yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
21362 commits 89 branches 205 tags 114 MiB
Commit graph

5385 commits

Author SHA1 Message Date
Jerry Yu a357cf4d4c Rename new_session_ticket state 
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu f8a4994ec7 Add tls13 new session ticket parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu c62ae5f539 Add new session ticket message check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu a270f67340 Add tls13 session fields 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu 0038c5ff1c Add ticket nonce setting 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard abac037a7b Migrate from old inline to new actual function. 
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard 1f7f7172dc Document existing dependency of MD_C 
Trying to compile MD_C without any of the hash modules would result in a
bunch of unused parameter warning (hence errors in -Werror builds).

We could silence those warnings by casting the parameters to void, but
still, compiling the module in such a configuration would mean all of
its functions are useless (always returning an error).

Seems better to just document the dependency.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 12:49:20 +02:00
Ronald Cron d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext 
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
 2022-07-18 11:34:24 +02:00
Paul Elliott 0b5f4950cc
Merge pull request #5953 from tuvshinzayaArm/update-document-PSA_ALG_RSA_PSS 
Update documentation of PSA_ALG_RSA_PSS
 2022-07-14 10:40:21 +01:00
Jerry Yu e19e3b9eb8 Add psk_key_exchange_modes parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:35 +00:00
Paul Elliott cd08ba0326 Bump version to 3.2.1 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 10:51:55 +01:00
Manuel Pégourié-Gonnard bab73ab842 Loosen guards in mbedtls_psa_translate_md() 
Depending only of our software implementation was too strict. The
function can be useful when only the PSA implementation is available,
since oftentimes the algorithm will still be expressed as an md_type for
legacy reasons.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard 46a295422d Build and test RSA PKCS#1v1.5 without MD 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard 3f4778995e Rm dependency on MD in psa_crypto_rsa.c 
The previous commit made the PKCS#1v1.5 part of rsa.c independent from
md.c, but there was still a dependency in the corresponding part in PSA.
This commit removes it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard fe2b9b5397 Make mbedtls_oid_get_md_alg() always available 
This is a step towards building with RSA PKCS#1v1.5 without MD.

Also loosen guards around oid data: the OID definitions clearly don't
depend on our software implementation.

We could simply have no dependency as this is just data. But for the
sake of code size, let's have some guards so that people who don't use
MD5, SHA1 or RIPEMD160 don't have to pay the price for them.

Note: this is used for RSA (PKCS#v1.5) signatures among other things, an
area that is not influenced by USE_PSA, so the guards should not depend
on it either.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard b86279fc63 Build and test PK without MD 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-12 11:11:18 +02:00
Paul Elliott 20362cd1ca Bump library and so versions for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Ronald Cron ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Manuel Pégourié-Gonnard 3e83098e01 Clarify the TLS 1.3 situation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard ff43ff6e78 Remove stability waiver from USE_PSA 
It was initially motivated by the fact that the PSA Crypto APIs
themselves were not stable. In the meantime, PSA Crypto has reached
1.0.0 so this no longer applies.

If we want user to be able to fully benefit from PSA in order to
isolate long-term secrets, they need to be able to use the new APIs with
confidence. There is no reason to think those APIs are any more likely
to change than any of our other APIs, and if they do, we'll follow the
normal process (deprecated in favour of a new variant).

For reference, the APIs in question are:

mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS

mbedtls_ssl_conf_psk_opaque()   // for PSA-held PSKs in TLS
mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS

mbedtls_cipher_setup_psa() (deprecated in 3.2)
mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard 4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Paul Elliott 41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Paul Elliott bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Manuel Pégourié-Gonnard 790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 
Documentation about storage format compatibility
 2022-07-01 12:21:17 +02:00
Gilles Peskine 0bd76ee2ed Fix Doxygen documentation attached to non-existent elements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 19:32:02 +02:00
Gilles Peskine 6497b5a1d1 Add setbuf platform function 
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:01:40 +02:00
Ronald Cron bcde39ca4a
Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options 
Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3

Fully validated by the internal CI. No need to wait for the open one.
 2022-06-30 15:10:02 +02:00
Manuel Pégourié-Gonnard 31fcfd5632
Merge pull request #5981 from mprse/hkdf_config_fix 
Add comment to config_psa.h about enabling PSA_HKDF/-EXTRACT/-EXPAND
 2022-06-30 11:27:16 +02:00
Tom Cosgrove afb2fe1acf Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-29 16:36:12 +01:00
Werner Lewis 6d71944f0d Specify unit for rk_offset in AES context 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Werner Lewis dd76ef359d Refactor AES context to be shallow-copyable 
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Gilles Peskine 955993c4b5 For status values, the macro expansions must not change either 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 14:37:17 +02:00
Ronald Cron 7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server 
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
 2022-06-29 09:47:49 +02:00
Gilles Peskine 7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development 
Changelog improvements before the 3.2 release
 2022-06-28 21:00:10 +02:00
Glenn Strauss 999ef70b27 Add accessors to config DN hints for cert request 
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-28 12:43:59 -04:00
Neil Armstrong 9f4606e6d2 Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong 0c9c10a401 Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:10:48 +02:00
Gabor Mezei f7044eaec8
Fix name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:01:49 +02:00
Summer Qin 9f2596f387 Add MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C 
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed
when PSA_WANT_ALG_CHACHA20_POLY1305 is defined

Signed-off-by: Summer Qin <summer.qin@arm.com>
 2022-06-28 17:56:27 +08:00
Glenn Strauss 01d2f52a32 Inline mbedtls_x509_dn_get_next() in x509.h 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-27 14:20:07 -04:00
Przemek Stekiel 18399d8d53 Add comment to config_psa.h about enabling PSA_HKDF/PSA_HKDF_EXRACT/PSA_HKDF_EXPAND algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 15:36:06 +02:00
Manuel Pégourié-Gonnard 93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged 
Add mbedtls_x509_dn_get_next function
 2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard 4cfaae5b6b Save code size by calling get_type only once 
This is an external function, so in the absence of link-time
optimisation (LTO) the compiler can't know anything about it and has to
call it the number of times it's called in the source code.

This only matters for pk_ec, but change pk_rsa as well for the sake of
uniformity.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-23 09:43:39 +02:00
Gabor Mezei 7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-22 17:07:21 +02:00
Przemek Stekiel b33bd19197 Enable HKDF EXTRACT/EXPAND algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-21 09:58:51 +02:00
Manuel Pégourié-Gonnard 22e84de971 Improve contract of mbedtls_pk_ec/rsa() 
Trusting the caller to perform the appropriate check is both risky, and
a bit user-unfriendly. Returning NULL on error seems both safer
(dereferencing a NULL pointer is more likely to result in a clean crash,
while mis-casting a pointer might have deeper, less predictable
consequences) and friendlier (the caller can just check the return
value for NULL, which is a common idiom).

Only add that as an additional way of using the function, for the sake
of backwards compatibility. Calls where we know the type of the context
for sure (for example because we just set it up) were legal and safe, so
they should remain legal without checking the result for NULL, which
would be redundant.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard 1c91b0c434 Clarify warning about mbedtls_pk_ec/rsa() 
The previous wording "ensure it holds an XXX" context did not mean
anything without looking at the source.

Looking at the source, the criterion is:
- for mbedtls_pk_rsa(), that the info structure uses rsa_alloc_wrap;
- for mbedtls_pk_ec(), that it uses eckey_alloc_wrap or
ecdsa_alloc_wrap, since mbedtls_ecdsa_context is a typedef for
mbedtls_ecp_keypair. (Note that our test code uses mbedtls_pk_ec() on
contexts of type MBEDTLS_PK_ECDSA.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
Gilles Peskine 4b873874a3 Backward compatibility: the key store with drivers 
Promise that we will try to keep backward compatibility with basic driver
usage, but not with more experimental aspects.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:50:09 +02:00
Gilles Peskine 98473c4523 Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C 
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:46:22 +02:00
Gilles Peskine 7973399f7b Add compatibility notes regarding values embedded in the key store 
Certain numerical values are written to the key store. Changing those
numerical values would break the backward compatibility of stored keys. Add
a note to the affected types. Add comments near the definitions of affected
values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:41:20 +02:00
Gilles Peskine f070a5e5d5 Document how PSA identifiers are generally constructed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:40:45 +02:00
Gilles Peskine 36aeb7f163
Merge pull request #5834 from mprse/HKDF_1 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
 2022-06-20 15:27:46 +02:00
Werner Lewis 2f1d51070c Fix incorrect param in function declaration 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-20 11:48:35 +01:00
Werner Lewis b3acb053fb Add mbedtls_x509_dn_get_next function 
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-17 16:40:55 +01:00
Tuvshinzaya Erdenekhuu 44baacd089 Update documenation of PSA_ALG_RSA_PSS 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-06-17 12:10:35 +01:00
Gilles Peskine 9b3278b263 Doc: the SHA256/SHA512 options also cover SHA224/SHA384 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 19:09:38 +02:00
Paul Elliott 5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests 
Pr/add-tls13-moving-state-tests
 2022-06-08 13:39:52 +01:00
Dave Rodgman 4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor 
Add accessor for x509 certificate extension types
 2022-06-06 21:51:38 +01:00
Thomas Daubney a5f39e0ec2 Move accessor definition 
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-06 15:42:32 +01:00
Przemek Stekiel 3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel 73f97d4841 PSA_ALG_HKDF: add salt processing warning 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:09 +02:00
Przemek Stekiel 459ee35062 Fix typo and style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-02 11:16:52 +02:00
Thomas Daubney 979aa49d1c Add accessor for x509 certificate extension types 
Add accessor for x509 certificate extension types

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:22:14 +01:00
Gilles Peskine 09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
Janos Follath 07c2e5e6d5
Merge pull request #5860 from superna9999/4745-psa-jpake-api-fixes 
PSA J-PAKE API has missing elements and confusing documentation
 2022-05-31 08:27:32 +01:00
Jerry Yu 4dec0e5329 fix state undeclare error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Neil Armstrong ccffab38a3 Remove linkage documentation on PAKE cipher-suite helpers 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-30 15:49:21 +02:00
Dave Rodgman 52625b739e
Merge pull request #5876 from tom-cosgrove-arm/fix-typos-220526 
Fix spelling and typographical errors found by cspell
 2022-05-30 11:35:55 +01:00
Janos Follath 1bc0ca4ed3
Merge pull request #5875 from Summer-ARM/mbedtls-psa-crypto-config 
Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h
 2022-05-30 09:41:48 +01:00
Neil Armstrong 5ed8a0ec73 Overall PSA PAKE API style issues fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-27 09:47:53 +02:00
Neil Armstrong 5892aa69e3 Fix typo in PSA_ALG_JPAKE documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-27 09:44:47 +02:00
Tom Cosgrove 1e21144194 Fix spelling and typographical errors found by cspell 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-05-26 11:51:00 +01:00
Summer Qin f0b4253c68 Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h 
Signed-off-by: Summer Qin <summer.qin@arm.com>
 2022-05-26 09:38:33 +08:00
XiaokangQian 6b916b1616 Add client certificate parse and certificate verify 
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:40:53 +00:00
Neil Armstrong ef15751f08 PSA PAKE API typos in documentation fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:49:45 +02:00
Neil Armstrong 72ab56a1fe Overall PSA PAKE API style issues fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:48:37 +02:00
Neil Armstrong eb93a6f1d8 Use PSA_ALG_NONE in PSA_PAKE_OPERATION_INIT to init psa_algorithm_t 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:41:05 +02:00
Neil Armstrong 2056ce5111 Fix PSA_PAKE_OUTPUT_MAX_SIZE/PSA_PAKE_INPUT_MAX_SIZE commment about parameters to PSA_PAKE_OUTPUT_SIZE/PSA_PAKE_INPUT_SIZE 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:38:15 +02:00
Manuel Pégourié-Gonnard 69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa 
Permissions 1: create `mbedtls_pk_can_do_ext()`
 2022-05-23 10:58:32 +02:00
Neil Armstrong b2f2b027c2 Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 12:00:56 +02:00
Neil Armstrong e9b4581b16 Clarify BAD_STATE return documentation on bad ordering of input and output steps for psa_pake_input() & psa_pake_output() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 0d24575ad0 Clarify BAD_STATE return documentation of psa_pake_set_peer() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 59fa8ee090 Update return documentation of psa_pake_abort() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 97d74b8abb Update return documentation of psa_pake_get_implicit_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 407b27b516 Update return documentation of psa_pake_input() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 664077e3ae Update return documentation of psa_pake_output() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 2a6dd9c2a8 Rename & update documentation of function, types, and macros for psa_pake_set_role() and associated 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:52:30 +02:00
Neil Armstrong 16ff788f9d Update return documentation of psa_pake_set_peer() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 3585168259 Update return documentation of psa_pake_set_user() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 71cae6121d Update return documentation of psa_pake_set_password_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 4721a6f33e Update return documentation of psa_pake_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 1614537697 Fix password wording in PSA_ALG_JPAKE documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 7bc71e9c04 Fix output_size documentation of psa_pake_output() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong cd974d590b Fix return documentation of PSA_PAKE_OUTPUT_SIZE 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong d5a4825b84 Add missing psa_pake_cs_get_bits() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong ff9cac72e7 Add missing psa_pake_cs_get_family() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 0c8ef93c8e Add missing psa_pake_abort() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 799106b441 Pass input as const reference and fix documentation of psa_pake_input() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:22 +02:00
Neil Armstrong 47e700e7de Pass cipher_suite parameter of psa_pake_setup() by const reference 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:51:20 +02:00
Neil Armstrong 0151c55b56 Add documentation of PSA_PAKE_OPERATION_INIT 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:50:58 +02:00
Neil Armstrong 5ff6a7fa97 Add missing psa_pake_cipher_suite_init() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 11:50:57 +02:00
Neil Armstrong fb99302726 Add missing PSA_PAKE_CIPHER_SUITE_INIT 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 10:45:01 +02:00
Neil Armstrong a724f7ae17 Document mbedtls_pk_can_do_ext() return for non-allowed algorithms and usage flags 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:28:12 +02:00
bootstrap-prime 6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Przemek Stekiel b398d8693f Update descryption of HKDF-Extract/Expand algs and fix comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-18 15:43:54 +02:00
Neil Armstrong 408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:23:20 +02:00
Neil Armstrong cec133a242 Fix typo in mbedtls_pk_can_do_ext() documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:56:01 +02:00
Manuel Pégourié-Gonnard 1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep 
Fix undeclared dependencies: CIPHER
 2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard 4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector 
PSA: ChaCha20: add RFC 7539 test vector with counter=1
 2022-05-12 12:34:20 +02:00
Neil Armstrong 0b5295848e Add definition of mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-12 11:53:02 +02:00
Przemek Stekiel a09f835bd8 Fix CIPHER dependencies dependeny and error messages 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Przemek Stekiel ea805b4f20 mbedtls_config.h, check_config.h: fix CIPHER dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-12 10:42:20 +02:00
Dave Rodgman 58f591526e
Merge pull request #5732 from daverodgman/warmsocks_spellingfixes 
Fixed spelling and typographical errors found by CodeSpell
 2022-05-12 09:26:29 +01:00
Manuel Pégourié-Gonnard 34f6ac7c22
Merge pull request #5812 from adeaarm/development 
Fix key_id and owner_id accessor macros
 2022-05-12 10:25:02 +02:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Przemek Stekiel ebf6281ce6 crypto_values.h: fix description 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-11 14:16:05 +02:00
Przemek Stekiel 6b6ce3278e Add definitions for HKDF-Extract and HKDF-Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-10 12:38:27 +02:00
Manuel Pégourié-Gonnard 42650260a9
Merge pull request #5783 from mprse/md_dep_v3 
Fix undeclared dependencies: MD
 2022-05-10 10:41:32 +02:00
Przemek Stekiel 6e71282c87 Fix caller list of the MD module 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 11:40:20 +02:00
Przemek Stekiel ef1fb4a3d3 Deprecate mbedtls_cipher_setup_psa() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 10:55:10 +02:00
Antonio de Angelis 6729474fbb Fix key_id and owner_id accessor macros 
The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
need to have the MBEDTLS_PRIVATE() specifier as these fields are private

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2022-05-05 18:45:31 +01:00
Neil Armstrong 8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-05 14:01:49 +02:00
Neil Armstrong e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Neil Armstrong 501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard 068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Gilles Peskine 2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise 
PSA storage format: exercise key
 2022-04-28 18:20:02 +02:00
Gilles Peskine 038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file 
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
 2022-04-28 18:17:50 +02:00
Gilles Peskine f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490 
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
 2022-04-28 18:13:55 +02:00
Neil Armstrong a1fc18fa55 Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Przemek Stekiel bc3cfed43e check_config.h: Add MBEDTLS_MD_C dependency MBEDTLS_PKCS12_C, MBEDTLS_PKCS1_V15, MBEDTLS_PKCS1_V21, MBEDTLS_PK_C 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-27 14:49:13 +02:00
Przemek Stekiel 6aadf0b44f mbedtls_config.h: update dependencies for MBEDTLS_MD_C 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-27 14:49:13 +02:00
Gilles Peskine efffd6410a Note that MBEDTLS_CONFIG_FILE can't be defined inside the config file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-26 18:16:33 +02:00
Manuel Pégourié-Gonnard 8ba99e736a Clarify wording of documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-25 11:17:47 +02:00
Hanno Becker 2b9fb88281 Clarify documentation of mbedtls_x509_crt_profile 
This commit fixes #1992: The documentation of mbedtls_x509_crt_profile
previously stated that the bitfield `allowed_pks` defined which signature
algorithms shall be allowed in CRT chains. In actual fact, however,
the field also applies to guard the public key of the end entity
certificate.

This commit changes the documentation to state that `allowed_pks`
applies to the public keys of all CRTs in the provided chain.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-04-25 11:17:15 +02:00
Gilles Peskine 72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Ronald Cron 38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard 70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2 
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
 2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard 90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign 
RSA-PSS sign 1: PK
 2022-04-21 17:11:18 +02:00
Przemek Stekiel 7f1c89d1d4 Provide other_secret, other_secret_length fields if MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS is defined 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-21 11:53:57 +02:00
Neil Armstrong 23143dca2a Update mbedtls_pk_wrap_as_opaque() public documentation for RSA & RSA-PSS 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-21 11:33:54 +02:00
XiaokangQian 0a1b54ed73 Minor change the place of some functions 
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-21 03:01:38 +00:00
XiaokangQian 75d40ef8cb Refine code base on review 
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 11:05:24 +00:00
XiaokangQian 0803755347 Update code base on review comments 
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:50:14 +00:00
XiaokangQian 8f9dfe41c0 Fix comments about coding styles and test cases 
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian 3207a32b1e Fix unused parameter issue and not defined cookie issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian 7807f9f5c9 Add client hello into server side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00