Commit Graph

14317 Commits

Author SHA1 Message Date
ENT\stroej1
df307002cf Updated self test to use NIST test vectors and produce proper result.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-26 12:41:04 -06:00
ENT\stroej1
a0deec0509 Extended test vectors to accomodate addition of nonce to test input array and updated results.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 15:26:27 -06:00
ENT\stroej1
6a5f10cdc7 Added ChangeLog entry for related issue.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:39:13 -06:00
ENT\stroej1
1446211e5e Update self-test vectors to include nonce and test it as part of reseeding.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-24 12:24:35 -06:00
ENT\stroej1
4b91986a76 Fixed seed variable concatenation pointer.
Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>
2020-12-23 19:23:05 -06:00
Ronald Cron
3c537fedfd
Merge pull request #3691 from paul-elliott-arm/fix_cmake
Set CMake Max Version
2020-12-17 09:28:22 +01:00
Manuel Pégourié-Gonnard
575ece0eed
Merge pull request #3576 from gilles-peskine-arm/psa-lifetime-persistence-indicator-tweaks
Tweak documentation about lifetimes
2020-12-15 10:17:39 +01:00
Gilles Peskine
0bb257096a Copyediting
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-14 17:36:02 +01:00
Gilles Peskine
e39bdaa0ed Specialize some wording from the specification
Some of the material was originally the PSA specification, and
discusses how different implementations might behave. Replace such
statements by a description of how Mbed TLS behaves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 18:47:55 +01:00
Gilles Peskine
9b3e5a7b3e Clarify the explanation of locations
It's about who has access to the key material in plaintext, not directly
where the operation is performed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 18:47:11 +01:00
Janos Follath
f3c856536b
Merge pull request #789 from ARMmbed/mbedtls-2.25.0r0
Merge release candidate back to development
2020-12-11 14:36:29 +00:00
Ronald Cron
8f05aeb2e3
Merge pull request #3882 from gilles-peskine-arm/psa-random-driver-spec
PSA: Specification for random generation and entropy drivers
2020-12-11 14:07:35 +01:00
Gilles Peskine
348eeebb24 Clarify the intent of the KEEPALIVE flag
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-11 10:52:36 +01:00
Janos Follath
1c54b5410f
Merge pull request #786 from ARMmbed/dev/yanesca/mbedtls-2.25.0r0-pr
Prepare Release Candidate for Mbed TLS 2.25.0
2020-12-10 12:55:25 +00:00
Janos Follath
e921626dec Fix ChangeLog format
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-10 11:03:01 +00:00
Janos Follath
d6ce116090 Consolidate partial feature into single entry
These entries were for different aspects of a new, partially implemented
feature. Therefore we are consolidating them into a single entry for
clarity.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-10 10:59:15 +00:00
Manuel Pégourié-Gonnard
a27a4e2f18
Merge pull request #3929 from gilles-peskine-arm/psa-driver-remove-old-accel
Remove old proposed accelerator interfaces
2020-12-10 11:31:47 +01:00
Manuel Pégourié-Gonnard
48c76c91f3
Merge pull request #3949 from bensze01/update_psa_values
Improve documentation in test_psa_constant_names.py
2020-12-10 11:19:30 +01:00
Janos Follath
76027f68cf Add missing Changelog entry
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 16:28:35 +00:00
Janos Follath
56b38c2bb0 Finalize ChangeLog
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:05:22 +00:00
Janos Follath
0cbdc61171 Bump version to Mbed TLS 2.25.0
Executed ./scripts/bump_version.sh --version 2.25.0 --so-crypto 6

Increasing the SO version of the crypto library, because the openless
API improvement came with API/ABI incompatibilities. For example
    - the size of psa_key_handle_t changed
    - the type of a parameter in 18 public functions has changed from
      psa_key_handle_t to mbedtls_svc_key_id_t

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:05:22 +00:00
Janos Follath
7ac5fd1861 Assemble ChangeLog
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:46 +00:00
Janos Follath
248900d9b9 Fix Changelog format
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:03:03 +00:00
Janos Follath
debe71988f Add missing ChangeLog entries
Signed-off-by: Janos Follath <janos.follath@arm.com>
2020-12-09 15:02:45 +00:00
Janos Follath
a946dcf8b2 Merge branch 'development-restricted' into mbedtls-2.25.0r0-pr 2020-12-08 20:59:45 +00:00
Gilles Peskine
24cebf6671 Add a section for transparent drivers
No strategy yet, just state some basic requirements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-08 15:19:04 +01:00
Gilles Peskine
f0e2853d46 Minimal update to mention unified-interface opaque drivers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-08 15:19:04 +01:00
Gilles Peskine
6d5c7bc69a
Merge pull request #3898 from paul-elliott-arm/fix_pem_write
Remove Extraneous bytes from buffer post pem write
2020-12-08 12:31:40 +01:00
Bence Szépkúti
4af6560860 Improve documentation in test_psa_constant_names.py
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 11:10:21 +01:00
Gilles Peskine
2b759626a9
Merge pull request #3948 from bensze01/update_psa_values
Update the values of PSA Crypto API macros to version 1.0.0
2020-12-08 11:03:33 +01:00
Bence Szépkúti
7e37bf97ee Update test_psa_constant_names.py for new values
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 07:33:08 +01:00
Bence Szépkúti
6879f42be4 Add changelog
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:24:41 +01:00
Bence Szépkúti
99ffb2b275 Simplify description of PSA_ALG_STREAM_CIPHER
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:09:08 +01:00
Bence Szépkúti
cbe395332c Substitute PSA_ALG_STREAM_CIPHER into all files
Deprecate PSA_ALG_ARC4 and PSA_ALG_CHACHA20.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-08 00:01:31 +01:00
Bence Szépkúti
c6a26c940c Update PSA Crypto persistent key storage tests
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 23:03:59 +01:00
Bence Szépkúti
a294551446 Update PSA Crypto macro values to version 1.0.0
This should be everything that's needed for the stable storage format.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Bence Szépkúti
1de907d4a4 Introduce PSA_ALG_STREAM_CIPHER
This algorithm replaces the pre-existing stream cipher algorithms.
The underlying stream cipher is determined by the key type.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-12-07 21:03:05 +01:00
Gilles Peskine
ae7772d0f3 Clarifications around reseed_entropy_size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:39 +01:00
Gilles Peskine
43100e3fcb Add section on combining get_entropy with add_entropy
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
32e584c38a Copyediting and minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
3ff79066b1 Note an interrogation about integer value representation
Especially 0 values may need special treatment since they can't be
used as an array size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:29 +01:00
Gilles Peskine
6a530e8d26 Random driver: make initial_entropy_size mandatory
If a random driver has a built-in entropy source and doesn't need an
external entropy source, make the driver author declare this
explicitly, rather than it being a less secure default.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:22 +01:00
Gilles Peskine
ee914f34fa Minor clarifications
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:14 +01:00
Gilles Peskine
609394c1cf Open question: can there be multiple RNG instances?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:48:06 +01:00
Gilles Peskine
8d5092c11f get_random: no output on error
The get_random entry point was allowed to return partial data on both
PSA_SUCCESS and PSA_ERROR_INSUFFICIENT_ENTROPY, but there was no
meaningful difference between the two. Keep it simple: PSA_SUCCESS is
success but can be partial, and PSA_ERROR_INSUFFICIENT_ENTROPY is an
error with no output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:56 +01:00
Gilles Peskine
1ef6ad48d1 Note that I'm not completly sure about the get_entropy flags
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
3eb65fbba6 Open question: should add_entropy take an estimated_entropy_bits parameter?
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:45 +01:00
Gilles Peskine
b89b4b9025 get_entropy: recommendations on conditioning and entropy estimates
Explicitly recommend that the driver accounts for environmental
conditions that can affect the amount of entropy.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
05ab2646a3 get_entropy: recommendations on the output_size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:36 +01:00
Gilles Peskine
a14326f054 Make add_entropy optional
A random generation driver does not need to support entropy injection.
This will limit it to platforms where the RNG peripheral is the sole
entropy source and without an RNG seed saved into persistent storage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-12-07 18:47:27 +01:00