lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-28 23:14:56 +03:00
Code Activity
30,870 Commits 176 Branches 276 Tags
e3abb6a148c99f1ee33f79736cafd9b091ef662c
Commit Graph

406 Commits

Author SHA1 Message Date
David Horstmann
cd84bb287b Update references to mbedtls_dev 
Change these to point to the new mbedtls_framework module in the
framework submodule.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-05-13 14:43:29 +01:00
Manuel Pégourié-Gonnard
4575d230bf Add a note on hits usefulness 
And fix a typo while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-15 10:54:49 +02:00
Manuel Pégourié-Gonnard
432e3b4198 Misc fixes & improvements to driver testing doc 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:41 +02:00
Manuel Pégourié-Gonnard
a47a3c4e13 Rephrase description of the KDF situation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:41 +02:00
Manuel Pégourié-Gonnard
ae22f04769 Refine paragraphs about incomplete entry points 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:41 +02:00
Manuel Pégourié-Gonnard
0ca2fd0e2b Update libtestdriver1 vs internal 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:40 +02:00
Manuel Pégourié-Gonnard
dde1abd572 Update of opaque asymmetric encrypt/decrypt 
https://github.com/Mbed-TLS/mbedtls/pull/8700 merged in the meantime.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:40 +02:00
Manuel Pégourié-Gonnard
6c45361a9c Update for HMAC testing 
Been merged in the meantime.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:40 +02:00
Manuel Pégourié-Gonnard
98f8da1b1a Update names of components renamed in the meantime 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:44:40 +02:00
Manuel Pégourié-Gonnard
f2089dab5e Update status of RSA testing 
Improved by https://github.com/Mbed-TLS/mbedtls/pull/8616/ - closing
8553.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:40:01 +02:00
Manuel Pégourié-Gonnard
b18bc80133 Add note about fallback to other entry points 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:40:01 +02:00
Manuel Pégourié-Gonnard
6a96f42051 Document driver wrapper suite & tested configs 
The coverage data for the test drivers was generated using the following
patch:

diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 9258ba788874..1ef071a65c06 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -63,8 +63,8 @@ if [ $# -gt 0 ] && [ "$1" = "--help" ]; then
 fi

 if in_mbedtls_build_dir; then
-    library_dir='library'
-    title='Mbed TLS'
+    library_dir='tests/src/drivers'
+    title='Mbed TLS test drivers'
 else
     library_dir='core'
     title='TF-PSA-Crypto'
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 734d8323ca73..f6b17ca5692b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4795,14 +4795,17 @@ component_test_psa_crypto_drivers () {
     msg "build: full + test drivers dispatching to builtins"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
-    loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
+    loc_cflags="--coverage -DPSA_CRYPTO_DRIVER_TEST_ALL"
     loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
-    loc_cflags="${loc_cflags} -I../tests/include -O2"
+    loc_cflags="${loc_cflags} -I../tests/include -Og -g3"

-    make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
+    make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="--coverage" -C tests test_suite_psa_crypto_driver_wrappers

     msg "test: full + test drivers dispatching to builtins"
-    make test
+    (cd tests && ./test_suite_psa_crypto_driver_wrappers --verbose)
+    #make test
+
+    scripts/lcov.sh
 }

 component_test_make_shared () {

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:40:01 +02:00
Manuel Pégourié-Gonnard
b66f9dba11 Document test-driver status per family 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:40:00 +02:00
Manuel Pégourié-Gonnard
1a827a3422 Start documenting test-driver framework. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-12 12:40:00 +02:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
David Horstmann
3147034457 Mention MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS 
Explain this option and the way it relates to the copying macros.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:59:03 +00:00
David Horstmann
0ea8071bda Remove 'Question' line around testing 
This question has been resolved, as we know that we can test
transparently.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:51:03 +00:00
David Horstmann
4d01066311 Mention metatest.c 
Add a note that validation of validation was implemented in metatest.c
and explain briefly what that program is for.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:02:08 +00:00
David Horstmann
872ee6ece0 Mention MBEDTLS_TEST_MEMORY_CAN_POISON 
The configuration of memory poisoning is now performed via
compile-time detection setting MBEDTLS_MEMORY_CAN_POISON. Update
the design to take account of this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 15:00:08 +00:00
David Horstmann
12b35bf3c2 Discuss test wrappers and updating them 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 14:48:52 +00:00
David Horstmann
5ea99af0f2 Add discussion of copying conveience macros 
Namely LOCAL_INPUT_DECLARE() and friends

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 14:12:12 +00:00
David Horstmann
1c3b227065 Abstractify example in design exploration 
Since this is just an example, remove specific-sounding references to
mbedtls_psa_core_poison_memory() and replace with more abstract and
generic-sounding memory_poison_hook() and memory_unpoison_hook().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 13:37:59 +00:00
David Horstmann
3f2dcdd142 Rename mbedtls_psa_core_poison_memory() 
The actual functions were called mbedtls_test_memory_poison()
and mbedtls_test_memory_unpoison(). Update the design section to
reflect this.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 13:32:57 +00:00
David Horstmann
331b2cfb31 Clarify design decision in light of actions 
We were successful in adding transparent memory-poisoning testing, so
simplify to the real design decision we made.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-18 13:17:25 +00:00
Dave Rodgman
5ce1577629 Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs 
Update psa-thread-safety.md to reflect version 3.6 changes
 2024-03-18 12:06:39 +00:00
Ryan Everett
765b75f2f8 Update docs/architecture/psa-thread-safety/psa-thread-safety.md 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-18 10:20:43 +00:00
Ryan Everett
f266b51e3f Respond to feedback on psa-thread-safety.md 
A few typo fixes, extrapolations and extra details.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-15 17:30:31 +00:00
Ryan Everett
c408ef463c Update slot transition diagram 
Adds missing transition and italicises internal functions

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-15 17:29:46 +00:00
Ronald Cron
a9bdc8fbb8 Improve tls13-support.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:52:04 +01:00
Ronald Cron
b372b2e5bb docs: Move TLS 1.3 early data doc to a dedicated file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
d76a2d8b98 tls13-support.md: Stop referring to the prototype 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
1b606d8835 tls13-support.md: Early data supported now 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
124ed8a775 tls13-support.md: Some fixes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
David Horstmann
24c269fd4a Rewrite section on PSA copy functions 
The finally implemented functions were significantly different from the
initial design idea, so update the document accordingly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 18:03:35 +00:00
Ryan Everett
d4d6a7a20d Rework and update psa-thread-safety.md 
I have restructured this file, and updated it to reflect changes in design/designs now being implemented.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:22:06 +00:00
Ryan Everett
c9515600fd Fix state transition diagram 
This now represents the implemented model

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 13:22:05 +00:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Gilles Peskine
3f557ad59c Wording improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-07 11:22:16 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first 
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-06 19:45:11 +01:00
Manuel Pégourié-Gonnard
f1562a7217 Merge pull request #8657 from gilles-peskine-arm/pk-psa-bridge-design 
PK-PSA bridge design document
 2024-01-31 09:51:43 +00:00
Gilles Peskine
36dee75368 Update ECDSA signature conversion based on experimentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-30 16:15:17 +01:00
Dave Rodgman
047c724c22 Merge remote-tracking branch 'restricted/development-restricted' into update-development-r 
Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh
 2024-01-26 12:42:51 +00:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes 
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:58:25 +01:00
Gilles Peskine
42a025dc9c Reference filed issues 
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:35:31 +01:00
Gilles Peskine
5a64c42693 Reference ongoing work 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO 
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:07:55 +01:00
Manuel Pégourié-Gonnard
0f45a1aec5 Fix typos / improve syntax 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-01-10 09:43:30 +01:00