Commit graph

29112 commits

Author SHA1 Message Date
Valerio Setti
98f5db9fca psa_util: fix typo in comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-05 18:17:38 +01:00
Waleed-Ziad Maamoun-Elmelegy
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>
2024-01-05 14:19:16 +00:00
Valerio Setti
3742f7c4b4 changelog: improve wording
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-05 10:37:58 +01:00
Ryan Everett
6a9c14b918 Update mbedtls_psa_get_stats
Uses readers to report "locked_slots",
and slot state empty to report "empty_slots".

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
6cd2b8db96 Update psa_wipe_all_key_slots
This will still wipe the slot regardless of state/readers.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
1b70a07eca Replace psa_unlock_key_slot calls in operations which act on FULL slots
Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read.

All instances follow a pattern of a call to psa_get_and_lock_key_slot_X,
followed by some code which reads from a slot, followed by a call to psa_unregister_read.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
eb27dc0f3a Update psa_load_X_key_into_slot
These functions (on success) take a slot from PSA_SLOT_FILLING to PSA_SLOT_FULL.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
c70ce576bd Update psa_destroy_key, psa_purge_key and psa_close_key
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
098c6659ad Update psa_get_and_lock_key_slot_X functions
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
b69118ebd0 Update key creation functions to use the new key slot states
Update psa_start_key_creation,
psa_finish_key_creation and psa_fail_key_creation.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
2afb516011 Update and rename psa_get_empty_key_slot
Rename to psa_reserve_free_key_slot, as this function reserves a slot which is
free (not always empty) for filling.
Implement necessary state transitions and state checks.
Rename unlocked_persistent_key_slot to unused_persistent_key_slot.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
4a78277cb2 Implement psa_key_slot_state_transition
This inline function is used in every case we want to change the state of a slot,
except for where we do not care about what the state of the slot was before.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
39cc9d755e Implement psa_register_read and psa_unregister_read
Replaces psa_lock_key_slot and psa_unlock_key_slot.
Future commits will remove the calls to locking/unlocking functions,
and add calls to registering/unregistering functions.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
62aa79ac5c Implement psa_key_slot_has_readers and remove psa_is_key_slot_occupied
Remove psa_is_key_slot_occupied, any function which calls this can just check
the state variable instead.
Replace psa_is_key_slot_locked with psa_key_slot_has_readers.
References to the now removed functions are changed in future commits.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
aa33c512cc Update psa_wipe_key_slot
Change psa_wipe_key_slot to use the new state system.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
d7dc7ff91c Update psa_key_slot_t
Remove the `status` field and replace with the `state` field.
Remove the `lock_count` field and replace with the `registered_readers` field.
Add documentation which describes how and why these fields are to be used.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Waleed Elmelegy
60f0f727c3 Add config dependencies to record size tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-04 14:57:31 +00:00
Dave Rodgman
a021d63bf7
Merge pull request #8642 from daverodgman/default-compiler-all
CI perf: Use clang by default in all.sh
2024-01-04 12:58:54 +00:00
Valerio Setti
04cccef256 changelog: improve wording
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-04 13:33:12 +01:00
Valerio Setti
2a185c30af changelog: rename changelog file to reflect the number of the related issue
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-04 13:31:36 +01:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Manuel Pégourié-Gonnard
66b1ded73a
Merge pull request #8623 from daverodgman/verbatim-tfm
Use TF-M config verbatim
2024-01-04 08:08:06 +00:00
Gilles Peskine
44d557c52d Indicate which curves Mbed TLS supports
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:59:38 +01:00
Gilles Peskine
6e2069661e Note unusual curve size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:59:03 +01:00
Gilles Peskine
2a22dac694 Fix typo in curve name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:58:55 +01:00
Gilles Peskine
68b5182dad Add test data for secp192r1
Same generation methodology as 0cbaf056fa:

```
openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-192 -text |perl -0777 -pe 's/.*\npriv:([\n 0-9a-f:]*)pub:([\n 0-9a-f:]*).*/"$1","$2"/s or die; y/\n ://d; s/,/,\n              /;'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:57:52 +01:00
Gilles Peskine
478dd84b63 Fix mixup between secp224r1 and secp224k1 in test scripts
secp224k1 is the one with 225-bit private keys.

The consequences of this mistake were:

* We emitted positive test cases for hypothetical SECP_R1_225 and
  SECP_K1_224 curves, which were never executed.
* We emitted useless not-supported test cases for SECP_R1_225 and SECP_K1_224.
* We were missing positive test cases for SECP_R1_224 in automatically
  generated tests.
* We were missing not-supported test cases for SECP_R1_224 and SECP_K1_225.

Thus this didn't cause test failures, but it caused missing test coverage
and some never-executed test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:50:56 +01:00
Paul Elliott
3ca93e5d25
Merge pull request #8667 from gilles-peskine-arm/pthread-link-auto-make-followup
Minor cleanups to common.make
2024-01-03 18:51:48 +00:00
Valerio Setti
7406b74fce driver-only-builds: fix typo
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-03 14:47:36 +01:00
Gilles Peskine
a10d112e45 Remove useless guards on MBEDTLS_BIGNUM_C
All of ECP requires the bignum module and there is no plan to change that,
so guarding a few bits of code is just noise.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 14:08:10 +01:00
Dave Rodgman
62a2e3c8db
Merge pull request #8512 from mschulz-at-hilscher/feature/timing-alt-compatible-benchmark
Alternative Timing compatible benchmark.c
2024-01-03 11:46:58 +00:00
Dave Rodgman
7565b54545 Move MBEDTLS_CIPHER modification to appropriate section
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
13d2633126 Fix MBEDTLS_NO_PLATFORM_ENTROPY for baremetal aarch64 with armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
1c91057fab Update check_files.py to accomodate non-standard license headers in TF-M config files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
b925d141de minor tidy-up
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
fc566605b6 Mention copyright in the readme
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
27a3785d98 Use verbatim TF-M configs from upstream
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
bff2a58b6e Add supporting files to enable use of verbatim TF-M config
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Gilles Peskine
0ae58dd985 Unify MBEDTLS_TEST_OBJS
`$(MBEDTLS_TEST_OBJS)` included TLS-specific test support modules in
`tests/Makefile` but not in `programs/Makefile`. This difference is not
actually necessary. What is necessary is that all programs that use
functions from TLS-specific test support modules are linked with those
modules in addition to `-lmbedtls`, and programs that are not linked with
`-lmbedtls` are not linked with TLS-specific test support modules. Since we
always pass `-lmbedtls` when linking programs in `programs/Makefile`, we can
link with the TLS-specific test support modules as well. This keeps things
simpler.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 23:11:24 +01:00
Gilles Peskine
cd06a813c6 Fix name in documentation
fixup "Correct name and documentation of preprocessor symbol check function"

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 18:14:40 +01:00
Gilles Peskine
8939148339 Minor readability improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 18:14:00 +01:00
Gilles Peskine
570e54822c Finish unifying LOCAL_CFLAGS
fixup "Create common.make with LOCAL_CFLAGS and friends"

The code wasn't what I had intended, although it was functionally
equivalent. Make it more readable and more robust.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 18:11:10 +01:00
Gilles Peskine
5d867872dd Improve readability of null-argument tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 17:57:51 +01:00
Gilles Peskine
39b7bba8a0 Make input parameter const
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 17:56:54 +01:00
Dave Rodgman
593e9cb600
Merge pull request #8511 from mschulz-at-hilscher/feature/rsa3072-benchmark
Add benchmark for RSA 3072
2024-01-02 16:35:14 +00:00
Dave Rodgman
1cc90a1003
Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910
Fixes redundant declarations for psa_set_key_domain_parameters
2024-01-02 16:34:40 +00:00
Valerio Setti
6315441be7 adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling
CCM/GCM can be either fully accelerated or rely on just the key type
being accelerated. This means that ultimately it is just the key
type which determines if the legacy block cipher modes need to
be auto-enabled or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 17:21:01 +01:00
Valerio Setti
c1c6858bfc cipher_wrap: fix guards for some CCM/GCM functions
Legacy CCM and GCM can work even when AES_C is not defined thanks
to the block_cipher module, so we can relax guards in
cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 17:20:58 +01:00
Valerio Setti
a87cd17b35 psa-transition: update with MD translation functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 16:20:44 +01:00
Valerio Setti
a835d6da08 changelog: document MD's conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 16:20:39 +01:00