Ryan Everett
7aeacc1ec4
Add empty line in register_read comment
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 13:02:58 +00:00
Ryan Everett
558da2ffd3
Move key_slot_mutex to threading.h
...
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 12:59:28 +00:00
Ryan Everett
fb02d57de7
Document the thread safety of the primitive key slot functions
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:54:42 +00:00
Ryan Everett
846889355c
Initialize and free the key slot mutex
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:05 +00:00
Ryan Everett
491f7e5ac3
Define key_slot_mutex
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:21:38 +00:00
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf
...
Ctr perf
2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states
...
Implement the new key slot state system within the PSA subsystem.
2024-01-17 17:50:04 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation
...
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
2024-01-17 14:12:33 +00:00
Ryan Everett
38a2b7a6a3
Extend psa_wipe_key_slot documentation
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1
Implement delayed deletion in psa_destroy_key and some cleanup
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-17 11:40:29 +00:00
Dave Rodgman
885248c8ee
Add header guards
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-17 11:06:31 +00:00
Dave Rodgman
7e5b7f91ca
Fix error in ctr_drbg
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-16 17:28:25 +00:00
Dave Rodgman
46697da5b3
Make gcm counter increment more efficient
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235
Save 14 bytes in CTR-DRBG
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384
Use optimised counter increment in AES-CTR and CTR-DRBG
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d
Introduce mbedtls_ctr_increment_counter
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764
Revert change to psa_destroy_key documentation
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce
Revert change to return behaviour in psa_reserve_free_key_slot
...
This change was a mistake, we still need to wipe the pointers here.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8
Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
...
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4
Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
...
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.
Remove the state changing calls that are no longer necessary.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5
Iterate in 16-byte chunks
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713
Add minor cosmetic changes to record size limit changelog and comments
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
...
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
...
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a
Fix warning in ssl_tls13_generic.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb
Fix issue in checking in writing extensions
...
Fix issue in checking if server received
record size limit extension.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888
remove mbedtls_ssl_is_record_size_limit_valid function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024
Stop sending record size limit extension if it's not sent from client
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943
tls13: server: write Record Size Limit ext in EncryptedExtensions
...
- add the support in library
- update corresponding test cases.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9
tls13: cli: write Record Size Limit ext in ClientHello
...
- add the support in library
- update corresponding test case
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d
ssl_tls13_generic: check value of RecordSizeLimit in helper function
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
a8b4291836
tls13: add generic function to write Record Size Limit ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Jonathan Winzig
5caf20ea80
Update fix to be more platform-independent
...
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 16:41:10 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Jonathan Winzig
05c722bfd0
Fix Issue #8687
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 15:20:03 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
...
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Waleed-Ziad Maamoun-Elmelegy
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>
2024-01-05 14:19:16 +00:00
Ryan Everett
6a9c14b918
Update mbedtls_psa_get_stats
...
Uses readers to report "locked_slots",
and slot state empty to report "empty_slots".
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
6cd2b8db96
Update psa_wipe_all_key_slots
...
This will still wipe the slot regardless of state/readers.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
1b70a07eca
Replace psa_unlock_key_slot calls in operations which act on FULL slots
...
Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read.
All instances follow a pattern of a call to psa_get_and_lock_key_slot_X,
followed by some code which reads from a slot, followed by a call to psa_unregister_read.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
eb27dc0f3a
Update psa_load_X_key_into_slot
...
These functions (on success) take a slot from PSA_SLOT_FILLING to PSA_SLOT_FULL.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
c70ce576bd
Update psa_destroy_key, psa_purge_key and psa_close_key
...
This does not yet implement destruction while a key is in use for psa_destroy_key;
that will be implemented in a separate pr.
(I am not sure if I am allowed to change the documentation in the include files.)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
098c6659ad
Update psa_get_and_lock_key_slot_X functions
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
b69118ebd0
Update key creation functions to use the new key slot states
...
Update psa_start_key_creation,
psa_finish_key_creation and psa_fail_key_creation.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00
Ryan Everett
2afb516011
Update and rename psa_get_empty_key_slot
...
Rename to psa_reserve_free_key_slot, as this function reserves a slot which is
free (not always empty) for filling.
Implement necessary state transitions and state checks.
Rename unlocked_persistent_key_slot to unused_persistent_key_slot.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-04 16:57:48 +00:00