Add psa_persistent_key_storage_blob_size() so callers outside tf-psa-crypto
can size the output buffer for psa_format_key_data_for_storage() without
needing to know the internal psa_persistent_key_storage_format struct.
Key type must be a key pair or public-key if not we return
PSA_ERROR_INVALID_ARGUMENT.
The key type must be ECC key as this is what we support for
now otherwise we return PSA_ERROR_NOT_SUPPORTED.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Uniformly return PSA_ERROR_NOT_SUPPORTED if given an algorithm that includes
a hash, but that hash algorithm is not supported. This will make it easier
to have a uniform treatment of unsupported hashes in automatically generated
tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add ecp prefix to internal iop generate key function names
to emphasize that the functions are doing eliptic curves
keys only and not any other types.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Remove MBEDTLS_ECP_MAX_MPI_BYTES macro as
it's not needed anymore.It was added when
memcpy was being used but now that
mbedtls_mpi_write_binary() is being used
it can handle copying a large buffer filled
with leading zeros into a smaller buffer.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Incorrect usage of psa_key_id_t breaks ability to regenerate psa_sim
headers properly, should have been mbedtls_svc_key_id_t in the first
place, so replace with that.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Move copy of crypto libraries to mbedtls as this
copy does not make sense in TF-PSA-Crypto context.
Also copy all of them, not just tfpsacrypto.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Rename mbedcrypto target to tfpsacrypto and
prefix all cmake related variables with
tfpsacrypto instead of mbedcrypto.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add MBEDTLS_ECP_MAX_MPI define to determine the maximum
number of bytes for the biggest Elliptic curve in bignum
representation.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
* Used bignum helper API instead of memcpy
* changed the key length output to the size of the curve because:
- using the bignum produces a bigger size than the curve size
due to the limb size being 8 bytes and import key rejects
the key if it's not exactly curve size.
- we know that the generated key is filled with leading
zeros becuase the generated key is bounded by the modulas.
* skipped leading zeros when passing the buffer to import_key()
due to the intermediate buffer allocated to the maximum size
possible and import_key() needs the exact size.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
harshal.patil