Commit graph

26929 commits

Author SHA1 Message Date
Gilles Peskine
7b7ecf5e0d Fix condition to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an
editorial mistake when adding it: it's meant as an addition to
MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same
conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:09:14 +02:00
Gilles Peskine
a458d48e7f Move the inclusion of the PSA config file(s) into build_info.h
They belong here, next to the inclusion of the mbedtls config file. We only
put them in config_psa.h in Mbed TLS 2.x because there was no build_info.h
we could use.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:06:12 +02:00
Gilles Peskine
8cd1da4b73 Remove spurious extern "C"
This header only contains preprocessor definitions. They are not affected by
extern "C".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:03:41 +02:00
Tom Cosgrove
d29648026b
Merge pull request #8017 from ivq/unchecked_return
Fix a few unchecked return values
2023-08-21 13:02:53 +00:00
Janos Follath
e220d258fd
Merge pull request #8086 from yanesca/remove-new-bignum
Remove new bignum when not needed
2023-08-21 10:59:41 +00:00
Dave Rodgman
0ce0fbc32a Simplify aarch64 asm for mbedtls_ct_uint_lt
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-21 07:58:50 +01:00
Dave Rodgman
3ab114e3da Move non-function-specific macro outside of function definition
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-21 07:54:11 +01:00
Dave Rodgman
f2249ec905 Rename mbedtls_aesce_has_support macro to satisfy case rules
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-20 20:20:12 +01:00
Dave Rodgman
b30adce7fd Use -1 as uninitialised marker
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-20 20:20:12 +01:00
Dave Rodgman
4566132163 Make mbedtls_aesce_has_support more efficient
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-20 20:20:12 +01:00
Dave Rodgman
1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode
AES: Add accelerator only mode
2023-08-18 20:55:44 +00:00
David Horstmann
1923c91e15 Add ChangeLog entry for otherName SAN fixes
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:36:42 +01:00
David Horstmann
cfae6a1ae9 Fix incorrect detection of HardwareModuleName
The hardware module name otherName SAN contains 2 OIDs:

 OtherName ::= SEQUENCE {
      type-id    OBJECT IDENTIFIER,
      value      [0] EXPLICIT ANY DEFINED BY type-id }

 HardwareModuleName ::= SEQUENCE {
                           hwType OBJECT IDENTIFIER,
                           hwSerialNum OCTET STRING }

The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.

This change fixes 2 issues:

1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.

This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 19:31:39 +01:00
David Horstmann
2ea44d28de Fix: Set type_id in x509_get_other_name()
When parsing a subject alternative name of type otherName, retain the
type-id field of the otherName. Previously this was not copied to the
mbedtls_x509_san_other_name struct when it should have been.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-08-18 18:36:02 +01:00
Jerry Yu
0a6272d6c9 revert padlock from aesni module
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-18 17:35:59 +08:00
Jerry Yu
61fc5ed5f3 improve readability of error message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-18 17:28:48 +08:00
Jerry Yu
372f7a04d0 Add missing check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-18 17:26:25 +08:00
Kusumit Ghoderao
5cad47df8a Modify test description
The test data was generated using the python script.
PBKDF2_AES_CMAC_PRF_128 test vectors are generated using PyCryptodome library:
https://github.com/Legrandin/pycryptodome

Steps to generate test vectors:
1. pip install pycryptodome
2. Use the python script below to generate Derived key (see description for details):

Example usage:
pbkdf2_cmac.py <password> <salt> <number_of_iterations> <derived_key_len>
derive_output.py 4a30314e4d45 54687265616437333563383762344f70656e54687265616444656d6f 16384 16

password         : 4a30314e4d45
salt             : 54687265616437333563383762344f70656e54687265616444656d6f
input cost       : 16384
derived key len  : 16
output           : 8b27beed7e7a4dd6c53138c879a8e33c

"""
from Crypto.Protocol.KDF import PBKDF2
from Crypto.Hash import CMAC
from Crypto.Cipher import AES
import sys

def main():
    #check args
    if len(sys.argv) != 5:
        print("Invalid number of arguments. Expected: <password> <salt> <input_cost> <derived_key_len>")
        return

    password    = bytes.fromhex(sys.argv[1])
    salt        = bytes.fromhex(sys.argv[2])
    iterations  = int(sys.argv[3])
    dklen       = int(sys.argv[4])

    # If password is not 16 bytes then we need to use CMAC to derive the password
    if len(password) != 16:
        zeros     = bytes.fromhex("00000000000000000000000000000000")
        cobj_pass = CMAC.new(zeros, msg=password, ciphermod=AES, mac_len=16)
        passwd    = bytes.fromhex(cobj_pass.hexdigest())
    else:
        passwd = password

    cmac_prf = lambda p,s: CMAC.new(p, s, ciphermod=AES, mac_len=16).digest()

    actual_output = PBKDF2(passwd, salt=salt, dkLen=dklen, count=iterations, prf=cmac_prf)

    print('password         : ' + password.hex())
    print('salt             : ' + salt.hex())
    print('input cost       : ' + str(iterations))
    print('derived key len  : ' + str(dklen))
    print('output           : ' + actual_output.hex())

if __name__ == "__main__":
    main()
"""

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-18 12:49:07 +05:30
Bence Szépkúti
505dffd5e3
Merge pull request #7937 from yanrayw/code_size_compare_improvement
code_size_compare.py: preparation work to show code size changes in PR comment
2023-08-17 20:59:11 +00:00
Gilles Peskine
eeaad50cd6
Merge pull request #8079 from adeaarm/port_IAR_build_fix
Small fixes for IAR support
2023-08-17 19:10:51 +00:00
Kusumit Ghoderao
e4d634cd87 Add tests with higher input costs for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-08-17 21:16:14 +05:30
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Antonio de Angelis
8e9d6b927e Remove the workaround for psa_key_agreement_internal
Remove the workaround for psa_key_agreement_internal to
have a shared_secret array always non-zero. The spec is
recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
is always non-zero

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2023-08-17 15:27:56 +01:00
Janos Follath
f2334b7b39 Remove new bignum when not needed
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-08-17 14:36:59 +01:00
Agathiyan Bragadeesh
48eae138a5 Fix formatting in changelog
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-17 14:08:47 +01:00
Agathiyan Bragadeesh
2c018744e5 Add newline at end of changelog
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-17 14:00:10 +01:00
Gilles Peskine
294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation
PBKDF2 CMAC implementation
2023-08-17 11:15:16 +00:00
Jerry Yu
9608447545 replace padlock_c with padlock_have_code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 18:10:45 +08:00
Jerry Yu
3a0f044bde improve readability
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 17:06:21 +08:00
Agathiyan Bragadeesh
9ebfa7f64c Fix style
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-17 10:00:45 +01:00
Jerry Yu
6c6b9f602c Change document to match real status
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 16:53:01 +08:00
Agathiyan Bragadeesh
da8c587531 Add ChangeLog entry
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-17 09:37:46 +01:00
Jerry Yu
e9c6b53e74 remove return-type when runtime detection enabled without plain c
This case does not exist

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 13:53:38 +08:00
Jerry Yu
f258d17acd remove aesni + padlock - plain c tests
This test is not valid for padlock depends
on plain c

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 12:39:00 +08:00
Jerry Yu
1b4c7eda80 add hardware only check for padlock
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 11:25:17 +08:00
Jerry Yu
9e628621b4 Add via padlock detection macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 11:20:09 +08:00
Jerry Yu
2319af0d64 Change the order of runtime detection
If aesni is available, we will use it.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 10:38:57 +08:00
Jerry Yu
35b59d7805 exclude arm64ec mode for aesni
AESNI does not work correctly for msvc arm64ec

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-08-17 10:34:15 +08:00
Dave Rodgman
f4efd19dd0 Reduce code size in ccm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 22:37:32 +01:00
Dave Rodgman
2aaf888e0b Adjust struct layout for small size win
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 22:37:31 +01:00
Dave Rodgman
509b567911 add ifdefs to reduce size of mbedtls_to_psa_error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 22:37:29 +01:00
Dave Rodgman
6f6820345a add #ifdefs to reduce switch size
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 18:44:32 +01:00
Dave Rodgman
864f594acc Adjust layout of some stucts
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 18:04:44 +01:00
Dave Rodgman
164614af3d Reduce code-size to access key slots init flag
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 17:56:28 +01:00
Dave Rodgman
58c8b942d2 Eliminate redundant version of mbedtls_ct_memcmp
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 17:51:04 +01:00
Dave Rodgman
6a9fb932fb Use MBEDTLS_GET_UINT16_BE in mbedtls_ecp_tls_read_group_id
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-08-16 17:50:36 +01:00
Agathiyan Bragadeesh
285f85f962 Remove unnecessary const type qualifiers in casts
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-08-16 17:15:48 +01:00
Antonio de Angelis
f1adc2a7a1 Use asm instead of __asm in constant_time.c
The original IAR fix submitted to TF-M directly changed asm to __asm.
But mbed TLS now has a workaround for such cases hence just remove the
original change modification.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2023-08-16 12:48:48 +01:00
Antonio de Angelis
1ee4d1228c Fix error strings without quotes
Some of the error strings that should be printed with the
error preprocessor directive are missing quotes

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2023-08-16 12:48:33 +01:00
TTornblom
e4f6d79bbe BUILD: Update For IAR support
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain. Use __asm generic ,and avoid empty
enum. Avoid declaration of array with null size. This is a porting
of the original patch contributed to trusted-firmware-m.

Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2023-08-16 12:36:21 +01:00