Re-organize psa_mac_setup() to prepare the move
to a dedicated function of the additional checks
on the algorithm and the key attributes done by
this function. We want to move those checks in
a dedicated function to be able to do them
without duplicating them in psa_mac_compute().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This saves some code when compiling for Thumb, where access to
fields with offset index > 127 requires intermediate address
computations. Frequently used fields should therefore be located
at the top of the structure, while less frequently used ones --
such as the export callback -- can be moved to the back.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Tests for psa_mac_compute and psa_mac_verify functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The original formatting was in dos and the changelog
assembler would fail. The length of the description was
too long horizontally. This has been updated.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Reverting some deleted tests and changing the deprecated algo
Deleting deprecated headers from /alt-dummy dir
Corrections to the comments
Removal of deleted functions from compat-2.x.h
Corrections to tests/data_files/Makefile
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
Entries in ChangeLog and Migration guide files
have been merged to cover both the removal of
MBEDTLS_SSL_TRUNCATED_HMAC and
MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
For TLS, secp256k1 is deprecated by RFC 8422 §5.1.1. For X.509,
secp256k1 is not deprecated, but it isn't used in practice, especially
in the context of TLS where there isn't much point in having an X.509
certificate which most peers do not support. So remove it from the
default profile. We can add it back later if there is demand.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Meld the migration guide for the removal of
MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES into the migration guide for
the strengthening of TLS and X.509 defaults, which is more general. The
information in the SHA-1 section was largely already present in the
strengthening section. It is now less straightforward to figure out how to
enable SHA-1 in certificates, but that's a good thing, since no one should
still be doing this in 2021.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The default curve is now Curve25519, which doesn't support restartable ECC.
So run the restartable ECC tests with a curve that does support it. Use
secp256r1 which is required for these tests anyway for the server's
certificate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rewrite mbedtls_debug_print_mpi to be simpler and smaller. Leverage
mbedtls_mpi_bitlen() instead of manually looking for the leading
zeros.
Fix#4608: the old code made an invalid memory dereference when
X->n==0 (freshly initialized bignum with the value 0).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
There was already a test case for 0 but with a non-empty representation
(X->n == 1). Add a test case with X->n == 0 (freshly initialized mpi).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
TLS used to prefer larger curves, under the idea that a larger curve has a
higher security strength and is therefore harder to attack. However, brute
force attacks are not a practical concern, so this was not particularly
meaningful. If a curve is considered secure enough to be allowed, then we
might as well use it.
So order curves by resource usage. The exact definition of what this means
is purposefully left open. It may include criteria such as performance and
memory usage. Risk of side channels could be a factor as well, although it
didn't affect the current choice.
The current list happens to exactly correspond to the numbers reported by
one run of the benchmark program for "full handshake/s" on my machine.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We stated that curves were listed "in order of preference", but we never
explained what the preference was, so this was not meaningful.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
