Commit graph

24103 commits

Author SHA1 Message Date
Przemek Stekiel
69aba90e5b Add tests case for step with different buffer size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:06:09 +01:00
Przemek Stekiel
656b2595fb psa_pake_input: validate buffer size using PSA_PAKE_INPUT_SIZE
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:05:52 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
97fd217748
Merge pull request #7318 from tom-cosgrove-arm/update-mbedtls_have_asm-requirements-in-mbedtls_config.h
Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
2023-03-20 18:22:25 +00:00
Dave Rodgman
43f9a25277
Merge pull request #7315 from mpg/ecjpake-changelog
Add ChangeLog entry for driver-only EC J-PAKE
2023-03-20 15:14:15 +00:00
Tom Cosgrove
f586aa2af2 Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-20 14:45:27 +00:00
Dave Rodgman
c5807a6fa8
Merge pull request #6918 from yuhaoth/pr/add-gcm-with-armv8-crypto-extension
Add GCM  with armv8 crypto extension
2023-03-20 14:45:14 +00:00
Manuel Pégourié-Gonnard
e9a60224fd Add ChangeLog entry for driver-only EC J-PAKE
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-20 10:03:55 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
e91aadaeed
Merge pull request #7299 from valeriosetti/issue7280
Driver only EC JPAKE: enable ssl-opt.sh and get test parity
2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Yanray Wang
b46ccf235c fix line length of ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-20 12:41:10 +08:00
Dave Rodgman
b937c92853
Merge pull request #7313 from daverodgman/aes-armv8-changelog
Changelog and terminology tidy-up for AESCE
2023-03-18 14:33:04 +00:00
Dave Rodgman
f992e6fe38 Changelog for AESCE support
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:38 +00:00
Dave Rodgman
f918d42332 Tidy up ARMCE terminology
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:23 +00:00
Manuel Pégourié-Gonnard
0f60d09aa8 Add a test with all of ECC accelerated
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:23:17 +01:00
Manuel Pégourié-Gonnard
3831637e85 Handle dependency on ECP_C in ECC KDF
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:21:26 +01:00
Joakim Andersson
bb576febb2 psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
Fix psa_key_derivation_output_key not being able to derive ECC keys
without MBEDTLS_BUILTIN ECC key types enabled.
The PSA crypto drivers can generate these keys without requiring the
builtin key types.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-03-17 15:21:26 +01:00
Yanray Wang
69bc8403eb rsa_tests: use TEST_EQUAL instead of TEST_ASSERT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:33:08 +08:00
Yanray Wang
e05a21f084 rsa: add a test to check default padding mode and hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:09:20 +08:00
Yanray Wang
15d3df7aec rsa: add positive test cases for getter functions
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 19:49:04 +08:00
Dave Rodgman
8a7ed6951d Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:58:11 +08:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
0d957d3a83
Merge pull request #7275 from valeriosetti/issue7255
Driver-only EC JPAKE: starter
2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard
6ea8d3414f Fix a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:50 +01:00
Manuel Pégourié-Gonnard
1b5ffc63cc Avoid double definition of MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard
ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa
Implement MD dispatch to PSA
2023-03-17 09:42:40 +01:00
Janos Follath
c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction
Extract Secp256r1 fast reduction from the prototype
2023-03-16 19:43:25 +00:00
Dave Rodgman
4a060ffa59
Merge pull request #7303 from daverodgman/msan_bzero_testcase
Add tests that cover msan explicit_bzero issue
2023-03-16 17:55:19 +00:00
Valerio Setti
943f8ddf81 test: remove leftovers from debug sessions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 16:47:17 +01:00
Dave Rodgman
3ac99fdf07
Merge pull request #7301 from gilles-peskine-arm/msan-explicit_bzero
Fix Msan failure with explicit_bzero
2023-03-16 14:55:18 +00:00
Dave Rodgman
0a3c72df02 Add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 13:43:32 +00:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Dave Rodgman
5d2024333b Fix missing line ending
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 12:14:51 +00:00
Dave Rodgman
ecd649205d Add tests that cover msan explicit_bzero issue
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 12:02:15 +00:00
Gilles Peskine
a8d2ff3fdf Fix Msan failure with explicit_bzero
On some platforms, including modern Linux, Clang with Msan does not
recognize that explicit_bzero() writes well-defined content to its output
buffer. For us, this causes CMAC operations to fail in Msan builds when
mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 10:53:46 +01:00
Manuel Pégourié-Gonnard
9d698df4f4 Further clarify a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
ec31f2917f Systematically call PSA_INIT for MD tests
All tests that call md_setup() or compute a hash of a HMAC may now need
it in some builds.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
a9ab4a2d60 Clarify a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
f48b1f810e Rename internal function to something clearer
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
9f132b7c9c Clarify real/dummy def of PSA_INIT/DONE
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
54e3c6593e Fix failures in signature accel test
The test driver library tries to only build what's necessary, but must
use the same PSA_WANT macros as the main library. So, for things that
are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines
MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the
command line, in which case it undefines it and defineds BUILTIN
instead. This negation happens in crypto_config_test_driver_extension.h
and reflects the fact that what we want accelerated in the main library
is what we want built-in in the driver library (and vice versa if we
want to minimize the size of the driver library).

So, the ACCEL symbols in inside the test driver library (while it's
being built, not those on the command line) are a bit of a white lie:
they don't actually mean "there's an accelerator for this" but instead
"I won't include a built-in for this even though the corresponding
PSA_WANT symbol is defined".

This was quite harmless until MD started making dispatch decisions based
on the ACCEL symbols: when it tries to dispatch to an accelerator that
doesn't actually exist, things tend to go badly.

The minimal fix for this is to change how we enable extra hashes in the
test driver library: by defining the ACCEL symbol on the command line,
in the build we'll end up with the BUILTIN symbol (and implementation!)
and no ACCEL symbol, which is exactly what we want.

Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
7dc8b95849 Fix failures in builds without PSA_CRYPTO_C
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
39a376a417 Finish removing HMAC from MD-light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
c9e0ad23c1 Update design document
- Support for PSA_CRYPTO_CLIENT without PSA_CRYPTO_C is out of scope for
now but might be added later (the architecture supports that).
- While we're using a void pointer for md_ctx, we don't need a union
here; the union will be useful only if & when we remove the indirection.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00