Add a new macro `LOCAL_OUTPUT_ALLOC_WITH_COPY` to support the output buffer
handling of the multipart operations like `psa_cipher_update`. This will
allocate a local buffer and copy the content of the original buffer.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
This helps to prevent confusion as it avoids overloading the word
"copy" as both an action and an object.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This helps to prevent confusion as it avoids overloading the word
"copy" as both an action and an object.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This includes:
* The psa_crypto_input_copy_t struct
* psa_crypto_input_copy_alloc()
* psa_crypto_input_copy_free()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This tied input and output buffers together in
awkward pairs, which made the API more difficult
to use.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we are internal rather than user-facing,
PSA_ERROR_CORRUPTION_DETECTED makes more sense than
PSA_ERROR_BUFFER_TOO_SMALL. Whilst it really is a buffer that is too
small, this error code is intended to indicate that a user-supplied
buffer is too small, not an internal one.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add function prototypes for psa_crypto_alloc_and_copy() and
psa_crypto_alloc_and_free(), along with the necessary state struct.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This will be used in the next commit.
While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Changes for interruptible {sign|verify} hash were not merged at the time of the
previous clang 15 /retval fixes, thus this fixes code added at that time.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
psa_get_and_lock_key_slot_with_policy() becomes public temporarily as part of:
https://github.com/Mbed-TLS/mbedtls/pull/6608
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Previously calling get_num_ops more than once would have ended up with ops
getting double counted, and not calling inbetween completes would have ended up
with ops getting missed. Fix this by moving this to where the work is actually
done, and add tests for double calls to get_num_ops().
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Move the obfuscation of the internal library only returning a delta of ops done
into the driver wrapper, thus meaning driver wrapper and API call both return
absolute values of work done. Document the differences at the internal
implementation level.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Pacify Clang >=15 which complained:
```
include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation]
* \retval #PSA_SUCCESS
~~~~~~~~~~~~~~~~~~~^
```
This commit performs the following systematic replacement:
```
perl -i -0777 -p -e 's/([\\@])(retval +\S+)\n(?! *\*? *([^\n \\*\/]|\\[cp]\b))/$1$2 ${1}emptydescription\n/g' $(git ls-files '*.[hc]' '*.function' '*.jinja')
```
i.e. add an `\emptydescription` argument to `\retval` commands (or
`@retval`, which we don't normally used) that are followed by a single word,
unless the next line looks like it contains text which would be the
description.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
-Add test driver support to import/export while wrapping keys
meant to be stored in the PSA core as opaque( emulating an
SE without storage ).
-Export validate_unstructured_key_bit_size as
psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
cover opaque keys, thereby avoiding duplication.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
