Commit graph

919 commits

Author SHA1 Message Date
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Gilles Peskine
ba4162a526 Place MBEDTLS_CONFIG_FILE and such into a new section
Include this new section in the "full for documentation" (`realfull`)
configuration, so that these options are documented in the official
documentation build (`scripts/apidoc_full.sh`).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-11 17:04:38 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Jerry Yu
d73d0a327a remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-29 16:37:51 +08:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Jerry Yu
bfcfe74b4e add signature algorithm debug helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
Gilles Peskine
8345d63695 Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
ee7554e606 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
b9dbb7fe62 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Gilles Peskine
afb482897b
Merge pull request #5292 from mprse/asym_encrypt
Driver dispatch for PSA asymmetric encryption + RSA tests
2022-03-10 20:07:38 +01:00
Gilles Peskine
dcf2ff53c8 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:02:00 +01:00
Gilles Peskine
4a9630a651 Fix typo and align on US spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:00:29 +01:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Gilles Peskine
644b3f6072 Unify module documentation with --help text
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:23:09 +01:00
Gilles Peskine
93c2a42166 Don't require ABI tools if not checking the ABI
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:22:36 +01:00
Gilles Peskine
ca586a53e8 Look at manually written read tests as well
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).

Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:12:47 +01:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Gilles Peskine
c76ab85561 Make the API/ABI check optional
This way we can add other checks and only run a subset of all the
checks. The default remains to run all the checks.

I made separate options for API and ABI, but since we use the same
tool for both and it doesn't have an obvious way to check only API or
only ABI, the two options must be both enabled or both disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Gilles Peskine
7b2804bb3b Require an older version of markupsafe for the sake of older Jinja2
Jinja2 <3.0 require markupsafe <2.1.0, but does not declare this
requirement. (Jinja2 2.x has not been updated since markupsafe 2.1.0 came
out). So declare this requirement ourselves.

This is not ideal, since we would want to use the latest markupsafe with the
latest Jinja2. But at least it gives us a consistent set of versions to run
the CI with.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-19 20:38:29 +01:00
Przemyslaw Stekiel
4576b91148 Compact the argument lists
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-02 11:10:46 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Przemyslaw Stekiel
71284eabdb psa_asymmetric_decrypt: add test driver impl
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel
b6a6650a64 psa_asymmetric_encrypt: add test driver impl
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-10 12:55:05 +01:00
Manuel Pégourié-Gonnard
7c51451cce Tune coverage of ecc-heap.sh
Include more curves. For example, the Brainpool curves don't have
dedicated "mod p" reduction routines, so they have a much larger number
of allocs (comparable to the NIST curves with `MBEDTLS_ECP_NIST_OPTIM`
disabled).

On the other hand, to keep the script's running time reasonable, remove
a few things:
- curves smaller than 256 bits (out of favour these days)
- window sizes larger than the default: 6 was particularly useless as
it's never selected by the current code; 5 can only be selected with
curves >= 384 and is unlikely to be used in practice as it increases
heap usage quite a lot for very little performance gain.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-06 12:20:48 +01:00
Manuel Pégourié-Gonnard
3ff8c9e285 Update config used by ecc-heap.sh
- optimize a bit
- update default (commented out, so purely cosmetic)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 12:03:40 +01:00
Gilles Peskine
f954853e00
Merge pull request #5193 from SiliconLabs/codegen_1.0
Driver Wrappers Codegen 1.0
2022-01-05 11:02:53 +01:00
Manuel Pégourié-Gonnard
4c5f4b2b2e Enable ECDSA in ecc-heap.sh
Clearly the intention was to enable it, as ECDSA_C was defined, but the
benchmark also requires SHA-256 for ECDSA.

Also, specify "ecdh ecdsa" when invoking the benchmark program, in order
to avoid spurious output about SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-05 10:09:49 +01:00
Manuel Pégourié-Gonnard
ce8a6173f7
Merge pull request #5337 from gilles-peskine-arm/bump_version-3.1
bump_version: Fix spurious replacement in build_info.h
2022-01-04 12:56:41 +01:00
Archana
4a9e02632a
Review comments addressed
* Updated the default argument to create less noise with argument
  passing.
* Reworded ChangeLog to match MbedTLS documentation/ announcement
  requirements

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 13:37:37 +05:30
Archana
c08248d650
Rename the template file from .conf to .jinja
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:35:15 +05:30
Archana
e03960e460
Restructure Python script to use argparse and main
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-19 10:34:59 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Archana
a8939b6da3
Restructure scripts' folder alignment
Moved python script generate_driver_wrappers.py under scripts and
corresponding template file under script/data_files.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:57:15 +05:30
Gilles Peskine
fe4ce6dfa2
Fix trailing newline getting dropped
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-18 12:22:26 +05:30
Archana
1f1a34a226
Rev 1.0 of Driver Wrappers code gen
The psa_crypto_driver_wrappers.c is merely rendered with no real
templating in version 1.0.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 12:22:06 +05:30
David Horstmann
3be1271e35 Fix typo in python script method name
Change 'tranlation' -> 'translation' in the name of a
method in `scripts/generate_ssl_debug_headers.py`.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-16 11:01:43 +00:00
Gilles Peskine
863b96a21b Add copyright notice to ssl_debug_helpers*
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-16 10:04:58 +01:00
Gilles Peskine
923d5c9e3c Rename ssl_debug_helpers.h
It's no longer generated, so rename it accordingly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:56:54 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Gilles Peskine
5dd4d2e6d9 Fix spurious replacement in build_info.h
Only rewrite #define lines, not uses of the macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 20:22:41 +01:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
Add list config function
2021-12-10 18:30:06 +00:00
Jerry Yu
b54b53142a fix msvc build faile
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 21:38:12 +08:00
Jerry Yu
2e8b00172b Beauty source code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:29:02 +08:00
Jerry Yu
84e63a73cd Add list_config generation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:30:57 +08:00
Jerry Yu
0cb2cf6cb4 fix build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 14:23:37 +08:00
Jerry Yu
9817e3e621 fix generate check fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e6369b0061 fix test_cmake_as_package fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
6389b254c9 fix typos error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:03 +08:00
Jerry Yu
e988f0f7a7 fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624 add enum value to string helpers
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Gilles Peskine
3d57afe2b0 Correct default requirements file name in help
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-03 13:32:51 +01:00
Gilles Peskine
26f60b38de Add Cryptodome to maintainer requirements
See e.g. https://github.com/ARMmbed/mbedtls/pull/5218

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:50:06 +01:00
Gilles Peskine
b3e5340b1f Clarify comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:48:50 +01:00
Gilles Peskine
7f29ea6d39 Allow passing options to pip
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-22 18:08:30 +01:00
Gilles Peskine
8f63f6dcc6 Use a method to invoke pip that works on Windows
Passing arguments on the command line apparently didn't work due to quoting
issues. Use a temporary file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-18 18:18:35 +01:00
Gilles Peskine
9172c9c073 Script to install minimum versions of the requirements
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 19:27:45 +01:00
Gilles Peskine
87485a3f28 Add requirement on Jinja to integrate drivers
Driver implementers need to regenerate wrappers. This will use Jinja2 as
discussed in
https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607

On the development branch, driver integration is always needed to generate
the driver wrapper and thus to build the library, so this requirement
applies to everyone, not just driver implementers. In releases, we plan to
include a default driver wrapper with support for basic use cases only,
meaning that the line `-r driver.requirements.txt` should be removed from
`basic.requirements.txt` in releases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 19:27:45 +01:00
Gilles Peskine
9c82cd9f43 Declare which Python packages we use
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.

This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-17 19:27:45 +01:00
Gilles Peskine
f1a7ea88d1
Merge pull request #5092 from mprse/generate_key2
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00
Przemyslaw Stekiel
729c244819 test_case.py: add new line between test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-09 14:45:40 +01:00
Gilles Peskine
0495dd0f71
Merge pull request #4936 from xffbai/code-size-measure
Add code size comparison script.
2021-11-05 12:07:08 +01:00
Xiaofei Bai
ccd738b853 Add git rev-parse options
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-03 07:31:00 +00:00
Przemyslaw Stekiel
7bc26b8c2a generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-02 10:51:49 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Xiaofei Bai
184e8b6a36 Add exist_ok and use git rev-parse to process revisions
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-27 06:58:42 +00:00
David Horstmann
ff0a3b3aa6 Improve error message in generate_query_config.pl
Add usage information to the ARGV-incorrect-length error
message in generate_query_config.pl. A plain usage message
looks a bit incongruous when raised as an error, but the
error message alone is unhelpful.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
3a8413d316 Allow generate_query_config.pl to take arguments
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Xiaofei Bai
2400b50250 Add revision validation and escape filenames
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-22 06:35:49 +00:00
Xiaofei Bai
bca03e5f7d Add code size comparison script.
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-20 12:44:57 +00:00
Przemyslaw Stekiel
1b0978b803 Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 09:05:33 +02:00
Gilles Peskine
acd2d0e923 New algorithm PSA_ALG_RSA_PSS_ANY_SALT
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
8135cb9e07 Break out algorithm_tester() as a separate method
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Gilles Peskine
120f29deef New configuration preset baremetal_size
The baremetal configuration includes debugging features whose size is not
particularly interesting. Create a new preset for use when benchmarking code
size which excludes debugging features that increase the size of
non-debugging modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 19:51:19 +02:00
Janos Follath
f8f88d6b00
Merge pull request #4746 from gilles-peskine-arm/bump-version-3.0
Fix release scripts for 3.0
2021-08-09 15:28:28 +01:00
Gilles Peskine
58887bab12 Show warnings if something looks wrong
This makes no difference to the output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 22:53:40 +02:00
Gilles Peskine
7f8e2770fa Document the big regex
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 22:51:03 +02:00
Gilles Peskine
05aa543b73 Better support multiline comments for MBEDTLS_ERR_xxx
They were recognized by a prior commit. In this commit, replace line
breaks (with optional comment continuation marker) by spaces.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 22:51:03 +02:00
Gilles Peskine
47b09567ab More flexible parsing of Doxygen comments for MBEDTLS_ERR_xxx
Before this commit, definitions of error codes must match a strict pattern,
with a Doxygen comment following the definition on the same line and
starting with "/**<". Change how generate_errors.pl so that the Doxygen
comment can be before the definition instead of after, and doesn't have to
be on the same line.

Also allow spaces between "#" and "define", and allow Doxygen comments to
start with "/*!" rather than "/**". Starting with "///" or "//!" is not
supported.

This commit does not change the output of generate_errors.pl.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-02 22:51:00 +02:00
Gilles Peskine
b4b184a6f8 Remove reference to compat-1.2.h
This has been irrelevant since Mbed TLS 2.0.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-26 18:39:24 +02:00
Ronald Cron
3c62693c99
Merge pull request #4701 from gilles-peskine-arm/make_generated_files-non_english-3.0
psa_generate_test: tweak MSVC detection to work with non-English Visual Studio
2021-07-23 14:05:08 +02:00
Gilles Peskine
494678a405 The version was moved from version.h to build_info.h
Moved in 04982f7b6b (#4589)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-01 11:11:30 +02:00
Gilles Peskine
aa4862a5e6 Bump the version number in CMakeLists.txt
Added in d259e347e6 (#4259)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-01 11:10:29 +02:00
Gilles Peskine
716b973fb7 Stop on errors
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-07-01 11:10:15 +02:00
gabor-mezei-arm
2a499c0cc5
Refactor handlibg of the key usage flags
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
f73f896bdf
Use regexp pattern instaed of string
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
6f7282b09a
Keep the imported classes sorted
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:07:00 +02:00
gabor-mezei-arm
2784bfe226
Move key type validation to crypto_knowledge
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:59 +02:00
gabor-mezei-arm
5df1dee0c6
Rename variables and funcions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:47 +02:00
gabor-mezei-arm
2710bb1d82
Use string in dict instead of Expr object
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:47 +02:00
gabor-mezei-arm
8f40510a92
Add better name for variables
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:34 +02:00
gabor-mezei-arm
672e376ba5 Add test case generation for usage extensions when loading keys
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:20 +02:00
gabor-mezei-arm
7748b6f24b Add key usage policy extension support for key generation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-06-29 17:06:08 +02:00
Bence Szépkúti
4a9d1bf95c Remove check_config.h inclusion from ecc-heap.sh
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 14:21:55 +01:00
Bence Szépkúti
bb0cfeb2d4 Rename config.h to mbedtls_config.h
This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
2893269cbb Remove reference to obsolete inclusion guard
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:42 +01:00
Bence Szépkúti
c662b36af2 Replace all inclusions of config.h
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.

This commit was generated using the following script:

# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Gilles Peskine
eb7bdaa177 Add storage tests for lifetimes
Test keys with various persistence levels, enumerated from the
metadata tests.

For read-only keys, do not attempt to create or destroy the key
through the API, only to read a key that has been injected into
storage directly through filesystem access.

Do not test keys with a non-default location, since they require a
driver and we do not yet have a dependency mechanism to require the
presence of a driver for a specific location value.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
45a4391897 Collect lifetime constructors
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
607eb7e411 Add lifetime metadata tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
18d1e66fcf Tweak MSVC detection to work with non-English Visual Studio
Fix #4699

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 11:26:19 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA
Remove MD2, MD4, RC4, Blowfish and XTEA
2021-06-22 09:27:41 +02:00
Manuel Pégourié-Gonnard
d51aaad4c9 Remove config option MBEDTLS_ECP_NO_INTERNAL_RNG
It was used to remove the code used when mbedtls_ecp_mul() received a
NULL RNG parameter. This code is no longer relevant (as the RNG may no
longer be NULL) and will be unconditionally removed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-06-17 09:38:38 +02:00
TRodziewicz
10e8cf5fef Remove MD2, MD4, RC4, Blowfish and XTEA
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-16 10:34:25 +02:00
Gilles Peskine
8e90cf49ca config.py: new command line commands set-all and unset-all
The new method `Config.change_matching` and the new command-line
commands `set-all` and `unset-all` change a batch of existing boolean
settings to the desired state (active or inactive).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:10:37 +02:00
Janos Follath
21f84643f8
Merge pull request #4317 from yanesca/psa-jpake-interface
J-PAKE interface definition for PSA Crypto
2021-06-11 13:47:25 +01:00
TRodziewicz
3ecb92e680 Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-09 13:28:16 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
Janos Follath
8603fb09fe PSA PAKE: add to PSA constant name test
Signed-off-by: Janos Follath <janos.follath@arm.com>
2021-06-03 12:37:22 +01:00
Manuel Pégourié-Gonnard
84191eab06
Merge pull request #4315 from Kxuan/feat-pre-compute-tls
Static initialize comb table
2021-06-03 11:41:54 +02:00
kXuan
b2b3ec4f7a
add ecp_comb_table.py
ecp_comb_table.py generates comb table

Signed-off-by: kXuan <kxuanobj@gmail.com>
2021-06-01 10:02:14 +08:00
TRodziewicz
3670e387dc Remove 3DES ciphersuites
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-31 12:11:53 +02:00
TRodziewicz
cc7074128a Remove MBEDTLS_CHECK_PARAMS option
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-05-27 17:33:32 +02:00
Gilles Peskine
2157e86389 Document include_intermediate in PSAMacroEnumerator
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 20:12:00 +02:00
Gilles Peskine
38ebfec0f1 Remove duplicates from enumerated test inputs
When generating expressions to construct test case data, there can be
duplicate values, for example if a value of the form C(A) is present
as such in test_suite_psa_crypto_metadata.data and also constructed by
enumerating the argument A for the constructor C. Eliminate such
duplicates in generate_expressions.

This commit removes many test cases that were exact duplicates (and
were near-duplicates differing only in whitespace before the
whitespace normalization).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:27 +02:00
Gilles Peskine
cccd1ac373 Normalize whitespace in test arguments
Avoid ending up with test cases that only differ in whitespace in an
argument.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:40:17 +02:00
Gilles Peskine
537d5fa48a Expand psa_generate_tests to support constructor arguments
In macro_collector.py, base InputsForTest on PSAMacroEnumerator rather
than PSAMacroCollector. It didn't make much sense to use
PSAMacroCollector anymore since InputsForTest didn't use anything
other than the constructor.

psa_generate_tests now generates arguments for more macros.
In particular, it now collects macro arguments from
test_suite_psa_crypto_metadata. Algorithms with parameters are now
supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:53 +02:00
Gilles Peskine
4d0b089d2a Fix KeyType with parameters passed in the name argument
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
3d404b8a10 Use InputsForTest in generate_psa_tests
In generate_psa_tests, use InputsForTest rather than PSAMacroCollector
to gather values. This way, the enumeration of values to test includes
values used in metadata tests in addition to constructors parsed from
header files. This allows greater coverage of values built from
constructors with arguments. This doesn't make a difference yet, but
it will once algorithm constructors with arguments are supported in
generate_psa_tests.

Make the injection of numerical values optional. They are useful for
test_psa_constant_names, so keep them there. Don't use them for
not-supported tests: they might make sense, but the current code
wouldn't work since it doesn't know how to make up fake key material
or what dependencies to generate. Don't use them for storage tests:
they only make sense for supported values.

Don't inject 'PSA_SUCCESS': that's superfluous.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Gilles Peskine
b4edff9cd8 Move InputsForTest to macro_collector.py
This is useful to generate PSA tests for more than constant names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-25 19:39:02 +02:00
Mateusz Starzyk
17011a3185 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
	library/version_features.c
	programs/test/query_config.c

Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
2021-05-20 14:18:12 +02:00
Gilles Peskine
eb30b0cc39 Merge remote-tracking branch 'upstream-public/development' into no-generated-files-3.0
Conflicts: generated files that are removed in this branch and have
changed in development. Resolved by keeping the files removed.
2021-05-20 10:40:48 +02:00
Bence Szépkúti
539f1432cd Remove caching of cc_is_msvc
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
7c18550383 Remove object file in finally
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
46d894925d Move object file handling out of create_c_file()
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
0671dd3107 Add notice of caching whether the compiler is MSVC
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
24c29fe7c3 Clean up object files produced by MSVC
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
fa6bf1e588 Detect MSVC without relying on compiler filename
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
e151e21ae3 Explicitly use UTF-8 in assemble_changelog
Changelog contents should be UTF-8 text files. So explicitly open all files as
UTF-8. This makes the script independent of the ambient locale (except with
respect to exception messages, but we can live with that).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
7261fff37b Switch assemble_changelog to using text strings
Changelog contents should be UTF-8 text files. There's no need to be
binary-safe. So switch to using text strings in Python (str, not bytes). This
commit makes the following changes:
* Bytes literals (b'…') to string literals ('…').
* Subprocess output (which is all git information) is decoded as ascii.
* Inject text directly in exceptions rather than calling a decode method.

This is enough to make the script work as desired in a UTF-8 locale.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
3bd51b0bb1 Improve MSVC detection
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
cabae3d29e Specify output name for MSVC as well
The output file was being created in the working directory, instead of
the temp directory.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Bence Szépkúti
d2968bd122 Explicitly specify exit code for "exit /b"
"exit /b" without an explicit exit value doesn't copy the value of the
last command executed, causing issues on Jenkins.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
9d1edb6224 If $CC looks like MSVC, use a compatible command line syntax
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
a4d3273fc7 Accept Windows line endings on inputs on any platform
Accept Windows line endings in input files on any platform. This makes
the scripts work even when running a Unix perl with a source tree that
has Windows line endings, as happens for example on our Travis Windows
instances. This change is harmless in the common case where the input
has the platform's default line endings.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
6e245c6e95 Simplify line ending management and make it work on Windows
Instead of manipulating CR explicitly to cope with CRLF (Windows) line
endings in input and produce output with CRLF line endings, just
convert files from/to CRLF line endings when reading/writing.

The minimum required Perl version remains 5.8, since this both the
version that introduced Digest::MD5 (which was used before this patch)
and the version that introduced open "<:crlf" (which this patch
introduces).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
b0fa9d209d Don't require make to generate visualc files
Don't run `make list` to obtain the list of programs in
generate_visualc_files.pl. This doesn't work on Windows when a `make`
command is not available. Instead, read the makefile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Gilles Peskine
0da63bec88 Script to generate source files on Windows
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-20 10:37:22 +02:00
Manuel Pégourié-Gonnard
729fa5be88
Merge pull request #4450 from mstarzyk-mobica/remove_null_entropy
Remove MBEDTLS_TEST_NULL_ENTROPY config option.
2021-05-20 09:19:55 +02:00
Mateusz Starzyk
4228f895c0 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
  lines where development made a change unrelated to MBEDTLS_SHAxxx and our
  branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
  `MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
  no change to what the test does. Pick the other branch's dependency
  changes then apply our SHA dpeendency change.
2021-05-19 11:37:49 +02:00
Gilles Peskine
c86f20af98 Allow running source file generators from a subdirectory
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:46:27 +02:00
Gilles Peskine
5d1f747d85
Merge pull request #4377 from mpg/psa-pbkdf2-api
PSA API for PBKDF2-HMAC
2021-05-12 18:00:30 +02:00
Mateusz Starzyk
72f60dfcc1 Remove MBEDTLS_TEST_NULL_ENTROPY config option.
Building the library without entropy sources negates any and all security
provided by the library.
This option was originally requested a relatively long time ago and it
does not provide any tangible benefit for users any more.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-11 13:15:19 +02:00