yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
28843 commits 1 branch 0 tags 94 MiB
Commit graph

28843 commits

This branch
This branch
All branches
Author SHA1 Message Date
Xiaokang Qian
70fbdcf904 Change early data flag to input file 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-05 05:50:08 +00:00
Jerry Yu
ebb1b1d48f fix ci test failure 
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5 fix various issues 
- remove unnecessary statements
- improve macro name
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 10:27:17 +08:00
Gilles Peskine
e5044a0eb2 Add a generic section about key management 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:19 +01:00
Gilles Peskine
32dfaf485c More information about output buffer sizes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:19 +01:00
Gilles Peskine
76bc64e101 Diffie-Hellman: several clarifications and corrections 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:19 +01:00
Gilles Peskine
d921391bf4 Note a few things about PAKE (thanks Manuel) 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:19 +01:00
Gilles Peskine
5eeca33749 Use "workflow" rather than "flow" for clarity 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:19 +01:00
Gilles Peskine
06002c5624 typos and minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:19 +01:00
Gilles Peskine
2fffc45feb fixup! Correct function names prefixes where they diverge from module names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-04 23:17:16 +01:00
Valerio Setti
8aec84f3a7 pkwrite: minor code reshape 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 16:04:21 +01:00
Valerio Setti
5e18b90c95 config-tfm: disable CIPHER_C 
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 15:24:25 +01:00
Valerio Setti
58d0206f39 test_suite_block_cipher: fix depends_on for Camellia tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 15:24:25 +01:00
Valerio Setti
20e93a2a9d driver-only-builds: update documentation for AEADs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 15:24:25 +01:00
Valerio Setti
10149c9516 changelog: add changelog for AEAD support without CIPHER_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 15:24:23 +01:00
Gabor Mezei
fe23daf8a3
Remove leftover code from initial changelog support 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-12-04 14:37:31 +01:00
Valerio Setti
302a487499 test_driver_key_management: rename counter for export_public_key() hits 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
829ce0facf test_driver_cipher: add forced return status for encrypt and set_iv 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
7ef35a9b3c test_suite_psa_crypto_driver_wrappers: add counter for failing psa_cipher_update() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
0ca1868fcd test_suite_psa_crypto_driver_wrappers: fix missing hit counter reset before test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
7448367f68 test_suite_psa_crypto_slot_management: modify check on open key slots 
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
  mbedtls_test_helper_is_psa_leaking():
   - when CTR_DRBG does not use AES_C or PSA does not have an external
     RNG, then we allow 1 key slot (it's the one holding the AES key)
   - when the above conditions are not met, then we fallback to the
     usual check for "no open key slots remaining"

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4 mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
45337a8895 test_suite_psa_crypto_driver_wrappers: add counter for cipher_update() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
6ef82ae39d test_suite_psa_crypto_driver_wrappers: improving driver access counters 
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
0a903db804 test_suite_psa_crypto_slot_management: some fix for available key slots 
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
dc32ac20fd test_suite_[ctr_drbg/random]: initialize/close PSA in tests 
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
402cfba4dc psa: free RNG implementation before checking for remaining open key slots 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc ctr_drbg: add alternative PSA implementation when AES_C is not defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
fbefe04bf3 check_config: fix requirements for CTR_DRBG 
The module now depends on either:
- AES_C, which is the default and the preferred solution for
  backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
  new solution when AES_C is not defined

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
40a93dff32 all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12 
pkcs[5/12]: use cipher enums for encrypt and decrypt
 2023-12-04 10:03:02 +00:00
Dave Rodgman
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562 
Fixed compilation for Haiku OS
 2023-12-04 09:53:08 +00:00
Dave Rodgman
7a2dae6442
Merge pull request #8589 from daverodgman/ct-unused 
Remove unused/non-compiling code
 2023-12-04 09:41:39 +00:00
Jerry Yu
7bb40a3650 send unexpected alert when not received eoed or app during reading early data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a Send decode error alert when EOED parsing fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c fix various issues 
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 09:58:54 +08:00
Thomas Daubney
10769bca9e Fix bad whitespace in keyword argument assignment 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-12-01 23:47:59 +00:00
Thomas Daubney
3a0690647e Use guess_mbedtls_root in Mbed-TLS-only script 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-12-01 18:27:25 +00:00
Thomas Daubney
04c446cc21 Modify crypto_core_directory to also return a relative path 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-12-01 17:18:38 +00:00
Valerio Setti
4577bda6d5 pkcs[5|12]: use cipher enums for encrypt and decrypt 
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-01 16:51:24 +01:00
Yanray Wang
744577a429 tls13: early_data: cli: check a PSK has been selected in EE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740 Remove unused code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf Shortening a comment line 
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562

Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
 2023-12-01 12:23:26 +01:00
Thomas Daubney
99030e2a50 Remove trailing whitespace 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-12-01 09:52:35 +00:00
Yanray Wang
9ae6534c20 tls13: early_data: cli: improve comment 
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0 tls13: early_data: cli: improve comment 
This commit improves comment of the check for handshake parameters
in Encrypted Extension.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263 improve comments and output message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555 print received early application data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a switch inbound transform to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00