Commit graph

19225 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing
PK: ECDSA signing
2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard
472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption
PK: RSA encryption
2022-03-21 09:57:38 +01:00
Ronald Cron
8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development
TLS 1.3: One flush output
2022-03-21 08:44:04 +01:00
Neil Armstrong
62e6ea2c22 Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:39:49 +01:00
Neil Armstrong
c23d2e3ef1 Wrap unused declaration in #if/#endif when USE_PSA is set in x509_csr_check()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:31:59 +01:00
Neil Armstrong
17a0655c8d Add documentation to find_ecdsa_private_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:27:38 +01:00
Neil Armstrong
05132ed490 md_alg is used in ecdsa_sign_wrap(), cleanup code
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:14:57 +01:00
Neil Armstrong
cb753a6945 Use mbedtls_eckey_info directly in ecdsa_sign_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 15:14:48 +01:00
Manuel Pégourié-Gonnard
e5b53193e0
Merge pull request #5636 from mprse/tls_ecdh_2b
TLS ECDH 2b: client-side static ECDH (1.2)
2022-03-18 11:36:53 +01:00
Neil Armstrong
0ab7a232b5 Add non-PSA and PSA variant of test_XXXX_constant_flow all.sh tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Neil Armstrong
8f92bf3a26 Only make PSA HMAC key exportable when NULL or CBC & not EtM in build_transforms()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Neil Armstrong
29c0c040fc Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform()
This requires moving the HMAC init after CIPHER init.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Neil Armstrong
9ebb9ff60c Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:58 +01:00
Neil Armstrong
72c2f76c43 Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:36 +01:00
Neil Armstrong
36cc13b340 Use PSA defines for buffers in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:09:20 +01:00
Neil Armstrong
ae57cfd3e7 Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 10:00:10 +01:00
Neil Armstrong
28d9c631b8 Fix comments in PSA version of mbedtls_ct_hmac()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 10:00:10 +01:00
Manuel Pégourié-Gonnard
8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard
15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption
PK: RSA decryption
2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection
TLS Cipher 2a: tickets: use PSA for protection
2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard
560ef5975c
Merge pull request #5613 from mprse/tls_ecdh_2a
TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)
2022-03-17 09:29:41 +01:00
Przemek Stekiel
068a6b4013 ssl_check_server_ecdh_params():Adapt build flags
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-17 07:54:09 +01:00
Gabor Mezei
88f3b2e502
Update old style test function parameter handling
Use data_t type for hex string parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 16:53:23 +01:00
Neil Armstrong
da1d80db19 Use mbedtls_rsa_info directly in rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:36:32 +01:00
Neil Armstrong
7b1dc85919 Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:36:06 +01:00
Neil Armstrong
6b03a3de5c Use mbedtls_rsa_info directly in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:31:07 +01:00
Neil Armstrong
8e80504b46 Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-16 15:30:31 +01:00
Gabor Mezei
103e08aab9
Fix return value handling
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 13:45:41 +01:00
Przemek Stekiel
561a42392a ssl_parse_signature_algorithm(): refactor PSA CRYPTO code
- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 13:16:24 +01:00
Gabor Mezei
5b8b890a61
Check PSA functions' return value before converting
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 12:56:58 +01:00
Gabor Mezei
36c9f51ef2
Use size_t instead of int to silence compiler warnings
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 12:55:32 +01:00
Gabor Mezei
4f4bac7e22
Remove blank lines
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-16 12:54:27 +01:00
Przemek Stekiel
dd482bfd6a Modify own_pubkey_max_len calculation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 11:43:22 +01:00
Przemek Stekiel
a4e15cc0d5 Fix comment: add fields size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 11:32:42 +01:00
Przemek Stekiel
855938e17d Move mbedtls_ecdh_setup() to no-psa path
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 11:29:29 +01:00
Przemek Stekiel
338b61d6e4 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 11:24:09 +01:00
Przemek Stekiel
d905d33488 ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 09:50:56 +01:00
Przemek Stekiel
ea4000f897 ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-16 09:49:33 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Przemek Stekiel
ce1d792315 Remove duplicated code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-14 16:16:25 +01:00
Neil Armstrong
169e61add6 Zeroise stack buffer containing private key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-14 14:26:49 +01:00
Neil Armstrong
3aca61fdfc Zeroise stack buffer containing private key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-14 14:24:48 +01:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Przemek Stekiel
fc91a1f030 Use PSA for private key generation and public key export only for ECDHE keys
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-14 12:05:27 +01:00
Przemek Stekiel
a21af3da00 Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() )
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-14 10:09:13 +01:00
Przemek Stekiel
0a60c129de Add intermediate variables to increase code readability
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-14 09:54:51 +01:00
Przemek Stekiel
e9f00445bc Destroy ecdh_psa_privkey on failure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-14 09:42:32 +01:00
Przemek Stekiel
130c4b5567 Use PSA version of key agreement only for ECDHE keys
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Przemek Stekiel
b38f797a24 Add change log entry for psa ECC key derivation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-11 14:12:34 +01:00