lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-14 20:01:00 +03:00
Code Activity
27,614 Commits 173 Branches 272 Tags
70b82256b51ae0d3d088a3fa48c2051eb057bc6b
Commit Graph

27614 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
70b82256b5 Add testcase for psa_crypto_output_copy_alloc() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-08 18:13:23 +00:00
David Horstmann
dfa14cbbcd Add function prototypes for psa_crypto_output fns 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-08 18:13:23 +00:00
David Horstmann
e6042ffc49 Add implementation of psa_crypto_input_copy_free() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-08 18:13:23 +00:00
David Horstmann
4700144817 Add testcase for psa_crypto_input_copy_free() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-08 18:13:15 +00:00
David Horstmann
4ac788573b Add psa_crypto_input_copy_alloc() implementation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-08 15:22:27 +00:00
David Horstmann
1ac7e24fb7 Add testcase for psa_crypto_input_copy_alloc() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-07 16:36:41 +00:00
David Horstmann
6fd4c7cff2 Add prototypes for psa_crypto_input_copy API 
This includes:
* The psa_crypto_input_copy_t struct
* psa_crypto_input_copy_alloc()
* psa_crypto_input_copy_free()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-06 17:45:09 +00:00
David Horstmann
b3de69493c Remove psa_crypto_alloc_and_copy() API 
This tied input and output buffers together in
awkward pairs, which made the API more difficult
to use.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-06 17:45:09 +00:00
David Horstmann
7dd8205423 Remove extra blank line at end of file 
(This causes code style checks to fail)

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-06 17:45:09 +00:00
David Horstmann
ad33ab376b Move buffer copy tests into new testsuite 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 20:01:37 +00:00
David Horstmann
49a7276c49 Switch error code to more appropriate value 
Since we are internal rather than user-facing,
PSA_ERROR_CORRUPTION_DETECTED makes more sense than
PSA_ERROR_BUFFER_TOO_SMALL. Whilst it really is a buffer that is too
small, this error code is intended to indicate that a user-supplied
buffer is too small, not an internal one.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 19:51:40 +00:00
David Horstmann
86cdc7646d Switch to TEST_CALLOC_NONNULL() 
This removes some gubbins related to making sure the buffer is not NULL
that was previously cluttering the test case.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 19:45:39 +00:00
David Horstmann
b8381513c1 Switch from ret to status as naming convention 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 19:31:35 +00:00
David Horstmann
8075c7faf7 Switch from int to psa_status_t for test args 
Remove unnecessary casts as well.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 19:28:08 +00:00
David Horstmann
ac12d2dc69 Remove psa_crypto_ prefix from test functions 
This ensures they have a different name to the functions they test.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 19:23:49 +00:00
David Horstmann
8995b50cf4 Remove superfluous comment 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-03 19:20:33 +00:00
David Horstmann
676cfdd0ea Replace compound-initializers with memset 
This should eliminate some pedantic compiler warnings.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 20:47:04 +00:00
David Horstmann
8f77dc7f68 Refactor: move buffer pattern fills into helper 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:40:19 +00:00
David Horstmann
70fda48670 Add full round-trip tests for buffer copying 
Test that a buffer pair can be created with psa_crypto_alloc_and_copy()
and destroyed with psa_crypto_copy_and_free() correctly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:39:42 +00:00
David Horstmann
5b9c21756a Add test case for overlapping buffers 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:39:42 +00:00
David Horstmann
72ab8ad44a Reject zero-lengths in psa_crypto_copy_and_free() 
Zero-length buffers should be represented in the
psa_crypto_buffer_copy_t struct as NULL if it was created in
psa_crypto_alloc_and_copy(), so reject non-NULL zero-length buffers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:39:42 +00:00
David Horstmann
2b79cbaa17 Reject NULL original_output with non-NULL output 
If we have a copy buffer but no original to copy back to, there is not
much sensible we can do. The psa_crypto_buffer_copy_t state is invalid.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:39:42 +00:00
David Horstmann
f4bbb632cd Add implementation of psa_crypto_copy_and_free() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:39:42 +00:00
David Horstmann
9700876520 Add testcases for psa_crypto_copy_and_free() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:39:37 +00:00
David Horstmann
0fee689e57 Simplify zero-length buffers to always be NULL 
Since it is implementation-dependent whether
malloc(0) returns NULL or a pointer, explicitly
represent zero-length buffers as NULL in the
buffer-copy struct, so as to have a uniform
behaviour.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:33:17 +00:00
David Horstmann
03b0472413 Zero-length test for psa_crypto_alloc_and_copy() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:33:17 +00:00
David Horstmann
f06ac88284 Add extra testcases for buffer copying 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:33:17 +00:00
David Horstmann
83eef383c7 Add implementation of psa_crypto_alloc_and_copy() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:33:17 +00:00
David Horstmann
24f11f9cc7 Add testcases for psa_crypto_alloc_and_copy() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:33:08 +00:00
David Horstmann
1d838b27b1 Add buffers struct and prototypes for alloc API 
Add function prototypes for psa_crypto_alloc_and_copy() and
psa_crypto_alloc_and_free(), along with the necessary state struct.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 18:25:36 +00:00
David Horstmann
8978f5c32a Add implementation of psa_crypto_copy_output() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 17:16:36 +00:00
David Horstmann
2f96423147 Add testcases for psa_crypto_copy_output() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 17:16:25 +00:00
David Horstmann
fde97394a0 Add implementation of psa_crypto_copy_input() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 17:15:35 +00:00
David Horstmann
0b241ee584 Add testcases for psa_crypto_copy_input() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-02 17:15:30 +00:00
David Horstmann
af45b8333a Add function prototypes for copying functions 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-10-30 20:40:44 +00:00
Gilles Peskine
df62f1a010 Merge pull request #1106 from gilles-peskine-arm/psa-shared-buffers-requirements 
PSA shared buffers requirements
 2023-10-17 20:38:00 +02:00
Gilles Peskine
8ebeb9c180 Test for read-read inconsistency with mprotect and ptrace/gdb 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-16 18:37:02 +02:00
Gilles Peskine
87889ebe86 Fix editorial error with semantic consequences 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-16 15:40:02 +02:00
Gilles Peskine
a3ce6437bf Typos 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-16 15:39:37 +02:00
Gilles Peskine
1f2802c403 Suggest validating copy by memory poisoning 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 21:49:17 +02:00
Gilles Peskine
6998721c69 Add a section skeleton for copy bypass 
It's something we're likely to want to do at some point.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:05:32 +02:00
Gilles Peskine
7bc1bb65e9 Short explanations of what is expected in the design sections 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:05:25 +02:00
Gilles Peskine
35de1f7a7d Distinguish whole-message signature from other asymmetric cryptography 
Whole-message signature may process the message multiple times (EdDSA
signature does it).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:04:16 +02:00
Gilles Peskine
9cad3b3a70 Design change for cipher/AEAD 
There are many reasons why a driver might violate the security requirements
for plaintext or ciphertext buffers, so mandate copying.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:03:18 +02:00
Gilles Peskine
2859267a27 Clarify terminology: built-in driver 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 20:02:00 +02:00
Gilles Peskine
db00543b3a Add a section on write-read feedback 
It's a security violation, although it's not clear whether it really needs
to influence the design.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 19:57:53 +02:00
Gilles Peskine
352095ca86 Simplify the relaxed output-output rule 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 19:56:22 +02:00
Gilles Peskine
60c453ee72 Expand explanations of the vulnerabilities 
Add a few more examples.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 19:07:56 +02:00
Gilles Peskine
8daedaeac9 Fix typos and copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-13 18:47:29 +02:00
Gilles Peskine
73cb6f85a5 Merge pull request #8360 from Mbed-TLS/revert-8352-iar-fixes 
Revert "Fix a few IAR warnings" which breaks the CI
 2023-10-13 13:11:40 +00:00