yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26903 commits 1 branch 0 tags 94 MiB
Commit graph

6296 commits

Author SHA1 Message Date
Dave Rodgman
9a3ded10b7 Merge remote-tracking branch 'gilles-peskine-arm/3.4.0-updated-certs' into mbedtls-3.4.1rc0-pr 2023-08-03 12:00:31 +01:00
David Horstmann
df28b8d2ea Add space to appease doxygen bug 
See doxygen/doxygen#8706

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-02 16:06:32 +02:00
Gilles Peskine
550d147078 Bump version to 3.4.1 
```
./scripts/bump_version.sh --version 3.4.1
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-02 12:50:23 +02:00
Gilles Peskine
267bee9be8
Merge pull request #7903 from valeriosetti/issue7773 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/DH
 2023-08-02 10:16:44 +00:00
Jerry Yu
1414029ff0 improve document about hardware only 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:03 +08:00
Jerry Yu
6943681820 Improve error message and documents 
- fix grammar error
- Add more information for AES_USE_HARDWARE_ONLY
- Improve error message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:03 +08:00
Jerry Yu
e77c4d95a7 Mention the crash risk without runtime detection 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:02 +08:00
Jerry Yu
3660623e59 Rename plain c option and update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:01 +08:00
Jerry Yu
3fcf2b5053 Rename HAS_NO_PLAIN_C to DONT_USE_SOFTWARE_CRYPTO 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:44:00 +08:00
Jerry Yu
1b3ab36b55 Update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:43:59 +08:00
Jerry Yu
315fd30201 Rename plain c disable option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:43:59 +08:00
Jerry Yu
0d4f4e5b01 Add option to disable built-in aes implementation. 
For time being, there are only two aes implementations for known
architectures. I define runtime detection function as const when
built-in was disabled. In this case, compiler will remove dead
built-in code.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-08-02 17:43:54 +08:00
Bence Szépkúti
895074e3f9
Merge pull request #8002 from valeriosetti/issue7904 
PSA maximum size macro definitions should take support into account
 2023-08-02 05:57:28 +00:00
Dave Rodgman
56e5d6887f
Fix comment typo 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-01 15:04:11 +01:00
Gilles Peskine
d55e451b3e
Merge pull request #7997 from yanesca/fix_new_bignum_tests 
Fix new bignum tests
 2023-08-01 12:09:39 +00:00
Janos Follath
e416f03c8f Improve wording of MBEDTLS_ECP_WITH_MPI_UINT doc 
Use the standard "experimental" word in the description and make the
wording more similar to other experimental warnings.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-08-01 08:44:40 +01:00
Manuel Pégourié-Gonnard
de8f56e936
Merge pull request #7884 from valeriosetti/issue7612 
TLS: Clean up (EC)DH dependencies
 2023-08-01 07:13:36 +00:00
Kusumit Ghoderao
baf350c6bd Add PSA_HAVE_SOFT_PBKDF2 to crypto_driver_context_key_derivation 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-31 20:22:33 +05:30
Dave Rodgman
ad9e5b9abe Improve docs for mbedtls_ct_memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-31 12:43:23 +01:00
Dave Rodgman
9ee0e1f6fe Remove GCC redundant-decls workaround for mbedtls_ct_memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-31 12:43:23 +01:00
Janos Follath
2f04582d37 Move MBEDTLS_ECP_WITH_MPI_UINT to mbedtls_config.h 
There is a precedent for having bigger and less mature options in
mbedtls_config.h (MBEDTLS_USE_PSA_CRYPTO) for an extended period.
Having this option in mbedtls_config.h is simpler and more robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-07-31 10:57:16 +01:00
Valerio Setti
43c5bf4f88 crypto_sizes: use PSA_WANT_ALG for MAX signatures and key agreement sizes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 11:35:48 +02:00
Valerio Setti
8b27decc6a Revert "crypto_sizes: check also if DH is enabled for PSA_SIGNATURE_MAX_SIZE" 
This reverts commit 478c236938.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-31 11:35:42 +02:00
Valerio Setti
9cd8011978 tls: fix definition of symbol KEY_EXCHANGE_SOME_XXDH_PSA_ANY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 16:46:55 +02:00
Valerio Setti
478c236938 crypto_sizes: check also if DH is enabled for PSA_SIGNATURE_MAX_SIZE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 16:05:53 +02:00
Manuel Pégourié-Gonnard
43cef57e51
Merge pull request #7811 from mpg/md-info 
Optimize strings in MD
 2023-07-28 08:34:09 +00:00
Kusumit Ghoderao
c22affd9ec Fix dependencies for pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-28 13:31:58 +05:30
Valerio Setti
c012a2de7c crypto_sizes: change initial MAX_SIZE value to 1 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 09:34:44 +02:00
Valerio Setti
644e01d767 crypto_sizes: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-28 09:31:51 +02:00
Valerio Setti
a83d9bf0db crypto_sizes: size PSA max symbols according to actual support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 18:15:20 +02:00
Kusumit Ghoderao
a12e2d53bd Replace AES_CMAC_128_PRF_OUTPUT_SIZE with PSA_MAC_LENGTH() 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:18:30 +05:30
Kusumit Ghoderao
9ab03c3d72 Define PSA_ALG_IS_PBKDF2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:14:05 +05:30
Kusumit Ghoderao
2addf35855 Replace MBEDTLS_PSA_BUILTIN_PBKDF2_XXX with PSA_HAVE_SOFT_PBKDF2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:11:09 +05:30
Kusumit Ghoderao
105f772fe8 Add PSA_HAVE_SOFT_PBKDF2 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:03:06 +05:30
Kusumit Ghoderao
ce38db1c0b Change config_psa.h PBKDF2_CMAC dependencies 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-27 21:01:03 +05:30
Waleed Elmelegy
d7bdbbeb0a Improve naming of mimimum RSA key size generation configurations 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 14:50:09 +00:00
Dave Rodgman
f2e3eb8bd9 Add OID for HMAC-RIPEMD160 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 15:46:05 +01:00
Dave Rodgman
5cc67a3ee2 Add OIDs for HMAC-SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 14:44:35 +01:00
Dave Rodgman
2d626cc44f Fix missing opening brace in comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 14:43:55 +01:00
Gilles Peskine
25b4e72d6e MBEDTLS_PSA_CRYPTO_CONFIG is ready for production 
It's ok if people use MBEDTLS_PSA_CRYPTO_CONFIG: it's not unstable or
unpredictable. But we still reserve the right to make minor changes
(e.g. https://github.com/Mbed-TLS/mbedtls/issues/7439).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-27 15:09:24 +02:00
Waleed Elmelegy
3d158f0c28 Adapt tests to work on all possible minimum RSA key sizes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:03:35 +00:00
Waleed Elmelegy
ab5707185a Add a minimum rsa key size config to psa config 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 11:00:03 +00:00
Waleed Elmelegy
76336c3e4d Enforce minimum key size when generating RSA key size 
Add configuration to enforce minimum size when
generating a RSA key, it's default value is 1024
bits since this the minimum secure value currently
but it can be any value greater than or equal 128
bits. Tests were modifed to accommodate for this
change.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-27 10:58:25 +00:00
Manuel Pégourié-Gonnard
0fda0d2e5c Fix overly specific description in public doc 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-27 12:22:52 +02:00
Valerio Setti
9c5c2a4b71 crypto_legacy: fix initial comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 11:11:19 +02:00
Gilles Peskine
7ef14bf8a2
Merge pull request #7835 from gilles-peskine-arm/ssl_premaster_secret-empty-3.4 
Fix empty union when TLS is disabled
 2023-07-27 08:28:21 +00:00
Valerio Setti
a55f042636 psa: replace DH_KEY_PAIR_LEGACY with new symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-27 09:15:34 +02:00
Paul Elliott
f1c032adba
Merge pull request #7902 from valeriosetti/issue7772 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/RSA
 2023-07-25 17:13:43 +01:00
Valerio Setti
ea59c43499 tls: fix a comment a rename a variable/symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:14:03 +02:00
Valerio Setti
d0371b0a08 debug: keep ECDH_C guard for debug printf accessing ecdh_context's items 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 10:57:01 +02:00
Dave Rodgman
cad28ae77a Merge remote-tracking branch 'origin/development' into psa-sha3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-24 15:51:13 +01:00
Ronald Cron
87f62850f3
Merge pull request #7893 from ronald-cron-arm/misc-from-psa-crypto 
Miscellaneous fixes resulting from the work on PSA-Crypto
 2023-07-21 10:54:41 +02:00
Dave Rodgman
ed70fd0c39
Merge pull request #5549 from AndrzejKurek/doxygen-bad-param-names 
Fix wrong doxygen parameter names and misused `\p` commands
 2023-07-20 14:10:10 +01:00
Manuel Pégourié-Gonnard
c844c1a771
Merge pull request #7546 from mpg/align-psa-md-identifiers 
Align psa md identifiers
 2023-07-20 11:34:28 +02:00
Dave Rodgman
6dd40642e8
Merge pull request #7932 from AgathiyanB/add-mpi-uint-size-macro 
Use compile-time determination of which __builtin_clz() to use, with new MBEDTLS_MPI_UINT_SIZE macro
 2023-07-19 14:57:39 +01:00
Agathiyan Bragadeesh
eed55c6c94 Use defined macros for MBEDTLS_MPI_UINT_MAX 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-19 11:08:02 +01:00
Dave Rodgman
5f65acb02b
Merge pull request #7859 from gilles-peskine-arm/mbedtls_mpi-smaller 
Reduce the size of mbedtls_mpi
 2023-07-18 16:48:37 +01:00
Gilles Peskine
24a305ec22 Explain why we check 65535 (not USHORT_MAX) 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-18 13:53:07 +02:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749 
driver-only ECC: EPCf.TLS testing
 2023-07-18 10:33:21 +02:00
Agathiyan Bragadeesh
197565062a Make consistent suffix MBEDTLS_MPI_UINT_MAX 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 16:43:19 +01:00
Agathiyan Bragadeesh
900e20d3a2
Change MBEDTLS_MPI_UINT_MAX suffix 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Agathiyan Bragadeesh <48658345+AgathiyanB@users.noreply.github.com>
 2023-07-17 16:27:21 +01:00
Ronald Cron
170c199829 Align guards of Windows specific configuration checks 
In check_config.h, align the guards of Windows
specific configuration checks with the ones used
in platform.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:53:20 +02:00
Ronald Cron
03ea8f8d0a Add dependency of builtin CCM* on builtin cipher 
Add missing dependency of the unauthenticated
cipher CCM* without tag builtin implementation
on builtin cipher.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-17 11:52:32 +02:00
Agathiyan Bragadeesh
09a455e21a Add macros for mpi uint max sizes 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-14 14:07:18 +01:00
Dave Rodgman
a02b36886c Fix gcc warnings when -Wredundant-decls set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-14 13:43:39 +01:00
Andrzej Kurek
f14a5c3fcb Improve the documentation of MBEDTLS_PLATFORM_MEMORY 
Introduce requests from review comments.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 06:15:15 -04:00
Andrzej Kurek
377eb5f0c3 doxygen: \p commands misuse - review comments 
Apply comments suggested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek
00b54e6885 doxygen: fix parameter name typos and misused \p commands 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek
43dfd51ab4 doxygen: fix misused \p commands in rsa.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek
3bedb5b663 doxygen: fix parameter name typos and misused \p commands 
\p is reserved for function parameters.
\c is used to describe other values and variables.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek
69ed8c41fa Fix documentation - parameter name mistakes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Andrzej Kurek
7d49a1c907 doxygen: remove unnecessary description 
Due to the nature of CTR, there is no mode parameter.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:02:32 -04:00
Jerry Yu
8bfa24b021 Update compiler versions requirement 
For time being, we haven't verified MSVC
for sha256 and 512. So we do not add msvc
information.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:29 +08:00
Jerry Yu
8e96e78dbe update document and error message 
Chang the spell of armclang

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Jerry Yu
c37e260dc5 Add armclang version requirement for sha512 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Dave Rodgman
98e632f210 Re-order mbedtls_mpi to save a few extra bytes with clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-11 16:02:50 +01:00
Valerio Setti
980383421a config_psa: enable KEY_PAIR_GENERATE only when GENPRIME is defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 16:32:50 +02:00
Valerio Setti
0d5c5e5a38 config_psa: enable KEY_PAIR_[IMPORT/EXPORT] as soon as BASIC is enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti
a9a3c5581e config_psa: enable GENPRIME when BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti
b2bcedbf9a library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti
f6d4dfb745 library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal 
Split psa_util.h between internal and public
 2023-07-10 18:33:23 +02:00
Valerio Setti
6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Pengyu Lv
08daebb410 Make endpoint getter parameter a pointer to const 
It would be convenient for users to query the endpoint
type directly from a ssl context:

```
    mbedtls_ssl_conf_get_endpoint(
        mbedtls_ssl_context_get_config(&ssl))
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv
accd53ff6a Add getter access to endpoint field in mbedtls_ssl_config 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv
918ebf3975 Add getter access to hostname field in mbedtls_ssl_context 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Pengyu Lv
af724dd112 ssl_cache: Add getter access to timeout field 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-07-10 11:33:23 +08:00
Valerio Setti
aa7cbd619c build_info: replace PK_CAN_ECDH with CAN_ECDH and fix comments 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:23 +02:00
Valerio Setti
3d237b5ff1 ssl_misc: fix guards for PSA data used in XXDH key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:16 +02:00
Valerio Setti
0a0d0d5527 ssl: keep all helper definitions in ssl_ciphersuites.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti
ed365e66bb ssl: improve/fix definitions for internal helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti
a15078b784 pk: do not duplicate internal symbols for ECDH/ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:31:40 +02:00
Valerio Setti
e87915b66f ssl: update new symbols to include also FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
b302efc8d9 debug: replace ECDH_C symbol with key exchange one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
c2232eadfb tls: replace PK_CAN_ECDH guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
7aeec54094 tls: replace ECDH_C guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
00dc4063e2 ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Andrzej Kurek
c508dc29f6 Unify csr and crt san writing functions 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 09:05:30 -04:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
 2023-07-07 10:22:47 +02:00
Manuel Pégourié-Gonnard
999ce227fc Make the PSA-mbedtls RNG API public 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:28 +02:00