There is no need to set decrypt key under CIPHER_ENCRYPT_ONLY,
so we can remove *setkey_dec_func from ctx to save extra code size.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Some cipher modes use cipher-encrypt to encrypt and decrypt.
(E.g: ECB, CBC). This commit adds support to automatically
enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't
need cipher_decrypt.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Variable RSb is only used for either computing reverse tables
in aes_gen_tables or AES-decryption function. This commit provides
more guards for when RSb is defined and used.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Do explain why we don't test a smaller buffer in addition to testing the
nominal size and a larger buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some basic test coverage for now:
* Nominal operation.
* Larger output buffer.
* Clone an operation and use it after the original operation stops.
Generate test data automatically. For the time being, only do that for
hashes that Python supports natively. Supporting all algorithms is future
work.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
aca31654e6 removed a sentence with copypasta
refering to PBKDF2 instead of XTS. Restore that comment but fix the
copypasta.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They're included by build_info.h and must not be included directly.
Currently, this only concerns one file: config_psa.h. It's technically a bug
to include it, but a harmless one because that header has already been
included by build_info.h except in configurations where it
effectively had no effect (enabling PSA options with PSA turned off).
We plan to split config_psa.h into multiple headers that are less
independent, which could make the inclusion more problematic.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since 3.0.0, mbedtls_config.h (formerly config.h) no longer needs to include
config_psa.h or check_config.h: build_info.h takes care of that.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an
editorial mistake when adding it: it's meant as an addition to
MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same
conditions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They belong here, next to the inclusion of the mbedtls config file. We only
put them in config_psa.h in Mbed TLS 2.x because there was no build_info.h
we could use.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove the workaround for psa_key_agreement_internal to
have a shared_secret array always non-zero. The spec is
recently updated so that PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
is always non-zero
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
New bignum modules are only needed when the new ecp_curves module is
present. Remove them when they are not needed to save code size.
Signed-off-by: Janos Follath <janos.follath@arm.com>