Neil Armstrong
d5a4825b84
Add missing psa_pake_cs_get_bits()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
ff9cac72e7
Add missing psa_pake_cs_get_family()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
0c8ef93c8e
Add missing psa_pake_abort()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
799106b441
Pass input as const reference and fix documentation of psa_pake_input()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
47e700e7de
Pass cipher_suite parameter of psa_pake_setup() by const reference
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:20 +02:00
Neil Armstrong
0151c55b56
Add documentation of PSA_PAKE_OPERATION_INIT
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:58 +02:00
Neil Armstrong
5ff6a7fa97
Add missing psa_pake_cipher_suite_init()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:57 +02:00
Neil Armstrong
fb99302726
Add missing PSA_PAKE_CIPHER_SUITE_INIT
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 10:45:01 +02:00
Neil Armstrong
a724f7ae17
Document mbedtls_pk_can_do_ext() return for non-allowed algorithms and usage flags
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:28:12 +02:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
...
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Przemek Stekiel
b398d8693f
Update descryption of HKDF-Extract/Expand algs and fix comment
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-18 15:43:54 +02:00
Neil Armstrong
408f6a60a3
Add usage parameter to mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
cec133a242
Fix typo in mbedtls_pk_can_do_ext() documentation
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:01 +02:00
Manuel Pégourié-Gonnard
1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep
...
Fix undeclared dependencies: CIPHER
2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
...
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Neil Armstrong
0b5295848e
Add definition of mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Przemek Stekiel
a09f835bd8
Fix CIPHER dependencies dependeny and error messages
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
ea805b4f20
mbedtls_config.h, check_config.h: fix CIPHER dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Dave Rodgman
58f591526e
Merge pull request #5732 from daverodgman/warmsocks_spellingfixes
...
Fixed spelling and typographical errors found by CodeSpell
2022-05-12 09:26:29 +01:00
Manuel Pégourié-Gonnard
34f6ac7c22
Merge pull request #5812 from adeaarm/development
...
Fix key_id and owner_id accessor macros
2022-05-12 10:25:02 +02:00
Andrzej Kurek
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Przemek Stekiel
ebf6281ce6
crypto_values.h: fix description
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 14:16:05 +02:00
Przemek Stekiel
6b6ce3278e
Add definitions for HKDF-Extract and HKDF-Expand algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-10 12:38:27 +02:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
...
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Przemek Stekiel
6e71282c87
Fix caller list of the MD module
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:40:20 +02:00
Przemek Stekiel
ef1fb4a3d3
Deprecate mbedtls_cipher_setup_psa()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 10:55:10 +02:00
Antonio de Angelis
6729474fbb
Fix key_id and owner_id accessor macros
...
The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
need to have the MBEDTLS_PRIVATE() specifier as these fields are private
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2022-05-05 18:45:31 +01:00
Neil Armstrong
8ecd66884f
Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Neil Armstrong
e952a30d47
Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d
Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
...
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
...
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490
...
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
2022-04-28 18:13:55 +02:00
Neil Armstrong
a1fc18fa55
Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Przemek Stekiel
bc3cfed43e
check_config.h: Add MBEDTLS_MD_C dependency MBEDTLS_PKCS12_C, MBEDTLS_PKCS1_V15, MBEDTLS_PKCS1_V21, MBEDTLS_PK_C
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-27 14:49:13 +02:00
Przemek Stekiel
6aadf0b44f
mbedtls_config.h: update dependencies for MBEDTLS_MD_C
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-27 14:49:13 +02:00
Gilles Peskine
efffd6410a
Note that MBEDTLS_CONFIG_FILE can't be defined inside the config file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-26 18:16:33 +02:00
Manuel Pégourié-Gonnard
8ba99e736a
Clarify wording of documentation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:47 +02:00
Hanno Becker
2b9fb88281
Clarify documentation of mbedtls_x509_crt_profile
...
This commit fixes #1992 : The documentation of mbedtls_x509_crt_profile
previously stated that the bitfield `allowed_pks` defined which signature
algorithms shall be allowed in CRT chains. In actual fact, however,
the field also applies to guard the public key of the end entity
certificate.
This commit changes the documentation to state that `allowed_pks`
applies to the public keys of all CRTs in the provided chain.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:15 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
...
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
...
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
...
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
Przemek Stekiel
7f1c89d1d4
Provide other_secret, other_secret_length fields if MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS is defined
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Neil Armstrong
23143dca2a
Update mbedtls_pk_wrap_as_opaque() public documentation for RSA & RSA-PSS
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 11:33:54 +02:00
XiaokangQian
0a1b54ed73
Minor change the place of some functions
...
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-21 03:01:38 +00:00
XiaokangQian
75d40ef8cb
Refine code base on review
...
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side
Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 11:05:24 +00:00
XiaokangQian
0803755347
Update code base on review comments
...
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes
Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:50:14 +00:00
XiaokangQian
8f9dfe41c0
Fix comments about coding styles and test cases
...
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8
Fix comments and remove hrr related code
...
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023
Update based on comments
...
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello
Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e
Fix unused parameter issue and not defined cookie issue
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9
Add client hello into server side
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
217d699d85
Fix Doxygen marks
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
...
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
6d187afd8d
psa_crypto does not support XTS
...
The cipher module implements XTS, and the PSA API specifies XTS, but the PSA
implementation does not support XTS. It requires double-size keys, which
psa_crypto does not currently support.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
...
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Glenn Strauss
bbdc83b55b
Use mbedtls_ssl_protocol_version in public structs
...
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
d09b343ffc
Deprecate mbedtls_ssl_conf_(min/max)_version()
...
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()
Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()
(PR feedback from @ronald-cron-arm)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d
mbedtls_ssl_config min_tls_version, max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms. For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).
New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825
Rename mbedtls_ssl_session minor_ver to tls_version
...
Store the TLS version instead of minor version number in tls_version.
Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms. The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.
Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
dff84620a0
Unify internal/external TLS protocol version enums
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Gilles Peskine
58ffcba9d4
Make it explicit that an absolute path is also ok
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:44:16 +02:00
Gilles Peskine
0c4db1f20d
Wording improvement
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:44:01 +02:00
Gilles Peskine
db0421b073
More precise explanation of MBEDTLS_PSA_CRYPTO_CONFIG disabled
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:22:49 +02:00
Gilles Peskine
f68f43a42e
State explicitly USER config files can modify the default config
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:22:20 +02:00
Gilles Peskine
3f49cc14e7
Clarify the "duplicate documentation" remark
...
This remark is intended for maintainers, not for users. It should not have
been in the Doxygen typeset part.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:21:16 +02:00
Gilles Peskine
d5793ce273
Document the section "General configuration options"
...
Replace the copypasta that was there.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:05:10 +02:00
Gilles Peskine
611179c3f5
Fix name mismatch in section end comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:04:48 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics
...
PK Opaque RSA sign
2022-04-13 09:55:42 +02:00
Gilles Peskine
6457ef9b3c
Format literal # in a way that doesn't confuse older Doxygen
...
With Doxygen 1.8.11 (as on Ubuntu 16.04), `#include` doesn't protect the
hash character enough, and Doxygen tries to link to something called
include. (Doxygen 1.8.17 doesn't have this problem.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-11 17:11:33 +02:00
Gilles Peskine
ba4162a526
Place MBEDTLS_CONFIG_FILE and such into a new section
...
Include this new section in the "full for documentation" (`realfull`)
configuration, so that these options are documented in the official
documentation build (`scripts/apidoc_full.sh`).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-11 17:04:38 +02:00
Dave Rodgman
e5a7ba684f
Merge pull request #5719 from tom-cosgrove-arm/adamwolf-reasonable
...
Fix spelling of 'reasonable' in comments
2022-04-11 09:47:20 +01:00
Gilles Peskine
e1730e492d
Merge pull request #5708 from AndrzejKurek/timeless-struggles
...
Remove the dependency on MBEDTLS_TIME_H from the timing module
2022-04-08 18:43:16 +02:00
Adam Wolf
039080fba7
Fix spelling of 'reasonable' in comments
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 16:49:04 +01:00
Andrzej Kurek
5735369f4a
Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C
...
The timing module might include time.h on its own when on
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled.
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:41:42 -04:00
Gilles Peskine
f4c6eb0a49
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
...
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:22 +02:00
Glenn Strauss
236e17ec26
Introduce mbedtls_ssl_hs_cb_t typedef
...
Inline func for mbedtls_ssl_conf_cert_cb()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-07 14:18:30 -04:00
Przemek Stekiel
c4b814a9c2
psa_tls12_prf_key_derivation_state_t: add optional step to set other key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Przemek Stekiel
f4e8f01964
psa_tls12_prf_key_derivation_t: add other_secret and other_secret_length fields to handle mixed PSK
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Przemek Stekiel
37c81c4f05
Extend PSA_ALG_TLS12_PSK_TO_MS alg (add #PSA_KEY_DERIVATION_INPUT_OTHER_SECRET input)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-07 15:01:50 +02:00
Neil Armstrong
b354742371
Update documentation of mbedtls_pk_setup_opaque()
...
The function now accepts a RSA key pair in addition to an ECC
key pair.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-07 15:01:24 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Gilles Peskine
7a2e83b839
Add missing logic for accelerated ECB under MBEDTLS_PSA_CRYPTO_CONFIG
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:03:39 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
...
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
...
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Paul Elliott
0113cf1022
Add accessor for own cid to ssl context
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
bdb4f58cea
Add and update documentation of some minor version fields
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:24:59 +02:00
Dave Rodgman
017a19997a
Update references to old Github organisation
...
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Neil Armstrong
98f6f78a70
Update mbedtls_pk_wrap_as_opaque() documentation for ECDH derivation usage
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
...
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
...
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
...
Add ECP keypair export function
2022-03-29 17:19:04 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
de1adee51a
Rename ssl_cli/srv.c
...
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
...
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
Jerry Yu
e6e73d63ec
fix comments issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Tom Cosgrove
87fbfb5d82
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
...
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.
The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.
There should be minimal code size impact if no A64_CRYPTO option is set.
The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies
...
MD: HMAC in DTLS cookies
2022-03-23 13:05:24 +01:00
Paul Elliott
93ba3e3918
Add mbedtls_ssl_is_handshake_over() function
...
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-22 22:47:49 +00:00
Neil Armstrong
488a40eecb
Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-22 10:41:38 +01:00
Neil Armstrong
c0db7623ec
Also guard include of mbedtls/threading.h in ssl_cookie.h when USE_PSA_CRYPTO is set
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-22 10:38:58 +01:00
Jerry Yu
406cf27cb5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
b02ee18e64
replace use_psa_crypto with psa_crypto_c
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86
fix comments and style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
718a9b4a3f
fix doxgen fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
bc18c23531
Guard pk_sign_ext with PSA_CRYPTO_C
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
79c004148d
Add PSA && TLS1_3 check_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
8beb9e173d
Change prototype of pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
d69439aa61
add mbedtls_pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Paul Elliott
b9af2db4cf
Add accessor for timing final delay
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-21 15:26:19 +00:00
Przemek Stekiel
a677b5f6c7
Fix minor issues
...
- parameter name in function description
- test_suite_ecp.data: add new line at the end of file
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-21 09:49:40 +01:00
Przemek Stekiel
711d0f5e29
Add implemetation of ECP keypair export function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-18 13:52:26 +01:00
Gilles Peskine
750596e6d6
Improve documentation of MBEDTLS_PSA_CRYPTO_CONFIG
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-17 12:26:28 +01:00
Gilles Peskine
a02c124006
Document MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-17 12:26:28 +01:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection
...
TLS Cipher 2a: tickets: use PSA for protection
2022-03-17 09:50:09 +01:00
Gilles Peskine
08622b6dc7
Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
...
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.
Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.
This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
...
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Gilles Peskine
c50dec07b2
ChaCha20 (classic): Document that we only support 12-byte nonces
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-10 18:57:09 +01:00
Gilles Peskine
14d3554ff5
ChaCha20 (PSA): Document that we only support 12-byte nonces
...
Support for 8-byte nonces may be added in the future:
https://github.com/ARMmbed/mbedtls/issues/5615
Support for a 16-byte IV for ChaCha20 consisting of a 12-byte nonce and a
4-byte initial counter value may be added in the future:
https://github.com/ARMmbed/mbedtls/issues/5616
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-10 18:56:57 +01:00
Gabor Mezei
2a02051286
Use PSA in TLS ticket handling
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Glenn Strauss
9bff95f051
Adjust comment describing mbedtls_ssl_set_hs_own_cert()
...
mbedtls_ssl_set_hs_own_cert() is callable from the certificate selection
callback.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-03-10 04:45:27 -05:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Neil Armstrong
7cd0270d6c
Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-07 14:33:21 +01:00
Neil Armstrong
77b69ab971
Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 14:45:45 +01:00
Daniel Axtens
f071024bf8
Do not include time.h without MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac
Add PSA key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-04 10:20:20 +01:00
Przemek Stekiel
3f076dfb6d
Fix comments for conditional compilation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
...
Rename, move and refine PSA to mbedtls PK errors mappings
2022-03-03 13:30:29 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
...
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
Neil Armstrong
19915c2c00
Rename error translation functions and move them to library/pk_wrap.*
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-01 15:21:02 +01:00
Gilles Peskine
f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs
...
doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:45 +01:00
Gilles Peskine
0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development
...
Add check_config checks for AEAD
2022-02-28 17:07:48 +01:00
Glenn Strauss
0ebf24a668
Adjust comment describing mbedtls_ssl_conf_sni()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 17:31:49 -05:00
Neil Armstrong
3f9cef4547
Remove actual and use new PSA to mbedtls PK errors mapping functions
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 15:44:39 +01:00
Neil Armstrong
ea761963c5
Add specialized PSA to mbedtls PK/RSA error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 14:37:00 +01:00
Neil Armstrong
cd501f406e
Add specialized PSA to mbedtls PK/ECDSA error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 14:37:00 +01:00
Neil Armstrong
a3fdfb4925
Introduce new PSA to mbedtls PK error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel
6d3d18b2dc
psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code
...
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:27 +01:00
Gilles Peskine
57bf02bd58
ssl_conf_{min,max}_version documentation: update for 1.3 and improve
...
Mention that TLS 1.3 is supported, in addition to (D)TLS 1.2.
Improve and clarify the documentation. In particular, emphasise that the
minor version numbers are the internal numbers which are off by one from the
human numbers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00