yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-02-03 06:14:52 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
24886 commits 89 branches 205 tags 114 MiB
Commit graph

24886 commits

This branch
This branch
All branches
Author SHA1 Message Date
Valerio Setti 40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti ce0caa3384 oid: fix comment in #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti fcc6933a53 test: fix disparities in x509parse and x509write suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti f972ce8d69 oid: replace ECDSA_C with new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti c8801b7ef1 test: x509: remove disparities in driver only testing for ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti 80d0798ae8 pk_wrap: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:49:17 +01:00
Valerio Setti 683a432a7f fix code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti a1e3e3a28f test: pk: keep PK_WRITE_C only in RSA tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti 5c032b5e1b pk_wrap: fix comment in ecdsa_verify_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti b761b15f06 fix code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti d0b83e1fc7 build_info: fix PK's requirements for RSA_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti 1337a4f334 pk_wrap: use specific lengths for EC's private key and key-pair 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti 5bc52248ef pk_wrap: fix for DETERMINISTIC_ECDSA case in ecdsa_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Gilles Peskine be9e2a1634 The pk_psa_sign test function needs pk_write 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine 8a6022e948 Clean up header inclusions in pk_wrap.c 
To better reflect what the code relies on, limit the headers that are
included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including
"pkwrite.h" when it is no longer needed.

Include "mbedlts/platform_util.h" unconditionally. It was only included for
RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked
because other headers include "mbedtls/platform_util.h").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine bbccdd485c pk no longer needs pk_write for ECDSA with MBEDTLS_USE_PSA_CRYPTO 
The dependency is still useful for RSA, for which PSA encodes keys with an
ASN.1 structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine 13caa94746 Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO 
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling
mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to
then extract the part that represents the private value which is what
psa_import_key() actually wants. Instead, call an mpi function to directly
get the private key in the desired format.

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine b4a87b07f8 Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO 
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling
mbedtls_pk_write_pubkey() to write a public key in the form of a
subjectPublicKey, only to then extract the part that represents the EC
point which psa_import_key() actually wants. Instead, call an ecp
function to directly get the public key in the desired format (just the
point).

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Manuel Pégourié-Gonnard 9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857 
driver-only ECDSA: get testing parity in PK
 2023-02-08 13:33:15 +01:00
Gilles Peskine 199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:35:19 +01:00
Gilles Peskine 58e935fc6b add a missing 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:07:12 +01:00
Xiaokang Qian 0de0d863b6 Rebase code to restore reco-delay and fix some style issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 07:41:42 +00:00
Yanray Wang 303829709d compat.sh: simplify code of iterating on VERIFY for PSK tests 
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.

With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-08 14:58:35 +08:00
Xiaokang Qian 8dc4ce76c7 Fix various coding style and comment issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 6b980011e5 Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 53c4c27d35 Update the comment of ciphersuite check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 64bc9bc33d Add comments to describe the early data behavior-encrypt/rejected... 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian e04afdc44f Refine the condition of whether re-generate early keys 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian eb31cbc791 Share the hash check code between ticket and external psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 4ef8ba2938 Assign the ciphersuite in finalize_hrr{server_hello} 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian bb883244aa Remove useless comments of outbound switch 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 02f5e14073 Combine the alert check of selected_id and ciphercuite 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 934ce6f6a9 Rename the finalize_client{server}_hello() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian ac4c625dea Add hash check of ciphersuite for ticket psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 6be8290aba Change to CCS after client hello only if we offer early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 7179f810f1 Restore the empty lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian b58462157e Refine the ciphersuite and select id check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 44051f6376 Refine the state change after write client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 7892b6caad Refine the comment about generating early secrects in post server hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian bd0ab06d50 Skip CCS once we proposed early data even it is rejected 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian f6d8fd3d6b Improve the coding style of new lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian 79f77528f5 Move state change to finalize client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 3f616c2493 Move selected_identity zero check to post_server_hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 1d8e86ce00 Get hash_alg by mbedtls_psa_translate_md 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian ea28a78384 Revert new field and check ciphersuite match when resume by exist info_id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 4224244883 Improve coding styles and add comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 33ff868dca Fix various errors 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 43a83f247c Move the place where call set_outbound_transform to switch handshake key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 907461319a Fix compile error and warnings 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00