Run `make generated_files` to generate the automatically generated
C source files and build scripts.
Run `make neat` to remove all automatically generated files, even C
source files and build scripts.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of mode parameter from
mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit
propagates the change to all relevant function calls
and tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Calls to abort that are now being done by the psa_crypto layer, freeing
of tempory allocations (done by abort) and a couple of checks that had
already been done prior to that point
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Ad and body lengths can only be too big on builds where size_t is bigger
than 32 bits. This checking code therefore generates always true
comparison warnings on 32 bit platforms, and thus had to be guarded.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Split to data required for internal implementation and data required for
driver implementation with data left over for the PSA layer.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Add (internal only) define to config.h which allows the temporary
implementation of CCM to work, by removing the buffer zeroization on tag
fail when decrypting. This will obviously be removed when multipart CCM
is properaly implemented
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Remove spurious "not supported" returns, and fix same issue that was
encountered with internal implementations - operation needs to be
marked as a type even if the initial call fails, otherwise cleanup won't
get done.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Although this deviates from the standard "auto-generated" code, the
M-AEAD setup functions set the key and thus allocate memory. If the
failure occurs after this (invalid tag size for example) then not having
the id set to the internal drivers means that abort does not get called,
and this causes the allocated data to leak.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Move CCM to update all data at update step, as final step can only
output at most a block length, so outputting all data at this step
significantly breaks the tests. Had to add unpleasant workaround for the
validate stage, but this is the only way I can do things without
breaking CCM Alt implementations.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Fix memory leak due to aead_abort() using incorrect enums to identify
algorithm used. Fix incorrect return on failure to check tag on
aead_verify()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
For the time being CCM and GCM are not entirely implemented correctly
due to issues with their underlying implentations, which would be
difficult to fix in 2.x, and thus require all the AD and data to be
passed in in one go.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Multipart AEAD operation struct has to be public as it's allocated by
the caller, so to save duplication of code, switch oneshot AEAD over to
using the multipart operation struct.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
mbedtls_ssl_{get,set}_session() exhibited idempotent behaviour
in Mbed TLS 2.x. Multiple calls to those functions are not useful
in TLS 1.2, and the idempotent nature is unsuitable for support of
TLS 1.3 which introduces the availabilty to offer multiple tickets
for resumption, as well as receive multiple tickets.
In preparation for TLS 1.3 support, this commit relaxes the semantics
of `mbedtls_ssl_{get,set}_session()` by allowing implementations to
fail gracefully, and leveraging this freedom by modifying the
existing TLS 1.2 implementation to only accept one call to
`mbedtls_ssl_{get,set}_session()` per context, and non-fatally
failing all subsequent invocations.
For TLS 1.3, it will be leveraged by making multiple calls to
`mbedtls_ssl_get_session()` issue one ticket a time until no more
tickets are available, and by using multiple calls to
`mbedtls_ssl_set_session()` to allow the client to offer multiple
tickets to the server.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
