Commit graph

28995 commits

Author SHA1 Message Date
Waleed Elmelegy
65e3046e18 Fix code style in ssl_tls.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:55:10 +00:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Ryan Everett
3dd6cde0d8 Mention functional correctness explicitly
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-20 16:47:57 +00:00
Valerio Setti
66134661cd driver-only-builds: add Restrictions section
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 17:06:13 +01:00
Ryan Everett
f5e135670b Clarify key generation and memory-management correctness
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-12-20 15:24:47 +00:00
Valerio Setti
d834896c8b changelog: enhancing descriptions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 16:00:44 +01:00
Valerio Setti
af53132e44 driver-only-builds: enhancing section on removing CIPHER_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 15:56:09 +01:00
Manuel Pégourié-Gonnard
35085c5e89
Merge pull request #7930 from tomi-font/7583-non-PSA_pk_sign_ext
Implement non-PSA pk_sign_ext()
2023-12-20 14:30:08 +00:00
Valerio Setti
3fab8a4deb driver-only-builds: fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 14:25:37 +01:00
Tomi Fontanilles
851d8df58d fix/work around dependency issues when !MBEDTLS_ECP_C
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:09:27 +02:00
Tomi Fontanilles
e6a664ed65 changelog: fix missing newline at end of file
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:05:55 +02:00
Tomi Fontanilles
9f41770313 pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C
For real this time.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 13:05:55 +02:00
Tomi Fontanilles
5297e43eec non-psa-pk-implementation: rephrase the changelog entry
And remove the comment on the uniformity in the PK module
with regards to PSA_CRYPTO_C not being referenced anymore;
end users are probably not interested in that.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
bad170e159 pk: remove last references to MBEDTLS_PSA_CRYPTO_C
They are replaced by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
1941af087c pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C
Deprecated functions are removed and #ifdefs are updated accordingly.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
9c69348c24 pk test suite: rename the parameter named parameter
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
573dc23141 rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()
And use it in the non-PSA version of mbedtls_pk_sign_ext()
to bypass checks that didn't succeed when used by TLS 1.3.

That is because in the failing scenarios the padding of
the RSA context is not set to PKCS_V21.

See the discussion on PR #7930 for more details.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext()
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
80ca493284 gitignore: add clangd index files
https://clangd.llvm.org/design/indexing#backgroundindex

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
a70b3c24f6 rsa: minor comment/guard improvements
This brings some improvements to comments/
function prototypes that relate to PKCS#1.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Valerio Setti
5eb8de12cb driver-only-build: remove paragraph about RSA/DH deterministic key generation
This feature is not supported at all in MbedTLS, driver or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 11:59:32 +01:00
Manuel Pégourié-Gonnard
9934f834af
Merge pull request #7766 from gilles-peskine-arm/psa-transition-doc-create
Legacy-to-PSA transition guide
2023-12-20 10:28:31 +00:00
Valerio Setti
5f665c3a0d analyze_outcomes: add exceptions to disparities for block_cipher dispatch
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:56:05 +01:00
Valerio Setti
9afa329b80 analyze_outcomes: allow ignored test suites to have a dot in the name
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:55:28 +01:00
Valerio Setti
45c84feacc test_suite_ccm: add missing BLOCK_CIPHER_PSA_[INIT/DONE]()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:39 +01:00
Valerio Setti
689c0f71cb tests: use new CCM/GCM capability macros in tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:18 +01:00
Valerio Setti
bfa675fe48 adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:52:08 +01:00
Manuel Pégourié-Gonnard
299bbacd7d
Merge pull request #8644 from gilles-peskine-arm/domain_parameters_document_size_hack
Document the domain_parameters_size==SIZE_MAX hack
2023-12-20 08:27:47 +00:00
Manuel Pégourié-Gonnard
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
Valerio Setti
50333977c6 cipher_wrap: fix guards for alloc/free functions of CCM/GCM
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 07:36:05 +01:00
Valerio Setti
4a8ef7cd9b all.sh: disable legacy AES/ARIA/CAMELLIA in test_full_block_cipher_psa_dispatch
This commit also:
- rename the reference component as component_test_full_block_cipher_legacy_dispatch()
- add a common configuration function, named common_block_cipher_dispatch() that
  is used from both accelerated and reference components

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 07:35:41 +01:00
Dave Rodgman
c393222643 Work around clang 3.8 bug
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 18:52:35 +00:00
Dave Rodgman
a69c782351
Merge pull request #8634 from daverodgman/iar-fixes
IAR warning fix & some improvements
2023-12-19 16:26:23 +00:00
Dave Rodgman
fc5b9553b2 Don't use full path for setting CC
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 16:08:19 +00:00
Dave Rodgman
bc8e61d962 Use gcc in test_full_deprecated_warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 14:07:15 +00:00
Dave Rodgman
d47186d6e3 Disable automatic setting of clang target flags on old clang
Old versions of clang don't support this pragma, so we have to assume
that the user will have set the flags.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 13:11:47 +00:00
Dave Rodgman
d8d6451a6e Add -O2 to some CFLAGS which were not setting it
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 12:20:21 +00:00
Dave Rodgman
ea03ef9a77 Don't specify gcc unless the test requires it
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 12:19:59 +00:00
Dave Rodgman
dfe5ce81ee Use clang -O2 in common_block_cipher_no_decrypt
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 11:47:18 +00:00
Dave Rodgman
590519f535 Enable -O2 in depends.py
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-19 11:33:55 +00:00
Gilles Peskine
1a9e05bf08 Note that domain parameters are not supported with drivers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-19 12:23:22 +01:00
Gilles Peskine
5ad9539363 Remove DSA and DH domain parameters from the documentation
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-19 12:22:46 +01:00
Valerio Setti
9da01a7f53 all.sh: rename test_psa_crypto_config_accel_cipher to accel_des
Renaming this test component in order to better explain what it
really does.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 08:05:40 +01:00
Valerio Setti
70f05bedd6 changelog: add changelog for accelerated ciphers and AEADs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 08:05:37 +01:00
Valerio Setti
7f062a58fb pkwrite: add newlines when calling mbedtls_pem_write_buffer()
New defines, which are shared with the pkparse module, lack the
new line so we manually add it when invoking
mbedtls_pem_write_buffer().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 07:48:42 +01:00
Valerio Setti
4bb5740a7d Revert "pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()"
This reverts commit 180915018d.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-19 07:48:38 +01:00
Dave Rodgman
d0a594d444 Use gcc in test_psa_compliance
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 22:29:56 +00:00
Dave Rodgman
932ce859d5 Ensure test_psa_compliance uses gcc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 20:35:54 +00:00
Gilles Peskine
9deb54900e Document the domain_parameters_size==SIZE_MAX hack
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-18 21:01:18 +01:00
Dave Rodgman
0c5bfe816f Ensure clang is present
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-18 19:53:25 +00:00