Janos Follath
e85c0c469d
Merge pull request #3717 from pkolbus/issue-3647
...
Restore retry in rsa_prepare_blinding()
2020-09-30 16:23:10 +01:00
Manuel Pégourié-Gonnard
c427aa74f1
Merge pull request #3642 from okhowang/getrandom
...
Use glibc's getrandom when glibc > 2.25
2020-09-30 13:55:04 +02:00
okhowang(王沛文)
9c46a60e6c
Use glibc's getrandom() instead of syscall when glibc > 2.25.
...
Fixes #3432
Signed-off-by: okhowang(王沛文) <okhowang@tencent.com>
2020-09-30 16:10:49 +08:00
Peter Kolbus
ca8b8e7c31
Restore retry in rsa_prepare_blinding()
...
Starting with commit 49e94e3
, the do/while loop in
`rsa_prepare_blinding()` was changed to a `do...while(0)`, which
prevents retry from being effective and leaves dead code.
Restore the while condition to retry, and lift the calls to finish the
computation out of the while loop by by observing that they are
performed only when `mbedtls_mpi_inv_mod()` returns zero.
Signed-off-by: Peter Kolbus <peter.kolbus@garmin.com>
2020-09-25 08:43:57 -05:00
Gilles Peskine
7829748cd4
Merge pull request #3709 from CameronNemo/issue-3524
...
programs/psa/psa_constant_names_generated.c: commit generated file
2020-09-25 15:23:48 +02:00
Cameron Nemo
e18d09de37
fix(programs/psa): commit python3 generated file
...
Python should not be required for the build when the no_test target is
used. This commit adds the generated file to the source tree and the
check-generated-files script, and removes the generation from (c)make.
Fixes #3524
Signed-off-by: Cameron Nemo <cnemo@tutanota.com>
2020-09-24 20:57:46 -07:00
Gilles Peskine
9b33eb3284
Merge pull request #3705 from ctron/feature/fix_return_code_1
...
Fix return code expression in pkparse
2020-09-22 18:51:49 +02:00
Jens Reimann
9ad4a33a54
fix return code
...
Signed-off-by: Jens Reimann <jreimann@redhat.com>
2020-09-22 11:57:16 +02:00
Gilles Peskine
5cb54f7b27
Merge pull request #3542 from gilles-peskine-arm/psa-unified-driver-specs-20200807
...
PSA unified driver specification: minor updates
2020-09-18 22:53:46 +02:00
Gilles Peskine
1d9c11081a
Merge pull request #3667 from Jongy/fix-docs
...
Fix docs to desribe written-into buffer parameter as writable
2020-09-17 00:02:08 +02:00
Janos Follath
2a25904f45
Merge pull request #3568 from hanno-arm/tls13_experimental_key_schedule_1
...
TLS 1.3: Add HKDF-based key derivation functionality
2020-09-16 11:40:06 +01:00
Hanno Becker
531fe3054c
Comment on hardcoding of maximum HKDF key expansion of 255 Bytes
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-16 09:50:17 +01:00
Hanno Becker
61baae7c9f
Minor fixes and improvements in TLS 1.3 key schedule documentation
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-16 09:47:47 +01:00
Gilles Peskine
dc57c25e30
Merge pull request #3527 from ronald-cron-arm/key-extended-id
...
PSA key identifiers rework
2020-09-15 16:06:06 +02:00
Gilles Peskine
7107e661b8
Merge pull request #3644 from stevew817/feature/transparent_multipart_driver
...
Add multipart cipher accelerator support and test driver
2020-09-15 09:51:24 +02:00
Ronald Cron
7424f0d998
psa: Move key identifier related macros and functions
...
Move key identifier related macros and functions from
crypto_types.h to crypto_values.h as the latter is
the intended file to put them in.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron
cb54610e97
Set MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER in baremetal configuration
...
No obvious reason to not enable owner identifier encoding
in baremetal as multi-client support is expected to be needed
for some embedded platforms. Thus enable it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron
9a2511e78f
Fix key owner identifier documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:50:20 +02:00
Ronald Cron
5eba579c6c
Remove unnecessary inline definition
...
Define inline for some compiling environment only
in crypto_platform.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-09-15 08:48:15 +02:00
Steven Cooreman
6d81f7e119
Final feedback from @ronald-cron-arm
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman
ef8575e1bf
Apply review feedback
...
* Reworked the cipher context once again to be more robustly defined
* Removed redundant memset
* Unified behaviour on failure between driver and software in cipher_finish
* Cipher test driver setup function now also returns early when its status
is overridden, like the other test driver functions
* Removed redundant test cases
* Added bad-order checking to verify the driver doesn't get called where
the spec says it won't.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman
89e54f2edc
Add mock and negative testing to cipher driver
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:47 +02:00
Steven Cooreman
a07b9970c6
Update semantics around driver context use in psa_cipher_setup
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 17:00:39 +02:00
Steven Cooreman
eca33c60f8
Add testing of fallback to cipher operations
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman
fe0ab55c61
Implement one-shot cipher in test driver
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman
e55f3e8de4
Make sure to not call mbedtls_cipher_free on an uninitialised context
...
As pointed out by Gilles
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman
b5e52f2e31
Remove superfluous call in PSA cipher setup
...
As pointed out by Ronald. The key slot is populated using
get_key_from_slot, and after calling the driver the slot is
validated to not contain an external key, so calling
get_transparent_key is superfluous.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman
16afd3d9b4
Unify cipher setup function inside test driver
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:33 +02:00
Steven Cooreman
7df0292f5a
Check & set operation flags for both driver and software in the core
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:35:30 +02:00
Steven Cooreman
cfeea8fa1e
Unify driver context struct handling
...
Added zeroization of the wrapper context on failure/abort, and reliance on
the crypto core to not call an uninitialised wrapper.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:32:50 +02:00
Steven Cooreman
150c99b884
Simplify cipher setup wrapper body
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:32:50 +02:00
Steven Cooreman
fb81aa5889
Only pass the driver-relevant portion of the context struct
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
5240e8b519
Style and language fixes from review
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
acb5a100a7
Structify cipher test driver hook variables
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
435beeaef3
Add new files to IDE project
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
a32193fae8
Add changelog entry
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
d53c1bf6f2
Exercise the AES-CTR multipart driver and check it gets called
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
8b12225717
Add a working implementation of a multipart AES-CTR test driver
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:58 +02:00
Steven Cooreman
3ec4018e2b
Update license texts
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:57 +02:00
Steven Cooreman
d3feccd3a5
Restructure cipher context object to contain driver switch
...
Once an operation has been 'accepted' by a driver, the remainder is bound
to the same driver, since driver-specific context structs cannot be shared.
This provides a pretty good gate mechanism for the fallback logic, too.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:31:52 +02:00
Steven Cooreman
37941cb5e1
Add initial pass on a multi-part test driver
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2020-09-14 16:30:14 +02:00
Gilles Peskine
b1d3f2779b
Merge pull request #3480 from stevew817/feature/aes-ecb
...
Added support for AES-ECB to the PSA Crypto implementation
2020-09-14 14:45:14 +02:00
Gilles Peskine
a0a210fc1b
Merge pull request #3628 from gilles-peskine-arm/psa-conditional-inclusion-c-proposal
...
Pure C configuration of PSA crypto mechanisms
2020-09-12 00:33:08 +02:00
Yonatan Goldschmidt
6e2af094b0
Fix docs to desribe written-into buffer parameter as writable
...
Signed-off-by: Yonatan Goldschmidt <yon.goldschmidt@gmail.com>
2020-09-12 01:24:45 +03:00
Gilles Peskine
2a739c41bd
Merge pull request #3569 from cm6n/fix_mbedtlssslsetbio_description
...
Fix typo in mbedtls_ssl_set_bio description.
2020-09-11 21:17:37 +02:00
Janos Follath
963c9e41e8
Merge pull request #3588 from guidovranken/fix-clang12-Wstring-concatenation
...
Prevent triggering Clang 12 -Wstring-concatenation warning
2020-09-11 15:27:52 +01:00
Gilles Peskine
a75a06bde6
Merge pull request #3630 from mpg/rm-useless-cast-x509
...
x509.c: Remove one unnecessary cast
2020-09-10 22:01:52 +02:00
Gilles Peskine
6bf4f5fb65
Merge pull request #3585 from jdurkop/fix/undefined-reference-3294
...
Fix the build with MBEDTLS_USE_PSA_CRYPTO without ECDSA
2020-09-10 21:59:49 +02:00
Dave Rodgman
e5874e1903
Merge pull request #3525 from HowJMay/typo
...
Fix typo in comment
2020-09-10 12:39:25 +01:00
Hanno Becker
2dfe1327e5
Fix miscalculation of maximum TLS 1.3 HKDF label length
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2020-09-10 09:23:12 +01:00