Waleed Elmelegy
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Ryan Everett
3dd6cde0d8
Mention functional correctness explicitly
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-20 16:47:57 +00:00
Valerio Setti
66134661cd
driver-only-builds: add Restrictions section
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 17:06:13 +01:00
Ryan Everett
f5e135670b
Clarify key generation and memory-management correctness
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-20 15:24:47 +00:00
Valerio Setti
d834896c8b
changelog: enhancing descriptions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 16:00:44 +01:00
Valerio Setti
af53132e44
driver-only-builds: enhancing section on removing CIPHER_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 15:56:09 +01:00
Manuel Pégourié-Gonnard
35085c5e89
Merge pull request #7930 from tomi-font/7583-non-PSA_pk_sign_ext
...
Implement non-PSA pk_sign_ext()
2023-12-20 14:30:08 +00:00
Valerio Setti
3fab8a4deb
driver-only-builds: fix typos
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 14:25:37 +01:00
Tomi Fontanilles
851d8df58d
fix/work around dependency issues when !MBEDTLS_ECP_C
...
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:09:27 +02:00
Tomi Fontanilles
e6a664ed65
changelog: fix missing newline at end of file
...
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:05:55 +02:00
Tomi Fontanilles
9f41770313
pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C
...
For real this time.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 13:05:55 +02:00
Tomi Fontanilles
5297e43eec
non-psa-pk-implementation: rephrase the changelog entry
...
And remove the comment on the uniformity in the PK module
with regards to PSA_CRYPTO_C not being referenced anymore;
end users are probably not interested in that.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
bad170e159
pk: remove last references to MBEDTLS_PSA_CRYPTO_C
...
They are replaced by MBEDTLS_USE_PSA_CRYPTO.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
1941af087c
pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C
...
Deprecated functions are removed and #ifdefs are updated accordingly.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
9c69348c24
pk test suite: rename the parameter named parameter
...
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
573dc23141
rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()
...
And use it in the non-PSA version of mbedtls_pk_sign_ext()
to bypass checks that didn't succeed when used by TLS 1.3.
That is because in the failing scenarios the padding of
the RSA context is not set to PKCS_V21.
See the discussion on PR #7930 for more details.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64
pk: implement non-PSA mbedtls_pk_sign_ext()
...
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes #7583 .
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
80ca493284
gitignore: add clangd index files
...
https://clangd.llvm.org/design/indexing#backgroundindex
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
a70b3c24f6
rsa: minor comment/guard improvements
...
This brings some improvements to comments/
function prototypes that relate to PKCS#1.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Valerio Setti
5eb8de12cb
driver-only-build: remove paragraph about RSA/DH deterministic key generation
...
This feature is not supported at all in MbedTLS, driver or not.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 11:59:32 +01:00
Manuel Pégourié-Gonnard
9934f834af
Merge pull request #7766 from gilles-peskine-arm/psa-transition-doc-create
...
Legacy-to-PSA transition guide
2023-12-20 10:28:31 +00:00
Valerio Setti
5f665c3a0d
analyze_outcomes: add exceptions to disparities for block_cipher dispatch
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:56:05 +01:00
Valerio Setti
9afa329b80
analyze_outcomes: allow ignored test suites to have a dot in the name
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:55:28 +01:00
Valerio Setti
45c84feacc
test_suite_ccm: add missing BLOCK_CIPHER_PSA_[INIT/DONE]()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:39 +01:00
Valerio Setti
689c0f71cb
tests: use new CCM/GCM capability macros in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:18 +01:00
Valerio Setti
bfa675fe48
adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:52:08 +01:00
Manuel Pégourié-Gonnard
299bbacd7d
Merge pull request #8644 from gilles-peskine-arm/domain_parameters_document_size_hack
...
Document the domain_parameters_size==SIZE_MAX hack
2023-12-20 08:27:47 +00:00
Manuel Pégourié-Gonnard
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
...
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
Valerio Setti
50333977c6
cipher_wrap: fix guards for alloc/free functions of CCM/GCM
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 07:36:05 +01:00
Valerio Setti
4a8ef7cd9b
all.sh: disable legacy AES/ARIA/CAMELLIA in test_full_block_cipher_psa_dispatch
...
This commit also:
- rename the reference component as component_test_full_block_cipher_legacy_dispatch()
- add a common configuration function, named common_block_cipher_dispatch() that
is used from both accelerated and reference components
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 07:35:41 +01:00
Dave Rodgman
c393222643
Work around clang 3.8 bug
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 18:52:35 +00:00
Dave Rodgman
a69c782351
Merge pull request #8634 from daverodgman/iar-fixes
...
IAR warning fix & some improvements
2023-12-19 16:26:23 +00:00
Dave Rodgman
fc5b9553b2
Don't use full path for setting CC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 16:08:19 +00:00
Dave Rodgman
bc8e61d962
Use gcc in test_full_deprecated_warning
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 14:07:15 +00:00
Dave Rodgman
d47186d6e3
Disable automatic setting of clang target flags on old clang
...
Old versions of clang don't support this pragma, so we have to assume
that the user will have set the flags.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 13:11:47 +00:00
Dave Rodgman
d8d6451a6e
Add -O2 to some CFLAGS which were not setting it
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 12:20:21 +00:00
Dave Rodgman
ea03ef9a77
Don't specify gcc unless the test requires it
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 12:19:59 +00:00
Dave Rodgman
dfe5ce81ee
Use clang -O2 in common_block_cipher_no_decrypt
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 11:47:18 +00:00
Dave Rodgman
590519f535
Enable -O2 in depends.py
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 11:33:55 +00:00
Gilles Peskine
1a9e05bf08
Note that domain parameters are not supported with drivers
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-19 12:23:22 +01:00
Gilles Peskine
5ad9539363
Remove DSA and DH domain parameters from the documentation
...
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-19 12:22:46 +01:00
Valerio Setti
9da01a7f53
all.sh: rename test_psa_crypto_config_accel_cipher to accel_des
...
Renaming this test component in order to better explain what it
really does.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 08:05:40 +01:00
Valerio Setti
70f05bedd6
changelog: add changelog for accelerated ciphers and AEADs
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 08:05:37 +01:00
Valerio Setti
7f062a58fb
pkwrite: add newlines when calling mbedtls_pem_write_buffer()
...
New defines, which are shared with the pkparse module, lack the
new line so we manually add it when invoking
mbedtls_pem_write_buffer().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 07:48:42 +01:00
Valerio Setti
4bb5740a7d
Revert "pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()"
...
This reverts commit 180915018d
.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 07:48:38 +01:00
Dave Rodgman
d0a594d444
Use gcc in test_psa_compliance
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 22:29:56 +00:00
Dave Rodgman
932ce859d5
Ensure test_psa_compliance uses gcc
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 20:35:54 +00:00
Gilles Peskine
9deb54900e
Document the domain_parameters_size==SIZE_MAX hack
...
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-18 21:01:18 +01:00
Dave Rodgman
0c5bfe816f
Ensure clang is present
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 19:53:25 +00:00
Dave Rodgman
66cbc83844
Use clang by default
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 18:34:50 +00:00