Commit graph

4482 commits

Author SHA1 Message Date
Steven Cooreman
675501d9db Rename the PSA driver context structure headers to _primitives
This is a preparatory step in order to be able to organize the include
chain from crypto_struct in such a way that the MAC operation structure
for the PSA 'software' driver can make use of the hash operation structure.

Conceptually:
* Primitives:
  * Hash
  * Cipher
* Composites:
  * AEAD (can use cipher)
  * MAC (can use cipher and/or hash)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-05-07 23:32:32 +02:00
Manuel Pégourié-Gonnard
b548cda1cf
Merge pull request #4397 from TRodziewicz/change_config_h_defaults
Four config.h defaults have been changed.
2021-05-07 12:42:39 +02:00
Manuel Pégourié-Gonnard
4feb611a49 Lift a restriction on usage of verify_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:22:21 +02:00
Manuel Pégourié-Gonnard
e88511d7fe Try making one condition more readable
No semantic change intended.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:19:03 +02:00
Manuel Pégourié-Gonnard
f0c28eff09 Avoid introducing PSA_ALG_NONE for now
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:13:48 +02:00
Manuel Pégourié-Gonnard
f9a68ad62a Fix typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-07 12:11:38 +02:00
Tomasz Rodziewicz
532ca93246
Trailing spaces removed from comments in config.h 2021-05-07 11:01:24 +02:00
Tomasz Rodziewicz
1fc7c4c95e
Update config.h
Correction to the ECJPAKE_C note in config.h
2021-05-07 10:13:31 +02:00
Manuel Pégourié-Gonnard
dd57b2f240
Merge pull request #4445 from TRodziewicz/remove_deprecated_things_-_remainder
Remove deprecated functions and constants.
2021-05-07 10:05:30 +02:00
Tomasz Rodziewicz
6c3fe31f6c
Update config.h
Warning for ECJPAKE_C was removed from config.h.
2021-05-07 09:46:32 +02:00
TRodziewicz
c1c479fbe9 Fllow-up of the review: ChangeLog expansion, mmigration guides added and comments fixed
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-06 00:53:22 +02:00
Manuel Pégourié-Gonnard
ece9087b93 Clarify requirement on usage flags
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-05 10:26:29 +02:00
Manuel Pégourié-Gonnard
730f62a80a Clarify the case of direct inputs
Now use the same description for INPUT_SECRET and INPUT_PASSWORD too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-05 10:05:06 +02:00
Manuel Pégourié-Gonnard
acfde465f0 Mention USAGE_VERIFY_DERIVATION in input_key()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-05 09:54:22 +02:00
Ronald Cron
98d00d06a0
Merge pull request #4426 from ronald-cron-arm/remove-enable-weak-ciphersuites
Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
2021-05-04 17:20:36 +02:00
Manuel Pégourié-Gonnard
5b79ee252e Fix typo in doxygen reference
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:36:48 +02:00
Manuel Pégourié-Gonnard
71d955a79d Introduce PSA_ALG_NONE
It is required by the standard definition of PSA_ALG_GET_HASH.

Documentation and definition from:
https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_NONE

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:36:48 +02:00
Manuel Pégourié-Gonnard
06638ae3e8 Update "key stretching" flag
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-04 10:19:37 +02:00
Manuel Pégourié-Gonnard
40b81bf8f7 Introduce PSA_ALG_GET_HASH()
No need to introduce a specific macro for PBKDF2-HMAC when the PSA spec
already has a generic one.

Documentation from:
https://armmbed.github.io/mbed-crypto/html/api/ops/algorithms.html#c.PSA_ALG_GET_HASH
Implementation from:
https://armmbed.github.io/mbed-crypto/html/appendix/specdef_values.html

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 11:53:40 +02:00
Manuel Pégourié-Gonnard
6983b4fffc Add identifier for PBKDF2 with AES-CMAC-PRF-128
This algorithm is used for example by the Thread 1.1.1 specification,
which is not public but can be obtained free of charge at
https://www.threadgroup.org/ThreadSpec

Here it doesn't really make sense to define a parametrised family, as
this really seems to be the only use of PBKDF2 with a CMAC-based PRF (or
with any PRF other than HMAC with SHA1 or SHA2, for that matter).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 11:42:22 +02:00
Manuel Pégourié-Gonnard
2171e421c6 Add new key type PASSWORD_HASH
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:49:54 +02:00
Manuel Pégourié-Gonnard
88658becd4 Clarify algorithm constraint for verification
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:28:57 +02:00
Manuel Pégourié-Gonnard
9023cacf15 Merge verification policies together
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:27:27 +02:00
Manuel Pégourié-Gonnard
d307f63597 Rename verify_output_xxx() to verify_xxx()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-03 10:12:06 +02:00
Manuel Pégourié-Gonnard
3d72267db5 Specify the order of PBKDF2 inputs
Might make the implementer's life a bit simpler, and is not a big
constraint on applications.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:42:36 +02:00
Manuel Pégourié-Gonnard
c16033e0a3 Fix the encodings of the new key types
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:26:41 +02:00
Manuel Pégourié-Gonnard
ffc86ce8d6 Improve or expand several descriptions.
No change of behaviour, encoding or naming intended in this commit: just
describe the same behaviour, but in a way that's hopefully clearer and
more complete.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 12:26:41 +02:00
Manuel Pégourié-Gonnard
dc1b4e42e9 Fix a few typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-30 10:41:07 +02:00
Hanno Becker
3268d84313 Remove unused error code MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED
After the previous commit, the code is no longer used and can be
removed for Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:41:12 +01:00
Hanno Becker
56ee9e5f14 Remove MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
This commit removes the unused error code

```
MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
```

from the public API for Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:37:19 +01:00
Hanno Becker
91e1cc3bd7 Remove MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE error code
This error is used when the output buffer isn't large enough
to hold our own certificate.

In the interest of cleaning up the error space for 3.0, this commit
removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single
use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:32:41 +01:00
Hanno Becker
eca840f71d Remove unused MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED
The SSL error code MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED is unused.

Remove it for Mbed TLS 3.0.

The code being unused comes as a surprise, at is seems to be
reasonable to report it to the user upon peer CRT verification
failure. However, this study (can potentially re-introduction
of the code) can be left for 3.x, while the error code removal
can only happen in 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:19:55 +01:00
Hanno Becker
b86e588911 Remove unused MBEDTLS_ERR_SSL_UNKNOWN_CIPHER
The SSL error code MBEDTLS_ERR_SSL_UNKNOWN_CIPHER is unused.

Remove it for Mbed TLS 3.0 and leave a comment indicating the
gap in the error code space it creates.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-30 05:17:38 +01:00
TRodziewicz
85dfc4de20 Applying current changes
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-30 00:07:04 +02:00
TRodziewicz
18efb73743 Remove deprecated functions and constants.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-29 23:12:19 +02:00
Ronald Cron
1a85d3b122
Merge pull request #4146 from stevew817/allow_skipping_3des_cmac_when_alt
Allow CMAC self-test to skip tests for unsupported primitives (2)
2021-04-29 16:04:39 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
Reduce ROM usage due to X.509 info
2021-04-28 17:31:55 +01:00
TRodziewicz
2add5c13ea On second thought changing the way the test is run
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-28 16:50:20 +02:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development
Add macro to check error code additions/combinations
2021-04-28 16:47:29 +02:00
Tomasz Rodziewicz
e66f49c3ce
Merge branch 'development_3.0' into change_config_h_defaults 2021-04-28 16:37:27 +02:00
TRodziewicz
92b1febbf6 addind check_config.h to the commit
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-28 16:34:13 +02:00
Mateusz Starzyk
e3c48b4a88 Separate SHA224 from SHA256 config options.
These options are still dependant on each other.
This is an intermediate step.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Mateusz Starzyk
3352a53475 Modify config option for SHA384.
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.

check_config is the only module which enforces that SHA512 is
enabled together with SHA384.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-28 14:38:37 +02:00
Gilles Peskine
2c8041d6df
Merge pull request #4433 from bensze01/psa_aead_output_size
[development] PSA: Update AEAD output buffer macros to PSA API version 1.0
2021-04-28 13:30:40 +02:00
Bence Szépkúti
da95ef9ae0 Remove PSA AEAD output size compatibility macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-28 10:01:20 +02:00
Chris Jones
2c7458677a Comment out MBEDTLS_X509_REMOVE_INFO in default config.h
Fix an issue where `MBEDTLS_X509_REMOVE_INFO` was defined/enabled by default
in `include/mbedtls/config.h`. This should also fix the `context-info.sh` test
where it ran the default config and expected to see some output from the x509
info functions that were removed.

Also updated relevant comments to more accurately explain how the
configuration option works.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:38:14 +01:00
Hanno Becker
88c2bf311a Minor style improvements
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
7ac83f91bf Print X.509 verify info strings even if MBEDTLS_X509_REMOVE_INFO
The new compile-time option MBEDTLS_X509_REMOVE_INFO removes various
X.509 debugging strings and functionality, including

```
  mbedtls_x509_crt_verify_info()
```

which ssl_client2.c and ssl_server2.c use to print human readable
descriptions of X.509 verification failure conditions. Those
conditions are also grepped for in numerous ssl-opt.sh tests.

Instead of disabling those tests if MBEDTLS_X509_REMOVE_INFO is set,
this commit essentially moves mbedtls_x509_crt_verify_info() to
ssl_client2.c and ssl_server2.c. However, instead of just copy-pasting
the code from x509_crt.c, the following approach is used:

A macro MBEDTLS_X509_CRT_ERROR_INFO_LIST is introduced which for each
verification failure condition invokes a user-defined macro X509_CRT_ERROR_INFO
with (a) the numerical error code, (b) the string presentation of the
corresponding error macro, (c) the info string for the error condition.
This macro can thus be used to generate code which somehow iterates over
the verifiation failure conditions, but the list of error conditions and
information strings is nowhere duplicated.

This is then used to re-implement mbedtls_x509_crt_verify_info() in
x509_crt.c and to provide a functionally equivalent (yet slightly different)
version in ssl_client2.c and ssl_server2.c in case MBEDTLS_X509_REMOVE_INFO
is set.

This way, little changes to ssl-opt.sh will be necessary in case
MBEDTLS_X509_REMOVE_INFO is set because the info strings for the
verification failure conditions will be printed regardless of whether
MBEDTLS_X509_REMOVE_INFO is set or not.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
612a2f1504 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:18:52 +01:00
Peter Kolbus
9a969b66c1 Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Ronald Cron
cee427002b Remove MBEDTLS_ENABLE_WEAK_CIPHERSUITES configuration option
Fix 4416

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-27 09:34:14 +02:00
Bence Szépkúti
bd98df7715 Update documentation of AEAD output size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-27 04:37:18 +02:00
Dave Rodgman
12f93f4fc2
Merge pull request #4407 from ARMmbed/dev3_signoffs
Merge development_3.0 into development
2021-04-26 19:48:16 +01:00
TRodziewicz
ede3085563 Add ChangeLog file and fix comment in config.h
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-26 15:44:25 +02:00
Steven Cooreman
c338cef74b Add notes to the documentation about CMAC_ALT algorithm support
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-26 11:24:44 +02:00
TRodziewicz
85aff9f07a Correction fixing the test_depends_curves_psa falure
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-23 10:47:26 +02:00
Chris Jones
456d29c20b Rename mbedtls_error_add_ext to mbedtls_error_add
This function was previously called mbedtls_error_add_ext because there
was a macro called mbedtls_error_add. That later got capitalised which
allows the function to now be named mbedtls_error_add.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-23 09:24:05 +01:00
Steven Cooreman
894b9c4635 Add documentation for change in CMAC self-test behaviour
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-23 08:19:43 +02:00
Chris Jones
e11e81413d Improve documentation for error code checking
Improve comments explaining error code checking, fix incorrect comments
and make a small formatting fix.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-22 15:28:56 +01:00
Tomasz Rodziewicz
b13360514c
Test why the test_depends_curves_psa fails in CI 2021-04-22 15:14:17 +02:00
TRodziewicz
7062796844 Testing the failed ubuntu test
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-22 14:11:10 +02:00
Tomasz Rodziewicz
9a97a13d3e
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-22 12:53:15 +02:00
Manuel Pégourié-Gonnard
f6b677ea98
Merge pull request #4349 from mpg/apply-4334-3.0
Apply 4334 to development-3.0
2021-04-22 12:42:40 +02:00
Manuel Pégourié-Gonnard
e8e450a394
Merge pull request #4254 from mstarzyk-mobica/remove_libpkcs11-helper
Remove PKCS#11 library wrapper.
2021-04-22 12:39:54 +02:00
TRodziewicz
1818d967fe Four config.h defaults have been changed.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-22 12:06:32 +02:00
Manuel Pégourié-Gonnard
1216233949
Merge pull request #4391 from gilles-peskine-arm/error-on-removed-options-20210421
Error on removed options
2021-04-22 08:55:53 +02:00
Gilles Peskine
cc26e3bf25 Remove extraneous word
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-21 19:01:59 +02:00
Gilles Peskine
fa4e4b8645 Error out if attempting to use a removed feature
If the compile-time configuration enables an option that was removed
in Mbed TLS 3.0, and the effect of removing the option would likely
not be detected at build time, #error out in check_config.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-21 18:48:09 +02:00
Tomasz Rodziewicz
bfa03e3bc9
Update psa_util.h
Remove the conditional include after the code review
2021-04-21 17:14:31 +02:00
TRodziewicz
3408d60225 revert the error.h file include in psa_util.c
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-21 13:25:25 +02:00
Tomasz Rodziewicz
d6c246f5bf
Merge branch 'development_3.0' into remove_depr_error_codes 2021-04-21 12:31:43 +02:00
TRodziewicz
33946bbf16 Two platform error codes moved to error.h to fix _without_platform test
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-21 12:06:23 +02:00
Bence Szépkúti
1dda21c4a4 Make sure we don't underflow in the size macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:09:50 +02:00
Bence Szépkúti
b639d43538 Move and rename PSA_ALG_AEAD_IS_BASE_EQUAL
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:06:00 +02:00
Bence Szépkúti
f5a1fe9392 Explicitly check non-boolean values against zero
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-21 11:05:56 +02:00
Mateusz Starzyk
f9c7b3eb11 Remove PKCS#11 library wrapper.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-21 11:05:00 +02:00
Manuel Pégourié-Gonnard
7a366f7f97 PSA PBKDF2: add config option
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 13:23:03 +02:00
Manuel Pégourié-Gonnard
234b1ecace PSA PBKDF2: add "stretching" sub-category of key derivation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 13:07:21 +02:00
Manuel Pégourié-Gonnard
7da5791451 PSA PBKDF2: add algorithm macros + description
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 12:53:07 +02:00
Manuel Pégourié-Gonnard
49325d3bcf PSA PBKDF2: add verify-output functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 12:16:17 +02:00
Manuel Pégourié-Gonnard
22f08bcc00 PSA PBKDF2: add new input function
Note on naming: previously considered input_numeric but then thought the
other two input function are "input <name>" not "input <adjective>" so
decided to follow that pattern. input_int would be shorter but sounds
too much like the C type, which could be confusing as that's not the
type of the parameter; IMO "integer" avoids that problem.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:57:34 +02:00
Manuel Pégourié-Gonnard
5a67992a61 PSA PBKDF2: add/update input types
For the numeric values, I followed the apparent existing convention:
- first byte is 01 for secret inputs, 02 for non-secret inputs
- then second by is just incremented for each new input type

The documentation references a function that will be introduced in the
next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:34:03 +02:00
Manuel Pégourié-Gonnard
759438cfce PSA PBKDF2: add new policies
The documentation references functions that will be introduced in later
commits, but hopefully from the naming it's already clear what those
function will do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:34:03 +02:00
Manuel Pégourié-Gonnard
31cbbefde8 PSA PBKDF2: add new key types
Question to reviewers: regarding the numeric values, I'm not sure I've
incremented the right byte/nibble. Should this be 0x1201, 0x1202
instead, or something else? Is there a convention I should be aware of?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-20 11:32:28 +02:00
Manuel Pégourié-Gonnard
1cc91e7475
Merge pull request #4366 from gilles-peskine-arm/development_3.0-merge_2.x-20210419
Merge development 2.x into 3.0 (Apr 19)
2021-04-19 13:08:48 +02:00
Manuel Pégourié-Gonnard
16529bd439
Merge pull request #4344 from TRodziewicz/remove_deprecated_things_in_crypto_compat_h
Remove deprecated things from crypto_compat.h and dependent tests.
2021-04-19 10:55:21 +02:00
Gilles Peskine
ee259130e4 Merge branch 'development' into development_3.0
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
2021-04-19 10:51:59 +02:00
Mateusz Starzyk
a58625f90d Remove optional SHA-1 in the default TLS configuration.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-04-16 18:39:10 +02:00
TRodziewicz
2333e6302d Revert 2 files conflicting after previous push in the Github.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-16 14:32:22 +02:00
Bence Szépkúti
359411fd07 Adjust documentation of PSA_ALG_AEAD_IS_BASE_EQUAL
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-16 12:04:44 +02:00
Steven Cooreman
31e27af0cc Reword the builtin key language on persistency declaration
Specifically allow the driver to override the persistency level of a
builtin key in cases where the driver is persistency-aware.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-16 11:25:18 +02:00
Gilles Peskine
295fc13ef3 Split mbedtls_gcm_update_ad out of mbedtls_gcm_starts
The GCM interface now has separate functions to start the operation
and to pass the associated data.

This is in preparation for allowing the associated data to be passed
in chunks with repeatated calls to mbedtls_gcm_update_ad().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 21:34:33 +02:00
Gilles Peskine
a56c448636 Add output length parameters to mbedtls_gcm_update
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output length parameter to
mbedtls_gcm_update() to allow such implementations to delay the output
of partial blocks. With the software implementation, there is no such
delay.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 21:34:33 +02:00
Gilles Peskine
9461e45a17 Add output parameter to mbedtls_gcm_finish
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output parameter to
mbedtls_gcm_finish() to allow such implementations to pass the final
partial block back to the caller. With the software implementation,
this final output is always empty.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 18:41:38 +02:00
Gilles Peskine
441907ec30 Remove alignment requirement for mbedtls_gcm_update: documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-15 18:41:38 +02:00
Bence Szépkúti
607c0af246 Simplify PSA AEAD output size compatibility macros
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:17 +02:00
Bence Szépkúti
7e31009bdb Further reduce macro expansion
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Bence Szépkúti
598e92991a Rework PSA_AEAD_NONCE_LENGTH to reduce expansion
Due to repeated calls to PSA_AEAD_NONCE_LENGTH, which in turn calls
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG several times, some macros updated
in this PR expanded to over 6000 characters, more than the 4095 that ISO
C99 compilers are guaranteed to support.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Bence Szépkúti
0d8da39703 Mark unused macro argument as unused
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 17:32:16 +02:00
Steven Cooreman
b938b0bb03 Documentation clarification after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:53 +02:00
Steven Cooreman
c8b9534378 Change signature of mbedtls_psa_platform_get_builtin_key
Instead of the full attributes struct, it now only takes/returns what it
actually needs to.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
203bcbbc47 Style fixes (typos, whitespace, 80 column limit)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:06:52 +02:00
Steven Cooreman
6801f08973 Implement support for MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
According to the design in psa-driver-interface.md. Compiles without
issue in test_psa_crypto_drivers.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-04-15 15:04:26 +02:00
Bence Szépkúti
eb1a301321 Update documentation references to the AEAD macros
Where a change was necessary, the new documentation was copied from the
PSA Crypto API spec exactly, with the exception of PSA_AEAD_TAG_LENGTH,
which needed some adjustment.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:17 +02:00
Bence Szépkúti
12116bc3bb Update the AEAD output size macros
This brings them in line with PSA Crypto API version 1.0.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:17 +02:00
Bence Szépkúti
f7b6b4e591 Align code style with the rest of the file
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti
30f91a4bca Mark AEAD compatibility macros as deprecated
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti
670df7a41d Rename AEAD output size macros in crypto_compat.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Bence Szépkúti
8810fd3250 Copy AEAD output size macros to crypto_compat.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-15 14:47:16 +02:00
Mateusz Starzyk
c301bd56f0 Merge branch 'development_3.0' into drop_old_tls_options 2021-04-15 13:55:20 +02:00
TRodziewicz
136b3989cb Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-15 12:34:09 +02:00
Manuel Pégourié-Gonnard
93c0847914 Revert "Remove deprecated things from hashing modules"
This reverts commit c75d9f589b.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-04-15 12:28:15 +02:00
Hanno Becker
7e6eb9fa27 Simplify SSL session cache implementation via session serialization
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
ccdaf6ed22 Add session ID as explicit parameter to SSL session cache API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
a637ff6ddd Introduce typedef for SSL session cache callbacks
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Manuel Pégourié-Gonnard
c039514559
Merge pull request #4334 from TRodziewicz/origin/remove_old_func_from_hashing
Remove deprecated things from hashing modules
2021-04-15 10:13:32 +02:00
TRodziewicz
2a1a67300d Remove deprecated things from crypto_compat.h and dependent tests.
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 23:12:42 +02:00
Chris Jones
defe10df52 Add compatibility macro for the inline keyword in error.h
MSVC is not fully compliant with C99 where the 'inline' keyword is defined.
Add a macro to define an alternative for non-compliant compilers.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones
ef01852d65 Add missing guard to mbedtls_test_hook_error_add
Add a missing guard for the definition and declaration of
mbedtls_test_hook_error_add.

Also make the declaration always visible when MBEDTLS_TEST_HOOKS is
enabled. This fixes an issue when MBEDTLS_ERROR_C is not defined but
MBEDTLS_TEST_HOOKS is.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones
abded0ed39 Improve and fix documentation for error code combination
Improve documentation by:

- Fixing off by one errors in binary representations of error codes.
- Clarifying combinations of zero.
- Linking references to variables/macros via doxygen.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:27:04 +01:00
Chris Jones
b7d02e0f15 Fix misc issues with unused parameters and check-names.sh
Fix unused parameter warnings when MBEDTLS_TEST_HOOKS is not enabled.

A few issues were caught by check-names.sh namely:

- mbedtls_error_add was not capitalised.
- mbedtls_test_hook_error_add was being defined multiple times as the
  definition was in a header.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:26:59 +01:00
Chris Jones
7439209bcc Rewrite error addition interface
The previous implementation of the error addition interface did not comply
with the invasive testing architecture guidelines. This commit fixes that
by:

- Renaming functions/macros/variables to follow the mbedtls_error_xxx or
  mbedtls_test_hook_xxx convention.

- Making mbedtls_test_hook_error_add a global variable that can be set
  by the testing code.

- Using a static inline function call, as opposed to macro, to keep
  discrepancies between debug and production version to a minimum.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:24:25 +01:00
Chris Jones
759e30bdb0 Add MBEDTLS_ERROR_C dependency to invasive error code testing
Fix builds where `MBEDTLS_ERROR_C` is not defined but `MBEDTLS_TEST_HOOKS`
is defined. This was previously causing undefined reference errors in
these builds.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
b179b84335 Change set_err_add_hook void pointer to actual function pointer signature
Change the signature of the `hook` parameter of `mbedtls_set_err_add_hook`
to use the actual signature of the function as opposed to `void *`. This
fixes a warning when compiling with clang `-pedantic`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
d86ad60aa5 Change mbedtls_set_err_add_hook to use doxygen style comment
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
ef180af350 Move MBEDTLS_ERR_ADD macro and functions to error.*
`error.c` and  error.h are the more logical place to keep this code and it
prevents issues with building `common.c` and conflicts with other projects
that use mbedtls (such as mbedOS).

`error.c` has been automatically generated by first adding the code to
`error.fmt` and then running `./scripts/generate_errors.pl`.

Also add parenthesis to the addition in `MBEDTLS_ERR_ADD`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
5e8805afeb Move MBEDTLS_ERR_ADD macro and function to common.*
`error.c` is a file generated from `error.h` and thus cannot contain the code
that was previously added. This commit fixes that issue by moving the
`MBEDTLS_ERR_ADD` macro and associated function and function pointer into
`common.h` and `common.c`.

Also fix a typo in `tests/include/test/helpers.h` where tabs were accidentally
used instead of spaces.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:21:43 +01:00
Chris Jones
96ae73b0ea Add macro for error code addition
Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the
result will not be corrupted. This additional check is only enabled during
testing when `MBEDTLS_TEST_HOOKS` is defined.

Also includes a reference usage example in `rsa.c` where two high-level error
codes could be incorrectly added together under the right conditions. This now
ensures that when this error occurs during testing it will be correctly
reported.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-13 15:12:02 +01:00
TRodziewicz
b579ccd529 The still used deprecated error codes replaced with _PLATFORM_ ones
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-13 14:29:29 +02:00
TRodziewicz
d11ddc54b6 Correction in the TODO issue number
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 23:41:46 +02:00
TRodziewicz
dd82502b56 Remove deprecated error codes. Some still remain - question asked in issue comment
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 23:28:23 +02:00
TRodziewicz
c75d9f589b Remove deprecated things from hashing modules
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-04-12 11:38:37 +02:00
Chris Jones
9c6356881f Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
This config option has been unused for >5 years and so should be removed.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-09 16:10:48 +01:00
Bence Szépkúti
3b1cba82c8 Fix reference to deprecated macro in documentation
The reference was introduced in #4174.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-04-08 16:10:05 +02:00
Ronald Cron
df2e4f22a8
Merge pull request #4290 from ronald-cron-arm/hash-dispatch-follow-up
Hash dispatch follow up
2021-04-08 09:13:19 +02:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
Ronald Cron
980230e965 psa: include: Update and improve multipart-op struct design notes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron
dd3b539573 psa: include: Clarify scope of crypto_builtin/driver_contexts.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:38 +02:00
Ronald Cron
06c84ca5f8 psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 16:54:30 +02:00
Ronald Cron
e31fd11ab3 psa: include: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 15:59:57 +02:00
Ronald Cron
d3b458c452 tests: psa: Fix expected error code
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:54:50 +02:00
Ronald Cron
48ffe622f9
Merge pull request #4215 from paul-elliott-arm/remove_fallthrough
Remove deliberate fallthrough
2021-03-30 16:40:24 +02:00
Gilles Peskine
e5fde54337 Remove incorrect definitions of the dom2() and dom4() prefixes
Implementers and users would have to refer to the RFC for the detailed
specification of the algorithm anyway.

Keep a mention of the curves and hashes involved for avoidance of doubt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 15:08:10 +02:00
Gilles Peskine
a00abc6b65 Consistently describe Ed25519 as a 255-bit curve
The coordinates are over $F_{2^{255}-19}$, so by the general
definition of the bit size associated with the curve in the
specification, the value for size attribute of keys is 255.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
7e54a29bea Express DES key sizes in bits
The size attribute of a key is expressed in bits, so use bits in the
documentation. (The documentation of psa_export_key() describes the
export format, so it counts in bytes.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
6a427bf306 Document the general definition of bit sizes for asymmetric keys
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
27354690cb Use a bit-size in the algorithm name
Call it “SHAKE256-512”, just like SHA3-512 has 512 bits of output.
SHAKE256-64 looks like it's 64 bits of output, but this is 64 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00
Gilles Peskine
da7305e472 Avoid collision with SM3 in API specification 1.0.1
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-29 14:55:44 +02:00