Commit graph

412 commits

Author SHA1 Message Date
Gilles Peskine
54f544581a Pacify Pylint
Pass Pylint by cleaning up the code where possible and silencing
Pylint where I know better.

No behavior change.
2019-05-29 09:58:59 +02:00
Gilles Peskine
42a0a0aeea Obey Python naming and method structure conventions
* Rename internal methods and fields to start with an underscore.
* Rename global constants to uppercase.
* Change methods that don't use self to be class methods or static
  methods as appropriate.

No behavior change in this commit.
2019-05-29 09:58:59 +02:00
Gilles Peskine
9d4d750041 Add a bit of documentation 2019-05-29 09:58:59 +02:00
Gilles Peskine
0bbad741f4 Switch script to Python3
generate_psa_constants.py was accidentally declared with an
implicitly-Python2 shebang.
2019-05-29 09:58:59 +02:00
Gilles Peskine
2938268fb4 Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190524
Conflicts:
* library/ssl_cli.c, library/ssl_tls.c:
  Removed on the development branch. Keep them removed.
* include/psa/crypto_extra.h, library/psa_crypto_storage.c,
  tests/suites/test_suite_psa_crypto.data,
  tests/suites/test_suite_psa_crypto.function,
  tests/suites/test_suite_psa_crypto_persistent_key.data,
  tests/suites/test_suite_psa_crypto_slot_management.data,
  tests/suites/test_suite_psa_crypto_slot_management.function:
  Modified on the development branch only to implement the enrollment
  algorithm, which has been reimplemented on the API branch.
  Keep the API branch.
2019-05-29 09:57:29 +02:00
Andrzej Kurek
9f3d39d733 Generating visualc files - let Mbed TLS take precedence over crypto
Change the order of include directories so that Mbed TLS is first.
2019-05-23 03:01:35 -04:00
Andrzej Kurek
b78cf2b261 Adjust visual studio file generation to always use the crypto submodule
Add crypto include to include paths
2019-05-23 03:01:35 -04:00
Andrzej Kurek
9c754a9892 config.pl: disable PSA_ITS_FILE and PSA_CRYPTO_STORAGE for baremetal 2019-05-23 03:01:35 -04:00
Andrzej Kurek
03c35a5744 Disable MBEDTLS_ECP_RESTARTABLE in full config
MBEDTLS_ECP_RESTARTABLE is not compatible with MBEDTLS_USE_PSA_CRYPTO.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
971dea3745 Enable USE_PSA_CRYPTO with config.pl full
Previously it was disabled as too experimental, which no longer holds. Also,
this option introduces new APIs, so it's not only about an internal
alternative (as the comment in config.pl used to state) - people who request a
full config should get all of the available APIs.

Adapt all.sh: now all builds with full config will also test this option, and
builds with the default config will test without it. Just to be sure, let's
have a build with full config minus this option.

Update documentation of MBEDTLS_USE_PSA_CRYPTO to reflect the status of the
new APIs it enables in Mbed TLS and why they're still opt-in.
2019-05-23 03:01:35 -04:00
Manuel Pégourié-Gonnard
de7636e2dd Enable MBEDTLS_PSA_CRYPTO_C by default
Also enable it in scripts/config.pl full, as well as two storage options that
were only blacklisted from full config because they depended on
MBEDTLS_PSA_CRYPTO_C.
2019-05-23 03:01:35 -04:00
Jaeden Amero
3d07ffade2 Merge remote-tracking branch 'tls/development' into development
Resolve conflicts by performing the following operations:
    - Reject changes to files removed during the creation of Mbed Crypto
      from Mbed TLS.
    - Reject the addition of certificates that would not be used by any
      tests, including rejecting the addition of Makefile rules to
      generate these certificates.
    - Reject changes to error.c referencing modules that are not part of
      Mbed Crypto.

* origin/development: (80 commits)
  Style fix
  Fix test data
  Update test data
  Add some negative test cases
  Fix minor issues
  Add ChangeLog entry about listing all SAN
  Remove unneeded whitespaces
  Fix mingw CI failures
  Initialize psa_crypto in ssl test
  Check that SAN is not malformed when parsing
  Documentation fixes
  Fix ChangeLog entry
  Fix missing tls version test failures
  Fix typo
  Fix ChangeLog entry location
  Add changeLog entry
  Add test for export keys functionality
  Add function to retrieve the tls_prf type
  Add tests for the public tls_prf API
  Add public API for tls_prf
  ...
2019-05-21 08:57:44 +01:00
Gilles Peskine
dcaefae849 Parametrize Diffie-Hellman keys by a group identifier
Parametrize finite-field Diffie-Hellman key types with a DH group
identifier, in the same way elliptic curve keys are parametrized with
an EC curve identifier.

Define the DH groups from the TLS registry (these are the groups from
RFC 7919).

Replicate the macro definitions and the metadata tests from elliptic
curve identifiers to DH group identifiers.

Define PSA_DH_GROUP_CUSTOM as an implementation-specific extension for
which domain parameters are used to specify the group.
2019-05-16 19:51:10 +02:00
Darryl Green
d2dba36f44 Only use submodule if present
Enabling the USE_CRYPTO_SUBMODULE option causes problems if the
crypto submodule isn't present. For example, when building
mbed-crypto as a submodule, it should use error.c from the parent
project if USE_CRYPTO_SUBMODULE is set. However if the parent
project isn't present, then the build will fail. Only enable it
if the submodule actually exists.
2019-05-09 13:17:53 +01:00
Jaeden Amero
7b3603c6d8 Merge remote-tracking branch 'tls/development' into development
Resolve merge conflicts by performing the following actions:

- Reject changes to deleted files.
- Reject changes to generate_errors.pl and generate_visualc_files.pl.
  Don't add an 'include-crypto' option which would attempt to use the
  non-existent crypto submodule.
- list-identifiers.sh had the `--internal` option added to it, which
  lists identifiers only in internal headers. Add PSA-specific internal
  headers to list-identifiers.sh.

* origin/development: (40 commits)
  Document the scripts behaviour further
  Use check_output instead of Popen
  all.sh: Require i686-w64-mingw32-gcc version >= 6
  generate_visualc_files.pl: add mbedtls source shadowing by crypto
  generate_errors.pl: refactor and simplify the code
  Start unused variable with underscore
  Correct documentation
  generate_errors.pl: typo fix
  revert changes to generate_features.pl and generate_query_config.pl
  Check that the report directory is a directory
  Use namespaces instead of full classes
  Fix pylint issues
  Don't put abi dumps in subfolders
  Add verbose switch to silence all output except the final report
  Fetch the remote crypto branch, rather than cloning it
  Prefix internal functions with underscore
  Add RepoVersion class to make handling of many arguments easier
  Reduce indentation levels
  Improve documentation
  Use optional arguments for setting repositories
  ...
2019-05-01 14:12:43 +01:00
Jaeden Amero
ed05b29ea3 scripts: Remove unneeded scripts 2019-04-25 11:46:21 +01:00
Jaeden Amero
356acc82ad scripts: Remove dependency on NET 2019-04-25 11:46:21 +01:00
Jaeden Amero
43a450c858 scripts: Remove dependency on X.509 2019-04-25 11:46:21 +01:00
Jaeden Amero
b58ff9541b scripts: Remove dependency on TLS 2019-04-25 11:46:21 +01:00
Jaeden Amero
a4308b29a4 Remove unused TLS, NET, and X.509 files
We've removed all software that depends on or uses the TLS, NET, and
X.509 modules. This means TLS, NET, and X.509 are unused and can be
removed. Remove TLS, NET, and X.509.
2019-04-25 11:46:21 +01:00
Jaeden Amero
bb1f701212 config: Remove X.509 options
Note that this fails check-names.sh because options that TLS and X.509
files use are no longer present in config.h.
2019-04-25 11:46:21 +01:00
Jaeden Amero
1c66e48670 config: Remove TLS and NET options
Remove TLS and NET options from config files and scripts.

Note that this fails check-names.sh because options that TLS and NET
files use are no longer present in config.h.
2019-04-25 11:46:21 +01:00
Jaeden Amero
8298d70bee Only build libmbedcrypto
Update build scripts and tools to only build or update libmbedcrypto.
2019-04-25 11:46:21 +01:00
Jaeden Amero
5c03c65a66 Merge remote-tracking branch 'origin/pr/2547' into development
* origin/pr/2547:
  generate_visualc_files.pl: add mbedtls source shadowing by crypto
  generate_errors.pl: refactor and simplify the code
  generate_errors.pl: typo fix
  revert changes to generate_features.pl and generate_query_config.pl
  generate_errors.pl: add mbedtls header shadowing by crypto headers
  Add an option to use crypto source files in generated visual c project
  Add description of generate_query_config.pl argument
  Add crypto includes when generating features in generate_features.pl
  Include crypto config when generating query config
  Add crypto includes when generating errors in generate_errors.pl
2019-04-24 11:21:56 +01:00
Darryl Green
b2ee0b8782 Use check_output instead of Popen 2019-04-18 09:24:38 +01:00
Gilles Peskine
882e57ecba psa_constant_names: support key agreement algorithms 2019-04-18 09:42:21 +02:00
Jaeden Amero
521dbc67da Merge remote-tracking branch 'tls/development' into development
Merge Mbed TLS at f790a6cbee into Mbed Crypto.

Resolve conflicts by performing the following:
    - Reject changes to README.md
    - Don't add crypto as a submodule
    - Remove test/ssl_cert_test from programs/Makefile
    - Add cipher.nist_kw test to tests/CMakeLists.txt
    - Reject removal of crypto-specific all.sh tests
    - Reject update to SSL-specific portion of component_test_valgrind
      in all.sh
    - Reject addition of ssl-opt.sh testing to component_test_m32_o1 in
      all.sh

* tls/development: (87 commits)
  Call mbedtls_cipher_free() to reset a cipher context
  Don't call mbedtls_cipher_setkey twice
  Update crypto submodule
  Minor fixes in get certificate policies oid test
  Add certificate policy oid x509 extension
  cpp_dummy_build: Add missing header psa_util.h
  Clarify comment mangled by an earlier refactoring
  Add an "out-of-box" component
  Run ssl-opt.sh on 32-bit runtime
  Don't use debug level 1 for informational messages
  Skip uncritical unsupported extensions
  Give credit to OSS-Fuzz for #2404
  all.sh: remove component_test_new_ecdh_context
  Remove crypto-only related components from all.sh
  Remove ssl_cert_test sample app
  Make CRT callback tests more robust
  Rename constant in client2.c
  Document and test flags in x509_verify
  Fix style issues and a typo
  Fix a rebase error
  ...
2019-04-17 12:12:24 +01:00
Andrzej Kurek
021dc3f226 generate_visualc_files.pl: add mbedtls source shadowing by crypto
Running the generation script with "include_crypto" input parameter set to 1
makes the mbedtls sources being overshadowed by crypto sources. 
In case of any duplicate sources, crypto ones take precedence.
2019-04-12 10:51:27 -04:00
Andrzej Kurek
463f049ef0 generate_errors.pl: refactor and simplify the code 2019-04-12 10:35:01 -04:00
Darryl Green
f025d5395e Start unused variable with underscore 2019-04-12 15:18:02 +01:00
Darryl Green
f67e349863 Correct documentation 2019-04-12 15:17:02 +01:00
Andrzej Kurek
e90205f9e6 generate_errors.pl: typo fix 2019-04-12 09:49:30 -04:00
Andrzej Kurek
9b11af42e2 revert changes to generate_features.pl and generate_query_config.pl
These script should depend solely on the external, mbedtls config
2019-04-12 09:43:04 -04:00
Darryl Green
492bc402a3 Check that the report directory is a directory 2019-04-11 15:50:41 +01:00
Darryl Green
0d1ca51107 Use namespaces instead of full classes 2019-04-09 11:46:12 +01:00
Darryl Green
8184df5de9 Fix pylint issues 2019-04-09 11:46:12 +01:00
Darryl Green
fe9a67510e Don't put abi dumps in subfolders 2019-04-09 11:46:12 +01:00
Darryl Green
3c3da790d2 Add verbose switch to silence all output except the final report 2019-04-09 11:46:12 +01:00
Darryl Green
1d95c539e9 Fetch the remote crypto branch, rather than cloning it 2019-04-09 11:46:12 +01:00
Darryl Green
3a5f6c83bc Prefix internal functions with underscore 2019-04-09 11:46:11 +01:00
Darryl Green
7c1a73370b Add RepoVersion class to make handling of many arguments easier
There are a number of arguments being passed around, nearly all of
which are duplicated between the old and new versions. Moving these
into a separate class should hopefully make it simpler to follow
what is being done.
2019-04-09 11:46:11 +01:00
Darryl Green
e29ce70ca5 Reduce indentation levels 2019-04-09 11:46:11 +01:00
Darryl Green
4cde8a0513 Improve documentation 2019-04-09 11:46:11 +01:00
Darryl Green
c5132ffc41 Use optional arguments for setting repositories 2019-04-09 11:46:11 +01:00
Darryl Green
ddf25a6095 Only build the library
We only need the .so files, so only build the library
2019-04-09 11:46:11 +01:00
Darryl Green
4831145cdd Add ability to compare submodules from different repositories
As before with wanting to compare revisions across different
repositories, the ability to select the crypto submodule from a
different repository is useful.
2019-04-09 11:46:11 +01:00
Darryl Green
3e7a980d62 Add handling for cases when not all .so files are present
We may wish to compare ABI/API between Mbed TLS and Mbed Crypto,
which will cause issues as not all .so files are shared. Only
compare .so files which both libraries have.
2019-04-09 11:46:11 +01:00
Darryl Green
9f357d65d4 Extend functionality to allow setting crypto submodule version
As going forward we will have Crypto in a submodule, we will need to
be able to check ABI compatibility between versions using different
submodule versions. For TLS versions that support the submodule, we
will always build using the submodule.

If the Crypto submodule is used, libmbedcrypto.so is not in the main
library folder, but in crypto/library instead. Given this, the script
searches for *.so files and notes their path, in order to create the
dumps correctly.
2019-04-09 11:46:11 +01:00
Darryl Green
3d3d552579 Simplify logic for checking if report folder can be removed 2019-04-09 11:46:11 +01:00
Darryl Green
e62f9bbbf1 Add option for a brief report of problems only 2019-04-09 11:46:11 +01:00
Darryl Green
c2883a29bc Add option to skip identifiers in ABI checks
By default abi-compliance-checker will check the entire ABI/API.
There are internal identifiers that we do not promise compatibility
for, so we want the ability to skip them when checking the ABI/API.
2019-04-09 11:46:11 +01:00
Darryl Green
da84e3215e Extend abi-checking to different repos 2019-04-09 11:46:11 +01:00
Andrzej Kurek
91c6030584 generate_errors.pl: add mbedtls header shadowing by crypto headers
Abort script upon encountering a duplicated error
2019-04-09 03:32:31 -04:00
Jaeden Amero
7c1e6193af Merge remote-tracking branch 'origin/pr/2464' into development
* origin/pr/2464:
  Allow main() to lack a docstring.
  Silence pylint
  check-files.py: readability improvement in permission check
  check-files.py: use class fields for class-wide constants
  check-files.py: clean up class structure
  abi_check.py: Document more methods
  check-files.py: document some classes and methods
  Fix pylint errors going uncaught
  Call pylint3, not pylint
  New, documented pylint configuration
2019-04-05 14:19:09 +01:00
Andrzej Kurek
92f91fc9ff Add an option to use crypto source files in generated visual c project 2019-04-05 05:49:53 -04:00
Andrzej Kurek
b4b1ae193b Add description of generate_query_config.pl argument 2019-04-05 04:16:12 -04:00
Andrzej Kurek
79369cd8d9 Add crypto includes when generating features in generate_features.pl
Adjusted generate_features to have a configuration option of including crypto
config. Turned on by default.
2019-04-05 04:07:40 -04:00
Andrzej Kurek
ef907604f8 Include crypto config when generating query config
Adjusted generate_query_config.pl to have a configuration option 
of including the crypto config. Turned on by default.
2019-04-05 03:56:27 -04:00
Jaeden Amero
57f4d9e4fe Update crypto submodule to test with private headers
Update the crypto submodule to the top of the Mbed Crypto development
branch. This brings in a version of Mbed Crypto that enables building
Mbed Crypto tests that depend on private headers, like
'psa_crypto_invasive.h'.

This also requires updating our config.h to include new configuration
options added to Mbed Crypto. MBEDTLS_PSA_ITS_FILE_C replaces
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C and MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C.
MBEDTLS_PSA_INJECT_ENTROPY replaces MBEDTLS_PSA_HAS_ITS_IO.
2019-03-19 15:45:09 +00:00
Gilles Peskine
e3dbdd8d90 Gate entropy injection through a dedicated configuration option
Entropy injection has specific testing requirements. Therefore it
should depend on a specific option.
2019-03-15 11:15:21 +01:00
Gilles Peskine
6bf4baef95 Remove compilation option MBEDTLS_PSA_HAS_ITS_IO
MBEDTLS_PSA_HAS_ITS_IO is not really useful since it doesn't actually
enable anything except the entropy seed file support, which only
requires the ITS interface and not a native implemetation. Remove it.
2019-03-15 11:15:13 +01:00
Gilles Peskine
e435f23019 Remove psa_crypto_storage_file
Now that we have ITS over files, we no longer need a direct backend
for key storage over files. Remove psa_crypto_storage_file and its
tests.

Switch MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and MBEDTLS_PSA_ITS_FILE_C on
by default. This preserves functionality and test coverage in the
default configuration, but forgets any key previously stored using the
file backend.
2019-03-15 11:14:51 +01:00
Andrzej Kurek
b0fc484188 Add crypto includes when generating errors in generate_errors.pl
Adjusted generate_errors to have a configuration option of including crypto files.
Turned on by default
2019-03-12 10:48:18 -04:00
Jaeden Amero
9afb2e9921 Remove tests that depend on TLS or X.509 2019-03-11 16:49:26 +00:00
Jaeden Amero
03c60de0e0 query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2019-03-11 16:48:36 +00:00
Jaeden Amero
2b9eb0bd6c Merge remote-tracking branch 'tls/development' into development
* origin/development: (113 commits)
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
  Fix unused variable warning in ssl_parse_certificate_coordinate()
  Update the crypto submodule to a78c958
  Fix ChangeLog entry to correct release version
  Fix typo in x509write test data
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for named bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Add new function mbedtls_asn1_write_named_bitstring()
  Add missing compile time guard in ssl_client2
  Update programs/ssl/query_config.c
  ssl_client2: Reset peer CRT info string on reconnect
  Add further debug statements on assertion failures
  ...
2019-03-07 12:02:18 +00:00
Andres Amaya Garcia
4a512281ec Reduce priority of 3DES ciphersuites 2019-03-01 10:19:27 +01:00
Jaeden Amero
a9d6ba2510 Merge remote-tracking branch 'tls/development' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-27 15:15:53 +00:00
Gilles Peskine
e915d532a6 Silence pylint
Silence pylint in specific places where we're doing slightly unusual
or dodgy, but correct.
2019-02-27 11:03:25 +01:00
Gilles Peskine
712afa74f4 abi_check.py: Document more methods 2019-02-27 11:03:25 +01:00
Jaeden Amero
415620c1f2 Merge remote-tracking branch 'origin/pr/2105' into development
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
2019-02-22 10:33:15 +00:00
Jaeden Amero
5e6d24c5e1 psa: Add backwards compatible error codes
Add deprecated error codes to help transition between the previous
version of the PSA Crypto specification and the current one.
2019-02-21 11:49:15 +00:00
Gilles Peskine
69d7c8b2d7 Declare a psa_key_file_id_t layout with an owner field
Declare the owner as psa_key_owner_id_t, of which an implementation
must be provided separately.

Make this a configuration option
MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER, to make the conditional
compilation flow easier to follow. Declare it in config.h to
pacify check_names.sh.

Support for a specific implementation of psa_key_owner_id_t in storage
backends will come in a subsequent commit.
2019-02-20 12:52:09 +01:00
Jaeden Amero
67ea2c5e6d Merge branch 'development-psa-proposed' into development
Resolve conflicts by performing the following.

- Take the upstream Mbed TLS ChangeLog verbatim.
- Reject changes to Makefiles and CMake that are related to using Mbed
  Crypto as a submodule. It doesn't make sense to use Mbed Crypto as a
  submodule of itself.
- Reject README changes, as Mbed Crypto has its own, different README.
- Reject PSA-related changes to config.h. We don't want to disable the
  availability of the PSA Crypto API by default in the Mbed Crypto
  config.h.
- Don't inadvertently revert dead code removal in
  mbedtls_cipher_write_tag() which was added in f2a7529403 ("Fix
  double return statement in cipher.c")
- Where Mbed Crypto already had some MBEDTLS_USE_PSA_CRYPTO code (from
  past companion PRs) take the latest version from Mbed TLS which
  includes integration with MBEDTLS_CHECK_PARAMS.
- Update the version of the shared library files to match what's
  currently present in Mbed TLS.
- Reject removal of testing with PSA from config full tests.
- Resolve conflicts in test tests/suites/helpers.function, where both
  Mbed Crypto and Mbed TLS both added documentation for TEST_ASSERT.
  Combine text from both documentation efforts.
- Reject adding a submodule of ourselves.
- Reject addition of submodule tests in all.sh.
- Reject addition of submodule to library path in
  tests/scripts/run-test-suites.pl.
- Avoid using USE_CRYPTO_SUBMODULE=1 in
  component_test_use_psa_crypto_full_cmake_asan() in all.sh.
2019-02-14 15:58:43 +00:00
Andrzej Kurek
172457460b Add MBEDTLS_PSA_HAS_ITS_IO to config.pl exclude list 2019-02-07 08:49:53 -05:00
Andrzej Kurek
d3643ef29b Add PSA defines to config.pl exclude list 2019-02-07 07:41:27 -05:00
Andres Amaya Garcia
17c53c5c1e Fix check-generated-files.sh failure with query_config 2019-02-07 10:38:23 +00:00
Andres Amaya Garcia
bc432b8232 Use \r instead of 0xD in generate_visualc_files.pl 2019-02-07 10:38:23 +00:00
Andres Amaya Garcia
8645f733cf Update query_config.c with new macros 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
ef672f0319 Exclude macros from query_config.c generation 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
27b3372c45 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
5bc6e92b70 Fix query_config macro expansion for windows 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
c84a65da9d Fix missing include in vs proj files for query programs 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
c28da7ea43 Improve comments in query_config.fmt 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
5aca555391 Fix GCC 0-length printf format string error 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
2fdc2c299f Fix multiple stdio.h inclusion in query_config.c 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
109f8b6100 Fix typo in quenerate_query_config.pl comment 2019-02-07 10:38:22 +00:00
Andres Amaya Garcia
4c981a09e8 Add gen_query_config.pl to check-gen-files and bump_version 2019-02-07 10:37:39 +00:00
Andres Amaya Garcia
88121a96f6 Script generation of query_config.c file 2019-02-07 10:37:39 +00:00
Darryl Green
df72306e07 Fix typo in generate_psa_constants.py 2019-02-06 15:36:00 +00:00
Gilles Peskine
6d194bd92b Read constant names from crypto_extra.h as well as crypto_values.h
test_psa_constant_names.py was originally written before the split of
crypto.h into crypto_values.h and more, so it now needs to read
crypto_values.h as well.

In both generate_psa_constants.py and test_psa_constant_names.py, read
crypto_extra.h as well. We don't currently define any value there, but
it's plausible that we will one day.
2019-01-29 16:08:46 +00:00
Gilles Peskine
182c2e9836 psa_constant_names: fix display for truncated unknown MAC/AEAD algorithm 2019-01-29 16:08:46 +00:00
Gilles Peskine
f3b731e817 Move integral types and associated macros to their own header
Some parts of the library, and crypto drivers, need to see key types,
algorithms, policies, etc. but not API functions. Move portable
integral types and macros to build and analyze values of these types
to a separate headers crypto_types.h and crypto_values.h.

No functional changes, code was only moved from crypto.h to the new headers.
2018-12-21 17:53:09 +01:00
Manuel Pégourié-Gonnard
26fd730876 Add config option for X.509/TLS to use PSA 2018-11-22 16:25:36 +00:00
Hanno Becker
e10f191543 Remove MBEDTLS_PSA_CRYPTO_SPM from config.pl
This configuration option has been removed by now.
2018-11-22 09:43:35 +00:00
Manuel Pégourié-Gonnard
aeefa49edd Add config option for X.509/TLS to use PSA 2018-11-21 21:03:14 +00:00
Gilles Peskine
3d5d8372a5
Merge pull request #198 from ARMmbed/psa_crypto_its
PSA Crypto Storage backend implementation over PSA ITS APIs (#198)
2018-11-21 15:04:03 +01:00
Jaeden Amero
ffeb1b8ab6 abi_check: Update submodules
When grabbing a fresh copy of a branch, it's required to also fetch the
submodule. Add fetching the submodule to abi_check.py.
2018-11-21 12:54:57 +00:00
Jaeden Amero
7acb0cf01e abi_check: Allow checking current checkout
Without a "--detach" option, git worktree will refuse to checkout a branch
that's already checked out. This makes the abi_check.py script not very
useful for checking the currently checked out branch, as git will error
that the branch is already checked out. Add the "--detach" option to check
out the new temporary worktree in detached head mode. This is acceptable
because we aren't planning on working on the branch and just want a
checkout to do ABI checking from.
2018-11-21 12:54:57 +00:00
Jaeden Amero
484ee33c35 psa: Add PSA Crypto configuration
Add an option that can enable the exposure of PSA Crypto APIs from
libmbedcrypto.
2018-11-21 12:54:57 +00:00