"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295
Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In the driver wrapper for psa_generate_key() and psa_generate_key_ext():
* Invoke the built-in code if using a non-default method, even if there
might be an accelerator. This is ok because we only support non-default
methods for RSA and we don't support driver-only RSA, therefore a
non-default method will always have built-in code behind it.
* Return NOT_SUPPORTED if trying to use a non-default method with an opaque
driver.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Instead of passing the size of the whole structure, just pass the data
length and let the implementation worry about adding the size of the
structure. The intent with passing the structure size was to allow
the client code in a client-server implementation to know nothing
about the structure and just copy the bytes to the server. But that was not
really a useful consideration since the application has to know the
structure layout, so it has to be available in the client implementation's
headers. Passing the method data length makes life simpler for everyone by
not having to worry about possible padding at the end of the structure, and
removes a potential error condition
(method_length < sizeof(psa_key_generation_method_t)).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
secp224k1 is the one with 225-bit private keys.
The consequences of this mistake were:
* We emitted positive test cases for hypothetical SECP_R1_225 and
SECP_K1_224 curves, which were never executed.
* We emitted useless not-supported test cases for SECP_R1_225 and SECP_K1_224.
* We were missing positive test cases for SECP_R1_224 in automatically
generated tests.
* We were missing not-supported test cases for SECP_R1_224 and SECP_K1_225.
Thus this didn't cause test failures, but it caused missing test coverage
and some never-executed test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
`$(MBEDTLS_TEST_OBJS)` included TLS-specific test support modules in
`tests/Makefile` but not in `programs/Makefile`. This difference is not
actually necessary. What is necessary is that all programs that use
functions from TLS-specific test support modules are linked with those
modules in addition to `-lmbedtls`, and programs that are not linked with
`-lmbedtls` are not linked with TLS-specific test support modules. Since we
always pass `-lmbedtls` when linking programs in `programs/Makefile`, we can
link with the TLS-specific test support modules as well. This keeps things
simpler.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
fixup "Create common.make with LOCAL_CFLAGS and friends"
The code wasn't what I had intended, although it was functionally
equivalent. Make it more readable and more robust.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When building with Make on a Unix-like platform (shell and compiler),
auto-detect configurations that may require linking with pthread.
This removes the need for MAKE_THREADING_FLAGS in all.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a common.make for definitions that are shared between tests/Makefile
and programs/Makefile, to facilitate maintenance. Start populating it with
CFLAGS/LDFLAGS variables. More to follow in subsequent commits.
Keep library/Makefile independent, at least for the time being.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add new function to build_tree.py to return the crypto
name for the project; either tfpsacrypto or mbedcrypto.
Deploy this function where needed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Add crypto_core_directory in build_tree.py so that
the libary/core directory can be returned based
on what repository we are in.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Rename some variables in generate_driver_wrappers.py
now that the script has to work in two repositories
as opposed to just mbed tls.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
