Commit graph

18324 commits

Author SHA1 Message Date
Ronald Cron
9ba7691bf7 psa: Add driver initialization and termination
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
7a55deb5a8 psa: Fix unused variable warnings
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
89b4aa7efc psa: asymmetric_encrypt/decrypt: Improve error code consistency
In psa_asymmetric_encrypt/decrypt(), always return
PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key
and the algorithm is not a PSA algorithm we know
about, whether RSA is supported or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
73c9d9e254 psa: driver: Reduce the scope of test driver entry points
Define test driver entry points that provide an alternative
to Mbed TLS driver entry points only when the PSA configuration
is used. Their purpose is only to test the PSA configuration
thus there is no good reason to use them out of this scope.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:18 +01:00
Ronald Cron
69a63426af psa: Fix the size of hash buffers
Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
fcaba24697 psa: Fix hash max sizes
The PSA max hash size has to be 64 if SHA512 or
SHA384 is supported by the library or an
accelerator, not just in case of the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
56f7897e7d psa: Fix hash and mac operation type
The test entry points defined in psa_crypto_hash.c
and psa_crypto_mac.c are supposed to be exact
clones of the Mbed TLS driver entry points. Thus
the operation type should be the Mbed TLS operation
type not a test one. There was no compilation error
as the hash and cipher operation test types are
currently equal to the Mbed TLS ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
64df7387f3 tests: psa: Fix guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
d21e6b71d5 tests: psa: Fix the dependencies on some driver wrappers fallback tests
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
ae4a690926 tests: psa: Fix MD5 support not available dependencies
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
18cd8db99a tests: ssl: Add misssing dependencies on SHA-1
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
40e46cf89c tests: psa: Remove wrong test function dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
81ca97e080 tests: psa driver: Align RSA/ECP sign/verify hash dispatch
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
a72b12defb tests: psa: driver: mac: Remove opaque entry points in library
Opaque test entry points will be implemented only in
test code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
170067043f psa: Fix unused variable warnings
Fix unused variable warnings when no AEAD
algorithm is enabled in the build.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:24 +01:00
Gilles Peskine
d895f52c4b
Merge pull request #5197 from gilles-peskine-arm/pip-requirements
In-tree Python package requirements
2021-12-03 17:25:53 +01:00
Gilles Peskine
28de59c50a
Merge pull request #5246 from adeaarm/development
Align function parameter names for mbedtls_set_key_owner_id
2021-12-03 17:24:46 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters
Additional cipher_info getters
2021-12-03 17:21:51 +01:00
Paul Elliott
cce0f5a085 Fix typo
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-03 16:13:30 +00:00
Ronald Cron
c7a40bc9c2 tests: psa: driver: cipher: Remove unnecessary check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 15:12:01 +01:00
Gilles Peskine
3d57afe2b0 Correct default requirements file name in help
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-03 13:32:51 +01:00
Paul Elliott
2fd6b61420 Remove incorrect hashing
Incorrect interpretation of 'empty'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 18:03:12 +00:00
Paul Elliott
7298bef693 Add explanation for safety in function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 17:51:34 +00:00
Ronald Cron
9a37ff6364 tests: psa: aead: Fix operation type in entry point prototypes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-02 17:51:52 +01:00
Paul Elliott
c0d335bc1e Second draft of explanation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 16:38:05 +00:00
Xiaofei Bai
8b5c3824ee Fix (d)tls1_2 into (d)tls12 in version options
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 13:22:18 +00:00
Gilles Peskine
26f60b38de Add Cryptodome to maintainer requirements
See e.g. https://github.com/ARMmbed/mbedtls/pull/5218

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:50:06 +01:00
Gilles Peskine
b3e5340b1f Clarify comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:48:50 +01:00
Gilles Peskine
2673aa5812 Remove accidental requirement on the worktree content
This made the build impossible since mbedtls isn't available when building
the container.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:44:50 +01:00
Xiaofei Bai
d25fab6f79 Update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Paul Elliott
117282f25e Delete unneccesary changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-01 17:18:12 +00:00
Paul Elliott
4768a30d9b Simplify Input usage macros
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:39:51 +00:00
Paul Elliott
df00695bfc Rename (and relabel) pkcs12 test case
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:31:10 +00:00
Paul Elliott
3584ae4d5f Remove incorrect test dependency
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:21:27 +00:00
Paul Elliott
ad7e8a7092 Documentation fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 15:37:49 +00:00
Antonio de Angelis
e2b6866e0b Align function parameter names for mbedtls_set_key_owner_id in PSA headers
static function mbedtls_set_key_owner() is declared in psa/crypto.h
and defined in psa/crypto_struct.h with different parameter name for
the  mbedtls_key_owner_id_t parameter and that may trigger errors
from static code analysis tool as cppcheck.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2021-11-30 12:26:58 +00:00
Paul Elliott
fe08944246 Fix spelling error
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 10:55:53 +00:00
Paul Elliott
89c8e098ee Convert tabs to spaces
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 10:54:52 +00:00
Gilles Peskine
533a728392 mbedtls_ssl_config: Replace bit-fields by separate bytes
This slightly increases the RAM consumption per context, but saves code
size on architectures with an instruction for direct byte access (which is
most of them).

Although this is technically an API break, in practice, a realistic
application won't break: it would have had to bypass API functions and rely
on the field size (e.g. relying on -1 == 1 in a 1-bit field).

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19543 -> 19559 (diff: -16)
library/ssl_msg.o: 24726 -> 24690 (diff: 36)
library/ssl_srv.o: 20462 -> 20418 (diff: 44)
library/ssl_tls.o: 20707 -> 20555 (diff: 152)
library/ssl_tls13_client.o: 7252 -> 7244 (diff: 8)
library/ssl_tls13_generic.o: 4705 -> 4693 (diff: 12)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2876 -> 2864 (diff: 12)
library/ssl_msg.o: 3068 -> 3080 (diff: -12)
library/ssl_srv.o: 3372 -> 3340 (diff: 32)
library/ssl_tls.o: 6658 -> 6566 (diff: 92)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:44:49 +01:00
Gilles Peskine
8834d87ef6 mbedtls_ssl_config, mbedtls_ssl_session: reorder fields
Move small fields first so that more fields can be within the Arm Thumb
128-element direct access window.

Keep the int section after the pointer section: moving int fields first cost
a few bytes on the reference baremetal-m0plus build.

The ordering in this commit is not based on field access frequency.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19687 -> 19543 (diff: 144)
library/ssl_msg.o: 24834 -> 24726 (diff: 108)
library/ssl_srv.o: 20562 -> 20462 (diff: 100)
library/ssl_tls.o: 20907 -> 20707 (diff: 200)
library/ssl_tls13_client.o: 7272 -> 7252 (diff: 20)
library/ssl_tls13_generic.o: 4721 -> 4705 (diff: 16)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2936 -> 2876 (diff: 60)
library/ssl_msg.o: 3080 -> 3068 (diff: 12)
library/ssl_srv.o: 3400 -> 3372 (diff: 28)
library/ssl_tls.o: 6730 -> 6658 (diff: 72)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:39:29 +01:00
Gilles Peskine
ec45c1e174 mbedtls_ssl_handshake_params: reorder fields to save code size
Reorder fields mbedtls_ssl_handshake_params in order to save code on Arm
Thumb builds. The general idea is to put often-used fields in the direct
access window of 128 elements from the beginning of the structure.

The reordering is a human selection based on a report of field offset and
use counts, and informed by measuring the code size with various
arrangements. Some notes:
* This is the same reordering as the corresponding commit in #5189 for 2.2x.
* I moved most byte-sized fields at the beginning where they're sure to be
  in the direct access window.
* I moved buffering earlier because it can be around the threshold depending
  on the configuration, and it's accessed in a lot of places.
* I moved several fields, including update_checksum and friends, early so
  that they're guaranteed to be in the early access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19763 -> 19687 (diff: 76)
library/ssl_msg.o: 24874 -> 24834 (diff: 40)
library/ssl_srv.o: 20754 -> 20562 (diff: 192)
library/ssl_tls.o: 21003 -> 20907 (diff: 96)
library/ssl_tls13_client.o: 7284 -> 7272 (diff: 12)
library/ssl_tls13_generic.o: 4749 -> 4721 (diff: 28)
library/ssl_tls13_keys.o: 5133 -> 5077 (diff: 56)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 3000 -> 2936 (diff: 64)
library/ssl_msg.o: 3084 -> 3080 (diff: 4)
library/ssl_srv.o: 3428 -> 3400 (diff: 28)
library/ssl_tls.o: 6754 -> 6730 (diff: 24)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:18:09 +01:00
Gilles Peskine
55490d4e1f mbedtls_ssl_handshake_params: use bytes for some small values
Replace bitfields mbedtls_ssl_handshake_params by bytes. This saves some
code size, and since the bitfields weren't group, this doesn't increase the
RAM usage.

Replace several ints that only store values in the range 0..255 by uint8_t.
This can increase or decrease the code size depending on the architecture
and on how the field is used. I chose changes that save code size on Arm
Thumb builds and will save more after field reordering.

Leave the bitfields in struct mbedtls_ssl_hs_buffer alone: replacing them by
uint8_t slightly increases the code size.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19759 -> 19763 (diff: -4)
library/ssl_srv.o: 20790 -> 20754 (diff: 36)
library/ssl_tls13_keys.o: 5153 -> 5133 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:01:39 +01:00
Paul Elliott
66491c7d08 Edit docs to explain not changing curve order
TLS1.3 MVP would benefit from a different curve group preference order
in order to not cause a HelloRetryRequest (which are not yet handled),
however changing the curve group preference order would affect both
TLS1.2 and TLS1.3, which is undesirable for something rare that can
be worked around.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-29 10:39:44 +00:00
Ronald Cron
cae5909053 psa: aead: Fix invalid output buffer usage in generate_nonce()
Don't use the output buffer in psa_aead_generate_nonce()
to pass the generated nonce to the driver as a local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-29 08:43:15 +01:00
吴敬辉
0b71611c80 [session] fix a session copy bug
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.

Signed-off-by: 吴敬辉 <11137405@vivo.com>
2021-11-29 10:50:04 +08:00
Max Fillinger
72abd8a9c3 Fix type for iv size and block size in tests
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:52 +01:00
Max Fillinger
c3cffae420 Document return value for IV size getter on NULL
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:43 +01:00
Gabor Mezei
a09697527b
Add documentation for the functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:25:14 +01:00
Gabor Mezei
14d5fac11d
Unify function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:23:26 +01:00
Gabor Mezei
c0d8dda60d
Make mbedtls_ct_uchar_mask_of_range function static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:36 +01:00