The abi_check script has common false positives. Document the intent of each
family of checks and typical cases of false positives that can be overridden.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is needed for min_requirements.py, since it installs the oldest
possible version of all the requirements.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Mbed TLS doesn't support certain block cipher mode combinations. This
limitation should probably be lifted, but for now, test them as unsupported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Reject algorithms of the form PSA_ALG_TRUNCATED_MAC(...) or
PSA_ALG_AEAD_WITH_SHORTENED_TAG(...) when the truncation length is invalid
or not accepted by policy in Mbed TLS.
This is done in KeyType.can_do, so in generate_psa_tests.py, keys will be
tested for operation failure with this algorithm if the algorithm is
rejected, and for storage if the algorithm is accepted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The current macro collector only tried the minimum and maximum expressible
lengths for PSA_ALG_TRUNCATED_MAC and PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG.
This was good enough for psa_constant_names, but it's weak for exercising
keys, in particular because it doesn't include any valid AEAD tag length.
So cover more lengths.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Only allow selected modes with 64-bit block ciphers (i.e. DES).
This removes some storage tests and creates corresponding op_fail tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.
This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use the new generic is_public method.
Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Include this new section in the "full for documentation" (`realfull`)
configuration, so that these options are documented in the official
documentation build (`scripts/apidoc_full.sh`).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.
The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Determine key types that are compatible with an algorithm based on
their names.
Key derivation and PAKE are not yet supported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).
Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.
Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.
A known defect in this commit is that the --brief output is not brief
for storage format checks.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This way we can add other checks and only run a subset of all the
checks. The default remains to run all the checks.
I made separate options for API and ABI, but since we use the same
tool for both and it doesn't have an obvious way to check only API or
only ABI, the two options must be both enabled or both disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.
The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Jinja2 <3.0 require markupsafe <2.1.0, but does not declare this
requirement. (Jinja2 2.x has not been updated since markupsafe 2.1.0 came
out). So declare this requirement ourselves.
This is not ideal, since we would want to use the latest markupsafe with the
latest Jinja2. But at least it gives us a consistent set of versions to run
the CI with.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Include more curves. For example, the Brainpool curves don't have
dedicated "mod p" reduction routines, so they have a much larger number
of allocs (comparable to the NIST curves with `MBEDTLS_ECP_NIST_OPTIM`
disabled).
On the other hand, to keep the script's running time reasonable, remove
a few things:
- curves smaller than 256 bits (out of favour these days)
- window sizes larger than the default: 6 was particularly useless as
it's never selected by the current code; 5 can only be selected with
curves >= 384 and is unlikely to be used in practice as it increases
heap usage quite a lot for very little performance gain.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Clearly the intention was to enable it, as ECDSA_C was defined, but the
benchmark also requires SHA-256 for ECDSA.
Also, specify "ecdh ecdsa" when invoking the benchmark program, in order
to avoid spurious output about SHA-256.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
* Updated the default argument to create less noise with argument
passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
requirements
Signed-off-by: Archana <archana.madhavan@silabs.com>
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)
check-generated-files.sh and CMakeLists.sh updated.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Change 'tranlation' -> 'translation' in the name of a
method in `scripts/generate_ssl_debug_headers.py`.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Passing arguments on the command line apparently didn't work due to quoting
issues. Use a temporary file instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Driver implementers need to regenerate wrappers. This will use Jinja2 as
discussed in
https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607
On the development branch, driver integration is always needed to generate
the driver wrapper and thus to build the library, so this requirement
applies to everyone, not just driver implementers. In releases, we plan to
include a default driver wrapper with support for basic use cases only,
meaning that the line `-r driver.requirements.txt` should be removed from
`basic.requirements.txt` in releases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.
This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add usage information to the ARGV-incorrect-length error
message in generate_query_config.pl. A plain usage message
looks a bit incongruous when raised as an error, but the
error message alone is unhelpful.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.
In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).
Changes in this commit:
* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
generate_psa_constant_names).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The baremetal configuration includes debugging features whose size is not
particularly interesting. Create a new preset for use when benchmarking code
size which excludes debugging features that increase the size of
non-debugging modules.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They were recognized by a prior commit. In this commit, replace line
breaks (with optional comment continuation marker) by spaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before this commit, definitions of error codes must match a strict pattern,
with a Doxygen comment following the definition on the same line and
starting with "/**<". Change how generate_errors.pl so that the Doxygen
comment can be before the definition instead of after, and doesn't have to
be on the same line.
Also allow spaces between "#" and "define", and allow Doxygen comments to
start with "/*!" rather than "/**". Starting with "///" or "//!" is not
supported.
This commit does not change the output of generate_errors.pl.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Test keys with various persistence levels, enumerated from the
metadata tests.
For read-only keys, do not attempt to create or destroy the key
through the API, only to read a key that has been injected into
storage directly through filesystem access.
Do not test keys with a non-default location, since they require a
driver and we do not yet have a dependency mechanism to require the
presence of a driver for a specific location value.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It was used to remove the code used when mbedtls_ecp_mul() received a
NULL RNG parameter. This code is no longer relevant (as the RNG may no
longer be NULL) and will be unconditionally removed in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The new method `Config.change_matching` and the new command-line
commands `set-all` and `unset-all` change a batch of existing boolean
settings to the desired state (active or inactive).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>