Commit graph

13700 commits

Author SHA1 Message Date
Hanno Becker e680037ef7 Add documentation on testing Mbed TLS using QEMU syscall emulation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 13:51:40 +01:00
Hanno Becker 15062fabef Update Visual Studio project files
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker 140fd9c0ba Fix coding style in library/armv8ce_aes.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker e177719417 Add empty lines for readability in library/aes.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker e128636646 Fix copy-pasta in documentation for MBEDTLS_ARMV8CE_AES_C
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker bdadc24c3c Use official name for 'Armv8 Cryptography Extensions'
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker 74aa0401c9 Don't include copyright header in Doxygen block in armv8ce_aes.h
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker be90755768 Improve ChangeLog entry
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Hanno Becker 75bc755cec Fix style in documentation of MBEDTLS_HAVE_ASM
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-07 12:02:41 +01:00
Markku-Juhani O. Saarinen 0c2f86d319 MBEDTLS_ARMV8CE_AES_C disabled for full testing in scripts/config.pl 2020-09-07 12:02:41 +01:00
Markku-Juhani O. Saarinen c332e2d8ca adapt ChangeLog 2020-09-07 12:02:41 +01:00
Markku-Juhani O. Saarinen 85123011f7 ARMv8 Crypto Extensions compile logic 2020-09-07 12:02:41 +01:00
Markku-Juhani O. Saarinen 63f213969c ARMv8 Crypto Extensions hooks for AES and GCM 2020-09-07 12:02:41 +01:00
Markku-Juhani O. Saarinen dfb6015ca7 Implements AES and GCM with ARMv8 Crypto Extensions
A compact patch that provides AES and GCM implementations that utilize the
ARMv8 Crypto Extensions. The config flag is MBEDTLS_ARMV8CE_AES_C, which
is disabled by default as we don't do runtime checking for the feature.
The new implementation lives in armv8ce_aes.c.

Provides similar functionality to https://github.com/ARMmbed/mbedtls/pull/432
Thanks to Barry O'Rourke and others for that contribtion.

Tested on a Cortex A53 device and QEMU. On a midrange phone the real AES-GCM
throughput increases about 4x, while raw AES speed is up to 10x faster.

When cross-compiling, you want to set something like:

  export CC='aarch64-linux-gnu-gcc'
  export CFLAGS='-Ofast -march=armv8-a+crypto'
  scripts/config.pl set MBEDTLS_ARMV8CE_AES_C

QEMU seems to also need

  export LDFLAGS='-static'

Then run normal make or cmake etc.
2020-09-07 12:02:41 +01:00
Gilles Peskine 853f9bd65e
Merge pull request #3625 from gilles-peskine-arm/test-fail-report-first
Report the first unit test failure, not the last one
2020-09-05 11:15:55 +02:00
Gilles Peskine 0deccf1f3e Initialize ret from test code
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 15:33:45 +02:00
Gilles Peskine 4b5aba8b91
Merge pull request #3632 from gilles-peskine-arm/all.sh-armgcc-c99
Fix arm-gcc builds in Travis runs with 2.24.0
2020-09-02 13:42:03 +02:00
Gilles Peskine aeedd74b42 Pass -std=c99 to arm-none-eabi-gcc
GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc
version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm
builds started failing on Travis when we introduced a C99 construct in
the configurations that we test on arm on Travis. Other builds, and
Jenkins CI, are not affected because they use GCC 5.x or newer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-02 11:03:04 +02:00
Gilles Peskine 349eadc58f Report the first failure, not the last one
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.

With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-31 10:09:57 +02:00
Janos Follath 523f0554b6
Merge pull request #748 from ARMmbed/mbedtls-2.24.0r0-pr
Prepare Release Candidate for Mbed TLS 2.24.0
2020-08-27 11:31:49 +01:00
Janos Follath 6012f0ee5b Finalize ChangeLog
Fix alignment where necessary and update ChangeLog header.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 16:23:19 +01:00
Janos Follath 17ffc5da8d Bump version to Mbed TLS 2.24.0
Executed "./scripts/bump_version.sh --version 2.24.0"

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 16:22:57 +01:00
Janos Follath c18a7b8466 Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-08-26 14:49:16 +01:00
Janos Follath d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine d4b9133850
Merge pull request #3611 from gilles-peskine-arm/psa-coverity-cleanups-202008
Minor fixes in PSA code and tests
2020-08-26 13:18:27 +02:00
Gilles Peskine 9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time
Always revoke certificate on CRL
2020-08-26 12:56:11 +02:00
Manuel Pégourié-Gonnard 2db7be1cbb
Merge pull request #3612 from gilles-peskine-arm/psa-mac-negative-tests
PSA: add negative MAC tests
2020-08-26 12:19:25 +02:00
Gilles Peskine a2e518daf5 Fix the documentation of has_even_parity
The documentation had the boolean meaning of the return value inverted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 12:14:37 +02:00
Manuel Pégourié-Gonnard 376712217e
Merge pull request #737 from mpg/changelog-for-local-lucky13-dev-restricted
Add a ChangeLog entry for local Lucky13 variant
2020-08-26 11:52:15 +02:00
Gilles Peskine ed9fbc6443 Clearer function name for parity check
Return a name that more clearly returns nonzero=true=good, 0=bad. We'd
normally expect check_xxx to return 0=pass, nonzero=fail so
check_parity was a bad name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 11:16:50 +02:00
Gilles Peskine 6c75152b9f Explain the purpose of check_parity
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 10:24:26 +02:00
Gilles Peskine 34f063ca47 Add missing cleanup to hash multipart operation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 10:24:13 +02:00
Manuel Pégourié-Gonnard 8f18d08fae Clarify that the Lucky 13 fix is quite general
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-26 10:10:11 +02:00
Gilles Peskine 29c4a6cf9f Add negative tests for MAC verification
Add negative tests for psa_mac_verify_finish: too large, too small, or
a changed byte.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine 090e16cb8b Don't destroy the key during a MAC verification operation
An early draft of the PSA crypto specification required multipart
operations to keep working after destroying the key. This is no longer
the case: instead, now, operations are guaranteed to fail. Mbed TLS
does not comply yet, and still allows the operation to keep going.
Stop testing Mbed TLS's non-compliant behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine 8b356b5652 Test other output sizes for psa_mac_sign_finish
Test psa_mac_sign_finish with a smaller or larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine 5e65cec5e8 Simplify output bounds check in mac_sign test
Rely on Asan to detect a potential buffer overflow, instead of doing a
manual check. This makes the code simpler and Asan can detect
underflows as well as overflows.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine 3d404d677e Test PSA_MAC_FINAL_SIZE in mac_sign exactly
We expect PSA_MAC_FINAL_SIZE to be exact in this implementation, so
check it here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:16:03 +02:00
Gilles Peskine cd65f4ccac Add empty-output-buffer test cases for single-part hash functions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine e92c68a878 Note that a failure in cleanup is intentional
In the cleanup code for persistent_key_load_key_from_storage(), we
only attempt to reopen the key so that it will be deleted if it exists
at that point. It's intentional that we do nothing if psa_open_key()
fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine 64f13ef6ab Add missing cleanup to some multipart operation tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-26 00:11:23 +02:00
Gilles Peskine a09713c795 test cleanup: Annotate file removal after a failed creation
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:50:18 +02:00
Gilles Peskine 169ca7f06d psa_crypto_storage: Annotate file removal after a failed creation
Let static analyzers know that it's ok if psa_its_remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:50:06 +02:00
Gilles Peskine bab1b52048 psa_its: Annotate file removal after a failed creation
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:49:19 +02:00
Gilles Peskine 14613bcd75 Fix parity tests to actually fail the test on error
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-08-25 22:30:31 +02:00
Janos Follath d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted
Constant-flow copy of HMAC from variable position
2020-08-25 14:35:55 +01:00
Manuel Pégourié-Gonnard 04b7488411 Fix potential use of uninitialised variable
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.

Found by Clang.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-25 10:45:51 +02:00
Gilles Peskine ed19762a22
Merge pull request #3574 from makise-homura/e2k_support
Support building on e2k (Elbrus) architecture
2020-08-25 09:46:36 +02:00
makise-homura af9513bb48 A different approach of signed-to-unsigned comparison
Suggsted by @hanno-arm

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
2020-08-24 23:42:49 +03:00
Manuel Pégourié-Gonnard ba6fc9796a Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-08-24 12:59:55 +02:00