Manuel Pégourié-Gonnard
7404af6ec3
Merge pull request #8599 from valeriosetti/issue8357
...
G2 wrap-up
2023-12-13 08:17:27 +00:00
Gilles Peskine
5feac959a5
Correct and clarify discussion of AES-CMAC-PRF-128
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-12 19:20:45 +01:00
Gilles Peskine
0308d79a34
Fix some MAC-related function names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-12 19:20:30 +01:00
Manuel Pégourié-Gonnard
ea6b3c030d
Merge pull request #8605 from valeriosetti/issue8600
...
Quit using enrollment alg in for ECDSA in PK
2023-12-12 16:53:15 +00:00
Gilles Peskine
b4362d2cc7
Merge pull request #8523 from tom-daubney-arm/modify_check_generated_files_script
...
Modify check generated files script to work with TF PSA Crypto too
2023-12-11 21:15:00 +00:00
Gilles Peskine
a211bb7f01
Merge pull request #8596 from xkqian/tls13_early_data_input_file
...
Change early data flag to input file
2023-12-11 21:14:57 +00:00
Joakim Andersson
c5b7285da9
library: Remove unused psa_crypto_core.h include
...
Remove unused psa_crypto_core.h include.
The PSA util file provides helper functions when using the PSA API.
It should not rely on PSA internal headers, and instead only use
public headers.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-12-11 21:25:44 +01:00
David Horstmann
bf4ec79085
Make return statuses unique in FREE_LOCAL_OUTPUT()
...
Previously the return from psa_crypto_local_output_free() had a fixed
name, which meant that multiple outputs would cause redefinitions of the
same variable.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
3e72db4f51
Improve FREE_LOCAL_INPUT() and FREE_LOCAL_OUTPUT()
...
* Set swapped pointers to NULL when the buffers are freed.
* Change example name <buffer> to <input> and <output> to reduce
confusion.
* Document assumptions of FREE_LOCAL_ macros.
* Add comment on error case in FREE_LOCAL_OUTPUT(), explaining why it's
okay to mask the existing status code.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
b7a5b6ed35
Add comment explaining the purpose of header
...
Explain why we have the wrappers in psa_memory_poisoning_wrappers.h
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
00d7a04b82
Add more information to comment on test hooks
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
bbd44a767f
Add missing license header
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
d596862418
Remove unnecessary include directory from CMake
...
Since psa_crypto.c does not include tests/include/test/memory.h, we do
not need the tests/include include path.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
513101b00f
Add MBEDTLS_PSA_COPY_CALLER_BUFFERS config option
...
This allows us to entirely remove copying code, where the convenience
macros are used for copying.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
e9a88ab0d5
Use macros to manage buffer copies
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
410823730b
Remove write check in driver wrappers tests
...
This check is intended to ensure that we do not write intermediate
results to the shared output buffer. This check will be made obselete
by generic memory-poisoning-based testing for all functions.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
e138dce329
Change to use test-hook-based approach
...
Since we are applying hooks transparently to all tests, we cannot setup
and teardown test hooks in the tests. Instead we must do this in the
test wrappers which are used to pre-poison and unpoison memory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
c6977b4899
Copy input and output in psa_cipher_encrypt()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
8f35a4f003
Create memory poisoning wrapper for cipher encrypt
...
Use the preprocessor to wrap psa_cipher_encrypt in a wrapper that
poisons the input and output buffers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
38e4e9c499
Add explicit UNPOISON calls to memory tests
...
These are needed to allow them to operate on buffer copies without
triggering ASan use-after-poison detection.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
372b8bb6c5
Add memory poisoning hooks
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-11 17:58:56 +00:00
David Horstmann
dbbfdabfd8
Merge pull request #1121 from gilles-peskine-arm/psa-buffers-test-poison
...
Memory poisoning function for Asan
2023-12-11 17:56:13 +00:00
Xiaokang Qian
a9581d2d5f
Fix CI failure of uninitialized fp
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-11 01:50:34 +00:00
Tom Cosgrove
656d4b3c74
Avoid use of ip_len
as it clashes with a macro in AIX system headers
...
Fixes #8624
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-12-08 21:51:15 +00:00
David Horstmann
e04a97a1eb
Move MPI initialization to start of function
...
This prevents a call to mbedtls_mpi_free() on uninitialized data when
USE_PSA_INIT() fails.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-08 18:34:15 +00:00
Paul Elliott
0f60c673f0
Merge pull request #8619 from davidhorstmann-arm/fix-selftest-doublefree
...
Fix potential double-free in calloc selftest
2023-12-08 12:23:13 +00:00
Xiaokang Qian
aedfc0932b
Revert to ae952174a7 and addressing some comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-08 10:43:24 +00:00
Thomas Daubney
f05b768457
Use existing variable containing full path
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-12-08 09:47:48 +00:00
Pengyu Lv
f75893bb36
Update comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:40:00 +08:00
Pengyu Lv
d90fbf7769
Adjuest checks in generate_key_rsa suite
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:30:33 +08:00
Pengyu Lv
e9efbc2aa5
Error out when get domain_parameters is not supported
...
From time being, domain_parameters could not be extracted
from driver. We need to return error to indicate this
situation. This is temporary and would be fixed after #6494 .
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 17:30:26 +08:00
Janos Follath
f7f88d6443
Fix style
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-12-08 08:41:08 +00:00
Janos Follath
8209ff335e
Make local function static
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-12-08 08:41:08 +00:00
Janos Follath
aa5cc7b930
Add Changelog for the Marvin attack fix
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-12-08 08:41:08 +00:00
Pengyu Lv
7166434ad8
Error out if script is missing when collecting test cases
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 13:06:54 +08:00
Pengyu Lv
5bde6bd8a6
Revert "Catch ScriptOutputError in analyze_outcomes.py"
...
Just abort the program if there is exception raised when
collecting available test cases, so that we could easily
found out what's going wrong.
This reverts commit c353c5cfd5adecbb8774780bf3202a3a31473470.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 12:22:56 +08:00
Pengyu Lv
94a42ccb3e
Add tls13 in ticket flags helper function names
...
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 11:12:46 +08:00
Yanray Wang
e9be2a259e
fix-tls13-server-min-version-check.txt: rephrase ChangeLog
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:41 +08:00
Yanray Wang
90acdc65e5
tl13: srv: improve comment
...
Improve comment when received version 1.2 of the protocol while TLS
1.2 is disabled on server side.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:38 +08:00
Yanray Wang
2bef917a3c
tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:35 +08:00
Yanray Wang
177e49ad7a
tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:33 +08:00
Yanray Wang
408ba6f7b8
tls13: srv: replace with internal API to check is_tls12_enabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-08 11:00:30 +08:00
Pengyu Lv
abd844f379
Fix wrong format in the function doc
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
02e72f65da
Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
bc4aab7673
Add "_is_" to functions ssl_tls13_key_exchange_.*_available
...
Done by command:
```
sed -i \
"s/ssl_tls13_key_exchange_\(.*\)_available/ssl_tls13_key_exchange_is_\1_available/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
b2cfafbb9e
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
2333b826f4
tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes
...
The function is renamed to
`mbedtls_ssl_tls13_is_kex_mode_supported` and
the behaviour is reversed.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
4f537f73fa
tls13: rename mbedtls_ssl_session_check_ticket_flags
...
The function is renamed to mbedtls_ssl_session_ticket_has_flags.
Descriptions are added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Pengyu Lv
d72e858fd1
tls13: srv: rename ssl_tls13_ticket_permission_check
...
The function is renamed to
ssl_tls13_ticket_is_kex_mode_permitted
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00