If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Since we are internal rather than user-facing,
PSA_ERROR_CORRUPTION_DETECTED makes more sense than
PSA_ERROR_BUFFER_TOO_SMALL. Whilst it really is a buffer that is too
small, this error code is intended to indicate that a user-supplied
buffer is too small, not an internal one.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Zero-length buffers should be represented in the
psa_crypto_buffer_copy_t struct as NULL if it was created in
psa_crypto_alloc_and_copy(), so reject non-NULL zero-length buffers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
If we have a copy buffer but no original to copy back to, there is not
much sensible we can do. The psa_crypto_buffer_copy_t state is invalid.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since it is implementation-dependent whether
malloc(0) returns NULL or a pointer, explicitly
represent zero-length buffers as NULL in the
buffer-copy struct, so as to have a uniform
behaviour.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add function prototypes for psa_crypto_alloc_and_copy() and
psa_crypto_alloc_and_free(), along with the necessary state struct.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
These are used in tests to determine whether there is support for
one of those keys for CBC mode.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.
Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:
- mbedtls_cipher_values_from_psa() that performs parameters' validation and
return cipher's values
- mbedtls_cipher_info_from_psa() which then use those values to return
the proper cipher_info pointer. Of course this depends on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
