yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29777 commits 89 branches 205 tags 114 MiB
Commit graph

6791 commits

Author SHA1 Message Date
Valerio Setti e7bac17b5d test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-11 13:10:34 +02:00
Dave Rodgman be7915aa6c Revert renaming of SHA512 options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-11 10:59:05 +01:00
Bence Szépkúti cffd7135c6
Merge pull request #8328 from yanrayw/sha256_context_guard 
sha256_context: guard is224 by MBEDTLS_SHA224_C
 2023-10-11 09:13:33 +00:00
Ronald Cron a89d2ba132
Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name 
Adapt to new PSA Crypto repo name
 2023-10-11 06:45:30 +00:00
Dave Rodgman 5b89c55bb8 Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 15:14:57 +01:00
Dave Rodgman fe9fda81aa Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 15:14:56 +01:00
Dave Rodgman f097bef6ea Refer to Armv8-A (not Armv8) in docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 15:14:30 +01:00
Dave Rodgman c5861d5bf2 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 14:01:54 +01:00
Dave Rodgman 6ab314f71d More config option renaming 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 14:00:17 +01:00
Dave Rodgman 94a634db96 Rename A64 config options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-10 12:59:29 +01:00
Ronald Cron 7871cb14a7 Include psa/build_info.h instead of mbedtls/build_info.h 
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-10-10 09:35:22 +02:00
Jan Bruckner 946720aac5 Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-10-09 16:53:41 +02:00
Yanray Wang 29db8b061d sha256.h: add guard for is224 in sha256 context 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-10-09 18:09:47 +08:00
Ronald Cron 070e8652d5 Adapt to new PSA Crypto repo name 
Patterns I looked for:
grep -i "psa-crypto"
grep -i "psa.*crypto.*repo"
grep -i "psa.*crypto.*root"

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-10-09 10:26:18 +02:00
Thomas Daubney 540324cd21 Correct styling of Mbed TLS in documentation 
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-10-06 17:07:24 +01:00
Valerio Setti 85d2a98549 md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-06 16:04:49 +02:00
Dave Rodgman 7ed619d3fa Enable run-time detection for Thumb and Arm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 09:39:56 +01:00
Dave Rodgman bfe6021e85 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 08:31:22 +01:00
Dave Rodgman ca92f50e12 Update docs for MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 08:24:55 +01:00
Dave Rodgman 8690859097 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-04 17:40:25 +01:00
Minos Galanakis 31ca313efa Bump version to 3.5.0 
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 22:02:18 +01:00
Minos Galanakis 1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 21:57:51 +01:00
Dave Rodgman cc5bf4946f Make SHA256 depend on Armv8, not aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-03 18:02:56 +01:00
Dave Rodgman 5ed7b2dec2 Introduce MBEDTLS_ARCH_IS_ARMV8 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-03 18:02:31 +01:00
Dave Rodgman b51f3da354
Merge pull request #8264 from mpg/follow-up-8075 
Follow up to 8075
 2023-09-28 17:32:12 +00:00
Manuel Pégourié-Gonnard 140c08e325 Minor clarifications. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 11:02:37 +02:00
Manuel Pégourié-Gonnard 7f22f3478d Add check for unsupported partial curves acceleration 
Manual test: run test_psa_crypto_config_accel_ecc_non_weierstrass_curves
or test_psa_crypto_config_accel_ecc_weierstrass_curves as they are now,
observe it failing with the expected #error.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:18 +02:00
Manuel Pégourié-Gonnard 842d3552b6 Add check for unsupported partial key type acceleration 
Tested manually as follows: in
component_test_psa_crypto_config_accel_ecc_some_key_types, modify
loc_accel_list to remove one of the key types between
helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main,
and observe that the 2nd build fails with the expected #error.

Note: removing one of the key types before
helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to
fail, which is quite acceptable, just not what we're trying to observe.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:16 +02:00
Manuel Pégourié-Gonnard 822870bd5d Adjust handling of special case for DERIVE 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:15 +02:00
Manuel Pégourié-Gonnard e662736f4c Rename macros for consistency 
It's spelled KEY_TYPE everywhere else.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 10:19:14 +02:00
Manuel Pégourié-Gonnard dfa42b34ab Improve documentation about driver-only p256-m. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard eda7086bdd Auto-enable ACCEL macros for p256-m driver 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard f07ce3b8ff Don't extend support for deprecated functions 
Restore guards from the previous release, instead of the new, more
permissive guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-28 08:51:51 +02:00
Gilles Peskine 7f288566c3
Merge pull request #8260 from gilles-peskine-arm/crypto_spe-include-fix 
Fix include path to psa/crypto_spe.h
 2023-09-27 18:10:16 +00:00
Dave Rodgman 0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016 
driver-only ECC: curve acceleration macros
 2023-09-27 14:39:02 +00:00
Gilles Peskine 7a6836b9f2 Document that MBEDTLS_PSA_CRYPTO_SPM needs crypto_spe.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-27 15:48:47 +02:00
Gilles Peskine 3529285308 Fix include path to psa/crypto_spe.h 
We can't have a public header or library file reference our test
environment (except possibly under test-only options, and even so, it would
be with great reluctance). This breaks the build for other people.
Fix #8259.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-27 15:45:16 +02:00
Manuel Pégourié-Gonnard 561bce6b16 Add build with some curves accelerated but not all 
I chose to divide along the lines of Weierstrass vs other curve shapes
(currently just Montgomery), mainly because it's the first thing that
came to mind.

It happened to reveal an issue in the logic for when (deterministic)
ECDSA and ECJPAKE are built-in, which this commit is also fixing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-26 11:36:13 +02:00
Yanray Wang 145bb2946e check_config: add check of ASN1_[WRITE/PARSE]_C 
This commit adds dependency check when PK_CAN_ECDSA_SIGN or
PK_CAN_ECDSA_VERIFY is enabled but no corresponding ASN1_WRITE_C
or ASN1_PARSE_C is enabled under PSA.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-26 17:15:52 +08:00
Xiaokang Qian 845693c513 Change comments to psa_crypto_driver_wrappers.h 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-09-26 09:09:20 +00:00
Dave Rodgman 6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Manuel Pégourié-Gonnard 702b645dce Rename new header file 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 8e82654ec4 Be more subtle about key_type -> alg interaction 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 3bc4d26f20 Special-case KEYPAIR_DERIVE (no driver support yet) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard c2b12b17a4 Fix dependencies of built-in ECC keypair types 
More key management operations only require ECP_LIGHT, except:
- generate (scalar multiplication)
- export (exporting public from private also needs scalar
multiplication).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard b4b13ccff4 Fix deterministic ECDSA built-in dependencies 
They're a superset of the dependencies for randomized ECDSA.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 3ccda15d8f Use consistent ordering for built-in activation 
The usual order is:
- MBEDTLS_PSA_BUILTIN_xxx macro
- MBEDTLS_xxx legacy macros

But curves had it the other way round for some reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 2d04d78561 Fix logic of ECC built-in activation again 
The previous fix was enabling more than needed in some circumstances,
for example:

- requested: (`PSA_WANT`): all ECC algs, all ECC key types, all curves;
- we have acceleration (`MBEDTLS_PSA_ACCEL`) for: ECDH, all ECC key types, all curves;
- as a consequence, we need built-in: all algs except ECDH, all ECC key types, all curves.

This is what's happening in test_psa_crypto_config_accel_ecdh which,
before this commit, was failing as built-in ECDH was enabled contrary to
the component's (rightful) expectations.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 1db44dd68d Remove useless instances of MBEDTLS_SOME_BUILTIN_EC 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 1a0a4d60d9 Implement new strategy for ECC accel/built-in 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 0d99271d14 Group all ECC-related things in legacy_from_psa.h 
Just moving things, no change.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard bfc6ef7a5c Improve PSA config adjustment relate to keypair types 
Centralize it in a new file psa/config_adjust_keypair_types.h. I think
this file indeed belongs in include/psa (as opposed to include/mbedtls)
because it only touches PSA_WANT symbols (no MBEDTLS_PSA symbols), and
implements things that are described in psa-conditional-inclusion.md.

The code is not new, just moved from config_psa.h and
config_adjust_legacy_from_psa.h where is was intermingled with handling
of ACCEL/BUILTIN symbols. (git's --color-moved option will hardly help
in checking that assertion, due to the way things were intermixed.)

Note: the parts about BUILTIN in config_psa.h were not moved, just
removed for now. They belong to
include/mbedtls/config_adjust_legacy_from_psa.h and will be
re-added there in a future commit which will completely re-organize the
handling or ACCEL/BUILTIN for ECC.

See comments inside the commit about placement of this file relative to
others.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard 7af9d07c05 Remove unnecessary block 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 17:39:41 +02:00
Valerio Setti bf206b8f41 adjust_legacy_from_psa: undef SOME_BUILTIN_EC when builtin curves are used 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti 19d92108c1 config_psa: resolve symbol redefinition issue 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti ea167c39d0 check_config: remove unnecessary check about builtin curve usage 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti b2219f633d config_psa: moving PSA_WANT auto-enabling code 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti e6f65a951f config_psa: fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti 67d82e742b build_info: add helpers to signal some support for a specific curve 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti 4b75a764c7 check_config: include also ECJPAKE_C as usage for builtin curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti dca8492043 check_config: request at least 1 builtin EC alg if there is at least 1 builtin curve 
This slightly changes the previous requirement. Instead of enabling
ALL builtin EC algs when there is at least 1 built in curve, we ask
for at least one built alg if there is at least one builtin curve.

This relaxes the previous check while still keeping the base idea:
there must be a reason for which builtin curves are included into
the build.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti 29837c7301 config_psa: include builtin algs if there is at least 1 builtin curve 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti 9aed893fb0 config_psa: check curves' support before EC ALGs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti d6b473adcd config_psa: add internal helper to signal that some curve is builtin 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti 87076abbfb config_psa: ensure PSA_WANT_ECC is enabled for each MBEDTLS_ECP_DP 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti 8ec212098e check_config: fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti 8600de818c check_config: perform checks only when config_psa.h is evaluated 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti 3b69e3ed12 check_config: skip check on SECP224K1 because the PSA is never enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Valerio Setti a7a18313a6 check_config: verify that each ECP_DP has the corresponding PSA_WANT_ECC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Gilles Peskine ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Gilles Peskine ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Waleed Elmelegy a86b776f94 Remove invalid comment from mbedtls_cipher_set_padding_mode() 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-22 17:44:58 +01:00
Dave Rodgman aaebc9be51
Merge pull request #8235 from daverodgman/misc-size 2023-09-21 18:42:37 +01:00
Dave Rodgman d3450da98d Re-order mbedtls_ccm_context 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 10:34:45 +01:00
Gilles Peskine 67cf66b427 Add a note about the code size benefits 
We don't normally make promises related to code size, but this one is vague
enough (just "to benefit"), and it's what a lot of users of this option
care about.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 23:19:46 +02:00
Gilles Peskine 3aa79691fc Add a note about p256m near the option to enable secp256r1 
Only document it with the PSA configuration, not for
MBEDTLS_ECP_DP_SECP256R1_ENABLED, since p256m can't be used with the classic
API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 20:54:50 +02:00
Gilles Peskine 08b66cd7d7 Move MBEDTLS_PSA_P256M_DRIVER_ENABLED to keep alphabetical order 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 20:51:47 +02:00
Gilles Peskine efaee9a299 Give a production-sounding name to the p256m option 
Now that p256-m is officially a production feature and not just an example,
give it a more suitable name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 20:49:47 +02:00
Waleed Elmelegy 5e48cad7f0 Fix codestyle issues in pkcs12.h & pkparse.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function 
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function 
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:28:28 +01:00
Manuel Pégourié-Gonnard 5edb942708
Merge pull request #8041 from mpg/tfm-p256m 
Test TF-M config with p256-m driver
 2023-09-20 16:09:56 +00:00
Gilles Peskine eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Gilles Peskine 452beb9076
Merge pull request #8203 from gilles-peskine-arm/p256-m-production 
Declare p256-m as ready for production
 2023-09-20 09:36:05 +00:00
Manuel Pégourié-Gonnard 97bb726e2d Add clarifying comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 11:28:32 +02:00
Gilles Peskine 67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full 
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
 2023-09-18 08:13:12 +00:00
Manuel Pégourié-Gonnard 4f119b8f21 Remove extra copies of a block of comment/define 
Not sure how it happened, but this block was not just duplicated, but
triplicated. Keep only the first copy: the one before the code that uses
the macro being defined.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 09:57:04 +02:00
Manuel Pégourié-Gonnard f7298cd397 Fix some issues in comments 
Ranging from typos to outdated comment contradicting the code.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 09:55:24 +02:00
jnmeurisse 83f0a65d71
Fix issue #8215 : add missing requires documentation in mbedtls_config.h 
Add missing requirements MBEDTLS_SSL_PROTO_TLS1_2 to option MBEDTLS_SSL_RENEGOTIATION documentation.

Signed-off-by: jnmeurisse <88129653+jnmeurisse@users.noreply.github.com>
 2023-09-16 18:12:18 +02:00
Gilles Peskine 865730ec67
Merge pull request #8212 from tom-cosgrove-arm/mbedtls_ssl_max_early_data_size-default-value 
MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config
 2023-09-15 05:51:59 +00:00
Tom Cosgrove a63775b168 Move MBEDTLS_SSL_MAX_EARLY_DATA_SIZE to the correct section 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-14 13:31:19 +01:00
Tom Cosgrove 3b4471ef87 MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config 
Numeric options should be commented out with their default values in the config
file, and a separate header file should set the default value if necessary.
This was done for most other options in #8161; do it here for
MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-14 13:18:50 +01:00
Gilles Peskine 016db89107 Update p256-m to state that it's ready for production 
Add some guidance as to whether and how to enable it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-13 14:34:40 +02:00
Gilles Peskine 3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 
Accept numericoid hexstring x509
 2023-09-13 08:54:33 +00:00
Gilles Peskine f22999e99f
Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros 
Add architecture detection macros
 2023-09-13 08:53:47 +00:00
Gilles Peskine 2e38a0d603 More spelling corrections 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:19:31 +02:00
Gilles Peskine e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS" 
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-12 19:18:17 +02:00
Ronald Cron ad2f351c6b
Merge pull request #8171 from ronald-cron-arm/misc-minor-fixes 
One minor fix
 2023-09-12 06:00:48 +00:00
Dave Rodgman 7fda906a68
Merge pull request #8161 from gilles-peskine-arm/config-boolean-options-wrong-section-202309 
Fix module configuration options in mbedtls_config.h
 2023-09-11 15:08:56 +00:00
Yanray Wang 3caaf0c61e Enable CIPHER_ENCRYPT_ONLY when DES is disabled 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-11 10:10:44 +08:00
Waleed Elmelegy e1cb35b719 Add new mbedtls_pkcs12_pbe_ext function to replace old function 
Add new mbedtls_pkcs12_pbe_ext function to replace
old mbedtls_pkcs12_pbe function that have security
issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-08 16:51:26 +01:00
Gilles Peskine 31d49cd57f
Merge pull request #1053 from waleed-elmelegy-arm/Improve-and-test-mbedtls_pkcs12_pbe 
Improve & test legacy mbedtls_pkcs12_pbe
 2023-09-08 13:08:05 +02:00
Agathiyan Bragadeesh d34c4262da Move conditionals to keep doxygen with function 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-08 11:09:50 +01:00
Gilles Peskine 86733834bc Modernize documentation of MBEDTLS_PLATFORM_ZEROIZE_ALT 
The documentation was not updated when we started detecting memset_s() and
such.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-07 17:29:15 +02:00
Ronald Cron d3d566f1d8 PSA config: Add comment about HKDF 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-09-07 15:25:53 +02:00
Yanray Wang 56e27b9938 des: don't consider DES for CIPHER_ENCRYPT_ONLY 
We only support ECB and CBC modes for DES. Those two modes require
both encrypt and decrypt directions, so we don't consider DES with
CIPHER_ENCRYPT_ONLY.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-07 18:00:35 +08:00
Yanray Wang 9b811658a8 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-09-07 16:18:00 +08:00
Gilles Peskine 58590983c5
Merge pull request #8160 from daverodgman/warn-unreachable 
Fix clang warnings about unreachable code
 2023-09-06 09:47:03 +00:00
Dave Rodgman 85061b97b5 Improve sanity checking of MBEDTLS_HAVE_INTxx 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-06 08:41:05 +01:00
Gilles Peskine f9e4caf388 Comment out default definition 
This is not required (it's ok to define the default in mbedtls_config and
skip the definition in rsa.h), but comment it out for uniformity with all
the other options in this section.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:11:27 +02:00
Gilles Peskine d65ea42262 Fix some TLS 1.3 settings that were required in mbedtls_config.h 
Mbed TLS can be configured by writing a configuration file from scratch,
without copying mbedtls_config.h. As a consequence, all the macro
definitions in mbedtls_config.h must be optional. This was not the case for
some MBEDTLS_SSL_TLS1_3_xxx macros with numerical values related to session
tickets. Fix that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:10:35 +02:00
Gilles Peskine da69eaa366 TLS 1.3 support is mostly complete 
In particular, pre-shared keys are supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 20:54:17 +02:00
Gilles Peskine a8861e086e Fix boolean options in the wrong section 
Boolean options that modify the behavior of a module are supposed to be in
the "feature support" section, not in the "configuration options" support:
that section is documented to contain commented-out definitions with a
value, for which the comment contains the default version. In particular,
merely uncommenting a definition in the "configuration options" section is
not supposed to change anything.

Move the offending boolean options to the proper section.

This causes those options to be enabled by `config.py full` unless
explicitly excluded. For all the offending options, this is undesirable, so
make sure those options are indeed excluded.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 20:20:51 +02:00
Waleed Elmelegy 255db80910 Improve & test legacy mbedtls_pkcs12_pbe 
* Prevent pkcs12_pbe encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Document new behaviour, known limitations and possible
  security concerns.
* Add tests to check these scenarios. Test data has been
  generated by the below code using OpenSSL as a reference:

#include <openssl/pkcs12.h>
#include <openssl/evp.h>
#include <openssl/des.h>
#include <openssl/asn1.h>
#include "crypto/asn1.h"
#include <string.h>

int main()
{
    char pass[] = "\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB\xBB";
    unsigned char salt[] = "\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC\xCC";
    unsigned char plaintext[] = "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA";
    unsigned char *ciphertext = NULL;
    int iter = 10;
    X509_ALGOR *alg =  X509_ALGOR_new();
    int ciphertext_len = 0;
    int alg_nid = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
    alg->parameter = ASN1_TYPE_new();
    struct asn1_object_st * aobj;
    PKCS5_pbe_set0_algor(alg, alg_nid, iter,
                         salt, sizeof(salt)-1);

    aobj = alg->algorithm;
    printf("\"30%.2X", 2 + aobj->length + alg->parameter->value.asn1_string->length);
    printf("06%.2X", aobj->length);
    for (int i = 0; i < aobj->length; i++) {
        printf("%.2X", aobj->data[i]);
    }

    for (int i = 0; i < alg->parameter->value.asn1_string->length; i++) {
        printf("%.2X", alg->parameter->value.asn1_string->data[i]);
    }
    printf("\":\"");

    for (int i = 0; i < sizeof(pass)-1; i++) {
        printf("%.2X", pass[i] & 0xFF);
    }
    printf("\":\"");
    for (int i = 0; i < sizeof(plaintext)-1; i++) {
        printf("%.2X", plaintext[i]);
    }
    printf("\":");
    printf("0");
    printf(":\"");

    unsigned char * res = PKCS12_pbe_crypt(alg, pass, sizeof(pass)-1, plaintext, sizeof(plaintext)-1, &ciphertext, &ciphertext_len, 1);

    if (res == NULL)
        printf("Encryption failed!\n");
    for (int i = 0; i < ciphertext_len; i++) {
        printf("%.2X", res[i]);
    }
    printf("\"\n");

    return 0;
}

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
#
 2023-09-05 15:45:55 +01:00
Gilles Peskine edc237938a Split build_info.h: create and populate mbedtls/config_adjust_ssl.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine dc720b0a70 Split build_info.h: create mbedtls/config_adjust_x509.h 
There isn't anything to put in this file. Create it anyway for consistency
with crypto and TLS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine 9d6a63b4fb Split build_info.h: create and populate mbedtls/config_adjust_legacy_crypto.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:10 +02:00
Gilles Peskine 4fb1542354 Split config_psa.h: create and populate mbedtls/config_adjust_legacy_from_psa.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:03:08 +02:00
Gilles Peskine 10c6f07963 Split config_psa.h: create and populate mbedtls/config_adjust_psa_from_legacy.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 12:02:13 +02:00
Gilles Peskine eca0178cfa Split config_psa.h: create and populate mbedtls/config_adjust_psa_superset_legacy.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine 5823977981 Split config_psa.h: create and populate psa/crypto_adjust_auto_enabled.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Gilles Peskine 7b7d903cac Split config_psa.h: create and populate psa/crypto_adjust_config_synonyms.h 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 11:57:14 +02:00
Tom Cosgrove 8bd8a462d2
Merge pull request #8141 from tom-cosgrove-arm/define-psa-macros-to-1 
Define all PSA_xxx macros to 1 rather than have them empty, for consistency
 2023-09-04 21:27:01 +00:00
Agathiyan Bragadeesh fca0861e8e Add asn1 get tag and len to x509 create config 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-04 15:45:37 +01:00
Agathiyan Bragadeesh 86dc08599b Add asn1 write tag and len to x509 use c config 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-09-04 15:40:41 +01:00
Gilles Peskine 1a7d387072
Merge pull request #1041 from waleed-elmelegy-arm/add-new-pkcs5-pbe2-ext-fun 
Add new pkcs5 pbe2 ext fun
 2023-09-04 15:33:42 +02:00
Tom Cosgrove d9572c0270 Move the description of MBEDTLS_TEST_DEFINES_ZEROIZE to before its use 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove 7eced7d1d2 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Tom Cosgrove 42b02a909c Add the ability to verify mbedtls_platform_zeroize() calls with -Wsizeof-pointer-memaccess 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-02 19:22:45 +01:00
Yanray Wang 72d7bb4bca check_config.h: add checks for CIPHER_ENCRYPT_ONLY 
MBEDTLS_CIPHER_ENCRYPT_ONLY is an internal configuration which is
automatically enabled via the PSA. Typically,
once MBEDTLS_CIPHER_ENCRYPT_ONLY is enabled,
MBEDTLS_PSA_CRYPTO_CONFIG must be enabled. This check is only used
to prevent user explicitly enabling MBEDTLS_CIPHER_ENCRYPT_ONLY.

In addition, we shouldn't enable MBEDTLS_CIPHER_ENCRYPT_ONLY if
either CIPHER_MODE_CBC, CIPHER_MODE_XTS or NIST_KW_C is enabled.
Since three of them always need AES-decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:35:58 +08:00
Yanray Wang 9141ad1223 aria/camellia/des: guard setkey_dec by CIPHER_ENCRYPT_ONLY 
This is a pre-step to remove *setkey_dec_func in cipher_wrap ctx
when CIPHER_ENCRYPT_ONLY is enabled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 17:06:38 +08:00
Yanray Wang 67208fdba8 PSA: auto-enable CIPHER_ENCRYPT_ONLY if cipher-decrypt is not needed 
Some cipher modes use cipher-encrypt to encrypt and decrypt.
(E.g: ECB, CBC). This commit adds support to automatically
enable CIPHER_ENCRYPT_ONLY by PSA when requested cipher modes don't
need cipher_decrypt.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:40:11 +08:00
Yanray Wang 78ee0c9e4f aes.c: add config option to support cipher_encrypt_only 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-01 16:35:33 +08:00
Tom Cosgrove c43c3aaf02 Define all PSA_xxx macros to 1 rather than have them empty, for consistency 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-08-31 17:06:58 +01:00
Dave Rodgman a9a53a05f0 Merge remote-tracking branch 'origin/development' into misc-code-size 2023-08-31 11:53:46 +01:00
Gilles Peskine 03e9dea30b Merge remote-tracking branch 'development' into psa_crypto_config-in-full 
Conflicts:
* `include/psa/crypto_sizes.h`: the addition of the `u` suffix in this branch
  conflicts with the rework of the calculation of `PSA_HASH_MAX_SIZE` and
  `PSA_HMAC_MAX_HASH_BLOCK_SIZE` in `development`. Use the new definitions
  from `development`, and add the `u` suffix to the relevant constants.
 2023-08-30 18:32:57 +02:00
Agathiyan Bragadeesh 52af0d08b4 Fix unsafe behaviour in MBEDTLS_ASN1_IS_STRING_TAG 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-30 16:24:15 +01:00
Dave Rodgman 730bbee226 Merge remote-tracking branch 'origin/development' into update-restricted-2023-08-30 2023-08-30 11:22:00 +01:00
Dave Rodgman 29bf911058
Merge pull request #7839 from daverodgman/psa-sha3 
SHA-3 via PSA
 2023-08-30 08:51:36 +00:00
Waleed Elmelegy 79b6e26b1b Improve mbedtls_pkcs5_pbes2_ext function test data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-29 14:55:03 +01:00
Jerry Yu f65f71eef3 improve various issues 
- duplicate definition
- wrong comments
- redundant include statement

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-28 10:58:24 +08:00
Jerry Yu 926221a26e Add target platform detection macros 
Now we have arm/x86 32/64 detection

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-23 17:15:34 +08:00
Agathiyan Bragadeesh af3e548c77 Make MBEDTLS_ASN1_IS_STRING_TAG to take signed int 
Since mbedtls_asn1_buf uses a signed int for tags.

Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Agathiyan Bragadeesh bdf20a0d55 Alter MBEDTLS_ASN1_IS_STRING_TAG macro 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-08-22 10:39:56 +01:00
Tom Cosgrove 17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare 
Prepare to split config_psa.h
 2023-08-22 07:30:46 +00:00
Gilles Peskine d50562c33c
Merge pull request #7827 from davidhorstmann-arm/reword-net-free-description-2544 
Reword the description of `mbedtls_net_free()`
 2023-08-21 22:23:08 +00:00
Gilles Peskine 796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes 
Document mbedtls_calloc zeroization
 2023-08-21 15:47:21 +00:00
Gilles Peskine ea4fc97cd0 Restore a comment and fix it 
aca31654e6 removed a sentence with copypasta
refering to PBKDF2 instead of XTS. Restore that comment but fix the
copypasta.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:16:24 +02:00
Gilles Peskine 7b7ecf5e0d Fix condition to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE 
Don't try to include MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE when
MBEDTLS_PSA_CRYPTO_CONFIG is disabled. This didn't make sense and was an
editorial mistake when adding it: it's meant as an addition to
MBEDTLS_PSA_CRYPTO_CONFIG_FILE, so it should be included under the same
conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:09:14 +02:00
Gilles Peskine a458d48e7f Move the inclusion of the PSA config file(s) into build_info.h 
They belong here, next to the inclusion of the mbedtls config file. We only
put them in config_psa.h in Mbed TLS 2.x because there was no build_info.h
we could use.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:06:12 +02:00
Gilles Peskine 8cd1da4b73 Remove spurious extern "C" 
This header only contains preprocessor definitions. They are not affected by
extern "C".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-21 16:03:41 +02:00
Valerio Setti 568799fe22 ssl_ciphersuites: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-21 07:36:54 +02:00
Dave Rodgman 1fdc884ed8
Merge pull request #7384 from yuhaoth/pr/add-aes-accelerator-only-mode 
AES: Add accelerator only mode
 2023-08-18 20:55:44 +00:00
Gilles Peskine 73936868b8 Merge remote-tracking branch 'development' into psa_crypto_config-in-full 
Conflicts:
* tests/scripts/all.sh: component_test_crypto_full_no_cipher was removed
  in the development branch.
 2023-08-17 19:46:34 +02:00
Waleed Elmelegy 12dd040374 Improve mbedtls_pkcs5_pbes2_ext function signature comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 15:08:03 +01:00
Waleed Elmelegy 5d3f315478 Add new mbedtls_pkcs5_pbe2_ext function 
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-17 14:20:58 +01:00
Gilles Peskine 294be94922
Merge pull request #7818 from silabs-Kusumit/PBKDF2_cmac_implementation 
PBKDF2 CMAC implementation
 2023-08-17 11:15:16 +00:00
Jerry Yu 6c6b9f602c Change document to match real status 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-17 16:53:01 +08:00
Dave Rodgman f4efd19dd0 Reduce code size in ccm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-16 22:37:32 +01:00
Dave Rodgman 2aaf888e0b Adjust struct layout for small size win 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-16 22:37:31 +01:00
Dave Rodgman 864f594acc Adjust layout of some stucts 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-16 18:04:44 +01:00
Gilles Peskine d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn 
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
 2023-08-16 09:19:46 +00:00
Kusumit Ghoderao 9928ca1875 Code styling 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-08-16 11:48:27 +05:30
Valerio Setti d1fba7cdf0 pk: return PK_USE_PSA_EC_DATA to pk.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 08:33:27 +02:00
Manuel Pégourié-Gonnard 26b7c93d9d
Merge pull request #7992 from valeriosetti/issue7755 
driver-only ECC: BN.x509 testing
 2023-08-10 19:41:09 +00:00
Manuel Pégourié-Gonnard 54da1a69a2
Merge pull request #7578 from daverodgman/safer-ct5 
Improve constant-time interface
 2023-08-10 16:57:39 +00:00
Valerio Setti efe848f430 pk: fix some comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 15:48:18 +02:00
Valerio Setti c6aeb0dc1d check_config: remove unnecessary BIGNUM_C requirements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 14:50:03 +02:00
Manuel Pégourié-Gonnard 6beec7ca5e
Merge pull request #7989 from valeriosetti/issue7754 
driver-only ECC: BN.PK testing
 2023-08-10 09:43:56 +00:00
Manuel Pégourié-Gonnard 91c8372c01
Merge pull request #6999 from ivq/ecp_doc 
Doc: Add note on special use of A in ecp group structure
 2023-08-10 08:24:05 +00:00
Jerry Yu 13696bb07b improve check config option for i386 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-10 13:36:32 +08:00
Valerio Setti 0f6d565d26 pk: return PK_USE_PSA_EC_DATA to pk.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 07:05:47 +02:00
Valerio Setti 7c494e7211 pk: move PK_HAVE_ECC_KEYS to build_info.h 
This is usefuls to use PK_HAVE_ECC_KEYS in check_config.h instead
of redefining it twice in different ways.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 07:05:47 +02:00
Manuel Pégourié-Gonnard 7dccb66d49 test: disable RSA support on the test ecc_no_bignum component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-10 06:43:23 +02:00
Gilles Peskine 935ff2300c More unsigned literal in size macros 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-09 19:48:02 +02:00
Janos Follath 115784bd3f
Merge pull request #1040 from waleed-elmelegy-arm/development-restricted 
Improve & test legacy mbedtls_pkcs5_pbe2
 2023-08-09 09:43:23 +01:00
Chien Wong aa9a15833e
Fix doc 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-09 12:35:47 +08:00
Gilles Peskine f11cfecb6b
Merge pull request #7998 from gilles-peskine-arm/MBEDTLS_PSA_CRYPTO_CONFIG-less_experimental 
MBEDTLS_PSA_CRYPTO_CONFIG is ready for production
 2023-08-08 09:04:57 +00:00
Gilles Peskine a79256472c
Merge pull request #7788 from marekjansta/fix-x509-ec-algorithm-identifier 
Fixed x509 certificate generation to conform to RFCs when using ECC key
 2023-08-07 19:14:54 +00:00
Chien Wong 153ae464db
Improve doc on special use of A in ecp group structure 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-07 23:02:31 +08:00
Dave Rodgman c98f8d996a
Merge branch 'development' into safer-ct5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-07 11:47:35 +01:00
Dave Rodgman 003a5e1ca7
Merge pull request #1046 from Mbed-TLS/merge_3.4.1 
Merge 3.4.1
 2023-08-03 18:23:37 +01:00
Dave Rodgman a0fc9987da Merge branch 'development' into merge_3.4.1 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-03 15:56:59 +01:00
Waleed Elmelegy f50767d7ab Improve mbedtls_pkcs5_pbes2 function signature comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-08-03 15:42:55 +01:00
Dave Rodgman 6f80ac4979
Merge pull request #7864 from waleed-elmelegy-arm/enforce-min-RSA-key-size 
Enforce minimum key size when generating RSA key size
 2023-08-03 12:57:52 +00:00
Dave Rodgman 9a3ded10b7 Merge remote-tracking branch 'gilles-peskine-arm/3.4.0-updated-certs' into mbedtls-3.4.1rc0-pr 2023-08-03 12:00:31 +01:00
Valerio Setti c8ccc8f86d tls: add new symbol for generic TLS 1.2 and 1.3 support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-02 20:00:13 +02:00
David Horstmann df28b8d2ea Add space to appease doxygen bug 
See doxygen/doxygen#8706

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-02 16:06:32 +02:00
Gilles Peskine 550d147078 Bump version to 3.4.1 
```
./scripts/bump_version.sh --version 3.4.1
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-02 12:50:23 +02:00
Gilles Peskine 267bee9be8
Merge pull request #7903 from valeriosetti/issue7773 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
 2023-08-02 10:16:44 +00:00
Jerry Yu 1414029ff0 improve document about hardware only 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:03 +08:00
Jerry Yu 6943681820 Improve error message and documents 
- fix grammar error
- Add more information for AES_USE_HARDWARE_ONLY
- Improve error message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:03 +08:00
Jerry Yu e77c4d95a7 Mention the crash risk without runtime detection 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:02 +08:00
Jerry Yu 3660623e59 Rename plain c option and update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:01 +08:00
Jerry Yu 3fcf2b5053 Rename HAS_NO_PLAIN_C to DONT_USE_SOFTWARE_CRYPTO 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:00 +08:00
Jerry Yu 1b3ab36b55 Update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:43:59 +08:00
Jerry Yu 315fd30201 Rename plain c disable option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:43:59 +08:00
Jerry Yu 0d4f4e5b01 Add option to disable built-in aes implementation. 
For time being, there are only two aes implementations for known
architectures. I define runtime detection function as const when
built-in was disabled. In this case, compiler will remove dead
built-in code.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:43:54 +08:00
Bence Szépkúti 895074e3f9
Merge pull request #8002 from valeriosetti/issue7904 
PSA maximum size macro definitions should take support into account
 2023-08-02 05:57:28 +00:00
Valerio Setti 2430a70fcf ssl_ciphersuites: adding new internal helper symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-01 19:02:38 +02:00
Dave Rodgman 56e5d6887f
Fix comment typo 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-01 15:04:11 +01:00
Gilles Peskine d55e451b3e
Merge pull request #7997 from yanesca/fix_new_bignum_tests 
Fix new bignum tests
 2023-08-01 12:09:39 +00:00
Janos Follath e416f03c8f Improve wording of MBEDTLS_ECP_WITH_MPI_UINT doc 
Use the standard "experimental" word in the description and make the
wording more similar to other experimental warnings.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-01 08:44:40 +01:00
Manuel Pégourié-Gonnard de8f56e936
Merge pull request #7884 from valeriosetti/issue7612 
TLS: Clean up (EC)DH dependencies
 2023-08-01 07:13:36 +00:00
Kusumit Ghoderao baf350c6bd Add PSA_HAVE_SOFT_PBKDF2 to crypto_driver_context_key_derivation 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-31 20:22:33 +05:30
Dave Rodgman ad9e5b9abe Improve docs for mbedtls_ct_memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-31 12:43:23 +01:00
Dave Rodgman 9ee0e1f6fe Remove GCC redundant-decls workaround for mbedtls_ct_memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-31 12:43:23 +01:00
Janos Follath 2f04582d37 Move MBEDTLS_ECP_WITH_MPI_UINT to mbedtls_config.h 
There is a precedent for having bigger and less mature options in
mbedtls_config.h (MBEDTLS_USE_PSA_CRYPTO) for an extended period.
Having this option in mbedtls_config.h is simpler and more robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-07-31 10:57:16 +01:00
Valerio Setti 43c5bf4f88 crypto_sizes: use PSA_WANT_ALG for MAX signatures and key agreement sizes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 11:35:48 +02:00
Valerio Setti 8b27decc6a Revert "crypto_sizes: check also if DH is enabled for PSA_SIGNATURE_MAX_SIZE" 
This reverts commit 478c236938.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 11:35:42 +02:00
Valerio Setti 9cd8011978 tls: fix definition of symbol KEY_EXCHANGE_SOME_XXDH_PSA_ANY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 16:46:55 +02:00
Valerio Setti 478c236938 crypto_sizes: check also if DH is enabled for PSA_SIGNATURE_MAX_SIZE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 16:05:53 +02:00
Manuel Pégourié-Gonnard 43cef57e51
Merge pull request #7811 from mpg/md-info 
Optimize strings in MD
 2023-07-28 08:34:09 +00:00
Kusumit Ghoderao c22affd9ec Fix dependencies for pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-28 13:31:58 +05:30
Valerio Setti c012a2de7c crypto_sizes: change initial MAX_SIZE value to 1 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 09:34:44 +02:00
Valerio Setti 644e01d767 crypto_sizes: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 09:31:51 +02:00
Valerio Setti a83d9bf0db crypto_sizes: size PSA max symbols according to actual support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 18:15:20 +02:00
Kusumit Ghoderao a12e2d53bd Replace AES_CMAC_128_PRF_OUTPUT_SIZE with PSA_MAC_LENGTH() 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:18:30 +05:30
Kusumit Ghoderao 9ab03c3d72 Define PSA_ALG_IS_PBKDF2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:14:05 +05:30
Kusumit Ghoderao 2addf35855 Replace MBEDTLS_PSA_BUILTIN_PBKDF2_XXX with PSA_HAVE_SOFT_PBKDF2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:11:09 +05:30
Kusumit Ghoderao 105f772fe8 Add PSA_HAVE_SOFT_PBKDF2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:03:06 +05:30
Kusumit Ghoderao ce38db1c0b Change config_psa.h PBKDF2_CMAC dependencies 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:01:03 +05:30
Waleed Elmelegy d7bdbbeb0a Improve naming of mimimum RSA key size generation configurations 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 14:50:09 +00:00
Dave Rodgman f2e3eb8bd9 Add OID for HMAC-RIPEMD160 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 15:46:05 +01:00
Dave Rodgman 5cc67a3ee2 Add OIDs for HMAC-SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 14:44:35 +01:00
Dave Rodgman 2d626cc44f Fix missing opening brace in comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 14:43:55 +01:00
Gilles Peskine 25b4e72d6e MBEDTLS_PSA_CRYPTO_CONFIG is ready for production 
It's ok if people use MBEDTLS_PSA_CRYPTO_CONFIG: it's not unstable or
unpredictable. But we still reserve the right to make minor changes
(e.g. https://github.com/Mbed-TLS/mbedtls/issues/7439).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-27 15:09:24 +02:00
Waleed Elmelegy 3d158f0c28 Adapt tests to work on all possible minimum RSA key sizes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:03:35 +00:00
Waleed Elmelegy ab5707185a Add a minimum rsa key size config to psa config 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:00:03 +00:00
Waleed Elmelegy 76336c3e4d Enforce minimum key size when generating RSA key size 
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 10:58:25 +00:00
Manuel Pégourié-Gonnard 0fda0d2e5c Fix overly specific description in public doc 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-27 12:22:52 +02:00
Valerio Setti 9c5c2a4b71 crypto_legacy: fix initial comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 11:11:19 +02:00
Gilles Peskine 7ef14bf8a2
Merge pull request #7835 from gilles-peskine-arm/ssl_premaster_secret-empty-3.4 
Fix empty union when TLS is disabled
 2023-07-27 08:28:21 +00:00
Valerio Setti a55f042636 psa: replace DH_KEY_PAIR_LEGACY with new symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Paul Elliott f1c032adba
Merge pull request #7902 from valeriosetti/issue7772 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/RSA
 2023-07-25 17:13:43 +01:00
Valerio Setti ea59c43499 tls: fix a comment a rename a variable/symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:14:03 +02:00
Valerio Setti d0371b0a08 debug: keep ECDH_C guard for debug printf accessing ecdh_context's items 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 10:57:01 +02:00
Dave Rodgman cad28ae77a Merge remote-tracking branch 'origin/development' into psa-sha3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-24 15:51:13 +01:00
Gilles Peskine 3c861642c8 Make sure that size constants are unsigned 
This fixes a warning from some compilers (e.g. MSVC) about comparisons
between signed and unsigned values in perfectly reasonable code. In
particular, there was one such warning in psa_pbkdf2_hmac_set_password.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-21 17:50:49 +02:00
Gilles Peskine 2387bdab0f
Merge pull request #1038 from Mbed-TLS/development 
Merge development into development-restricted
 2023-07-21 15:40:36 +02:00
Ronald Cron 87f62850f3
Merge pull request #7893 from ronald-cron-arm/misc-from-psa-crypto 
Miscellaneous fixes resulting from the work on PSA-Crypto
 2023-07-21 10:54:41 +02:00
Dave Rodgman ed70fd0c39
Merge pull request #5549 from AndrzejKurek/doxygen-bad-param-names 
Fix wrong doxygen parameter names and misused `\p` commands
 2023-07-20 14:10:10 +01:00
Manuel Pégourié-Gonnard c844c1a771
Merge pull request #7546 from mpg/align-psa-md-identifiers 
Align psa md identifiers
 2023-07-20 11:34:28 +02:00
Dave Rodgman 6dd40642e8
Merge pull request #7932 from AgathiyanB/add-mpi-uint-size-macro 
Use compile-time determination of which __builtin_clz() to use, with new MBEDTLS_MPI_UINT_SIZE macro
 2023-07-19 14:57:39 +01:00
Waleed Elmelegy 708d78f80b Improve & test legacy mbedtls_pkcs5_pbe2 
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
  reused but with changing padding data in last block to
  check for valid/invalid padding.
* Document new behaviour, known limitations and possible
  security concerns.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-19 14:01:35 +01:00
Agathiyan Bragadeesh eed55c6c94 Use defined macros for MBEDTLS_MPI_UINT_MAX 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-19 11:08:02 +01:00
Dave Rodgman 5f65acb02b
Merge pull request #7859 from gilles-peskine-arm/mbedtls_mpi-smaller 
Reduce the size of mbedtls_mpi
 2023-07-18 16:48:37 +01:00
Gilles Peskine 24a305ec22 Explain why we check 65535 (not USHORT_MAX) 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-18 13:53:07 +02:00
Manuel Pégourié-Gonnard 828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749 
driver-only ECC: EPCf.TLS testing
 2023-07-18 10:33:21 +02:00
Agathiyan Bragadeesh 197565062a Make consistent suffix MBEDTLS_MPI_UINT_MAX 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 16:43:19 +01:00
Agathiyan Bragadeesh 900e20d3a2
Change MBEDTLS_MPI_UINT_MAX suffix 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Agathiyan Bragadeesh <48658345+AgathiyanB@users.noreply.github.com>
 2023-07-17 16:27:21 +01:00
Ronald Cron 170c199829 Align guards of Windows specific configuration checks 
In check_config.h, align the guards of Windows
specific configuration checks with the ones used
in platform.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:53:20 +02:00
Ronald Cron 03ea8f8d0a Add dependency of builtin CCM* on builtin cipher 
Add missing dependency of the unauthenticated
cipher CCM* without tag builtin implementation
on builtin cipher.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:52:32 +02:00
Agathiyan Bragadeesh 09a455e21a Add macros for mpi uint max sizes 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-14 14:07:18 +01:00
Dave Rodgman a02b36886c Fix gcc warnings when -Wredundant-decls set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-14 13:43:39 +01:00
Andrzej Kurek f14a5c3fcb Improve the documentation of MBEDTLS_PLATFORM_MEMORY 
Introduce requests from review comments.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 06:15:15 -04:00
Andrzej Kurek 377eb5f0c3 doxygen: \p commands misuse - review comments 
Apply comments suggested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek 00b54e6885 doxygen: fix parameter name typos and misused \p commands 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek 43dfd51ab4 doxygen: fix misused \p commands in rsa.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek 3bedb5b663 doxygen: fix parameter name typos and misused \p commands 
\p is reserved for function parameters.
\c is used to describe other values and variables.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek 69ed8c41fa Fix documentation - parameter name mistakes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek 7d49a1c907 doxygen: remove unnecessary description 
Due to the nature of CTR, there is no mode parameter.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Jerry Yu 8bfa24b021 Update compiler versions requirement 
For time being, we haven't verified MSVC
for sha256 and 512. So we do not add msvc
information.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:29 +08:00
Jerry Yu 8e96e78dbe update document and error message 
Chang the spell of armclang

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Jerry Yu c37e260dc5 Add armclang version requirement for sha512 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Dave Rodgman 98e632f210 Re-order mbedtls_mpi to save a few extra bytes with clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-11 16:02:50 +01:00
Valerio Setti 980383421a config_psa: enable KEY_PAIR_GENERATE only when GENPRIME is defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 16:32:50 +02:00
Valerio Setti 0d5c5e5a38 config_psa: enable KEY_PAIR_[IMPORT/EXPORT] as soon as BASIC is enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti a9a3c5581e config_psa: enable GENPRIME when BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti b2bcedbf9a library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti f6d4dfb745 library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Gilles Peskine 6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal 
Split psa_util.h between internal and public
 2023-07-10 18:33:23 +02:00
Valerio Setti 6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Pengyu Lv 08daebb410 Make endpoint getter parameter a pointer to const 
It would be convenient for users to query the endpoint
type directly from a ssl context:

```
    mbedtls_ssl_conf_get_endpoint(
        mbedtls_ssl_context_get_config(&ssl))
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv accd53ff6a Add getter access to endpoint field in mbedtls_ssl_config 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv 918ebf3975 Add getter access to hostname field in mbedtls_ssl_context 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv af724dd112 ssl_cache: Add getter access to timeout field 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Valerio Setti aa7cbd619c build_info: replace PK_CAN_ECDH with CAN_ECDH and fix comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:23 +02:00
Valerio Setti 3d237b5ff1 ssl_misc: fix guards for PSA data used in XXDH key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:16 +02:00
Valerio Setti 0a0d0d5527 ssl: keep all helper definitions in ssl_ciphersuites.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti ed365e66bb ssl: improve/fix definitions for internal helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti a15078b784 pk: do not duplicate internal symbols for ECDH/ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti e87915b66f ssl: update new symbols to include also FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti b302efc8d9 debug: replace ECDH_C symbol with key exchange one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti c2232eadfb tls: replace PK_CAN_ECDH guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti 7aeec54094 tls: replace ECDH_C guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti 00dc4063e2 ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Andrzej Kurek c508dc29f6 Unify csr and crt san writing functions 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 09:05:30 -04:00
Manuel Pégourié-Gonnard 9967f11066
Merge pull request #7810 from valeriosetti/issue7771 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
 2023-07-07 10:22:47 +02:00
Manuel Pégourié-Gonnard 999ce227fc Make the PSA-mbedtls RNG API public 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard abfe640864 Rationalize includes in psa_util 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:27 +02:00
Manuel Pégourié-Gonnard b7e8939198 Move error functions to internal header 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard a5a8f29d7e Move ECC and FFDH macros to internal header 
ECC macros used in the following files:

library/pk.c
library/pk_wrap.c
library/pkparse.c
library/pkwrite.c
library/ssl_misc.h
library/ssl_tls12_client.c

FFDH macro use only in library/ssl_misc.h so could possibly be moved
there, but it seems cleaner to keep it close to the ECC macros are they
are very similar in nature.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:45:54 +02:00
Manuel Pégourié-Gonnard f9b012f313 Remove unused function from psa_util.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard 5c731b0afb Use consistent guards for deprecated feature 
Fixes an "unused static function" warning in builds with
DEPRECATED_REMOVED.

While at it, remove an include that's now useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard efcc1f21c8 Make cipher functions static in cipher.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard 2be8c63af7 Create psa_util_internal.h 
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Tom Cosgrove 836aed7cf8
Merge pull request #6003 from gstrauss/x509_time 
mbedtls_x509_time performance and reduce memory use
 2023-07-06 09:28:14 +01:00
Dave Rodgman 852b6c30b7 Support MBEDTLS_MD_SHA3_xxx_VIA_PSA 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-05 19:47:08 +01:00
Dave Rodgman 527f48f14d Add OID definitions for SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-05 18:57:30 +01:00
Dave Rodgman 3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size 
Cipher wrap size improvement
 2023-07-05 15:45:48 +01:00
Dave Rodgman 761d0dcfbf Improve doxygen formatting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-05 12:33:53 +01:00
Dave Rodgman ff4c2db489 Improve comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-05 12:11:32 +01:00
Kusumit Ghoderao 3fde8feaa9 FIx name of macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao b3042c39fe Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao 857cd4b3ee Add AES_CMAC_PRF_128 output size macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao dd45667a18 Define struct for pbkdf2_cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Kusumit Ghoderao 3cb6e41dfa Add define for builtin pbkdf2_cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Andrzej Kurek 2b3c06edb3 Enable certain documented defines only when generating doxygen 
Avoid an "unrecognized define" error.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-03 10:42:15 -04:00
Manuel Pégourié-Gonnard 56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Valerio Setti 06dfba7fd9 config_psa: enabled EC key derivation support when ECP_C is enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti 27c501a10c lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT 
Also the python script for automatic test generation is fixed accordingly

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti 6a9d0ee373 library/test: replace LEGACY symbol with BASIC_IMPORT_EXPORT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti 73fc082fcd config_psa: introduce new internal KEY_PAIR symbol for BASIC+IMPORT+EXPORT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Gilles Peskine 053022fe24 Reduce the size of mbedtls_mpi 
Reduce the size of mbedtls_mpi from 3 words to 2 on most architectures.

This also reduces the code size significantly in bignum.o and ecp_curves.o,
with negligible variations in other modules.

This removes the ability to set MBEDTLS_MPI_MAX_LIMBS to a value >=65536,
but we don't support customizing this value anyway (it's always 10000).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-29 19:33:44 +02:00
Andrzej Kurek aae3208c29 Add an mbedtls_calloc(SIZE_MAX/2, SIZE_MAX/2) test 
It should return NULL and not a valid pointer.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-27 09:26:08 -04:00
Andrzej Kurek 84356a16e9 Add a description of how mbedtls_calloc is determined 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-27 09:26:08 -04:00
Andrzej Kurek ecaf6fb8b2 Documentation and cosmetic fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-27 09:26:08 -04:00
Andrzej Kurek 2d981f092e Extend mbedtls_calloc and mbedtls_free documentation 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-27 09:26:08 -04:00
Andrzej Kurek c08ccd00f3 Add a test for calloc zeroization 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-27 09:26:08 -04:00
Andrzej Kurek b9f8974c6c Document mbedtls_calloc zeroization 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-27 09:26:08 -04:00
David Horstmann 4506e7de61 Move clarification to a separate note 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 12:20:32 +01:00
David Horstmann 5dbe17de36 Add PSA_JPAKE_FINISHED to EXPECTED_{IN,OUT}PUTS() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 10:30:28 +01:00
Dave Rodgman 47a2ac1c25 Fix incorrectly named macro 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-26 18:39:42 +01:00
Dave Rodgman 5734bb99cc Fix PSA_HMAC_MAX_HASH_BLOCK_SIZE and PSA_HASH_MAX_SIZE definitions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-26 18:23:08 +01:00
Przemek Stekiel 98d79335d1 Update guards for supported groups 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-26 16:28:45 +02:00
Dave Rodgman 09822a35f5 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-26 11:11:23 +01:00
Dave Rodgman f66cd61daa Use more standard PSA macro names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-26 11:02:12 +01:00
Dave Rodgman 98083c6a17 Add support for SHA-3 in PSA 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-25 23:27:45 +01:00
Gilles Peskine e8e1e157cb Fix empty union when TLS is disabled 
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-25 21:41:58 +02:00
Dave Rodgman 4f8d2efec9 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 18:40:46 +01:00
Dave Rodgman d30eed4d55 More struct re-ordering 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 18:35:42 +01:00
Dave Rodgman 92cf6e52d3 Adjust stuct order for better packing / smaller accessor code size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 18:21:11 +01:00
Dave Rodgman e59b9d44b1 Fix some compiler type warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 16:53:13 +01:00
Dave Rodgman a2e2fce60d Fix accidental mis-named field 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 14:44:27 +01:00
Dave Rodgman eb65fec023 Fix use of enum in a bitfield 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 14:29:25 +01:00
Dave Rodgman 85a88133aa Use fewer bits for block_size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 13:37:28 +01:00
Dave Rodgman 3b46b77cf1 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 13:37:28 +01:00
Dave Rodgman de3de773e6 Use look-up table for base 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 12:59:31 +01:00
Dave Rodgman 0ffb68ee3f Use fewer bits for iv_size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 12:59:31 +01:00
Dave Rodgman 6c6c84212e Use fewer bits for key_bitlen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 11:14:34 +01:00
Dave Rodgman 3319ae9679 Re-order mbedtls_cipher_info_t 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 10:55:04 +01:00
Dave Rodgman 48d13c5143 Use bit-fields 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 10:53:37 +01:00
David Horstmann 07c22c6708 Reword the description of mbedtls_net_free() 
This makes it clearer that the context itself is not being freed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-23 23:19:40 +01:00
Dave Rodgman f9c9c92a40 Change types in mbedtls_cipher_info_t 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-23 17:16:17 +01:00
David Horstmann 279d227971 Add "completed" clarification to struct comments 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann 096093bac5 Remove redundant structures from previous design 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann 024e5c5f2e Rename struct member mode to io_mode 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann 5da9560178 Properly namespace enum values within PSA_JPAKE_ 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann e7f21e65b6 Change J-PAKE internal state machine 
Keep track of the J-PAKE internal state in a more intuitive way.
Specifically, replace the current state with a struct of 5 fields:

* The round of J-PAKE we are currently in, FIRST or SECOND
* The 'mode' we are currently working in, INPUT or OUTPUT
* The number of inputs so far this round
* The number of outputs so far this round
* The PAKE step we are expecting, KEY_SHARE, ZK_PUBLIC or ZK_PROOF

This should improve the readability of the state-transformation code.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
Manuel Pégourié-Gonnard 2fb9d00f6d
Merge pull request #7682 from valeriosetti/issue7453 
driver-only ECC: ECPf.PK testing
 2023-06-22 09:45:57 +02:00
Paul Elliott 458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips 
Use better IP parsing in x509 apps
 2023-06-20 17:21:04 +01:00
Valerio Setti a9aab1a85b pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() 
This allows also to:
- removing the dependency on ECP_C for these functions and only rely
  on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
  their original position in pk.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti bc2b1d3288 psa: move mbedtls_ecc_group_to_psa() from inline function to standard one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti f54ca35b8a build_info: do not enable ECP_LIGHT when PSA_WANT_ALG_ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti 81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti e489e81437 pk: add new symbol to state that PK has support for EC keys 
Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS
has been move on top of the pk.h file because we need these symbols
when crypto.h is evaluated otherwise functions like
mbedtls_ecc_group_of_psa() won't be available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Marek Jansta 8bde649c0b Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-06-19 12:49:27 +02:00
Valerio Setti 3cd4ef7a7a mbedtls_config: improved description of PK_PARSE_EC_COMPRESSED 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 11:35:10 +02:00
Valerio Setti a18385b197 build_info: improved description of ECP_LIGHT auto-enabling symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 11:34:28 +02:00
Valerio Setti fdf15ddfbe build_info: auto enable PK_PARSE_EC_COMPRESSED when PK_PARSE_C && ECP_C 
This helps backward compatibility since compressed points were
always supported in previous releases as long as PK_PARSE_C and
ECP_C were defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:47 +02:00
Valerio Setti 4922ba132a build_info: complete list of symbols that auto-enable ECP_LIGHT 
The comment is also updated accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:46 +02:00
Valerio Setti addeee4531 mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol 
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
  defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
  (it get disabled also in the reference components because we want
  to achieve test parity)
- remove skipped checks in analyze_outcomes.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:46 +02:00
Valerio Setti aecd32c90a pk: let PK_PARSE_EC_EXTENDED auto-enable ECP_LIGHT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:46 +02:00
Valerio Setti 01cc88a46b config_psa: replace USE symbols with BASIC one for all KEY_PAIRs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:27:02 +02:00
Valerio Setti 4520a8f312 config_psa: only KEY_PAIR_USE includes PUBLIC_KEY 
While the other (IMPORT, EXPORT, GENERATE, DERIVE) only include
the USE one.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti aac957b493 config_psa: always enable PUBLIC_KEY when any KEY_PAIR is enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti f4d7ede72c config_psa: fix logic for updating legacy symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti 38a3e8d10c config_psa: ECP_C do not enable ECC_KEY_PAIR_DERIVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti b0d9aaee1c psa: move PSA_WANT checks to check_crypto_config 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti c51cba92a3 config_psa: avoid repetitions when including MBEDTLS symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti b7ef51a193 crypto: move legacy symbols support to a dedicated header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti ddb577626d config_psa: add missing BUILTIN symbols when ECP_C is defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti 89cb1444a5 config_psa: fix comment for LEGACY symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti 602ee2ed98 config_psa: remove support for PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti a801b56600 config_psa: remove GENPRIME from enabled symbols of PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
valerio 36befce51a config_psa: remove leftover comment on ECC derivation 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-06-16 12:26:26 +02:00
Valerio Setti 8bb5763a85 library: replace deprecated symbols with temporary _LEGACY ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Valerio Setti f87b505511 config_psa: replace legacy symbols with new ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Valerio Setti 8d6e98c170 psa: add support for legacy symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Valerio Setti 67a3e3eb7b crypto_config: introducing new definitions for PSA_WANT KEY_PAIRs 
- deprecate legacy PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- introduce new PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy where
   - xxx is either RSA, DH or ECC
   - yyy can be USE, IMPORT, EXPORT, GENERATE, DERIVE

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:23:55 +02:00
Janos Follath a426dc31cc
Merge pull request #7782 from gilles-peskine-arm/mbedtls_ecp_modulus_type-move 
Move mbedtls_ecp_modulus_type out of the public headers
 2023-06-16 11:12:57 +01:00
Gilles Peskine f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes 
PBKDF2: Output bytes
 2023-06-16 10:08:02 +02:00
Gilles Peskine 637c049349 Move mbedtls_ecp_modulus_type out of the public headers 
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests

Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-15 19:07:41 +02:00
Przemek Stekiel ce05f54283 Properly disable ECDH in only (psk) ephemeral ffdh key exchange components 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 16:44:08 +02:00
Andrzej Kurek c6beb3a741 Rename NUL to null in x509 IP parsing description 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-15 09:54:37 -04:00
Tom Cosgrove 6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Yanray Wang 55ef22c2cb mbedtls_config.h: add description for CTR_DRBG about AES-128 only 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-06-15 10:05:27 +08:00
Gilles Peskine c453e2e7e8 Officially deprecate MBEDTLS_CIPHER_BLKSIZE_MAX 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine 9e930e2887 Rename MBEDTLS_CIPHER_BLKSIZE_MAX internally 
Replace all occurrences of MBEDTLS_CIPHER_BLKSIZE_MAX by the new name with
the same semantics MBEDTLS_CMAC_MAX_BLOCK_SIZE, except when defining or
testing the old name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine 7282a9e1a0 Replacement for MBEDTLS_CIPHER_BLKSIZE_MAX 
Prepare to rename this constant by MBEDTLS_CMAC_MAX_BLOCK_SIZE. The old name
was misleading since it looked like it covered all cipher support, not just
CMAC support, but CMAC doesn't support Camellia or ARIA so the two are
different.

This commit introduces the new constant. Subsequent commits will replace
internal uses of MBEDTLS_CIPHER_BLKSIZE_MAX and deprecate it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine 16bb83cb57 Explicitly document that Camellia and ARIA aren't supported 
In particular, this explains why the definition of
MBEDTLS_CIPHER_BLKSIZE_MAX is correct.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Przemek Stekiel 7d42c0d0e5 Code cleanup #2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 12:30:40 +02:00
Przemek Stekiel 75a5a9c205 Code cleanup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 09:57:23 +02:00
Dave Rodgman f956312174 Fix typo in MBEDTLS_MD_CAN macros 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-11 16:04:29 +01:00
Glenn Strauss 61d99304da mbedtls_x509_time_gmtime() to fill struct w/ time 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-06-09 17:01:03 +01:00
Glenn Strauss 416dc03467 mbedtls_x509_time_cmp() compare mbedtls_x509_time 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-06-09 17:01:03 +01:00
Dave Rodgman 0442e1b561 Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-08 16:03:33 +01:00
Manuel Pégourié-Gonnard 1f6d2e352d Simplify implementation of MD<->PSA translation 
Also, add tests and comments due from previous commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-08 12:09:20 +02:00