mbedtls_ecp_gen_key() generates a private key and calculates the public key.
Calculating the public key takes most of the CPU time. But the PSA key store
doesn't store the key, in order to simplify the plumbing when drivers are
involved. So the time spent calculating the public key is a waste.
Instead, call mbedtls_ecp_gen_privkey(), which does not calculate the public
key.
This also saves 8 instructions in a sample arm thumb build.
Resolves#9732.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Run the function on a few different curves with shorter, just-right and
larger buffer sizes. Perform some basic sanity checks on the output (which
is random).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
This is harmless, but we might as well remove the unreachable line. If we
ever add a break to the loop and we don't think of changing the surrounding
code, it would make more sense not to set exit_code to SUCCESS.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Cleanly reject bits == 0 when calling mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw(). This can plausibly happen when bits is
user-provided data that the calling application doesn't check.
Before this patch, there was typically-benign undefined behavior, such as
adding 0 to a null pointer or calling memcpy on a null pointer with a size
of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Document the return value of mbedtls_ecdsa_raw_to_der() and
mbedtls_ecdsa_der_to_raw().
Document that mbedtls_ecdsa_raw_to_der() has undefined behavior when the
output buffer parameter is null, even with a size of 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use TEST_CALLOC instead of a fixed-size buffer, so that Asan/Valgrind builds
will detect a buffer overflow.
Honor output_size regardless of the value of the number.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since PSA is always on in 4.x, *_PSA_INIT() and *_PSA_DONE() can be
simply aliased to PSA_INIT() and PSA_DONE() until such a time as we
remove them.
Simplify the login of these PSA_INIT/DONE variants by aliasing them in
4.x and keeping the more complex 3.6 logic entirely separate.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since the bug affecting the performance only affects GCC versions
before 7.0, use -O2 flag instead of -O3 for them and keep the
better optimization for newer compilers.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com>
- psa_crypto_helpers.h
mbedtls-3.6 branch misses some crypto client changes that has
been done in the development branch since the LTS release. Therefore
CRYPTO_C guard here is more accurate than CRYPTO_CLIENT.
- entropy.h
In the development branch MBEDTLS_ENTROPY_BLOCK_SIZE is defined
when PSA_WANT_ALG_SHA_[256/512] is defined while in the mbedtls-3.6
branch is guarded by MBEDTLS_MD_CAN_SHA[256/512] which is slightly
different. Since MBEDTLS_ENTROPY_BLOCK_SIZE is used in some tests's
data files, we need to have it defined also if the related test
is skipped. Therefore we add the PSA_WANT_ALG_SHA conditions together
with the MBEDTLS_MD_CAN_SHA ones to mimic the development behavior.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
