Commit graph

13869 commits

Author SHA1 Message Date
Torstein Nesse ce1494b6ee Update ChangeLog.d/systematically_store_bit_size_3740.txt
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2020-10-22 12:12:22 +02:00
Torstein Nesse d9246559ca Update changelog entry, format specification, and correct test vectors
Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-21 11:17:09 +02:00
Torstein Nesse 162a1104be Changes PSA key storage format to include key bits
* Stores bits in psa_persistent_key_storage_format.
* psa_load_persistent_key_into_slot still imports plaintext keys which
  ensures that the bits value gets set.
* Updates key specification to match new implementation.
* Expands persistent store and load tests with to check for bits
  attribute.
* Removes bits storage from psa_se_key_data_storage_t.

Signed-off-by: Torstein Nesse <torstein.nesse@silabs.com>
2020-10-07 10:54:24 +02:00
Janos Follath 7f007f70e0
Merge pull request #3639 from okhowang/android
Use socklen_t on Android
2020-10-02 13:22:59 +01:00
Janos Follath 2cb88c9a24
Merge pull request #3726 from gilles-peskine-arm/changelog-user-visible-only-development
Only use ChangeLog to inform users, not for acknowledgement
2020-10-01 11:37:22 +01:00
Gilles Peskine e9a1e13d62 2.24.0 is still covered by the old policy
“Prior to Mbed TLS 2.24” suggests that 2.24 itself didn't use the old
policy anymore, but it did. Change to “Until”, and also give the exact
version number “2.24.0”.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-10-01 00:35:49 +02:00
Janos Follath e85c0c469d
Merge pull request #3717 from pkolbus/issue-3647
Restore retry in rsa_prepare_blinding()
2020-09-30 16:23:10 +01:00
Manuel Pégourié-Gonnard c427aa74f1
Merge pull request #3642 from okhowang/getrandom
Use glibc's getrandom when glibc > 2.25
2020-09-30 13:55:04 +02:00
okhowang(王沛文) 76158ce9b7 Use socklen_t on Android and other POSIX-compliant system
Fixes #2977

Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-09-30 16:53:37 +08:00
okhowang(王沛文) 9c46a60e6c Use glibc's getrandom() instead of syscall when glibc > 2.25.
Fixes #3432

Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-09-30 16:10:49 +08:00
Gilles Peskine 4bcfe9269f When to write a changelog: minor improvements
Mention sample programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 09:55:27 +02:00
Gilles Peskine ece00a0cd0 Explain when to write a changelog entry
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 01:16:59 +02:00
Gilles Peskine 3b4edc78df We no longer credit contributors in the changelog
From now on, external contributions are no longer acknowledged in the
changelog file. They of course remain acknowledged in the Git history.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 01:13:05 +02:00
Gilles Peskine 27ed799109 Remove changelog entries without a user-visible impact
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-09-30 01:11:39 +02:00
Peter Kolbus ca8b8e7c31 Restore retry in rsa_prepare_blinding()
Starting with commit 49e94e3, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.

Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.

Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-25 08:43:57 -05:00
Gilles Peskine 7829748cd4
Merge pull request #3709 from CameronNemo/issue-3524
programs/psa/psa_constant_names_generated.c: commit generated file
2020-09-25 15:23:48 +02:00
Cameron Nemo e18d09de37 fix(programs/psa): commit python3 generated file
Python should not be required for the build when the no_test target is
used. This commit adds the generated file to the source tree and the
check-generated-files script, and removes the generation from (c)make.

Fixes #3524

Signed-off-by: Cameron Nemo <cnemo@tutanota.com>
2020-09-24 20:57:46 -07:00
Gilles Peskine 9b33eb3284
Merge pull request #3705 from ctron/feature/fix_return_code_1
Fix return code expression in pkparse
2020-09-22 18:51:49 +02:00
Jens Reimann 9ad4a33a54 fix return code
Signed-off-by: Jens Reimann <jreimann@redhat.com>
2020-09-22 11:57:16 +02:00
Gilles Peskine 5cb54f7b27
Merge pull request #3542 from gilles-peskine-arm/psa-unified-driver-specs-20200807
PSA unified driver specification: minor updates
2020-09-18 22:53:46 +02:00
Gilles Peskine 1d9c11081a
Merge pull request #3667 from Jongy/fix-docs
Fix docs to desribe written-into buffer parameter as writable
2020-09-17 00:02:08 +02:00
Janos Follath 2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1
TLS 1.3: Add HKDF-based key derivation functionality
2020-09-16 11:40:06 +01:00
Hanno Becker 531fe3054c Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-16 09:50:17 +01:00
Hanno Becker 61baae7c9f Minor fixes and improvements in TLS 1.3 key schedule documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-16 09:47:47 +01:00
Gilles Peskine dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Gilles Peskine 7107e661b8
Merge pull request #3644 from stevew817/feature/transparent_multipart_driver
Add multipart cipher accelerator support and test driver
2020-09-15 09:51:24 +02:00
Ronald Cron 7424f0d998 psa: Move key identifier related macros and functions
Move key identifier related macros and functions from
crypto_types.h to crypto_values.h as the latter is
the intended file to put them in.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron cb54610e97 Set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in baremetal configuration
No obvious reason to not enable owner identifier encoding
in baremetal as multi-client support is expected to be needed
for some embedded platforms. Thus enable it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron 9a2511e78f Fix key owner identifier documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron 5eba579c6c Remove unnecessary inline definition
Define inline for some compiling environment only
in crypto_platform.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:48:15 +02:00
Steven Cooreman 6d81f7e119 Final feedback from @ronald-cron-arm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman ef8575e1bf Apply review feedback
* Reworked the cipher context once again to be more robustly defined
* Removed redundant memset
* Unified behaviour on failure between driver and software in cipher_finish
* Cipher test driver setup function now also returns early when its status
  is overridden, like the other test driver functions
* Removed redundant test cases
* Added bad-order checking to verify the driver doesn't get called where
  the spec says it won't.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman 89e54f2edc Add mock and negative testing to cipher driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman a07b9970c6 Update semantics around driver context use in psa_cipher_setup
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:39 +02:00
Steven Cooreman eca33c60f8 Add testing of fallback to cipher operations
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman fe0ab55c61 Implement one-shot cipher in test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman e55f3e8de4 Make sure to not call mbedtls_cipher_free on an uninitialised context
As pointed out by Gilles

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman b5e52f2e31 Remove superfluous call in PSA cipher setup
As pointed out by Ronald. The key slot is populated using
get_key_from_slot, and after calling the driver the slot is
validated to not contain an external key, so calling
get_transparent_key is superfluous.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman 16afd3d9b4 Unify cipher setup function inside test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman 7df0292f5a Check & set operation flags for both driver and software in the core
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:30 +02:00
Steven Cooreman cfeea8fa1e Unify driver context struct handling
Added zeroization of the wrapper context on failure/abort, and reliance on
the crypto core to not call an uninitialised wrapper.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:32:50 +02:00
Steven Cooreman 150c99b884 Simplify cipher setup wrapper body
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:32:50 +02:00
Steven Cooreman fb81aa5889 Only pass the driver-relevant portion of the context struct
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 5240e8b519 Style and language fixes from review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman acb5a100a7 Structify cipher test driver hook variables
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 435beeaef3 Add new files to IDE project
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman a32193fae8 Add changelog entry
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman d53c1bf6f2 Exercise the AES-CTR multipart driver and check it gets called
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 8b12225717 Add a working implementation of a multipart AES-CTR test driver
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman 3ec4018e2b Update license texts
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:57 +02:00