Commit graph

12247 commits

Author SHA1 Message Date
Dave Rodgman
4eb44e4780 Standardise some more headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 12:15:12 +00:00
Dave Rodgman
ce38adb731 Fix header in ssl_tls13_keys.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 10:29:25 +00:00
Dave Rodgman
f8be5f6ade Fix overlooked files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Dave Rodgman
b06d701f56
Merge pull request #8406 from beni-sandu/aesni
AES-NI: use target attributes for x86 32-bit intrinsics
2023-10-30 17:01:06 +00:00
Tom Cosgrove
3857bad9a2
Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
2023-10-30 15:29:26 +00:00
Beniamin Sandu
800f2b7c02 AES-NI: use target attributes for x86 32-bit intrinsics
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
2023-10-27 17:02:22 +01:00
Valerio Setti
36fe8b9f4b psa_crypto_cipher: add guard for unused variable
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:13:33 +02:00
Valerio Setti
1e21f26d88 psa_crypto_cipher: add helper to validate PSA cipher values
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:13:33 +02:00
Valerio Setti
4a249828a8 psa_crypto_cipher: add mbedtls_cipher_values_from_psa()
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:

- mbedtls_cipher_values_from_psa() that performs parameters' validation and
  return cipher's values

- mbedtls_cipher_info_from_psa() which then use those values to return
  the proper cipher_info pointer. Of course this depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Valerio Setti
2c2adedd82 psa_crypto_aead: add guard for CIPHER_C dependency
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-27 09:12:06 +02:00
Bence Szépkúti
51328162e6
Merge pull request #8374 from sergio-nsk/sergio-nsk/8372/2
Fix compiling AESNI in Mbed-TLS with clang on Windows
2023-10-26 21:21:01 +00:00
Dave Rodgman
2db1e354e3
Merge pull request #8408 from daverodgman/iar-fix-aes
Fix MBEDTLS_MAYBE_UNUSED for IAR
2023-10-26 15:53:11 +00:00
Gilles Peskine
b3d0ed2e6e
Merge pull request #8303 from valeriosetti/issue6316
Add test component with all ciphers and AEADs accelerated only
2023-10-26 15:53:10 +00:00
Tom Cosgrove
257f6dd57d Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
Fixes #8422

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-10-26 14:04:34 +01:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
TLS 1.3: EarlyData SRV: Add early data extension parser.
2023-10-26 08:31:53 +00:00
Valerio Setti
bbc46b4cc2 cipher: improve code readibility in mbedtls_cipher_setup()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-26 09:00:21 +02:00
Dave Rodgman
d1c4fb07ee Support older IAR versions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-25 15:07:35 +01:00
Valerio Setti
79a02de79f cipher: check that ctx_alloc_func is not NULL before calling it
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-25 12:03:36 +02:00
Valerio Setti
a6c0761c43 cipher_wrap: fix guards for GCM/CCM AES
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-25 12:03:36 +02:00
Valerio Setti
e86677d0c3 pkparse: fix missing guards for pkcs5/12 functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-25 12:03:36 +02:00
Dave Rodgman
d69d3cda34
Merge pull request #8298 from daverodgman/sha-armce-thumb2
Support SHA256 acceleration on Armv8 thumb2 and arm
2023-10-24 21:23:15 +00:00
Dave Rodgman
f842868dd9 Fix MBEDTLS_MAYBE_UNUSED for IAR
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-24 14:18:38 +01:00
Dave Rodgman
514590210b Merge remote-tracking branch 'origin/development' into sha-armce-thumb2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-23 15:35:07 +01:00
Dave Rodgman
66d5512571 Remove dependency on asm/hwcap.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-23 15:12:32 +01:00
Dave Rodgman
bcb810252c
Merge pull request #8363 from daverodgman/iar-fixes-2
Stop IAR warning about goto skipping variable definition
2023-10-23 14:59:15 +01:00
Tom Cosgrove
235e361b6c
Merge pull request #8339 from lpy4105/issue/support-cpuid-for-win32
Support cpuid for win32
2023-10-23 10:43:39 +00:00
Manuel Pégourié-Gonnard
2bf0870e25
Merge pull request #7861 from mpg/cleanup-pk-parse
cleanup PK parse - part 1
2023-10-23 08:49:16 +00:00
Sergey Markelov
3898f10fed Fix #8372 - Error compiling AESNI in Mbed-TLS with clang on Windows
It can successfully compile w/ the clang options -maes -mpclmul.

Signed-off-by: Sergey Markelov <sergey@solidstatenetworks.com>
2023-10-18 20:24:39 -07:00
Gilles Peskine
6407f8fc54
Merge pull request #8322 from valeriosetti/issue8257
Improve location of MD_CAN macros
2023-10-18 14:31:28 +00:00
Gilles Peskine
f6f4695824
Merge pull request #8320 from valeriosetti/issue8263
Fix dependencies of mbedtls_pk_ec_ro and mbedtls_pk_ec_rw
2023-10-18 10:03:46 +00:00
Jerry Yu
b47b2990d6 fix various issues
- fix wrong typo
- remove redundant check
- remove psk mode tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-18 15:50:35 +08:00
Manuel Pégourié-Gonnard
c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064
Change accel_aead component to full config
2023-10-18 07:15:59 +00:00
Valerio Setti
2f00b7a5da cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard
745ec5d75e Fix static initializer warning
In a hypothetical build with no curves, or in the future when we add a
new curve type and possibly forget updating this function with a new
block for the new type, we write to `ret` at the beginning or the
function then immediately overwrite it with MPI_CHK(check_privkey),
which static analyzers understandably find questionable.

Use `ret` here and check the key only if it was actually set.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-17 10:13:45 +02:00
Dave Rodgman
2fde39a22c
Merge pull request #8283 from daverodgman/more-aes-checks
More AES guards testing and some fixes
2023-10-16 18:22:51 +00:00
Valerio Setti
9fc1f24331 md: restore md.h includes in source files directly using its elements
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 14:39:38 +02:00
Valerio Setti
74cb404b0d ssl: improve ssl_check_key_curve()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 13:40:50 +02:00
Valerio Setti
dcee98730b cipher_wrap: add VIA_LEGACY_OR_USE_PSA to new internal symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 11:35:57 +02:00
Valerio Setti
596ef6c0b1 cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 11:26:08 +02:00
Valerio Setti
0521633559 cipher: fix guards in mbedtls_cipher_auth_[encrypt/decrypt]_ext()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-16 11:22:21 +02:00
Manuel Pégourié-Gonnard
52e9548c22 Fix check for format supported by PSA
For non-Weierstrass curves there's only one format and it's supported.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
f1b7633443 Use clearer function name
I went for "may be" as I was thinking just checking the tag technically
does not guarantee that what follows is correct, but I was wrong:
according to ASN.1, when there are variants, the tag does distinguish
unambiguously between variants, so we can be more positive here.
(Whether the thing inside that variant is correct is a different
question.)

As a welcome side effect, this makes the name more standard hence more
readable.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
842ffc5085 Make code more robust
Using return here is only correct if we know that group_load() is atomic
(either succeeds, or allocates no ressources). I'm not sure it is, and
even if it were, goto exit is more obviously correct, so let's use that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
94cf1f82ad Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
564bc1bb96 Fix limitation in checking supported alg in pk_sign
The recent changes in pkparse made it so ECDSA (deterministic or not) is
set as the secondary alg and ECDH the first one. This broke the wrapper
in pk_wrap as it was only checking the first alg when deciding whether
to use deterministic or not. The wrapper should not have unnecessary
requirements on how algs are set up, so make the check more flexible.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
53d3e40a21 Fix unused warnings in dummy definition
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
12ea63a5f7 Abstract away MBEDTLS_PK_PARSE_EC_EXTENDED
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
fac9819edc Fix and document return of pk_ecc_set_pubkey()
One of the calling site needs to distinguish between "the format is
potentially valid but not supported" vs "other errors", and it uses
MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
ff72ea9d51 Rework pk_ecc_set_pubkey()
- Fix the logic around format: we were just assuming that if the format
was not compressed, it was uncompressed, but it could also have been
just invalid.
- Remove redundant length check: the fallback does its own checks.
- Remove set_algorithm() that's not needed and introduced a depencency
on ECDSA.
- Some style / naming / scope reduction.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-16 10:27:22 +02:00