Commit graph

803 commits

Author SHA1 Message Date
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Gilles Peskine
afb482897b
Merge pull request #5292 from mprse/asym_encrypt
Driver dispatch for PSA asymmetric encryption + RSA tests
2022-03-10 20:07:38 +01:00
Gilles Peskine
dcf2ff53c8 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:02:00 +01:00
Gilles Peskine
4a9630a651 Fix typo and align on US spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:00:29 +01:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Gilles Peskine
644b3f6072 Unify module documentation with --help text
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:23:09 +01:00
Gilles Peskine
93c2a42166 Don't require ABI tools if not checking the ABI
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:22:36 +01:00
Gilles Peskine
ca586a53e8 Look at manually written read tests as well
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).

Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:12:47 +01:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Gilles Peskine
c76ab85561 Make the API/ABI check optional
This way we can add other checks and only run a subset of all the
checks. The default remains to run all the checks.

I made separate options for API and ABI, but since we use the same
tool for both and it doesn't have an obvious way to check only API or
only ABI, the two options must be both enabled or both disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Gilles Peskine
7b2804bb3b Require an older version of markupsafe for the sake of older Jinja2
Jinja2 <3.0 require markupsafe <2.1.0, but does not declare this
requirement. (Jinja2 2.x has not been updated since markupsafe 2.1.0 came
out). So declare this requirement ourselves.

This is not ideal, since we would want to use the latest markupsafe with the
latest Jinja2. But at least it gives us a consistent set of versions to run
the CI with.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-19 20:38:29 +01:00
Przemyslaw Stekiel
4576b91148 Compact the argument lists
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-02 11:10:46 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Przemyslaw Stekiel
71284eabdb psa_asymmetric_decrypt: add test driver impl
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
b6a6650a64 psa_asymmetric_encrypt: add test driver impl
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:05 +01:00
Gilles Peskine
f954853e00
Merge pull request #5193 from SiliconLabs/codegen_1.0
Driver Wrappers Codegen 1.0
2022-01-05 11:02:53 +01:00
Manuel Pégourié-Gonnard
ce8a6173f7
Merge pull request #5337 from gilles-peskine-arm/bump_version-3.1
bump_version: Fix spurious replacement in build_info.h
2022-01-04 12:56:41 +01:00
Archana
4a9e02632a
Review comments addressed
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 13:37:37 +05:30
Archana
c08248d650
Rename the template file from .conf to .jinja
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Archana
e03960e460
Restructure Python script to use argparse and main
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:34:59 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Archana
a8939b6da3
Restructure scripts' folder alignment
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:57:15 +05:30
Gilles Peskine
fe4ce6dfa2
Fix trailing newline getting dropped
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-18 12:22:26 +05:30
Archana
1f1a34a226
Rev 1.0 of Driver Wrappers code gen
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:22:06 +05:30
David Horstmann
3be1271e35 Fix typo in python script method name
Change 'tranlation' -> 'translation' in the name of a
method in `scripts/generate_ssl_debug_headers.py`.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-16 11:01:43 +00:00
Gilles Peskine
863b96a21b Add copyright notice to ssl_debug_helpers*
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-16 10:04:58 +01:00
Gilles Peskine
923d5c9e3c Rename ssl_debug_helpers.h
It's no longer generated, so rename it accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:56:54 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Gilles Peskine
5dd4d2e6d9 Fix spurious replacement in build_info.h
Only rewrite #define lines, not uses of the macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 20:22:41 +01:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
Add list config function
2021-12-10 18:30:06 +00:00
Jerry Yu
b54b53142a fix msvc build faile
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 21:38:12 +08:00
Jerry Yu
2e8b00172b Beauty source code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:29:02 +08:00
Jerry Yu
84e63a73cd Add list_config generation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:30:57 +08:00
Jerry Yu
0cb2cf6cb4 fix build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 14:23:37 +08:00
Jerry Yu
9817e3e621 fix generate check fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e6369b0061 fix test_cmake_as_package fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
6389b254c9 fix typos error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e988f0f7a7 fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624 add enum value to string helpers
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Gilles Peskine
3d57afe2b0 Correct default requirements file name in help
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-03 13:32:51 +01:00
Gilles Peskine
26f60b38de Add Cryptodome to maintainer requirements
See e.g. https://github.com/ARMmbed/mbedtls/pull/5218

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:50:06 +01:00
Gilles Peskine
b3e5340b1f Clarify comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:48:50 +01:00
Gilles Peskine
7f29ea6d39 Allow passing options to pip
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-22 18:08:30 +01:00
Gilles Peskine
8f63f6dcc6 Use a method to invoke pip that works on Windows
Passing arguments on the command line apparently didn't work due to quoting
issues. Use a temporary file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-18 18:18:35 +01:00
Gilles Peskine
9172c9c073 Script to install minimum versions of the requirements
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 19:27:45 +01:00
Gilles Peskine
87485a3f28 Add requirement on Jinja to integrate drivers
Driver implementers need to regenerate wrappers. This will use Jinja2 as
discussed in
https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607

On the development branch, driver integration is always needed to generate
the driver wrapper and thus to build the library, so this requirement
applies to everyone, not just driver implementers. In releases, we plan to
include a default driver wrapper with support for basic use cases only,
meaning that the line `-r driver.requirements.txt` should be removed from
`basic.requirements.txt` in releases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 19:27:45 +01:00
Gilles Peskine
9c82cd9f43 Declare which Python packages we use
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.

This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 19:27:45 +01:00