Ronald Cron
9103d490e8
psa: ecdsa: Rework deterministic support check
...
Move the check that ECDSA is supported from the
caller of the function responsible for Mbed TLS
ECDSA signatures to this function, namely
mbedtls_psa_ecdsa_sign_hash().
This makes the caller code more readable and is
more aligned with what is expected from a
sign_hash() PSA driver entry point.
Add a negative test case where a deterministic
ECDSA signature is requested while the library
does not support deterministic ECDSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 13:32:27 +01:00
Janos Follath
d0b0ba8179
Merge pull request #4173 from gilles-peskine-arm/net_poll-fd_setsize-development
...
Fix stack corruption in mbedtls_net_poll with large file descriptor
2021-03-04 12:16:33 +00:00
Ronald Cron
566899eefa
psa: Remove outdated comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 09:52:03 +01:00
Ronald Cron
cbc135599e
psa: wrapper: Remove unnecessary compiler warning workarounds
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-03-04 09:46:45 +01:00
Steven Cooreman
31a876da09
Clarify some policy-handling code comments
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 20:47:40 +01:00
Steven Cooreman
f9f7fdfe49
Rework MAC algorithm / key type validation
...
Reworked the validation of MAC algorithm with the used key type by
introducing psa_mac_key_can_do, which guarantees that PSA_MAC_LENGTH can
be called successfully after validation of the algorithm and key type.
This means psa_get_mac_output_length is no longer required.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 19:58:02 +01:00
Paul Elliott
07fa1f1a39
Fix carelessly copy pasted comment
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:21:17 +00:00
Paul Elliott
3ffd13465a
Fix constant flow mask maths
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 17:11:32 +00:00
Paul Elliott
88f2eb664f
Remove multiplication from conditional assignments
...
Multiplication is not constant flow on any CPU we are generally
targetting, so replace this with bit twiddling.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-03 15:31:17 +00:00
Gilles Peskine
9264e01730
Update error codes listed in the net_sockets documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-03 12:27:17 +01:00
Steven Cooreman
4ff9a29686
Check truncation length explicitly
...
Comparing algorithm with its FULL_LENGTH_MAC version doesn't work in
cases where algorithm is a wildcard. Wildcard input is not specified in
the documentation of the function, but in order to test the function
using the same test as PSA_MAC_LENGTH we're mimicking that behaviour here.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 12:07:20 +01:00
Steven Cooreman
58c94d39ae
Make psa_get_mac_output_length testable and test it
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-03 10:37:35 +01:00
Paul Elliott
c48cb80b1f
Prevent false positive CF Test Failures
...
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:48:40 +00:00
Paul Elliott
c1a895d897
Add further more rigorous tests for base64
...
Original author was gilles.peskine@arm.com
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-02 22:44:37 +00:00
Steven Cooreman
7d4b0d778f
Reuse PSA_MAC_LENGTH in psa_get_mac_output_length
...
Avoid code duplication. Also update the guarantees made by the function
doc to match the guarantees given by PSA_MAC_LENGTH.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
5a17267442
Add a note about why key_type is required
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:40:03 +01:00
Steven Cooreman
1ac5ce3b91
Make psa_key_policy_algorithm_intersection MAC-length aware
...
This makes it more in-line with how psa_key_policy_permits works. It
also adds consistency: the intersection of MAC with default length and
MAC with exact-length is now computed correctly in case the exact length
equals the default length of the algorithm when used with the given
key type.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:39:26 +01:00
Steven Cooreman
15472f8c70
Clean up psa_mac_setup now that we have an output length calculator
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
5ad4bf75e3
Move MAC default length checking into psa_key_policy_permits
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 21:36:33 +01:00
Steven Cooreman
328f11c50e
Language & readability touchups
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 11:44:51 +01:00
Steven Cooreman
e538896ad8
Remove unreferenced static functions when ECP_NO_FALLBACK is used
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-02 10:14:24 +01:00
Ronald Cron
2a0278734b
Merge pull request #4148 from stevew817/add_missing_non_12b_gcm_test_skip
...
Add missing test skip for ALT-implemented GCM (#4010 fix-up)
2021-03-02 09:18:41 +01:00
Paul Elliott
0544d49330
Fix Non CF access to table in base64 decrypt
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 19:15:43 +00:00
Paul Elliott
6e152fa362
Optimise unneccesary cf table accesses away
...
Also fix missed bare access of base_64_dec_map
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 18:33:09 +00:00
Paul Elliott
717ba77e52
Fix incorrect assumptions about the size of size_t
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-03-01 17:49:42 +00:00
Steven Cooreman
d788fab4ff
Clarify usage of psa_key_policy_permits
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
16a05f5881
Add metadata tests intertwining truncated and at-least-length algos
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
947bb0b06f
Code readability improvements
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
a1d8322f74
Fix typos & copy-paste errors
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
fb9cb92055
Move wildcard-to-exercisable conversion to exercise_key in test suite
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:09:24 +01:00
Steven Cooreman
7e39f05929
Using a wildcard as a specific algorithm now reports invalid argument
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
ae3f13bf5e
Add more test cases and fix AT_LEAST_THIS_LENGTH against base algorithm
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
a96e2410e7
Test _AT_LEAST_THIS_LENGTH macros in the PSA Crypto metadata test suite
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:40 +01:00
Steven Cooreman
2c2efa488b
Fix dependency-setting script and test dependencies for new tests
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
d927ed7901
Rename _MINIMUM_LENGTH flags to _AT_LEAST_THIS_LENGTH
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
4400c3a44a
Add _AT_LEAST_THIS_LENGTH_ macros to PSA constants test
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
7de9e2db1f
Language / verbiage fixes
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
aaec341c9b
Exercise CCM with the right amount of IV bytes in test
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:03:39 +01:00
Steven Cooreman
5d81481a1c
Rename AEAD WITH_MINIMUM_LENGTH to AT_LEAST_THIS_LENGTH
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.data
2021-03-01 16:00:31 +01:00
Steven Cooreman
caad49316b
rename MAC_WITH_MINIMUM_LENGTH_TAG to AT_LEAST_THIS_LENGTH_MAC
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
37389c768d
Update validity domain of min_tag_length / min_mac_length
...
Review indicated explicit validity domain should be [1, max_alg_length]
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
2021-03-01 16:00:31 +01:00
Steven Cooreman
0348802247
Remove generic wildcard checks after review feedback
...
Applied specific wildcard checks instead.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# library/psa_crypto.c
2021-03-01 16:00:31 +01:00
Steven Cooreman
ee18b1f5a4
Style and language updates after review
...
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
2021-03-01 16:00:31 +01:00
Steven Cooreman
b3ce8156ce
Add support for minimum-tag-length AEAD and MAC policies
...
Includes tests.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
# Conflicts:
# include/psa/crypto_values.h
# tests/suites/test_suite_psa_crypto.function
2021-03-01 16:00:31 +01:00
gabor-mezei-arm
c6f2480854
Fix documentation
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
gabor-mezei-arm
ceface2247
Add test for ouput buffer size macros
...
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-03-01 13:57:21 +01:00
Gilles Peskine
34045c1d6a
Merge pull request #4145 from stevew817/fix_return_code
...
Return NOT_SUPPORTED according to the API contract for psa_key_derivation_setup
2021-03-01 13:20:50 +01:00
Gilles Peskine
574cf7b59f
Clarify how a file descriptor could still be more than the limit
...
It can happen if the file descriptor was opened before lowering the limit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:43:56 +01:00
Gilles Peskine
97c57fe439
Fix sloppiness around stricly less-than vs less or equal
...
Fix sloppy wording around stricly less-than vs less or equal in
comments. Also fix an off-by-one error in a comparison which led to
calling setrlimit if the limit was exactly the minimum required for
the test, which was unnecessary but harmless.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:40:56 +01:00
Gilles Peskine
c8dab5b41e
Fix sloppy wording around stricly less-than vs less or equal
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-03-01 11:39:21 +01:00