Change the hash data to not include the null byte used to terminate
the string. Pass sizeof() - 1 to the hash operation API functions
so that the null byte can be ignored.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Restructure the start of the program to make it
clear to a user exactly what this program is for.
Add a comment for additional clarity.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Change wording from "failed" since this implied the
function had returned an error status instead of
producing the wrong result.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Remove the mbedtls and psa prefixes from variable
names in order to make clearer what is part of
the API and what is just part of the demo program.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Replace MBEDTLS_SHA256_C for PSA_WANT_ALG_SHA_256
everywhere, including comments and print statements.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Define HALH_ALG to the desired PSA algorithm
to demostrate the ease of swapping algorithms
with the PSA API.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This PR was originally created before the code
style was changed. This commit updates the style.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit adds the example program for PSA
hash as well as the relevant changes to
CMakeLists.txt and the Makefile.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Allow demo scripts to be run from the build directory for out-of-tree
builds.
If the executable is not found in the source tree then search in the
current directory in case the script is being run from a build
directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:
git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'
and I think all the files listed fall into one of the following
acceptable categories:
- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
suites
- two example programs using a low-level hash API: hash/hello.c,
pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
implementations
- a function in test_suite_psa_crypto_storage_format that is
specifically for checking if the hash is built in.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The last line of programs/psa/key_ladder_demo.c is of the following
form:
#endif /* Very long comment ... */
Uncrustify tries to reduce the length:
#endif \
/* Very long comment ... */
and causes a compiler error as there is a continuation line with no
actual code in it. Work around this by linewrapping the comment
in advance.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.
This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>