This means we can hold the mutex around the call to reserve_free_key_slot
in get_and_lock_key_slot, avoiding inefficient rework.
(Changes to get_and_lock_key_slot are not in scope in this PR)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Hold the mutex for the entirety of the call.
We need the mutex for the wipe, also hold it for aborting driver transactions as this
may have side effects.
We can't use the macros here as this function returns void.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Hold mutex for the entirety of the call.
We are writing to storage and writing to the slot state here.
If we didn't keep the mutex for the whole duration then we may end up with
another thread seeing that a persistent key is in storage before
our slot is set to FULL; this would be unlinearizable behaviour.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
Everything needs to be done under the mutex here, we operate directly on FULL/EMPTY
slots, and we can't let key_slots_initialized change before we operate on slots.
Refactor to use an exit label.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This saves ~160 bytes of code size, at the cost of a bit of localized
complexity in the code. The impact on performance is measurable but small
(<5% observed on x86_64) and can go either way (there's a calculation vs
memory bandwidth compromise).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Calling mbedtls_test_fail() attempts to lock the test data mutex.
Unfortunately we were calling this from places where we already held
this mutex, and this mutex is not recursive, so this deadlocks. Split
out mbedtls_test_fail() into mbedtls_test_fail_internal() in order to
address this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ECJPAKE_C only needs MD_LIGHT and it allready auto-enables it in
config_adjust_legacy_crypto.h, so nothing to check here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The added comma is needed so that these tests match the regex exceptions
in analyze_outcomes.py.
Moved the Encryption tests so that they are separate to decryption.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
We're already making sure of that in
include/mbedtls/config_adjust_psa_superset_legacy.h - no need to
double-check here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
After this change, check_config.h does not have any #defined except:
- the standard header double-inclusion guard
- short-lived helpers that are #undef-ed in the same paragraph
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Those were only used for KEY_EXCHANGE_ECJPAKE, but had a much larger
scope than needed. We actually don't need those macros if we distinguish
between cases when expressing dependencies for this key exchange.
The remaining helper macros are all short lived.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It always uses MD now. (The "fall back" to PSA Crypto was only in the
1st iteration of driver-only hash support, before we changed the
architecture to make everything go through MD.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
None of the TLS code is calling low-level hash functions directly. So
the correct dependencies here are MD_CAN.
(I checked and this was the only occurrence.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Simplify: let's take advantage of the MD_CAN macros instead of doing it
again ourselves.
Fix: SHA-3 was forgotten.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
