Commit Graph

14854 Commits

Author SHA1 Message Date
Dave Rodgman
5cce6a24d0 Merge branch 'development-restricted' into mbedtls-2.26.0-rc 2021-03-08 17:01:24 +00:00
Gilles Peskine
e252868be4
Merge pull request #4067 from stevew817/feature/allow_multilength_aead
Add support for key policies (MAC & AEAD)
2021-03-08 15:04:17 +01:00
Steven Cooreman
1fb691aea9 Remove superfluous check
mac size is previously checked to not be less than 4, so it can't be zero
anymore at this point.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-08 14:00:34 +01:00
Steven Cooreman
cd64093222 Language & code readability updates
No functional/behavioral changes in this commit

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-08 14:00:29 +01:00
Janos Follath
477a463684
Merge pull request #4168 from stevew817/fix/unreferenced_function_in_ecp_c
Remove unreferenced static functions when ECP_NO_FALLBACK is used
2021-03-05 08:51:13 +00:00
Manuel Pégourié-Gonnard
edc589bdd8
Merge pull request #808 from paul-elliott-arm/cf_base64_work
Constant Flow Base64 Table Access
2021-03-04 17:25:37 +01:00
Paul Elliott
be165bd32b Code style fixups
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:34:50 +00:00
Paul Elliott
a5dce14291 Fixup changelog formatting
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:24:57 +00:00
Paul Elliott
3c973f4d32 Fix misnamed base64 test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-04 14:23:03 +00:00
Janos Follath
d0b0ba8179
Merge pull request #4173 from gilles-peskine-arm/net_poll-fd_setsize-development
Fix stack corruption in mbedtls_net_poll with large file descriptor
2021-03-04 12:16:33 +00:00
Steven Cooreman
31a876da09 Clarify some policy-handling code comments
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 20:47:40 +01:00
Steven Cooreman
f9f7fdfe49 Rework MAC algorithm / key type validation
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.

This means psa_get_mac_output_length is no longer required.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Paul Elliott
07fa1f1a39 Fix carelessly copy pasted comment
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:21:17 +00:00
Paul Elliott
3ffd13465a Fix constant flow mask maths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:11:32 +00:00
Paul Elliott
88f2eb664f Remove multiplication from conditional assignments
Multiplication is not constant flow on any CPU we are generally
targetting, so replace this with bit twiddling.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 15:31:17 +00:00
Gilles Peskine
9264e01730 Update error codes listed in the net_sockets documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:27:17 +01:00
Steven Cooreman
4ff9a29686 Check truncation length explicitly
Comparing algorithm with its FULL_LENGTH_MAC version doesn't work in
cases where algorithm is a wildcard. Wildcard input is not specified in
the documentation of the function, but in order to test the function
using the same test as PSA_MAC_LENGTH we're mimicking that behaviour here.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 12:07:20 +01:00
Steven Cooreman
58c94d39ae Make psa_get_mac_output_length testable and test it
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Paul Elliott
c48cb80b1f Prevent false positive CF Test Failures
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:48:40 +00:00
Paul Elliott
c1a895d897 Add further more rigorous tests for base64
Original author was gilles.peskine@arm.com

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:44:37 +00:00
Steven Cooreman
7d4b0d778f Reuse PSA_MAC_LENGTH in psa_get_mac_output_length
Avoid code duplication. Also update the guarantees made by the function
doc to match the guarantees given by PSA_MAC_LENGTH.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
5a17267442 Add a note about why key_type is required
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
1ac5ce3b91 Make psa_key_policy_algorithm_intersection MAC-length aware
This makes it more in-line with how psa_key_policy_permits works. It
also adds consistency: the intersection of MAC with default length and
MAC with exact-length is now computed correctly in case the exact length
equals the default length of the algorithm when used with the given
key type.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:39:26 +01:00
Steven Cooreman
15472f8c70 Clean up psa_mac_setup now that we have an output length calculator
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
5ad4bf75e3 Move MAC default length checking into psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e Language & readability touchups
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
e538896ad8 Remove unreferenced static functions when ECP_NO_FALLBACK is used
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 10:14:24 +01:00
Ronald Cron
2a0278734b
Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip
Add missing test skip for ALT-implemented GCM (#4010 fix-up)
2021-03-02 09:18:41 +01:00
Paul Elliott
0544d49330 Fix Non CF access to table in base64 decrypt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 19:15:43 +00:00
Paul Elliott
6e152fa362 Optimise unneccesary cf table accesses away
Also fix missed bare access of base_64_dec_map

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 18:33:09 +00:00
Paul Elliott
717ba77e52 Fix incorrect assumptions about the size of size_t
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 17:49:42 +00:00
Steven Cooreman
d788fab4ff Clarify usage of psa_key_policy_permits
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
16a05f5881 Add metadata tests intertwining truncated and at-least-length algos
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
947bb0b06f Code readability improvements
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
a1d8322f74 Fix typos & copy-paste errors
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
fb9cb92055 Move wildcard-to-exercisable conversion to exercise_key in test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
7e39f05929 Using a wildcard as a specific algorithm now reports invalid argument
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
a96e2410e7 Test _AT_LEAST_THIS_LENGTH macros in the PSA Crypto metadata test suite
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
2c2efa488b Fix dependency-setting script and test dependencies for new tests
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
d927ed7901 Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
4400c3a44a Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
7de9e2db1f Language / verbiage fixes
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
aaec341c9b Exercise CCM with the right amount of IV bytes in test
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
37389c768d Update validity domain of min_tag_length / min_mac_length
Review indicated explicit validity domain should be [1, max_alg_length]

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman
0348802247 Remove generic wildcard checks after review feedback
Applied specific wildcard checks instead.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	library/psa_crypto.c
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4 Style and language updates after review
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce Add support for minimum-tag-length AEAD and MAC policies
Includes tests.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>

# Conflicts:
#	include/psa/crypto_values.h
#	tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00