Commit graph

2401 commits

Author SHA1 Message Date
Hanno Becker
7909c4c875 Improve doc wording of PSA status field of mbedtls_cipher_context_t 2018-11-22 14:03:39 +00:00
Hanno Becker
115e1a4e5b Don't use multiline comments in enums to silence check-names.sh
The sanity checking script tests/scripts/check-names.sh uses a
simple state machine paired with a sequence of `sed` commands to
extract enumeration constants from the code. This code, however,
doesn't work properly when using multiline comments in enumerations
such as recently done in the constants MBEDTLS_CIPHER_PSA_KEY_XXX.

This commit doesn't attempt to make check-names.sh more robust
but instead uses /* ... */ comment indicators in each comment line,
while silences check-names.sh.

Increasing the robustness of check-names.sh is instead tracked
in #2210.
2018-11-22 14:03:39 +00:00
Hanno Becker
625f94b2fd Minor rewording in documentation of PSA-based cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
ce61a32e6a Use enum for slot state in PSA-based cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
f133640475 Add AEAD tag length to new mbedtls_cipher_setup_psa()
For AEAD ciphers, the information contained in mbedtls_cipher_info
is not enough to deduce a PSA algorithm value of type psa_algorithm_t.
This is because mbedtls_cipher_info doesn't contain the AEAD tag
length, while values of type psa_algorithm_t do.

This commit adds the AEAD tag length as a separate parameter
to mbedtls_cipher_setup_psa(). For Non-AEAD ciphers, the value
must be 0.

This approach is preferred over passing psa_algorithm_t directly
in order to keep the changes in existing code using the cipher layer
small.
2018-11-22 14:03:39 +00:00
Hanno Becker
d9ca5cfd60 Implement mbedtls_cipher_setkey() for PSA-based cipher contexts
This commit implements the internal key slot management performed
by PSA-based cipher contexts. Specifically, `mbedtls_cipher_setkey()`
wraps the provided raw key material into a key slot, and
`mbedtls_cipher_free()` destroys that key slot.
2018-11-22 14:03:39 +00:00
Hanno Becker
73f59fc3e9 Add PSA-specific cipher context 2018-11-22 14:03:39 +00:00
Hanno Becker
1cb36530be Add psa_enabled field to cipher ctx and add dummy implementations
This field determines whether a cipher context should
use an external implementation of the PSA Crypto API for
cryptographic operations, or Mbed TLS' own crypto library.

The commit also adds dummy implementations for the cipher API.
2018-11-22 14:03:39 +00:00
Hanno Becker
098c9de2af Add declaration and dummy-definition of mbedtls_cipher_setup_psa() 2018-11-22 14:03:39 +00:00
Hanno Becker
b1f0872ce6 Improve wording in documentation of mbedtls_cipher_setup() 2018-11-22 14:03:39 +00:00
Hanno Becker
d7503a72d0 Expand documentation of mbedtls_cipher_list() 2018-11-22 14:03:39 +00:00
Hanno Becker
f4fb876be9 Fix style in cipher.h 2018-11-22 14:03:39 +00:00
Hanno Becker
e5a0450809 Fix style in definition of mbedtls_cipher_mode_t 2018-11-22 14:03:39 +00:00
Hanno Becker
4d30776826 Remove double white space 2018-11-21 21:08:43 +00:00
Hanno Becker
186b65ac61 Use MBEDTLS_PSA_UTIL_H instead of MBEDTLS_PSA_COMPAT_H in psa_util.h
This is still an artifact from when psa_util.h was called psa_compat.h.
2018-11-21 21:08:43 +00:00
Hanno Becker
51560b62ed State explicitly that any API depending on PSA is unstable 2018-11-21 21:08:43 +00:00
Hanno Becker
f5f9ea26bb Improve documentation of mbedtls_psa_err_translate_pk() 2018-11-21 21:08:43 +00:00
Hanno Becker
010cf7eced Add AEAD tag length parameter to mbedtls_psa_translate_cipher_mode()
In case of AEAD ciphers, the cipher mode (and not even the entire content
of mbedtls_cipher_info_t) doesn't uniquely determine a psa_algorithm_t
because it doesn't specify the AEAD tag length, which however is included
in psa_algorithm_t identifiers.

This commit adds a tag length value to mbedtls_psa_translate_cipher_mode()
to account for that ambiguity.
2018-11-21 21:08:43 +00:00
Hanno Becker
000334f398 Add function to translate PSA errors to PK module errors 2018-11-21 21:08:43 +00:00
Hanno Becker
afebf5a153 Fix Doxygen annotation in psa_util.h 2018-11-21 21:08:43 +00:00
Hanno Becker
b26c1938d2 Make PSA utility functions static inline
Compilers warn about unused static functions.
2018-11-21 21:08:43 +00:00
Hanno Becker
5525126ed8 Add PSA-to-Mbed TLS translations for cipher module 2018-11-21 21:08:43 +00:00
Hanno Becker
87837b2ec6 Add internal header for PSA utility functions
This commit adds the header file mbedtls/psa_util.h which contains
static utility functions `mbedtls_psa_xxx()` used in the integration
of PSA Crypto into Mbed TLS.

Warning: These functions are internal only and may change at any time.
2018-11-21 21:08:42 +00:00
Manuel Pégourié-Gonnard
aeefa49edd Add config option for X.509/TLS to use PSA 2018-11-21 21:03:14 +00:00
Jaeden Amero
484ee33c35 psa: Add PSA Crypto configuration
Add an option that can enable the exposure of PSA Crypto APIs from
libmbedcrypto.
2018-11-21 12:54:57 +00:00
Simon Butcher
c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Simon Butcher
cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher
e51d4b336b Merge remote-tracking branch 'public/pr/2054' into development-proposed 2018-11-09 19:57:53 +00:00
Ron Eldor
9924bdc792 Deprecate hardware acceleration errors
Deprecate the module-specific XXX_HW_ACCEL_FAILED and
XXX_FEATURE_UNAVAILABLE errors, as alternative implementations should now
return `MBEDTLS_ERR_PLATFORM_HW_FAILED` and
`MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED`.
2018-11-09 15:01:07 +00:00
Ron Eldor
bcca58c6cd Add common feature unavailable error
Add a common error for the feature unavailable, in the
platform module.
2018-11-09 13:57:37 +00:00
Simon Butcher
361ce6c302 Merge remote-tracking branch 'public/pr/2127' into development-restricted-proposed 2018-11-07 12:57:01 +00:00
Simon Butcher
c81813153c Merge remote-tracking branch 'public/pr/2140' into development-restricted-proposed 2018-11-07 12:56:05 +00:00
Simon Butcher
241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher
51b6abbbf2 Merge remote-tracking branch 'public/pr/2165' into development-proposed 2018-11-06 22:55:14 +00:00
Ron Eldor
7213744b07 Fix typo in comment
Change from from lower case to upper case in XXX_ALT
comment in `MBEDTLS_ECP_RESTARTABLE` description.
2018-11-05 22:31:32 +02:00
Ron Eldor
19779c4739 Some style and documentation fixes
1. Change description of of hte `MBEDTLS_ECP_RESTARTABLE`
in the configuration file.
2. Change check for compilation of `rs_ctx` to positive flow.
2018-11-05 16:58:13 +02:00
Ron Eldor
5ed8c1eded Avoid using restartable and alternative ECP imp.
1. Add a check that MBEDTLS_ECP_RESTARTABLE is not defined
   along any EC* alternative implementation.
2. Add a closing comment foran `#endif`.
2018-11-05 14:04:26 +02:00
Simon Butcher
06f88e9c42 Merge remote-tracking branch 'public/pr/2007' into development-proposed 2018-11-04 19:12:57 +00:00
Hanno Becker
710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker
5517755353 Improve wording and formatting of ASN.1 write module documentation 2018-11-02 10:52:38 +00:00
Simon Butcher
d5bf428a7b Merge remote-tracking branch 'public/pr/1618' into development-proposed 2018-10-28 17:29:13 +00:00
Simon Butcher
a07d86e8af Merge remote-tracking branch 'public/pr/1902' into development 2018-10-27 18:36:55 +01:00
Simon Butcher
ef263ebcd7 Merge remote-tracking branch 'public/pr/1993' into development 2018-10-27 18:36:28 +01:00
Simon Butcher
da095619bb Merge remote-tracking branch 'public/pr/2142' into development 2018-10-27 18:30:08 +01:00
Simon Butcher
e783f4a767 Merge remote-tracking branch 'public/pr/1609' into development 2018-10-27 17:35:25 +01:00
Hanno Becker
abdf67ee9f Cast number of operations to uint in MBEDTLS_ECP_BUDGET
Context:
The macro `MBEDTLS_ECP_BUDGET()` is called before performing a
number of potentially time-consuming ECC operations. If restartable
ECC is enabled, it wraps a call to `mbedtls_ecp_check_budget()`
which in turn checks if the requested number of operations can be
performed without exceeding the maximum number of consecutive ECC
operations.

Issue:
The function `mbedtls_ecp_check_budget()` expects a the number
of requested operations to be given as a value of type `unsigned`,
while some calls of the wrapper macro `MBEDTLS_ECP_BUDGET()` use
expressions of type `size_t`.
This rightfully leads to warnings about implicit truncation
from `size_t` to `unsigned` on some compilers.

Fix:
This commit makes the truncation explicit by adding an explicit cast
to `unsigned` in the expansion of the `MBEDTLS_ECP_BUDGET()` macro.

Justification:
Functionally, the new version is equivalent to the previous code.
The warning about truncation can be discarded because, as can be
inferred from `ecp.h`, the number of requested operations is never
larger than 1000.
2018-10-26 15:06:51 +01:00
Hanno Becker
0eb8fb85a6 Correct typo in documentation of MBEDTLS_SSL_RENEGOTIATION 2018-10-26 09:53:16 +01:00
Hanno Becker
cc40d86edb Improve documentation of mbedtls_ssl_get_verify_result()
Fixes #517.
2018-10-23 10:28:01 +01:00
Manuel Pégourié-Gonnard
a966fdea72 Fix some documentation typos and improve a comment 2018-10-23 10:41:11 +02:00
Manuel Pégourié-Gonnard
ca29fdf569 Fix some typos in documentation and comments 2018-10-22 09:56:53 +02:00