Commit graph

18046 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
475bfe626e
Merge pull request #5108 from gilles-peskine-arm/base64-no-table-3.0
range-based constant-flow base64
2021-10-27 12:18:21 +02:00
Gilles Peskine
d025422c28 Remove on-target testing
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 11:45:57 +02:00
Mateusz Starzyk
812ef6b379 Fix ccm*-no-tag changelog entry
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 11:26:47 +02:00
Mateusz Starzyk
7de19ddaf5 Remove invalid comments in CCM API
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 11:25:08 +02:00
Jerry Yu
f3f5c210cb fix comments issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-27 17:05:49 +08:00
Manuel Pégourié-Gonnard
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
Mateusz Starzyk
4cb9739038 Use separate MBEDTLS_MODE for the CCM*.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 10:42:31 +02:00
Xiaofei Bai
184e8b6a36 Add exist_ok and use git rev-parse to process revisions
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-27 06:58:42 +00:00
Jerry Yu
643d11606a Add GET/PUT_UINT24_BE/LE
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-27 13:55:37 +08:00
Przemyslaw Stekiel
bb5d483073 ssl-opt.sh: adapt paramteters of key opaque cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-26 12:55:34 +02:00
Przemyslaw Stekiel
c2d2f217fb ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-26 12:24:34 +02:00
paul-elliott-arm
148d3d7de0
Merge pull request #5066 from paul-elliott-arm/ssl_opt_fixes
Ssl-opt fixes
2021-10-26 10:27:07 +01:00
Manuel Pégourié-Gonnard
c8cc1ffe97
Merge pull request #5062 from mprse/issue_4056
Use PSA_HASH_LENGTH instead hardcoded integer values
2021-10-26 10:35:38 +02:00
Jerry Yu
e6d7e5cef6 move CLIENT/SERVER_HELLO_RANDOM_LEN to ssl_misc.h
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-26 11:10:15 +08:00
Gilles Peskine
66c9b84f93 Fix typo in documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:20 +02:00
Gilles Peskine
ac253ea32b Fix copypasta in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:20 +02:00
Gilles Peskine
93365a7f45 Rename variable to avoid a name clash
digits is also a local variable in host_test.function, leading to compilers
complaining about that shadowing the global variable in
test_suite_base64.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:19 +02:00
Gilles Peskine
ba951f5584 Move the list of Base64 digits out of the test data
This is part of the definition of the encoding, not a choice of test
parameter, so keep it with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:19 +02:00
Gilles Peskine
c1776a01d2 Move declarations of testing-only base64 functions to their own header
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:13 +02:00
Gilles Peskine
680747b868 Fix the build of sample programs without mbedtls_strerror
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
2729878046 Mark output as public before testing it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
987984482d Fix printf format signedness error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
a64417afe6 Add unit tests for base64 internal functions
Add unit tests for mask_of_range(), enc_char() and dec_value().

When constant-flow testing is enabled, verify that these functions are
constant-flow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
d7d3279fdf Expose internal base64 functions for testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
9a2114ca57 load_roots: properly error out on an invalid option
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
01997e119f load_roots: fix no-argument detection
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
618a70ede7 load_roots: arguments must be files
I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
8635e2301f mask_of_range: simplify high comparison
To test c <= high, instead of testing the sign of (high + 1) - c, negate the
sign of high - c (as we're doing for c - low). This is a little easier to
read and shaves 2 instructions off the arm thumb build with
arm-none-eabi-gcc 7.3.1.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
67468e81a6 Base64 decode: simplify local variables (n)
n was used for two different purposes. Give it a different name the second
time. This does not seem to change the generated code when compiling with
optimization for size or performance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
66884e6dae Base64 range-based constant-flow code: changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
2c4a3686bb Base64 encoding: use ranges instead of tables
Instead of doing constant-flow table lookup, which requires 64 memory loads
for each lookup into a 64-entry table, do a range-based calculation, which
requires more CPU instructions per range but there are only 5 ranges.

I expect a significant performance gain (although smaller than for decoding
since the encoding table is half the size), but I haven't measured. Code
size is slightly smaller.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
1121cd29b6 Base64 decode: simplify local variables
Document what each local variable does when it isn't obvious from the name.
Don't reuse a variable for different purposes.

This commit has very little impact on the generated code (same code size on
a sample Thumb build), although it does fix a theoretical bug that 2^32
spaces inside a line would be ignored instead of treated as an error.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
ab04335052 Base64 decoding: use ranges instead of tables
Instead of doing constant-flow table lookup, which requires 128 memory loads
for each lookup into a 128-entry table, do a range-based calculation, which
requires more CPU instructions per range but there are only 5 ranges.

Experimentally, this is ~12x faster on my PC (based on
programs/x509/load_roots). The code is slightly smaller, too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
b553eaabea Base64 decoding: don't use the table for '='
Base64 decoding uses equality comparison tests for characters that don't
leak information about the content of the data other than its length, such
as whitespace. Do this with '=' as well, since it only reveals information
about the length. This way the table lookup can focus on character validity
and decoding value.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
2c1442ebc0 New sample program to benchmark certificate loading
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:08:33 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
David Horstmann
3ee10e841e Fix unused variable in generate_psa_tests.py
Remove the newly-unused variable that became unused in
a previous commit.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
48a0553684 Document the CMake generated files capability
Add a line in the README explaining that CMake will generate
the files it needs automatically on non-Windows systems
when not cross-compiling.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
774965188a Turn GEN_FILES off by default on windows
If on windows, turn off GEN_FILES as it does not currently
work (for reasons unknown).

Note: The WIN32 variable is "True on windows systems,
including win64", as one would expect.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
65d8c69e80 Remove unnecessary check for ';' in filenames
The Makefiles already assume that filenames don't contain
special characters anyway, so we don't need to check this
in generate_psa_tests.py.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
a8d1406107 Rename DEV_MODE to GEN_FILES
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
3e30ad9b0d Use MBEDTLS_PYTHON_EXECUTABLE
Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
f602eb19ba Add comment explaining generate_psa_code.py
Explain that the output filename is derived from the -d
argument, so that it's obvious why the CMakefile code
does what it does.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
7570d24d3d Fix issue with DEV_MODE=OFF case
When DEV_MODE=OFF, link_to_source() was being called with
a full path in the build directory, rather than just a base
name starting at "suites/" as was intended. Fix this by
generating a list of base names and using that for
link_to_source(), then deriving full paths afterwards.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
ff0a3b3aa6 Improve error message in generate_query_config.pl
Add usage information to the ARGV-incorrect-length error
message in generate_query_config.pl. A plain usage message
looks a bit incongruous when raised as an error, but the
error message alone is unhelpful.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
ae7bd3513c Select test data directory using generated list
Remove a hardcoded list of tests that use generated
".data" files, and instead derive this list from the existing
list of test files (created using generate_psa_tests.py).

This reduces the maintenance burden as only the list
in generate_psa_tests.py needs to be updated.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
b3a5424a4e Add function to remove last filename extension
Add a new function that takes a string and removes the
portion following the last '.' character, usually a file
extension. This would transform:
 * "a.b.c" into "a.b"
 * "name." into "name"
 * ".name" into ""
 * "no_dot" into "no_dot" (i.e. no change)

CMake's existing file-extension-removal command removes
the largest possible extension which would make "a.b.c"
into "a", which is incorrect for handling tests that have
'.'s within their names.

The desired behaviour was added in CMake 3.14, but we
support CMake >= 3.5.1 (for 3.0) and >= 2.8.12.2 (for 2.x)
at the time of writing.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
1732b5d6ee Move test link_to_source() calls into a foreach
This removes a hardcoded list of generated test names

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
7b78ec88a4 Change variable name to lowercase
This seems more correct for variables that are only used in
a small area of the cmake file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00