Gilles Peskine
5eeca33749
Use "workflow" rather than "flow" for clarity
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-04 23:17:19 +01:00
Gilles Peskine
06002c5624
typos and minor clarifications
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-04 23:17:19 +01:00
Gilles Peskine
2fffc45feb
fixup! Correct function names prefixes where they diverge from module names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-04 23:17:16 +01:00
Valerio Setti
8aec84f3a7
pkwrite: minor code reshape
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 16:04:21 +01:00
Valerio Setti
5e18b90c95
config-tfm: disable CIPHER_C
...
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Valerio Setti
58d0206f39
test_suite_block_cipher: fix depends_on for Camellia tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Valerio Setti
20e93a2a9d
driver-only-builds: update documentation for AEADs
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Valerio Setti
10149c9516
changelog: add changelog for AEAD support without CIPHER_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:23 +01:00
Gabor Mezei
fe23daf8a3
Remove leftover code from initial changelog support
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-12-04 14:37:31 +01:00
Valerio Setti
302a487499
test_driver_key_management: rename counter for export_public_key() hits
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
829ce0facf
test_driver_cipher: add forced return status for encrypt and set_iv
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ef35a9b3c
test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
0ca1868fcd
test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68
test_suite_psa_crypto_slot_management: modify check on open key slots
...
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4
mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
45337a8895
test_suite_psa_crypto_driver_wrappers: add counter for cipher_update()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
6ef82ae39d
test_suite_psa_crypto_driver_wrappers: improving driver access counters
...
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
0a903db804
test_suite_psa_crypto_slot_management: some fix for available key slots
...
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
dc32ac20fd
test_suite_[ctr_drbg/random]: initialize/close PSA in tests
...
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
402cfba4dc
psa: free RNG implementation before checking for remaining open key slots
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc
ctr_drbg: add alternative PSA implementation when AES_C is not defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
fbefe04bf3
check_config: fix requirements for CTR_DRBG
...
The module now depends on either:
- AES_C, which is the default and the preferred solution for
backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
new solution when AES_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
40a93dff32
all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12
...
pkcs[5/12]: use cipher enums for encrypt and decrypt
2023-12-04 10:03:02 +00:00
Dave Rodgman
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562
...
Fixed compilation for Haiku OS
2023-12-04 09:53:08 +00:00
Dave Rodgman
7a2dae6442
Merge pull request #8589 from daverodgman/ct-unused
...
Remove unused/non-compiling code
2023-12-04 09:41:39 +00:00
Jerry Yu
7bb40a3650
send unexpected alert when not received eoed or app during reading early data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a
Send decode error alert when EOED parsing fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c
fix various issues
...
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 09:58:54 +08:00
Thomas Daubney
10769bca9e
Fix bad whitespace in keyword argument assignment
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 23:47:59 +00:00
Thomas Daubney
3a0690647e
Use guess_mbedtls_root in Mbed-TLS-only script
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 18:27:25 +00:00
Thomas Daubney
04c446cc21
Modify crypto_core_directory to also return a relative path
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 17:18:38 +00:00
Valerio Setti
4577bda6d5
pkcs[5|12]: use cipher enums for encrypt and decrypt
...
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-01 16:51:24 +01:00
Yanray Wang
744577a429
tls13: early_data: cli: check a PSK has been selected in EE
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740
Remove unused code
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf
Shortening a comment line
...
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562
Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
2023-12-01 12:23:26 +01:00
Thomas Daubney
99030e2a50
Remove trailing whitespace
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-01 09:52:35 +00:00
Yanray Wang
9ae6534c20
tls13: early_data: cli: improve comment
...
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0
tls13: early_data: cli: improve comment
...
This commit improves comment of the check for handshake parameters
in Encrypted Extension.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263
improve comments and output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555
print received early application data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:30:34 +08:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Jerry Yu
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:25:16 +08:00