The original macro was accounting for the size of public FFDH keys,
which are not a concern for PK. Use sizes for key types supported by PK,
this brings the size of the buffer from 1kB to 528 bytes in the default
config.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In all.sh component test_psa_crypto_config_accel_rsa_crypto, where RSA
is provided only by a drivers, we were using a stack buffer. However
that was not correct, as "opaque" (PSA-held) RSA keys are still
possible. This was pointed by failing test cases in test_suite_pk, such
as "PSA import into PSA: opaque RSA, EXPORT (ok)".
As usual with 3.6, we need more complicated pre-processor conditions.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The type was validated near the end of the function when importing, but
if makes more sense to validate upfront before we possibly allocate a
buffer, export the key to it etc.
This also guarantees a sensible error value without requiring a special
case when exporting on the stack.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This makes test_suite_pk pass again, but beyond that I think it's the
right thing to do.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This fixes 2 out of the 3 tests cases that were failing in
test_suite_pk. The last failure will be adressed in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
But still retain the ability to function without a heap when only ECC is
enabled.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In the TLS-Exporter for TLS 1.3 we mistakenly call PSA_HASH_LENGTH() on
an mbedtls_md_type_t when it should be called on a psa_algorithm_t.
Fortunately, these two types have almost the same values, since we have
previously aligned them to make conversion more efficient. As a result,
PSA_HASH_LENGTH() produces exactly the same value when called on an
mbedtls_md_type_t as with the equivalent psa_algorithm_t.
Thanks to this happy coincidence, fix a largely cosmetic issue (rather
than a major functional bug).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
TLS-PRF uses either SHA-256 and SHA-384, so the removed paragraph was not
correct. The correct version is already available in "check_config.h".
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In the default build, it was 2363 bytes which is a lot to put on the
stack for constrained devices. Fortunately we already have a large
enough buffer at hand: the user-provided output buffer. Use it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Tell the GCC compiler that pointers to types "mbedtls_uintXX_unaligned_t"
(where XX is 16, 32 or 64) might alias with other types. This helps at
high optimizations level (i.e. "-O3") so that the compiler does not mess
up with instruction reordering and memory accesses.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_ALIGNMENT_DISABLE_EFFICENT_UNALIGNED_ACCESS is used to forcedly
prevent MBEDTLS_EFFICIENT_UNALIGNED_ACCESS from being set. This prevents
optimizations from being used on x86 which is useful for testing
purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
