Dave Rodgman
591ff05384
Use optimised counter increment in AES-CTR and CTR-DRBG
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9
Add tests for mbedtls_ctr_increment_counter
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d
Introduce mbedtls_ctr_increment_counter
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764
Revert change to psa_destroy_key documentation
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce
Revert change to return behaviour in psa_reserve_free_key_slot
...
This change was a mistake, we still need to wipe the pointers here.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8
Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong
...
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4
Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION
...
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.
Remove the state changing calls that are no longer necessary.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5
Iterate in 16-byte chunks
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-15 11:20:19 +00:00
Valerio Setti
5bb454aace
psa_crypto: allow asymmetric encryption/decryption also with opaque keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:43:16 +01:00
Valerio Setti
f202c2968b
test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-15 10:42:37 +01:00
Dave Rodgman
67223bb501
add support for AES-CTR to benchmark
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-12 18:33:57 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713
Add minor cosmetic changes to record size limit changelog and comments
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00
Waleed Elmelegy
4b09dcd19c
Change renegotiation test to use G_NEXT_SRV
...
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:50:25 +00:00
Paul Elliott
3519cfb3d8
Merge pull request #8639 from bensze01/release_components
...
Set OpenSSL/GnuTLS variables when running release components
2024-01-11 15:38:35 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
...
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Waleed Elmelegy
85ddd43656
Improve record size limit changelog wording
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-11 11:07:57 +00:00
Manuel Pégourié-Gonnard
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api
...
Add deprecated flag in document for sig_hashes
2024-01-11 09:33:10 +00:00
Valerio Setti
19ec9e4f66
psa_crypto_ecp: remove support for secp224k1
...
Since this curve is not supported in PSA (and it will not ever be
in the future), we save a few bytes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-11 07:07:14 +01:00
Waleed Elmelegy
e83be5f639
Change renegotiation tests to work with TLS 1.2 only
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 23:39:54 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
...
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a
Fix warning in ssl_tls13_generic.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
1487760b55
Change order of checking of record size limit client tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
09561a7575
Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
a3bfdea82b
Revert "Make sure record size limit is not configured without TLS 1.3"
...
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
7ae74b74cc
Make sure record size limit is not configured without TLS 1.3
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f37c70746b
Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to full config
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e840263f76
Move record size limit testing to tls13 component
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2fa99b2ddd
Add tests for client complying with record size limit
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
9457e67afd
update record size limit tests to be more consistent
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2a2462e8f9
Add Changlog entry for record size extension
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
3a37756496
Improve record size limit tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb
Fix issue in checking in writing extensions
...
Fix issue in checking if server received
record size limit extension.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888
remove mbedtls_ssl_is_record_size_limit_valid function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024
Stop sending record size limit extension if it's not sent from client
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
598ea09dd5
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943
tls13: server: write Record Size Limit ext in EncryptedExtensions
...
- add the support in library
- update corresponding test cases.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9
tls13: cli: write Record Size Limit ext in ClientHello
...
- add the support in library
- update corresponding test case
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d
ssl_tls13_generic: check value of RecordSizeLimit in helper function
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
a8b4291836
tls13: add generic function to write Record Size Limit ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Manuel Pégourié-Gonnard
3eb9025275
Merge pull request #8680 from mpg/ciphers-wrapup
...
Driver-only ciphers wrapup
2024-01-10 12:04:50 +00:00
Manuel Pégourié-Gonnard
e334486753
Add new lines before lists
...
This is more portable markdown, and also for people who read the text,
it make the new lines after the list (but inside the same sentence) less
surprising I hope.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-10 10:24:31 +01:00
Manuel Pégourié-Gonnard
0f45a1aec5
Fix typos / improve syntax
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-10 09:43:30 +01:00
Jonathan Winzig
315c3ca9e5
Add required dependency to the testcase
...
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 18:31:11 +01:00
Jonathan Winzig
6c9779fabb
Remove unneeded testcase
...
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 17:47:10 +01:00
Jonathan Winzig
a72454bc16
Update test-data to use SIZE_MAX
...
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 17:39:42 +01:00