Valerio Setti
0ca1868fcd
test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68
test_suite_psa_crypto_slot_management: modify check on open key slots
...
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4
mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
45337a8895
test_suite_psa_crypto_driver_wrappers: add counter for cipher_update()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
6ef82ae39d
test_suite_psa_crypto_driver_wrappers: improving driver access counters
...
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
0a903db804
test_suite_psa_crypto_slot_management: some fix for available key slots
...
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
dc32ac20fd
test_suite_[ctr_drbg/random]: initialize/close PSA in tests
...
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
402cfba4dc
psa: free RNG implementation before checking for remaining open key slots
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc
ctr_drbg: add alternative PSA implementation when AES_C is not defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
fbefe04bf3
check_config: fix requirements for CTR_DRBG
...
The module now depends on either:
- AES_C, which is the default and the preferred solution for
backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
new solution when AES_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
40a93dff32
all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12
...
pkcs[5/12]: use cipher enums for encrypt and decrypt
2023-12-04 10:03:02 +00:00
Dave Rodgman
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562
...
Fixed compilation for Haiku OS
2023-12-04 09:53:08 +00:00
Dave Rodgman
7a2dae6442
Merge pull request #8589 from daverodgman/ct-unused
...
Remove unused/non-compiling code
2023-12-04 09:41:39 +00:00
Jerry Yu
7bb40a3650
send unexpected alert when not received eoed or app during reading early data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a
Send decode error alert when EOED parsing fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c
fix various issues
...
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 09:58:54 +08:00
Thomas Daubney
10769bca9e
Fix bad whitespace in keyword argument assignment
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 23:47:59 +00:00
Thomas Daubney
3a0690647e
Use guess_mbedtls_root in Mbed-TLS-only script
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 18:27:25 +00:00
Thomas Daubney
04c446cc21
Modify crypto_core_directory to also return a relative path
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 17:18:38 +00:00
Valerio Setti
4577bda6d5
pkcs[5|12]: use cipher enums for encrypt and decrypt
...
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-01 16:51:24 +01:00
Yanray Wang
744577a429
tls13: early_data: cli: check a PSK has been selected in EE
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740
Remove unused code
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf
Shortening a comment line
...
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562
Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
2023-12-01 12:23:26 +01:00
Thomas Daubney
99030e2a50
Remove trailing whitespace
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 09:52:35 +00:00
Yanray Wang
9ae6534c20
tls13: early_data: cli: improve comment
...
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0
tls13: early_data: cli: improve comment
...
This commit improves comment of the check for handshake parameters
in Encrypted Extension.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263
improve comments and output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555
print received early application data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:30:34 +08:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Jerry Yu
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:25:16 +08:00
Dave Rodgman
422951b9ed
Merge pull request #8044 from daverodgman/msft-aarch64
...
Better support for MSVC aarch64 aka ARM64 and ARM64EC
2023-12-01 07:48:26 +00:00
Yanray Wang
e72dfff1d6
tls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d
tls13: early_data: cli: remove guard to fix failure
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:02:56 +08:00
Gilles Peskine
1097d4e731
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:18:10 +01:00
Gilles Peskine
c3fd0958ce
typo
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:18:04 +01:00
Gilles Peskine
02112cc9a1
Update PBKDF2 availability for 3.5
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:17:55 +01:00
Gilles Peskine
3ea22dcb51
Correct function names prefixes where they diverge from module names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:07:24 +01:00
Gilles Peskine
dbcfc7dd95
Be more informative about "No change"
...
Distinguish between interfaces that won't change in 4.0, and interfaces that
have no PSA equivalent but are likely to change in 4.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-30 21:04:06 +01:00
Thomas Daubney
db80b2301c
Introduce guess_tf_psa_crypto_root
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 17:33:54 +00:00
Thomas Daubney
d1f2934e78
Introduce guess_mbedtls_root
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 17:27:42 +00:00
Thomas Daubney
56bee0344e
Rename variable for better clarity
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 14:33:35 +00:00
Thomas Daubney
46588de8fc
Improve documentation of crypto_core_directory
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 13:59:30 +00:00
Thomas Daubney
08c6dc4942
Rename project_crypto_name
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-30 13:56:09 +00:00