Move get_key_buf_size/get_builtin_key out of
the psa wrapper auto generated file
Slot_management.c include the head file instead of the source file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
The shipped Visual Studio project files were misconfigured for build
combinations of 64 bit Release builds.
Signed-off-by: Simon Butcher <simon.butcher@arm.com>
CryptGenRandom and lstrlenW are not permitted in Windows Store apps,
meaning apps that use mbedTLS can't ship in the Windows Store.
Instead, use BCryptGenRandom and wcslen, respectively, which are
permitted.
Also make sure conversions between size_t, ULONG, and int are
always done safely; on a 64-bit platform, these types are different
sizes.
Also suppress macro redefinition warning for intsafe.h:
Visual Studio 2010 and earlier generates C4005 when including both
<intsafe.h> and <stdint.h> because a number of <TYPE>_MAX constants
are redefined. This is fixed in later versions of Visual Studio.
The constants are guaranteed to be the same between both files,
however, so we can safely suppress the warning when including
intsafe.h.
Signed-off-by: Kevin Kane <kkane@microsoft.com>
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previously the code only recognized the old spelling "mbed TLS", so it
missed doxygen/input/doc_mainpage.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In case of an out-of-tree build with the CMake build
system the path to crypto_config.h has to be defined
as the path to mbedtls_config.h. Add this possibility
tp generate_query_config.pl.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Boolean options that modify the behavior of a module are supposed to be in
the "feature support" section, not in the "configuration options" support:
that section is documented to contain commented-out definitions with a
value, for which the comment contains the default version. In particular,
merely uncommenting a definition in the "configuration options" section is
not supposed to change anything.
Move the offending boolean options to the proper section.
This causes those options to be enabled by `config.py full` unless
explicitly excluded. For all the offending options, this is undesirable, so
make sure those options are indeed excluded.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
`PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
from `development`, and add the `u` suffix to the relevant constants.
Check for the 'drivers' and 'programs' directories additionally to the
ones that are already there.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
They aren't used anywhere.
Keep the command line options of all.sh to avoid breaking any wrapper
scripts that people might have.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This reverts commit eb2c39ed2b.
We temporarily turned off the cryptography requirement on Windows due to a
CI instance that had an old, incompatible verison of pip. That CI instance
has been upgraded so we no longer need the workaround.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some basic test coverage for now:
* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.
Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
'Removed' and 'NotCreated' should be displayed in new and old column
respectively. The value of delta is reflected on change column. This
commit handles the corner cases properly.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
To keep a concise markdown table, we don't list text and data
section from old Git revision. However, it should be ideal to keep
those two sections in CSV output. Therefore, we list comparison
result for CSV output in following format:
filename new(text) new(data) old(text) old(data) change(text) change(data)
Additionally, if a file only exits in new Git revision not in old
Git revision, it's marked as `NotCreated` as we haven't created this
file yet from perspective of old Git revision.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
In comparison result, to indicate it's a delta value, we add `+` in
front of positive values. For unchanged attributes, it's still
shown as `0'.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Previously we set loglevel >= WARNING printed to stderr and
loglevel < WARNING printed to stdout. To be more flexible, we
replace this `WARNING` value with an argument: split_level and leave
`WARNING` as default split_level if not set.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Transparent drivers don't have this entry points. Other entry points
that are only for opaque drivers are not listed here but only in the
opaque_driver.json file, so this was likely a mistake.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The EXCLUDE_FROM_FULL list in config.py should be, and used to be, but
no longer is, in alphabetical order, and with a comma on the last
element.
Signed-off-by: Janos Follath <janos.follath@arm.com>
By default, the full configuration enables all options. But we
specifically don't want to enable MBEDTLS_ECP_WITH_MPI_UINT except where
it's done explicitly, because it disables the old ecp. So it needs to be
added to the exceptions in config.py (EXCLUDE_FROM_FULL).
Signed-off-by: Janos Follath <janos.follath@arm.com>
The latest and earliest clang/GCC compilers are now used through
variables instead of symlinks and also the all.sh script is updated
to support options for overriding the default values.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
When '--show-all' is enabled, all the objects will be displayed in
comparison result no matter if there is code size change or not.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
It makes sense to display code size changes if a file has been
removed in our library. With this commit we track old objects as
well. If a file is not present in the new Git revision,
we display -old_size in the new_size column. The size change is
marked as `Removed` to indicate the file has been removed.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The result format for code size comparison is:
filename new(text) new(data) change(text) change(data)
yyy.o xxx xxx xx xx
The numbers followed are in bytes.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Percentage is not a useful number when looking at code size changes.
Since it depends on the base of the code size. It might give
misleading information by simply looking at the numbers.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The Ubuntu 16.04 and 22.04 docker images have been updated with
earliest and latest versions of gcc and clang respectively.
This patch adds the necessary component and support functions
required for the CI to run these compilers.
For FreeBSD we invoke the function by name so a condition is added
to disable the existing test_clang_opt function for linux.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
If we use option --stdout, the logging level is set as
logging.ERROR. But --verbose is able to overwrite logging level as
logging.INFO if we want to display intermediate log in the process
of code size comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
If we output comparison result into sys.stdout, it will print an
extra line to show information we used for code size comparison in
detail. This would be helpful if we copy & paste code size changes
in Github comment.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit changes how to infer make command. Although we haven't
supported to pass more options in command line, this is the
preparation work to support those features.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The option --markdown supports to only show the files that
have changed in a markdown table between two commits.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Previously we used dec(total) as comparison result of code size
measurement. However, it's not accurate because dec(total) is
the sum of text, data and bss. Now we show text,data instead
since those are sections we care about in code size perspective
specifically for TF-M.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
For time being, code_size_compare.py only supports `size`. This
commit builds up foundation to extend code size measurement with
other tools.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
We use SimpleNamespace class to store all the information used to
measure code size of objects in library.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
CodeSizeCalculator is aimed to calculate code size based on a Git
revision and code size measurement tool. The output of code size is
in utf-8 encoding.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit splits CodeSizeBase as a separate class to prepare a
parser as CodeSizeGenerator. The benefit is we can extend the tool
of code size measurement in order to generate more types of code
size record.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Back when we introduced MBEDTLS_PSA_CRYPTO_CONFIG and it was still
experimental, it made sense that we tested it separately. Nowadays, the
feature is fully implemented, and the full config without
MBEDTLS_PSA_CRYPTO_CONFIG keeps cryptographic mechanisms that only have a
PSA implementation and aren't in the default build disabled (currently:
PBKDF2). So enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
New scripts have updated executable permissions to be consistent with
project requirements.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
If we don't remove all executable files in current working
directory, we might measure code size between different architecture
and configuration. This generates a wrong code size comparison
report. This commit guarantees it runs `make clean` before build
libraries for code size comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This patch introduces a rounding-error-resiliant method to
calculate bits_to_limbs, and is updating `SECP224R1` and
`SECP224K1` to use it.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Use a switch instead of an array. The array was very hollow for some enum
types such as mbedtls_ssl_protocol_version (which formerly used small
values, but switched to using the protocol encoding as enum values in Mbed
TLS 3.2.0). Optimizing compilers know how to compile a switch into a lookup
table when the range warrants it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This patch updates `ecp_mod_p_generic_raw` and corresponding
curve test methods, that depend on the NIST optimisation
parameter to not run when it is not included.
The following curves are affected:
* SECP192R1
* SECP224R1
* SECP256R1
* SECP384R1
* SECP521R1
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The code size measurement script generates code size
record / comparison csv file in a more readable format.
The script won't generate new record file if there is an existing
one. It reads the record and stores data into dictionary of code_size
for comparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
CodeSizeBase class aims to store size information for a specific
revision. It also has support to write csv report, comparison result
in a more readable format. This commit lays out foundation to
simplify code for CodeSizeComparison.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
If system architecture doesn't match architecture of input argument
for default configuration, it's reported as an error.
Additionally, it prints out help message to show which architecture
and configuration option should be used.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit splits parsed arguments into required group and optional
group to present help message clearer to users.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Add prompt message for a series of supported combination of
architecture and configuration when someone tries unsupported
combinations.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>