- Add the no confidentiality & no replay protection flags
- Add actual size parameter in PS/ITS get APIs
- Change a few size parameters from uint32_t to size_t
In Mbed OS, there are configuration options with Mbed TLS that we
are more comfortable allowing than we do with Mbed TLS on its own.
Add a check-config adjusting script to enable removing or changing
options in check_config.h
When using Mbed Crypto's PSA Entropy Injection feature on Mbed OS, it is
not required to opt out of having entropy sources added to your entropy
contexts by default (via MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES).
As integrated in Mbed OS, MBEDTLS_PSA_INJECT_ENTROPY is compatible with
actual entropy sources. PSA entropy injection is implemented using the
standard Mbed TLS NV Seed feature, and is as compatible with other
entropy sources as the standard Mbed TLS NV Seed feature which does
support entropy mixing.
Automatically enable entropy injection when the NV Seed feature is
requested on PSA targets. Add a warning note describing the state of the
current implementation of the entropy injection API.
Fixes#10720
When importing development releases of Mbed TLS into Mbed OS, it is
useful to be able to know a the particular git commit hash that was
imported. This change avoids ever creating a VERSION.txt for Mbed TLS
containing only "development", which is fairly useless since one doesn't
know where the development branch was at the time of import.
Before moving to the new release of Mbed TLS, this moves the default imported
version of Mbed TLS to the development branch, and will import the HEAD of the
branch, not just a specific release.
This commit makes the storage configurations - setting
MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C and unsetting
MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C - dependent on the PSA label being defined for
the target.
Previously these symbols were always defined for all platforms which could
cause problems for targets that don't yet support PSA.
- Move all PSA storage code under psa/storage directory
- Create a global PSA error codes header, eliminating ITS specific ones
- Create a common header file for PSA storage type definitions,
eliminating ITS specific ones
- Create a common implementation for PS & ITS
- Implement protected storage feature
- Change ITS test to be common to PS as well
Use a singleton Mutex in platforms_alt functions, to be shared
with the trng function, to save RAM. Rename `platform_alt.c`
to `platform_alt.cpp` as the mutex is in a `singletonPtr`
template class.
Like all HAL APIs, the calls in trng_api.h are not expected to
be thread-safe.
All current accesses to the TRNG HAL are currently via
`mbedtls_hardware_poll`. Mbed TLS does not currently serialise these
calls itself, as `MBEDTLS_THREADING_C` is not enabled. But even if
Mbed TLS's own accesses were serialised, there are other direct
users of `mbedtls_hardware_poll` such as randLIB, that need to use
direct calls due to lack of API to extract entropy from Mbed TLS.
As such it makes sense to treat `mbedtls_hardware_poll` as a de facto
public Mbed OS API, akin to the C++ veneers on top of the HAL, and add a
PlatformMutex there so that it is safe for multithreaded use.
Instead of doing a "pull --rebase" to update to the latest development
branch, do a "fetch" followed by a "checkout" to update to the specified
release. This enables us to get any new tags created since the last
update to the development branch, and removes the noise of updating a
local "development" branch.
Rename the generic name `ctx` of `mbedtls_platform_context`
in `platform_alt.c` to a specific name `plat_ctx`, to avoid conflicts
when used as external in crypto modules.
To avoid collisions between the psa `crypto_platform.h` file and the
platform specific `crypto_platform.h` file, for the init \ terminate
functions, rename the latter to `crypto_device_platform`.
This commit makes the repo used to import new Mbed TLS versions into Mbed OS
a parameter, to allow CI scripts (and any other script or users) to specify
specific repos to use for testing.
Jaeden Amero
Seppo Takalo
David Saada
Martin Kojtal
Darryl Green
k-stachowiak
aqin
avolinski
Simon Butcher
Jaeden Amero
Ron Eldor
Cruz Monrreal
Alexander Zilberkant
Oren Cohen
Kevin Bracey
Jimmy Brisson