Paul Elliott
3ffd13465a
Fix constant flow mask maths
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:11:32 +00:00
Paul Elliott
88f2eb664f
Remove multiplication from conditional assignments
...
Multiplication is not constant flow on any CPU we are generally
targetting, so replace this with bit twiddling.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 15:31:17 +00:00
Gilles Peskine
9264e01730
Update error codes listed in the net_sockets documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:27:17 +01:00
Steven Cooreman
4ff9a29686
Check truncation length explicitly
...
Comparing algorithm with its FULL_LENGTH_MAC version doesn't work in
cases where algorithm is a wildcard. Wildcard input is not specified in
the documentation of the function, but in order to test the function
using the same test as PSA_MAC_LENGTH we're mimicking that behaviour here.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 12:07:20 +01:00
Steven Cooreman
58c94d39ae
Make psa_get_mac_output_length testable and test it
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Paul Elliott
c48cb80b1f
Prevent false positive CF Test Failures
...
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:48:40 +00:00
Paul Elliott
c1a895d897
Add further more rigorous tests for base64
...
Original author was gilles.peskine@arm.com
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:44:37 +00:00
Steven Cooreman
7d4b0d778f
Reuse PSA_MAC_LENGTH in psa_get_mac_output_length
...
Avoid code duplication. Also update the guarantees made by the function
doc to match the guarantees given by PSA_MAC_LENGTH.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
5a17267442
Add a note about why key_type is required
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
1ac5ce3b91
Make psa_key_policy_algorithm_intersection MAC-length aware
...
This makes it more in-line with how psa_key_policy_permits works. It
also adds consistency: the intersection of MAC with default length and
MAC with exact-length is now computed correctly in case the exact length
equals the default length of the algorithm when used with the given
key type.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:39:26 +01:00
Steven Cooreman
15472f8c70
Clean up psa_mac_setup now that we have an output length calculator
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
5ad4bf75e3
Move MAC default length checking into psa_key_policy_permits
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e
Language & readability touchups
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
e538896ad8
Remove unreferenced static functions when ECP_NO_FALLBACK is used
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 10:14:24 +01:00
Ronald Cron
2a0278734b
Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip
...
Add missing test skip for ALT-implemented GCM (#4010 fix-up)
2021-03-02 09:18:41 +01:00
Paul Elliott
0544d49330
Fix Non CF access to table in base64 decrypt
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 19:15:43 +00:00
Paul Elliott
6e152fa362
Optimise unneccesary cf table accesses away
...
Also fix missed bare access of base_64_dec_map
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 18:33:09 +00:00
Paul Elliott
717ba77e52
Fix incorrect assumptions about the size of size_t
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 17:49:42 +00:00
Steven Cooreman
d788fab4ff
Clarify usage of psa_key_policy_permits
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
16a05f5881
Add metadata tests intertwining truncated and at-least-length algos
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
947bb0b06f
Code readability improvements
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
a1d8322f74
Fix typos & copy-paste errors
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
fb9cb92055
Move wildcard-to-exercisable conversion to exercise_key in test suite
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
7e39f05929
Using a wildcard as a specific algorithm now reports invalid argument
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e
Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
a96e2410e7
Test _AT_LEAST_THIS_LENGTH macros in the PSA Crypto metadata test suite
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
2c2efa488b
Fix dependency-setting script and test dependencies for new tests
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
d927ed7901
Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
4400c3a44a
Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
7de9e2db1f
Language / verbiage fixes
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
aaec341c9b
Exercise CCM with the right amount of IV bytes in test
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c
Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b
rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
37389c768d
Update validity domain of min_tag_length / min_mac_length
...
Review indicated explicit validity domain should be [1, max_alg_length]
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman
0348802247
Remove generic wildcard checks after review feedback
...
Applied specific wildcard checks instead.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# library/psa_crypto.c
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4
Style and language updates after review
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce
Add support for minimum-tag-length AEAD and MAC policies
...
Includes tests.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm
c6f2480854
Fix documentation
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
gabor-mezei-arm
ceface2247
Add test for ouput buffer size macros
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine
34045c1d6a
Merge pull request #4145 from stevew817/fix_return_code
...
Return NOT_SUPPORTED according to the API contract for psa_key_derivation_setup
2021-03-01 13:20:50 +01:00
Gilles Peskine
574cf7b59f
Clarify how a file descriptor could still be more than the limit
...
It can happen if the file descriptor was opened before lowering the limit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:43:56 +01:00
Gilles Peskine
97c57fe439
Fix sloppiness around stricly less-than vs less or equal
...
Fix sloppy wording around stricly less-than vs less or equal in
comments. Also fix an off-by-one error in a comparison which led to
calling setrlimit if the limit was exactly the minimum required for
the test, which was unnecessary but harmless.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:40:56 +01:00
Gilles Peskine
c8dab5b41e
Fix sloppy wording around stricly less-than vs less or equal
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:39:21 +01:00
Gilles Peskine
e28f236b6b
Document FD_SETSIZE limitation for mbedtls_net_{poll,recv_timeout}
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Gilles Peskine
ddf4374879
Fix stack buffer overflow in net functions with large file descriptor
...
Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is beyond
FD_SETSIZE. The bug was due to not checking that the file descriptor
is within the range of an fd_set object.
Fix #4169
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Gilles Peskine
6667a78c9b
Add test for mbedtls_net_poll beyond FD_SETSIZE
...
mbedtls_net_poll() and mbedtls_net_recv_timeout() rely on select(),
which represents sets of file descriptors through the fd_set type.
This type cannot hold file descriptors larger than FD_SETSIZE. Make
sure that these functions identify this failure code.
Without a proper range check of the file descriptor in the
mbedtls_net_xxx function, this test fails when running with UBSan:
```
net_poll beyond FD_SETSIZE ........................................ source/library/net_sockets.c:482:9: runtime error: index 16 out of bounds for type '__fd_mask [16]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior source/library/net_sockets.c:482:9 in
```
This is a non-regression test for
https://github.com/ARMmbed/mbedtls/issues/4169 .
The implementation of this test is specific to Unix-like platforms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-25 15:56:48 +01:00
Paul Elliott
3e7908189a
Fixes for MSVC warnings
...
Also added a couple of missing comment blocks.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-02-25 12:28:49 +00:00
Manuel Pégourié-Gonnard
80c02af03c
Add cross-doc links, avoid redundancies
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-02-25 12:50:43 +01:00
Manuel Pégourié-Gonnard
b6aa958f87
Update the issue template
...
- reference recently-created document
- try to improve general readability
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-02-25 12:50:42 +01:00
Manuel Pégourié-Gonnard
1b2e06124e
Add SUPPORT.md
...
This name is also recognized by github:
https://docs.github.com/en/github/building-a-strong-community/adding-support-resources-to-your-project
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-02-25 12:50:42 +01:00