Commit graph

28770 commits

Author SHA1 Message Date
Valerio Setti
0ca1868fcd test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68 test_suite_psa_crypto_slot_management: modify check on open key slots
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
  mbedtls_test_helper_is_psa_leaking():
   - when CTR_DRBG does not use AES_C or PSA does not have an external
     RNG, then we allow 1 key slot (it's the one holding the AES key)
   - when the above conditions are not met, then we fallback to the
     usual check for "no open key slots remaining"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4 mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
45337a8895 test_suite_psa_crypto_driver_wrappers: add counter for cipher_update()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
6ef82ae39d test_suite_psa_crypto_driver_wrappers: improving driver access counters
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
0a903db804 test_suite_psa_crypto_slot_management: some fix for available key slots
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
dc32ac20fd test_suite_[ctr_drbg/random]: initialize/close PSA in tests
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
402cfba4dc psa: free RNG implementation before checking for remaining open key slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc ctr_drbg: add alternative PSA implementation when AES_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
fbefe04bf3 check_config: fix requirements for CTR_DRBG
The module now depends on either:
- AES_C, which is the default and the preferred solution for
  backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
  new solution when AES_C is not defined

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
40a93dff32 all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12
pkcs[5/12]: use cipher enums for encrypt and decrypt
2023-12-04 10:03:02 +00:00
Dave Rodgman
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562
Fixed compilation for Haiku OS
2023-12-04 09:53:08 +00:00
Dave Rodgman
7a2dae6442
Merge pull request #8589 from daverodgman/ct-unused
Remove unused/non-compiling code
2023-12-04 09:41:39 +00:00
Jerry Yu
7bb40a3650 send unexpected alert when not received eoed or app during reading early data
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a Send decode error alert when EOED parsing fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c fix various issues
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 09:58:54 +08:00
Thomas Daubney
10769bca9e Fix bad whitespace in keyword argument assignment
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 23:47:59 +00:00
Thomas Daubney
3a0690647e Use guess_mbedtls_root in Mbed-TLS-only script
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 18:27:25 +00:00
Thomas Daubney
04c446cc21 Modify crypto_core_directory to also return a relative path
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 17:18:38 +00:00
Valerio Setti
4577bda6d5 pkcs[5|12]: use cipher enums for encrypt and decrypt
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-01 16:51:24 +01:00
Yanray Wang
744577a429 tls13: early_data: cli: check a PSK has been selected in EE
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740 Remove unused code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf Shortening a comment line
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562

Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
2023-12-01 12:23:26 +01:00
Thomas Daubney
99030e2a50 Remove trailing whitespace
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 09:52:35 +00:00
Yanray Wang
9ae6534c20 tls13: early_data: cli: improve comment
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0 tls13: early_data: cli: improve comment
This commit improves comment of the check for handshake parameters
in Encrypted Extension.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263 improve comments and output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555 print received early application data
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a switch inbound transform to handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5 implement parser of eoed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2 implement coordinate of eoed
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2 Add dummy framework of eoed state
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b empty process_end_of_early_data
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:30:34 +08:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Jerry Yu
9b72e39701 re-introduce process_wait_flight2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23 remove wait_flight2 state
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:25:16 +08:00
Dave Rodgman
422951b9ed
Merge pull request #8044 from daverodgman/msft-aarch64
Better support for MSVC aarch64 aka ARM64 and ARM64EC
2023-12-01 07:48:26 +00:00
Yanray Wang
e72dfff1d6 tls13: early_data: cli: improve comment
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d tls13: early_data: cli: remove guard to fix failure
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:02:56 +08:00
Gilles Peskine
1097d4e731 Minor clarification
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:18:10 +01:00
Gilles Peskine
c3fd0958ce typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:18:04 +01:00
Gilles Peskine
02112cc9a1 Update PBKDF2 availability for 3.5
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:17:55 +01:00
Gilles Peskine
3ea22dcb51 Correct function names prefixes where they diverge from module names
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:07:24 +01:00
Gilles Peskine
dbcfc7dd95 Be more informative about "No change"
Distinguish between interfaces that won't change in 4.0, and interfaces that
have no PSA equivalent but are likely to change in 4.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:04:06 +01:00
Thomas Daubney
db80b2301c Introduce guess_tf_psa_crypto_root
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 17:33:54 +00:00
Thomas Daubney
d1f2934e78 Introduce guess_mbedtls_root
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 17:27:42 +00:00
Thomas Daubney
56bee0344e Rename variable for better clarity
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 14:33:35 +00:00
Thomas Daubney
46588de8fc Improve documentation of crypto_core_directory
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 13:59:30 +00:00
Thomas Daubney
08c6dc4942 Rename project_crypto_name
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 13:56:09 +00:00