF PSA Crypto
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-12-05 10:00:40 +01:00
Ronald Cron
21837fc476
Merge pull request #9567 from minosgalanakis/config_split
PSA Crypto Configuration Split
2024-12-04 17:03:21 +00:00
Minos Galanakis
64d2238e4d Updated Framework Pointer
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-12-04 15:08:39 +00:00
Minos Galanakis
4ce27cb49b ssl-opt: CONFIGS_ENABLED list should always end with a space char.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-12-04 15:08:39 +00:00
Minos Galanakis
e2d0074d4f Added changelog for the configuration split.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-12-04 15:08:39 +00:00
Minos Galanakis
848333de3a analyze_outcomes: Moved migrated to ts-psa-crypto tests cases.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-12-04 15:08:39 +00:00
Ronald Cron
6a2cbe77fa Move driver wrappers generation to tf-psa-crypto
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
1fe5277c88 Remove unnecessary error.h inclusions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
6924564970 Move back timing.c to mbedtls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
18047f0b01 Move config_adjust_legacy_crypto.h to tf-psa-crypto
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
8b592d28f9 Move psa_to_ssl_errors
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
aae9db440a tf-psa-crypto: cmake: Fix hard coded path to framework
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
a9166b6218 tf-psa-crypto: cmake: Switch to TF_PSA_CRYPTO_FRAMEWORK_DIR
Switch to TF_PSA_CRYPTO_FRAMEWORK_DIR for the
variable holding the path to the framework
submodule. In case of the standalone
TF-PSA-Crypto repo, the path to the
framework submodule has nothing to do
with Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
d5331ff4e6 cmake: Move cert.o to mbedtls_test_helpers library of objects
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
80963c64eb Move hkdf.h to tf-psa-crypto
Move hkdf.h to tf-psa-crypto as
hkdf.c was.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00