Gilles Peskine
defdc3bc53
SECP224K1 is not yet supported via the PSA API
...
Filed as https://github.com/ARMmbed/mbedtls/issues/3541 . In the
meantime, disable the ssl-opt.sh test case that uses it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:59:58 +01:00
Gilles Peskine
a1684f42d3
PSA: Reject curves that are not enabled in the PSA configuration
...
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.
This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.
So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 13:12:34 +01:00
Gilles Peskine
398413024d
SECP224K1 is not yet supported via the PSA API
...
Filed as https://github.com/ARMmbed/mbedtls/issues/3541 . In the
meantime, disable the feature.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:45 +01:00
Gilles Peskine
8276986c3e
Curve448 is not yet supported via the PSA API
...
Filed as https://github.com/ARMmbed/mbedtls/issues/4249 . In the
meantime, disable the feature.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-23 12:06:16 +01:00
Ronald Cron
63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec
...
Create PSA configs for ECC curves
2021-03-22 17:35:04 +01:00
Gilles Peskine
01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types
...
PSA storage format test case generator
2021-03-22 12:16:17 +01:00
Chris Jones
8d2bc90b4e
Add changelog entry for alt implementors
...
Files available for use by alt implementations have been moved and renamed
so alt implementators should be told about the changes specific to them.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-19 15:17:23 +00:00
Chris Jones
d02f4c2e44
Reword move_internal_headers changelog entry
...
Reword the changelog entry to tailor it for users of the library as
opposed to developers of the library.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-19 15:15:18 +00:00
Mateusz Starzyk
a2d16b39bc
Remove certs.h includes from test applications.
...
Tests should no longer consider certs.h as a part of public API.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-19 12:49:41 +01:00
Ronald Cron
5cb08a8e61
Merge pull request #4202 from paul-elliott-arm/changelog_linelength_enforcement
...
Make assemble changelog script enforce line length
2021-03-19 12:26:31 +01:00
Paul Elliott
d75773e941
Pythonify and fix reported line number
...
Use enumerate to give the line number and use the correct offset to
actually calculate it.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-18 18:09:34 +00:00
Gilles Peskine
d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations
...
Dispatch hash operations through the driver wrapper layer
2021-03-17 21:50:00 +01:00
Maulik Patel
3240c9d2ec
Update tests for other invalid key operations.
...
Update expected return values of psa_get_key_attributes(),
psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE
for invalid key.
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-03-17 16:11:05 +00:00
Maulik Patel
02a1750098
Update tests for psa_close_key for invalid key.
...
Update expected return values of psa_close_key() to
PSA_ERROR_INVALID_HANDLE for invalid key handle operations.
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-03-17 15:05:13 +00:00
Maulik Patel
f65ad8ccc1
Update psa_open_key tests for invalid key.
...
Update expected return values of psa_open_key() to
PSA_ERROR_DOES_NOT_EXIST for invalid key handle operations.
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-03-17 14:55:45 +00:00
Maulik Patel
c1bfcdda58
Fix:4162 Return correct error type for invalid key
...
Return PSA_ERROR_INVALID_HANDLE instead of
PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
operations.
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-03-17 13:41:07 +00:00
Gilles Peskine
6cc510ea89
Merge pull request #4075 from rrlapointe/dtls_demo_use_read_timeout
...
Actually use the READ_TIMEOUT_MS in the example DTLS client and server
2021-03-17 14:39:50 +01:00
Paul Elliott
2065a8d8af
Reduce level of -Wformat-truncation
...
Reduce level of format truncation warnings due to issues with false
positives (an unknown size buffer is always treated as size 1)
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-17 13:12:22 +00:00
Paul Elliott
29b641688d
Fix printf format issue in programs
...
Fix issues that were missed as part of previous printf attribute
cleanup
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-17 13:08:10 +00:00
Gilles Peskine
0e7b6ebb64
Fix typos in comments
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-17 13:46:59 +01:00
TRodziewicz
782a7eab14
ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that
...
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-03-17 11:36:31 +01:00
Ronald Cron
da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names
...
Fix parameter names after \p in include/psa
2021-03-17 10:17:18 +01:00
Gilles Peskine
d86bc52d78
Cover encodings of algorithms without parameters
...
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.
This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 22:29:12 +01:00
David Brown
3298851d05
Fix alignment of PSA defines
...
When these names were changed, the definition got misaligned with the
rest of the fields. Fix this alignment.
Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-16 10:44:22 -06:00
Mateusz Starzyk
1aec64642c
Remove certs module from mbedtls.
...
Certs will be used only by tests and programs.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272
Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
7e37338dda
Drop single-DES ciphersuites.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e
Drop support for RC4 TLS ciphersuites.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d
Drop support for TLS record-level compression.
...
Remove option MBEDTLS_ZLIB_SUPPORT.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560
Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839
Drop support for SSLv3.
...
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 12:19:05 +01:00
Gilles Peskine
74a7f93c94
Add BUGS.md
...
Instructions on how to report a bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:05:44 +01:00
Gilles Peskine
92042d9bc4
The 2.7 branch is retired
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:05:30 +01:00
Gilles Peskine
991bbe7f5e
Mention the master branch as well
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:05:16 +01:00
Gilles Peskine
a23df13e52
Minor presentation improvements
...
Minor wording improvement and cosmetic formatting improvements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-16 12:04:44 +01:00
Steven Cooreman
f8e45a4e98
Simplify compilation guards around hash driver testing
...
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-16 11:07:55 +01:00
Gilles Peskine
01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length
...
Correct the maximum generated nonce length for CCM
2021-03-16 10:10:41 +01:00
David Brown
eed74df1ee
Re-order PSA ECC configs
...
Arrange these to be in alphabetical order.
Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:53:57 -06:00
David Brown
44bfed596d
Update PSA not supported generated data
...
Update this based on the output of the generator script. The Brainpool
curves are now supported, since they are spelled properly in the config.
Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:40:10 -06:00
David Brown
110ea816ca
psa: Fix name of BRAINPOOL configs
...
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_... Change to
match.
Signed-off-by: David Brown <david.brown@linaro.org>
2021-03-15 15:30:28 -06:00
Ryan LaPointe
dbb192d157
Fix inaccurate comment in sample DTLS server
...
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:27 -04:00
Ryan LaPointe
59244e87e1
Actually use the READ_TIMEOUT_MS in the sample DTLS client and server
...
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
2021-03-15 16:43:08 -04:00
Steven Cooreman
b6bf4bbf95
Clear up language on zeroizing driver context at setup
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 19:00:14 +01:00
Steven Cooreman
aa87fd0012
Make driver IDs always visible
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 18:54:03 +01:00
Steven Cooreman
61bb8fc693
remove superfluous calls to hash_abort
...
The PSA Core is already calling psa_hash_abort, so the driver doesn't
have to do that explicitly.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:35:17 +01:00
Steven Cooreman
5e4c18f6d9
Reorder the driver wrapper switch-case content
...
Reordered the cases to be in numeric order.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:26:07 +01:00
Steven Cooreman
893232fbde
Ensure the full driver structure is zeroized at setup
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:23:37 +01:00
Steven Cooreman
fa952958a5
Don't void actually used arguments
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:16:25 +01:00
Steven Cooreman
0f8ffa806b
Rename and retype hash test driver context structure
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00
Steven Cooreman
753f973f87
Use full config during driver testing
...
Due to the way the test drivers are setup, we require the full setup.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-15 12:14:40 +01:00