Commit graph

23897 commits

Author SHA1 Message Date
Jerry Yu
fc2e128fc9 Fix grammar issues and remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-27 11:16:56 +08:00
Paul Elliott
c2033502f5 Give edge case tests a better name
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 18:47:58 +00:00
Paul Elliott
c7f6882995 Add comments to each test case to show intent
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 18:47:58 +00:00
Paul Elliott
7118d17df1 Pacify code style checker
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-26 16:57:05 +00:00
Dave Rodgman
096e72959b Fix case of include header for mingw
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:17:35 +00:00
Dave Rodgman
f5e531a87b Fix code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:17:15 +00:00
Dave Rodgman
21dfce7a5c Add tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 17:10:38 +00:00
Dave Rodgman
703f805f09 Improve explicit_bzero detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 15:19:52 +00:00
Dave Rodgman
fe57a2e008 Remove newlib detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 14:16:34 +00:00
Dave Rodgman
82f3de55b2 tidy up brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 14:08:22 +00:00
Dave Rodgman
828ec905db Improve explicit_bzero detection
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-25 13:32:26 +00:00
Dave Rodgman
f0a0e43053 explicit_bzero is not available on arm-none-eabi
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 19:01:48 +00:00
Dave Rodgman
a6fda16a41 Fix re-definition of __STDC_WANT_LIB_EXT1__
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 19:00:38 +00:00
Dave Rodgman
8a7d26f12c Typo fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 18:19:24 +00:00
Paul Elliott
dc42ca8a7e Use psa_wipe_tag_buffer() for MAC and aead code.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 18:11:59 +00:00
Dave Rodgman
8b6eded03d
Tidy-up comment
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 18:07:05 +00:00
Paul Elliott
7bc24cc512 Fix typos in documentation.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 18:04:16 +00:00
Dave Rodgman
bf0597f804 Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:45:41 +00:00
Dave Rodgman
4daca63734 Documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:43:00 +00:00
Dave Rodgman
f55182d2bf Use platform-provided secure zeroization call
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-24 17:42:43 +00:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00
Bence Szépkúti
248971348b Replace fuzzer-generated PKCS7 regression tests
This commit adds well-formed reproducers for the memory management
issues fixed in the following commits:

290f01b3f5
e7f8c616d0
f7641544ea

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2023-02-24 15:31:03 +01:00
Andrzej Kurek
86f30ff626 Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-24 07:51:21 -05:00
Manuel Pégourié-Gonnard
02d55d5825 Rename some local variables
The name sha512 might have made sense when it was an
mbedtls_sha512_context, but now it's weird to see things like

    mbedtls_md_setup(&sha512, ...MBEDTLS_MD_SHA384...);

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 13:31:33 +01:00
Manuel Pégourié-Gonnard
f057ecfedf Use MD not low-level sha256/512 in TLS
Same reasoning as in previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 13:30:55 +01:00
Manuel Pégourié-Gonnard
2cd751465c Use MD, not low-level SHA1, in X.509
X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the
!USE_PSA_CRYPTO branch, so we're free to use MD.

This change supports our ability to use MBEDTLS_MD_CAN_xxx macros
everywhere in the future, once they have been introduced.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 12:37:07 +01:00
Manuel Pégourié-Gonnard
0ac71c0d92 Make debug statement more portable
There's little reason for accessing the hash implementation's internal
state, its output contains most of the same information.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-24 12:13:55 +01:00
Przemek Stekiel
6f2d1f419a Further pake tests optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-24 10:22:47 +01:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Przemek Stekiel
d93de32267 Move to computation stage only on successfull setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-24 08:39:49 +01:00
Jerry Yu
c66deda4c5 Add explanation for aesce limitation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-24 11:42:07 +08:00
Jerry Yu
aa18c4bf96 Add comments about travis test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-24 11:18:41 +08:00
Jerry Yu
ba1e78f1c2 fix code style and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-24 11:18:16 +08:00
Manuel Pégourié-Gonnard
1e57abd3ec Group MD_LIGHT and MD_C parts of md.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 20:45:26 +01:00
Manuel Pégourié-Gonnard
623c73b46d Remove config.py call on now-internal option
It turns out config.py wouldn't complain, but it's still confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 20:36:05 +01:00
Przemek Stekiel
083745e097 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:28:23 +01:00
Gilles Peskine
95c915201e Move the implication of MBEDTLS_PSA_CRYPTO_CLIENT where it belongs
If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable
MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the
full PSA crypto feature set. Historically, we didn't have a good place for
configuration modification, so we did this early in the crypto.h include
tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that.

Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Gilles Peskine
361b5f992f Make sure the configuration is always included
Before, if psa/crypto_platform.h was overridden and the override didn't
include "mbedtls/build_info.h", it was possible to end up with parts of
the headers not taking the library configuration into account, if no
mbedtls header was included before "psa/crypto.h". Make sure that
the mbedtls configuration is visible from the start, no matter what is
or is not in the platform header.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Przemek Stekiel
bdc21e623e Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:12:19 +01:00
Valerio Setti
1af76d119d ssl-opt: automatically detect requirements from the specified certificates
This moslty focus on tests using "server5*" cerificate. Several cases
are taken into account depending on:
- TLS version (1.2 or 1.3)
- server or client roles

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 16:55:59 +01:00
Valerio Setti
3f2309fea6 ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 13:47:30 +01:00
Gilles Peskine
2fb4e14397 Words. Use them!
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 13:37:54 +01:00
Gilles Peskine
4348a83bc8 Further documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 13:03:30 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 13:02:13 +01:00
Manuel Pégourié-Gonnard
cacc0ea144 Fix a couple more typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:42:37 +01:00
Manuel Pégourié-Gonnard
39a4f4285d Add links for macros in doxygen documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:40:24 +01:00
Manuel Pégourié-Gonnard
f3953c878e Clarify relationship between MD_C and MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:39:05 +01:00
Manuel Pégourié-Gonnard
82a43942c8 Make it clearer what's part of MD-light or not
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:36:29 +01:00
Valerio Setti
d1f991c879 ssl-opt: fix required configs in ECDSA related tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 09:31:41 +01:00