Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not Review: [nrf noup]: Threading: Adding usage of PSA_CRYPTO_THREAD_SAFE #16

Open
wants to merge 21 commits into
base: main
Choose a base branch
from
Open

Do not Review: [nrf noup]: Threading: Adding usage of PSA_CRYPTO_THREAD_SAFE #16

Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
8853894
[nrf noup] Remove duplicated legacy Mbed TLS header files
frkv Aug 22, 2024
676e65f
[nrf noup] Remove redefinition ECC_MAX_CURVE_BITS
Vge0rge Nov 28, 2023
57029f3
[nrf noup] Add missing brainpool key sizes
Vge0rge Feb 5, 2024
7248c60
[nrf noup] Remove oberon_config.h inclusion
Vge0rge Feb 6, 2024
18dd07c
[nrf noup] Make Oberon PSA hash operation static
Vge0rge Feb 9, 2024
77f3bda
[nrf noup] Turn the repo into a Zephyr module
SebastianBoe Mar 8, 2024
89285d3
[nrf noup] Align build_info.h with Mbed TLS 3.6.1
SebastianBoe Mar 12, 2024
050fc1f
[nrf toup] Support builtin keys with CMAC KDF
vlilleboe Apr 8, 2024
4e3141b
[nrf noup] keys: Add plausibility checks for ECC keys
mswarowsky Mar 19, 2024
0a93307
[nrf noup] library: psa_crypto_storage.c error
Vge0rge Apr 17, 2024
5724fe6
[nrf noup] testspec: Add test spec to run crypto and TF-M tests
stephen-nordic Mar 8, 2024
3907b92
[nrf noup] Adjust range for builtin keys
vlilleboe Apr 19, 2024
373f6dd
[nrf noup] Allow import and destroy of builtin keys
vlilleboe Apr 3, 2024
e71f27f
[nrf toup] Add missing defined oberon_key_derivation.c
Vge0rge Jul 17, 2024
58dbf90
[nrf noup] Don't ignore error code
vlilleboe Jun 14, 2024
c3443d2
[nrf noup] PSA key attribute ABI compliance
frkv Aug 22, 2024
0de74c2
[nrf noup] psa: Using simpler initialization for operation structs
frkv Aug 23, 2024
825a7fd
[nrf noup]: Change attributes-type to pointer (was struct)
frkv Sep 9, 2024
b8dfab5
[nrf noup]: fix mbedtls_psa_crypto_configure_entropy_sources symbol
frkv Sep 9, 2024
b41e899
Do not use generic header names
krish2718 Sep 26, 2024
bd78478
[nrf noup]: Threading: Adding usage of PSA_CRYPTO_THREAD_SAFE
frkv Oct 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
[nrf toup] Support builtin keys with CMAC KDF 
Patch to enable more key types for KDF.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
Signed-off-by: Frank Audun Kvamtrø <frank.kvamtro@nordicsemi.no>
  • Loading branch information
@vlilleboe @frkv
vlilleboe authored and frkv committed Sep 10, 2024
commit 050fc1f1224d4d7aa3d133475ad52897905045f2
32 changes: 24 additions & 8 deletions library/psa_crypto.c
View file
Original file line number Diff line number Diff line change
@@ -4122,6 +4122,7 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
* that the input was passed as a buffer rather than via a key object.
*/
static int psa_key_derivation_check_input_type(
psa_algorithm_t alg,
psa_key_derivation_step_t step,
psa_key_type_t key_type)
{
@@ -4139,6 +4140,9 @@ static int psa_key_derivation_check_input_type(
if (key_type == PSA_KEY_TYPE_NONE) {
return PSA_SUCCESS;
}
if (key_type == PSA_KEY_TYPE_AES && alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
return PSA_SUCCESS;
}
break;
case PSA_KEY_DERIVATION_INPUT_SALT:
if (key_type == PSA_KEY_TYPE_PEPPER) {
@@ -4164,20 +4168,27 @@ static int psa_key_derivation_check_input_type(
static psa_status_t psa_key_derivation_input_internal(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_type_t key_type,
psa_key_attributes_t *attributes,
const uint8_t *data,
size_t data_length)
{
psa_status_t status;
status = psa_key_derivation_check_state(operation, step);
if (status != PSA_SUCCESS) goto exit;

status = psa_key_derivation_check_input_type(step, key_type);
status = psa_key_derivation_check_input_type(operation->alg, step, attributes ? attributes.type : PSA_KEY_TYPE_NONE);
if (status != PSA_SUCCESS) {
goto exit;
}

status = psa_driver_wrapper_key_derivation_input_bytes(operation, step, data, data_length);
if (attributes)
{
status = psa_driver_wrapper_key_derivation_input_key(operation, step, attributes, data, data_length);
}
else {
status = psa_driver_wrapper_key_derivation_input_bytes(operation, step, data, data_length);
}

if (status != PSA_SUCCESS) goto exit;

return PSA_SUCCESS;
@@ -4194,7 +4205,7 @@ psa_status_t psa_key_derivation_input_bytes(
size_t data_length)
{
return psa_key_derivation_input_internal(operation, step,
PSA_KEY_TYPE_NONE,
NULL,
data, data_length);
}

@@ -4213,7 +4224,7 @@ psa_status_t psa_key_derivation_input_integer(
status = psa_key_derivation_check_state(operation, step);
if (status != PSA_SUCCESS) goto exit;

status = psa_key_derivation_check_input_type(step, PSA_KEY_TYPE_NONE);
status = psa_key_derivation_check_input_type(operation->alg, step, PSA_KEY_TYPE_NONE);
if (status != PSA_SUCCESS) goto exit;

if (PSA_ALG_IS_PBKDF2(operation->alg)) {
@@ -4245,8 +4256,9 @@ psa_status_t psa_key_derivation_input_key(
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
psa_key_attributes_t attributes;

status = psa_get_and_lock_transparent_key_slot_with_policy(
status = psa_get_and_lock_key_slot_with_policy(
key, &slot, 0, operation->alg);
if (status != PSA_SUCCESS) goto exit;

@@ -4266,8 +4278,12 @@ psa_status_t psa_key_derivation_input_key(
operation->can_output_key = 1;
}

attributes = (psa_key_attributes_t) {
.core = slot->attr
};

status = psa_key_derivation_input_internal(operation,
step, slot->attr.type,
step, &attributes,
slot->key.data,
slot->key.bytes);

@@ -4319,7 +4335,7 @@ static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *o
* the shared secret. A shared secret is permitted wherever a key
* of type DERIVE is permitted. */
status = psa_key_derivation_input_internal(operation, step,
PSA_KEY_TYPE_DERIVE,
NULL,
shared_secret,
shared_secret_length);
exit:
7 changes: 7 additions & 0 deletions library/psa_crypto_driver_wrappers.h
View file
Original file line number Diff line number Diff line change
@@ -23,6 +23,7 @@

#include "psa/crypto.h"
#include "psa/crypto_driver_common.h"
#include "psa/crypto_types.h"

/*
* Initialization and termination functions
@@ -430,6 +431,12 @@ psa_status_t psa_driver_wrapper_key_derivation_input_bytes(
psa_key_derivation_step_t step,
const uint8_t *data, size_t data_length);

psa_status_t psa_driver_wrapper_key_derivation_input_key(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,
psa_key_attributes_t *attributes,
const uint8_t *data, size_t data_length);

psa_status_t psa_driver_wrapper_key_derivation_input_integer(
psa_key_derivation_operation_t *operation,
psa_key_derivation_step_t step,