The signature of a dummy hash for which no pre-image is know is probably
not sensitive, but zeroize it anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The original macro was accounting for the size of public FFDH keys,
which are not a concern for PK. Use sizes for key types supported by PK,
this brings the size of the buffer from 1kB to 528 bytes in the default
config.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In all.sh component test_psa_crypto_config_accel_rsa_crypto, where RSA
is provided only by a drivers, we were using a stack buffer. However
that was not correct, as "opaque" (PSA-held) RSA keys are still
possible. This was pointed by failing test cases in test_suite_pk, such
as "PSA import into PSA: opaque RSA, EXPORT (ok)".
As usual with 3.6, we need more complicated pre-processor conditions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The type was validated near the end of the function when importing, but
if makes more sense to validate upfront before we possibly allocate a
buffer, export the key to it etc.
This also guarantees a sensible error value without requiring a special
case when exporting on the stack.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This makes test_suite_pk pass again, but beyond that I think it's the
right thing to do.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This fixes 2 out of the 3 tests cases that were failing in
test_suite_pk. The last failure will be adressed in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
But still retain the ability to function without a heap when only ECC is
enabled.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.
Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.
Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available in "check_config.h".
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In the default build, it was 2363 bytes which is a lot to put on the
stack for constrained devices. Fortunately we already have a large
enough buffer at hand: the user-provided output buffer. Use it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Tell the GCC compiler that pointers to types "mbedtls_uintXX_unaligned_t"
(where XX is 16, 32 or 64) might alias with other types. This helps at
high optimizations level (i.e. "-O3") so that the compiler does not mess
up with instruction reordering and memory accesses.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS is used to forcedly
prevent MBEDTLS_EFFICIENT_UNALIGNED_ACCESS from being set. This prevents
optimizations from being used on x86 which is useful for testing
purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This patch adjusts the include order so that some ACLE
intrinsics macros are configured before
the inclusion of `neon.h`. This fixes issues with older
clang compilers but has no effect in modern versions.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
As indicated in a comment, with older Clang, we need to define
`__ARM_FEATURE_CRYPTO` before we include `arm_neon.h`, which is done via
`common.h`. 4c44990d65
accidentally broke this. Fix it, while taking care not to include another
header before `common.h`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previously we were looping in one case but not even checking the other.
Let's check both cases and error out immediately. The error path should
never be taken in pratice anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In library source files, the order of things should be:
1. Define macros that affect the behavior of system headers, such as
`_POSIX_C_SOURCE` and `_GNU_SOURCE`.
2. Include the library's common header: `common.h`.
It takes care of many things, including defining the library
configuration, granting access to private fields in structures, and
activating platform-specific hacks.
3. Possibly a few header inclusions and macro definitions.
4. Guard everything else by `#if defined(MBEDTLS_XXX_C)` or some such.
Enforce this order in files that previously did things they shouldn't have
before including `common.h`. To locate the potentially
problematic files:
```
grep -m1 '^#' library/*.c | grep -v -F common.h
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Was only used in one place so far, but will be used in
rsa_gen_rand_with_inverse()'s upcoming CRT-based implementation.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Will gain a new implementation using the CRT, so we want to hide the
upcoming complexity in a dedicated function.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
