Gilles Peskine
c668de6f7f
Merge pull request #5200 from AndrzejKurek/fix-getting-started-2_x
...
Backport 2.x: Fix duplicate variable name in getting_started.md
2021-11-24 20:51:03 +01:00
Gilles Peskine
3107b337e1
Merge pull request #5154 from gabor-mezei-arm/3649_bp2x_move_constant_time_functions_into_separate_module
...
[Backport 2.x] Move constant-time functions into a separate module
2021-11-24 19:33:03 +01:00
Gilles Peskine
989a4e9388
Merge pull request #5132 from openluopworld/origin/development_2.x
...
Backport 2.x: Fix GCM calculation with very long IV
2021-11-22 22:22:47 +01:00
Gilles Peskine
b80aa7c609
Merge pull request #5214 from tom-cosgrove-arm/pr5105_2.x
...
Backport 2.x: doc improvements in aes and sha256 includes
2021-11-22 22:21:56 +01:00
Tom Cosgrove
8100bf5d67
further improvements to sha256 docs
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:35:58 +00:00
Tom Cosgrove
bcd2f67624
doc improvements in aes and sha256 includes
...
- Add return value description to the docs of mbedtls_sha256
- Remove description of non-existing "mode" parameter from the docs of mbedtls_aes_crypt_ctr
Backport of #5105
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-22 15:02:29 +00:00
Andrzej Kurek
f236bbb735
Fix duplicate variable name in getting_started.md
...
Rename the key id variables to not clash with the raw key data.
This was introduced in cf56a0a3
.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-11-19 13:50:35 +01:00
Manuel Pégourié-Gonnard
1d7f7a7c6e
Merge pull request #5194 from bensze01/invalid_nonce_error_2.x
...
Backport 2.x: PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
2021-11-18 09:41:15 +01:00
Gilles Peskine
90321622e6
Merge pull request #5196 from bensze01/test_psa_compliance_2.x
...
Backport 2.x: Remove superfluous expected failure from test_psa_compliance
2021-11-17 17:14:22 +01:00
Bence Szépkúti
2be65d5134
Remove expected failure from test_psa_compliance
...
Issue #5143 was fixed in PR #5192 .
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:47:56 +01:00
Manuel Pégourié-Gonnard
394c65e0f0
Merge pull request #5169 from bensze01/test_psa_compliance_2.x
...
Backport 2.x: Run the PSA Compliance test suite in all.sh
2021-11-17 14:10:05 +01:00
Bence Szépkúti
358e0ea464
Indicate nonce sizes invalid for ChaCha20-Poly1305
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:03:08 +01:00
Manuel Pégourié-Gonnard
1a3201a7b9
Merge pull request #5192 from daverodgman/development_2.x
...
Backport 2.x: PSA error code fix
2021-11-17 13:09:43 +01:00
paul-elliott-arm
0372792415
Merge pull request #5165 from mprse/aps_mem_leak_2x
...
(Backport 2x) ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:39 +00:00
Dave Rodgman
dc4e4b72c0
Fix derive_input test ignoring parameter
...
Fix derive_input test hardcoding key type instead of using test argument.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:52 +00:00
Dave Rodgman
bc92abed8c
Update test to handle changed error code
...
Update test to handle changed error code from psa_key_derivation_output_key
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:51 +00:00
Dave Rodgman
021e724936
Improve PSA error return code
...
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED
If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.
Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-17 10:02:48 +00:00
Gabor Mezei
2dcccbfc19
Fix function name in debug message
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-16 13:34:05 +01:00
Przemyslaw Stekiel
a226ac9738
ssl_client2/ssl_server2: Rework ordering of cleanup
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
e9dea7c3b0
ssl_client2: move memory leak check before rng_free()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel
b66bc0ad4a
Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
d6e0a5824a
ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free())
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel
7c7fb877c6
ssl_client2, ssl_server2: add check for psa memory leaks
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-14 20:03:23 +01:00
Bence Szépkúti
c1e79fd2e3
Enable CMAC for PSA crypto compliance tests
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 20:47:32 +01:00
Bence Szépkúti
24ec529f82
Multipart AEAD is not supported in Mbed TLS 2.x
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 20:47:29 +01:00
Bence Szépkúti
e30fcb6ed5
Remove superfluous expected failures from list
...
Issue #5144 doesn't affect development_2.x
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-11 16:24:19 +01:00
Gabor Mezei
b9e1f2a3cf
Update generated files
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 15:42:41 +01:00
Gabor Mezei
84d739846c
Update changelog with the new public API
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
Gabor Mezei
dbe0f892b3
Fix documentation and comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
Gabor Mezei
c0ae1cf45a
Rename internal header constant_time.h to constant_time_internal.h
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:33:19 +01:00
Gabor Mezei
18a44949d0
Rename constant-time functions to have mbedtls_ct prefix
...
Rename functions to better suite with the module name.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:32:01 +01:00
Gabor Mezei
f127a0e2b1
Remove unneeded include
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:54 +01:00
Gabor Mezei
da20651b73
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:54 +01:00
Gabor Mezei
61bf64fbd0
Bind functions' availability for config options
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:54 +01:00
Gabor Mezei
e24dea8225
Move mbedtls_cf_memcmp to a new public header
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:54 +01:00
Gabor Mezei
6e0e990544
Add macro guard for header file
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
2b35880d41
Bind functions' availability for config options
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
4e2de62fef
Remove unused function
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
fd8a42d914
Make functions static
...
These functions are only used as an auxiliary function for constant-time functions.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
4b4e4d8880
Update documentation and comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
91deea7765
Rename and reorder function parameters
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
150bdee126
Use condition for not sensitive data
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:53 +01:00
Gabor Mezei
3c38b6e9e1
Move implementation specific comment
...
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
Gabor Mezei
2c5ed2244b
Make mbedtls_cf_size_mask_lt function static
...
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
gabor-mezei-arm
d5a392aa2c
Fix missing includes
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
gabor-mezei-arm
10117d673e
Add changelog entry
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
gabor-mezei-arm
7e6a1eaf8f
Add documentation for the functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
gabor-mezei-arm
1ffd0ccf02
Unify equality checker functions return value
...
The equality checker functions always return 0 or 1 value,
thus the type of return value can be the same dispite of the
size of the parameters.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
gabor-mezei-arm
60febd5d8a
Propagate usage of mask generation functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:52 +01:00
gabor-mezei-arm
2f2c0bead3
Unify mask generation functions
...
Generate all-bits 0 or all bits 1 mask from a value instead of from a bit.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-11 11:04:51 +01:00