Commit graph

11239 commits

Author SHA1 Message Date
Gabor Mezei
908f40014c
Determine special cases in-place in the common Koblitz function
Remove parameter used by the special cases and check for special cases in-place.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-05 16:31:19 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Tom Cosgrove
501fb3abf3
Merge pull request #5894 from Xeenych/patch-1
Reduce RAM - move some variables to .rodata
2023-05-05 14:54:32 +01:00
Przemek Stekiel
837d2d1c5e mbedtls_psa_export_ffdh_public_key: return fixed key size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-05 12:33:46 +02:00
Valerio Setti
fc90decb74 pkwrite: removing unused/duplicated variables
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 12:30:40 +02:00
Valerio Setti
4f387ef277 pk: use better naming for the new key ID field
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
048cd44f77 pk: fix library code for using the new opaque key solution
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
e00954d0ed pk: store opaque key ID directly in the pk_context structure
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:57:26 +02:00
Przemek Stekiel
134cc2e7a8 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-05 10:13:47 +02:00
Manuel Pégourié-Gonnard
71f88ecc52
Merge pull request #6838 from jethrogb/jb/pkix-curdle
Read and write RFC8410 keys
2023-05-05 10:02:21 +02:00
Przemek Stekiel
e1621a460a mbedtls_psa_ffdh_generate_key: optimize code and return fixed key size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-05 09:53:37 +02:00
Arto Kinnunen
0f06618db0 AES: skip 192bit and 256bit key in selftest if 128bit_only enabled
This includes:
 - aes.c
 - cmac.c
 - gcm.c
 - nist_kw.c

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:59 +08:00
Arto Kinnunen
732ca3221d AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
Add configuration option to support 128-bit key length only
in AES calculation.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:38 +08:00
Minos Galanakis
b89440394f bignum_core: Removed input checking for mbedtls_mpi_core_shift_l
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-04 14:40:40 +01:00
Dave Rodgman
6dc62e682a
Merge pull request #7544 from tom-cosgrove-arm/use-mbedtls_ct_uint_if-rather-than-mbedtls_ct_cond_select_sign
Use mbedtls_ct_uint_if() rather than mbedtls_ct_cond_select_sign()
2023-05-04 12:23:30 +01:00
Jethro Beekman
cb706ea308 Silence bad "maybe unitialized" warning for ec_grp_id
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
cf4545e396 Fix unsued variable in mbedtls_pk_write_pubkey_der in certain configurations
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
13d415c4ed Only use mbedtls_ecc_group_of_psa if defined(MBEDTLS_ECP_LIGHT)
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
33a3ccd899 Fix bug in mbedtls_pk_wrap_as_opaque
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
8e59ebb2e4 Refactor EC SPKI serialization
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
2e662c6f97 Add comment about version 1 PKCS8 keys not containing a public key
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Manuel Pégourié-Gonnard
e4072c00c8
Merge pull request #7548 from jethrogb/jb/mbedtls_pem_write_buffer
mbedtls_pem_write_buffer: Correctly report needed buffer size for all possible line lengths and counts
2023-05-04 12:54:56 +02:00
Paul Elliott
b6432832d0
Merge pull request #7490 from paul-elliott-arm/test_ecp_mod_p448
[Bignum] Add unit tests for ecp_mod_p448
2023-05-04 11:39:44 +01:00
Kusumit Ghoderao
b9410e89b4 Fix failing CI
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-04 13:17:51 +05:30
Przemek Stekiel
8194285cf1 Fix parsing of authorityCertSerialNumber (use valid tags)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-03 16:19:16 +02:00
Jethro Beekman
746df88e90 mbedtls_pem_write_buffer: Correctly report needed buffer size for all possible line lengths and counts
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-03 15:30:49 +02:00
Kusumit Ghoderao
056f0c5047 Make output_byte return not_supported for pbkdf2
As output functionality is not added yet return PSA_SUCCESS for
now if inputs are passed correctly. If input validation fails
operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 17:33:27 +05:30
Manuel Pégourié-Gonnard
f57273c817
Merge pull request #7496 from valeriosetti/issue7480
Fix test gap in PK write: private (opaque) -> public
2023-05-03 12:39:49 +02:00
Andrzej Kurek
9c9880a63f Explicitly exit IPv4 parsing on a fatal error
This makes the function flow more readable.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-03 05:06:47 -04:00
Kusumit Ghoderao
f5fedf1e0d Add pbkdf2 to psa_key_derivation_abort
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:37 +05:30
Kusumit Ghoderao
3128c5d9ce Enable can_output_key with PSA_KEY_DERIVATION_INPUT_PASSWORD
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:37 +05:30
Kusumit Ghoderao
24b3895dee Add pbkdf2 input functions to psa_key_derivation_input_internal
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
f4fe3ee9e4 Add input password function for pbkdf2
Also adds PSA_KEY_DERIVATION_INPUT_PASSWORD case handling to
psa_key_derivation_check_input_type function

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
547a6c6fd1 add input salt function for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
944bba1e30 Add input cost function for pbkdf2
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
d132cacb38 Add pbkdf2_hmac to is_kdf_alg_supported()
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:35 +05:30
Kusumit Ghoderao
af0b534256 Add pbkdf2 to ATLEAST_ONE_BUILTIN_KDF definition
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:35 +05:30
Tom Cosgrove
e22413c8df Use mbedtls_ct_uint_if() rather than mbedtls_ct_cond_select_sign()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-03 09:44:01 +01:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Gilles Peskine
c70d9eab8a
Merge pull request #7412 from silabs-Kusumit/PBKDF2_implementation
PBKDF2: Implement input_integer
2023-05-02 20:41:23 +02:00
Valerio Setti
2d81499026 pk: fix position for mbedtls_platform_zeroize
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-02 15:45:39 +02:00
Valerio Setti
2c50526476 pk: fix: clear buffer holding raw EC private key on exit
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-02 15:45:39 +02:00
Andrzej Kurek
6f400a376e Disallow leading zeroes when parsing IPv4 addresses
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-01 06:23:42 -04:00
Aditya Deshpande
7b9934dcdd Add support for building p256-m alongside Mbed TLS with CMake.
Also check if p256-m is enabled in the config before including the contents of p256-m.c

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:55 +01:00
Aditya Deshpande
e41f7e457f Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
Przemek Stekiel
75095cce74 mbedtls_psa_ffdh_set_prime_generator: use switch instead if-else
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 14:20:27 +02:00
Przemek Stekiel
534105044c Add guards for psa_is_dh_key_size_valid
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 13:18:43 +02:00
Gilles Peskine
7351101704
Merge pull request #7502 from daverodgman/inline-clz
Fix VS2022 build error
2023-04-28 13:06:47 +02:00
Gilles Peskine
d2e1dd098c
Merge pull request #7499 from JonathanWitthoeft/development
Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
2023-04-28 12:45:32 +02:00
Przemek Stekiel
6d85afa0cc Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 11:42:17 +02:00
Dave Rodgman
914347bfa3 Don't explicitly inline mbedtls_mpi_core_clz
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-27 14:20:30 +01:00
Kusumit Ghoderao
a5376954ce Remove unrelated comment
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-27 16:57:24 +05:30
Przemek Stekiel
d1cf1bae5d Add function to validate dh key size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 12:04:21 +02:00
Przemek Stekiel
cf0156f3f3 mbedtls_psa_ffdh_generate_key: Fix random number generation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:12:39 +02:00
Przemek Stekiel
6fd72b687f Optimize code (if-else format, action on error)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:04:12 +02:00
Przemek Stekiel
9275d5d685 mbedtls_psa_ffdh_set_prime_generator: check if key size is equal and use sizeof
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:03:51 +02:00
Paul Elliott
47a3c82118 Enable curve 448 to be tested
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-04-26 22:23:13 +01:00
JonathanWitthoeft
9b265180cc
Make mbedtls_ecdsa_can_do definition unconditional
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 16:09:28 -05:00
JonathanWitthoeft
405ec94ea2
Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail

Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 16:09:28 -05:00
Dave Rodgman
3b29364d61 Fix VS2022 build error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-26 21:53:30 +01:00
Dave Rodgman
98062a7c5d
Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module
Add msvc support for AESCE
2023-04-26 21:27:08 +01:00
Tom Cosgrove
09d23786f6
Merge pull request #7429 from xkqian/bignumber_update_comments
Update links to references in bignum
2023-04-26 16:21:56 +01:00
Gabor Mezei
19c6f47dbc
Allocate the right amount of memory
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 15:22:11 +02:00
Gabor Mezei
fead53311b
Remove unused macro
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 15:20:01 +02:00
Gabor Mezei
03367fe42d
Ignore carry since it can not be generated
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:08:45 +02:00
Gabor Mezei
d2c0ba172c
Fix value in comment
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:08:44 +02:00
Gabor Mezei
7097447b84
Ensure input parameter size for Koblitz reduction
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:08:35 +02:00
Gabor Mezei
8183c5dcc3
Use core API in ecp_mod_koblitz()
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:03:29 +02:00
David Horstmann
9643575d92 Limit OIDs to 128 components
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 11:50:14 +01:00
Jerry Yu
db368dea88 fix clang test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-26 16:55:37 +08:00
Janos Follath
91a618375a
Merge pull request #7427 from minosgalanakis/ecp/7258_ecp_mod_p256K1_add_test_cases
ECP: Add Unit Tests for secp256k1
2023-04-26 08:52:24 +01:00
Przemek Stekiel
654bef0be0 Fix typos, comments, style, optimize macros
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
c829816fb6 psa_export_public_key_internal: add missing check for FFDH key type
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
a9ca13136c Move check of the key type to mbedtls_psa_key_agreement_ffdh
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
0dd746d998 Add psa_crypto_ffdh to build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
359f4625a3 Move FFDH layer to separate file
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
fedd134300 Add key generation for FFDH keys
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
fb3dd54b24 Add key agreement for FFDH keys
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
472b3f33b9 Add import/export of FFDH keys
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
f5b8f78ad7 authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 08:57:32 +02:00
Tom Cosgrove
10f40916eb
Merge pull request #7462 from daverodgman/clz_size_opt
clz size/perf optimisation
2023-04-26 07:06:30 +01:00
Jerry Yu
61c4cfa2a7 Add compiler version checks.
When `MBEDTLS_AESCE_C` enabled and the compiler
is not expected, we should raise error to user.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-26 13:06:01 +08:00
Dave Rodgman
2e863ecde9 Remove unnecessary if to save 16 bytes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-25 17:40:49 +01:00
Paul Elliott
d3fbbe55f7
Merge pull request #7448 from gabor-mezei-arm/7261_roll_loop_in_ecp_mod_koblitz
Roll up the loop in ecp_mod_koblitz()
2023-04-25 15:27:21 +01:00
Minos Galanakis
9c2c81f996 ecp_curves: Renamed ecp_mod_p256k1 -> mbedtls_ecp_mod_p256k1
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 13:30:59 +01:00
Minos Galanakis
d6751dcd8b ecp_curves: Added unit-tests for secp256k1
This patch introduces basic unit-testing for the `ecp_mod_p256k1()`.

The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 13:30:59 +01:00
Przemek Stekiel
aede2ad554 Optimize code (pake role type, freeing buffers)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 14:30:34 +02:00
Minos Galanakis
ec09e25251 bignum_core: Aligned xxx_core_shift_l to xxx_core_shift_r
This patch modifies the left-shift implementation to closely
align in interface and behaviour to the existing right-shift
method.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 12:23:34 +01:00
Minos Galanakis
ad808dd5f1 bignum_core: Extracted mbedtls_mpi_shift_l from prototype
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 12:23:33 +01:00
Przemek Stekiel
6e628a4e7b Add undfined role for ec j-pake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 13:11:36 +02:00
Jerry Yu
f015a93f98 Add msvc version document
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-25 10:38:03 +08:00
Jerry Yu
8f0e3d4c22 fix wrong compiler checks
- Add msc version check
- remove HAVE_ASM due to conflict with check_config

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-25 10:24:53 +08:00
Gilles Peskine
ad450d5a92
Merge pull request #7463 from valeriosetti/issue7460-part2
Pass pk_context pointer to PK wrappers instead of void pointer
2023-04-24 17:41:39 +02:00
Janos Follath
53c6553deb
Merge pull request #7450 from xkqian/bignumber_ecp_update
Update gen_prvkey_mx paras to align with comments and c code
2023-04-24 13:44:39 +01:00
Dave Rodgman
0f16d560aa Fix documentation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-24 12:53:45 +01:00
Przemek Stekiel
f4194944e8 Use do-while(0) format in macros
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 09:52:17 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Gabor Mezei
f921f4d228
Use loop for two passes in the reduction
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-21 14:09:06 +02:00
Dave Rodgman
bbf881053d Document undefined case. Clarify test code.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-21 12:54:40 +01:00
Dave Rodgman
880a6b34c2 Further size optimisation
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-20 11:52:55 +01:00
valerio
38992cb833 pk: pass pk_context pointer to wrappers intead of void one
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-20 12:02:34 +02:00
Jerry Yu
8b6df3fd76 fix msvc fail on embed assembly code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:37 +08:00
Jerry Yu
9db4b1f455 fix msvc type cast fail.
GCC needs the `cast` due to incompatible type error

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:36 +08:00
Jerry Yu
07d28d8598 Add msvc build for aesce module
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:36 +08:00
David Horstmann
861e5d2742 Change to using an alloc-realloc strategy
Allocate enough memory to guarantee we can store the OID, encode into
the buffer, then realloc and copy into a buffer of exactly the right
size.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-19 18:37:45 +01:00
Dave Rodgman
fe8a8cd100 Size/perf optimisation for mbedtls_mpi_core_clz
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-19 17:59:12 +01:00
Kusumit Ghoderao
a14ae5a0c9 Fix input_integer testing
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-19 14:16:26 +05:30
Xiaokang Qian
b92a2f6e7a Remove trailing whitespace from ecdsa.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-19 02:59:15 +00:00
Andrzej Kurek
90117db5dc Split a complex condition into separate ones
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 10:43:35 -04:00
Minos Galanakis
9d80879f90 ecp_curves: Introduced mbedtls_ecp_mod_p224k1()
This patch introduces a `MBEDTLS_STATIC_TESTABLE` helper
method which exposes `ecp_mod_p256k1()` to the test-framework

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-18 14:13:20 +01:00
Minos Galanakis
e5dab975c6 ecp_curves: Added unit-tests for secp224k1
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.

The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-18 14:13:20 +01:00
Andrzej Kurek
8bc2cc92b5 Refactor IPv6 parsing
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 07:26:27 -04:00
Janos Follath
3c3b94a31b
Merge pull request #7424 from gabor-mezei-arm/7256_unit_tests_for_p192k1
Add unit tests for ecp_mod_p192k1()
2023-04-18 12:19:40 +01:00
Andrzej Kurek
ea3e71fa37 Further refactor IPv4 parsing
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 05:54:50 -04:00
Xiaokang Qian
a089614cdf Update gen_prvkey_mx paras to align with comments and c code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-18 06:49:55 +00:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Przemek Stekiel
9a7a725ee7 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 16:06:57 +02:00
Przemek Stekiel
7921a03425 Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 12:32:06 +02:00
Andrzej Kurek
6cbca6dd42 Rename a variable in ipv4 and ipv6 parsing
Character was too elaborate.
p is used in other x509 code to step through data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:25:00 -04:00
Andrzej Kurek
0d57896f7e Refactor ipv6 parsing
Introduce new variables to make it more readable. Clarify the calculations a bit.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:31 -04:00
Andrzej Kurek
7f5a1a4525 Rename ipv6 parsing variables, introduce one new one
This way the names are more descriptive.
j was reused later on for calculation, 
num_zero_groups is used instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:23 -04:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:15 -04:00
Andrzej Kurek
13b8b780fe Improve x509_inet_pton_ipv4 readability
Introduce descriptive variable names.
Drop the table of tens.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:19:50 -04:00
Gabor Mezei
0a11ee6da8
Fix function declaration
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:48:06 +02:00
Gabor Mezei
1237a349ed
Use macro guard for function declaration
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:48:06 +02:00
Gabor Mezei
83669d910e
Add a testable function for ecp_mod_p192k1
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:44:37 +02:00
Xiaokang Qian
50fe36317a Update links in ecp.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:08:45 +00:00
Xiaokang Qian
637a2fe62c Update SEC1 link in ecdsa.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:07:51 +00:00
Xiaokang Qian
4704147717 Update SEC1 link in ecdh.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:07:23 +00:00
Glenn Strauss
b255e21e48 Handle endianness in x509_inet_pton_ipv6()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:43 -04:00
Glenn Strauss
6f545acfaf Add mbedtls_x509_crt_parse_cn_inet_pton() tests
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Glenn Strauss
416c295078 x509 crt verify local implementation to parse IP
x509 crt verify local implementation to parse IP
if inet_pton() is not portably available

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Glenn Strauss
c26bd76020 x509 crt verify SAN iPAddress
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Valerio Setti
0c477d32e2 test: include also test_suite_ecp for the coverage analysis
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
6c496a1553 solve disparities for ECP_LIGHT between ref/accel
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
5278986d2d psa: fix ECP guards for key derivation
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
3f8d23eaef pk_wrap: fix guards in eckey_check_pair to only include 1 option at build time
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
0d2980f117 pk: adapt to new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
fd122f4e95 ecp: introduce new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Dave Rodgman
22d9ff6d3c
Merge pull request #7353 from xkqian/tls13_fix_code_style
Improve code styles for tls13 related files
2023-04-11 09:18:22 +01:00
Gilles Peskine
5634f87d68
Merge pull request #7418 from xkqian/big_number_ecc_update_comment
Update SEC1 link in ecp.c
2023-04-11 09:34:07 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
Manuel Pégourié-Gonnard
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388
PK: use PSA to complete public key when USE_PSA is enabled
2023-04-11 09:09:06 +02:00
Xiaokang Qian
49f39c1e91 Fix the wrong debug _message function to _ret
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97 Update the todo comment of record size limits
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e Update group ext debug message in ssl_tls13_server.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
91bb3f0665 Wrap lines in library/ssl_tls13_client.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f Wrap lines which exceed 80 chars in ssl_tls13_server.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:14 +00:00
Xiaokang Qian
958b6ffe98 Wrap lines which exceed 80 chars in ssl_tls13_client.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:52 +00:00
Xiaokang Qian
7343738695 Wrap lines which exceed 80 chars in ssl_tls13_generic.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
Xiaokang Qian
123cde824c Improve code styles(line numbers) for tls13_key.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
Xiaokang Qian
669c7c35f0 Update SEC1 link in ecp.c
Old link doesn't work any more, update it to one
new link to refer version 2

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 07:36:35 +00:00
Pengyu Lv
e3746d7ce6 ssl_cache: Error renaming and document improvement
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-10 14:40:03 +08:00
Kusumit Ghoderao
3a18dee1e8 Fix unused variable warning
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-07 16:16:27 +05:30
Valerio Setti
520c0384e7 pkparse: fix return value
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 11:38:09 +02:00
Valerio Setti
1df94f841b pk: fix return codes' precedence and code style
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
2023-04-07 10:17:18 +02:00
Valerio Setti
9d65f0ef12 pk_wrap: simplify prototype of eckey_check_pair_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:53:17 +02:00
Valerio Setti
aad6306212 pkparse: fix guards position
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
4bf73ad83f pkparse: use proper sizing for buffer
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34 pkparse: add new function for deriving public key from private using PSA
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
f286664069 pk_wrap: minor code optimizations
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:37:46 +02:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation
TLS: TLS 1.2 / 1.3 version negotiation on server side
2023-04-06 16:26:19 +01:00
Janos Follath
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input
Prevent mpi_mod_write from corrupting the input
2023-04-06 15:56:28 +01:00
Janos Follath
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing
Test unlikely cases of ECC modular reduction
2023-04-06 15:55:19 +01:00
Kusumit Ghoderao
50e0e11213 Add key_derivation_input_integer function
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-06 17:47:25 +05:30
Ronald Cron
dad02b2bec tls13: srv: Fix comment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
fe01ec2d57 tls12: srv: Use sizeof() instead of constant
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d Use specific pointer to loop over proposed cipher suites
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:01 +02:00
Ronald Cron
eff5673e09 Improve and align variable names for supported versions data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3bd2b02486 Check for TLS 1.3 version first
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
b828c7d3de Fix, improve and add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6291b23080 tls: Add logic in handshake step to enable server version negotiation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
5af4c7f0e2 tls13: srv: Add detection to negotiate TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8c527d0be8 tls13: srv: Parse supported versions extension early
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
2f16b4ec66 tls13: srv: Postpone cipher suite selection
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
cada410365 tls13: srv: Postpone legacy session id copy
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d540d995b2 tls13: srv: Postpone client random copy
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6458239b36 tls13: srv: Move TLS version setting
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
47dce630f4 tls13: Add function to search for a supported_versions extension
Move in a dedicated function the search for the
supported_versions extension in a list of
extensions, to be able to use it on server side
as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Minos Galanakis
00bd8925a7 bignum: Removed merge scaffolding.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-05 16:13:11 +01:00
Przemek Stekiel
725688b143 Fix code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 22:49:44 +02:00
Przemek Stekiel
294ec1274d Remove redundant memory relase for authorityCertIssuer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
21903ec860 Fix after rebase
Handle manually functions that have been moved to different locations.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
4f3e7b934e Fix parsing of authorityCertIssuer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
75653b1df0 Add indication of extension error while parsing authority/subject key id
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
6ec839a1f9 x509_get_authority_key_id: add length check + test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
3520fe6fda Use MBEDTLS_ERROR_ADD() and tag macros
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
8a13866f65 Remove parsing of rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
a2939e8728 Remove duplicated function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
9a511c5bdf Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
db323aa241 Fix Subject Key Identifier, Authority Key Identifier entries in oid_x509_ext
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
62d8f84be2 Adapt mbedtls_x509_crt_free after rebase
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
toth92g
9232e0ad84 Adding some comments for easier understand
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
8d435a0c8b Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.
Also updated the x509_get_general_names function to be able to parse rfc822Names

Test are also updated according these changes.

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
d96027acd2 Correcting documentation issues:
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
  to avoid malfunction in case of trailing garbage

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Janos Follath
13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul
Bignum: extract core_mul from the prototype
2023-04-04 13:36:22 +01:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Valerio Setti
98680fc2ed ecp: revert changes to ECP module and test suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:22:59 +02:00
Valerio Setti
8eb552647f pk_wrap: fix sizing for private key buffer
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:20:53 +02:00
Gabor Mezei
d62605126d
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-03 17:32:55 +02:00
Valerio Setti
0fe1ee27e5 pk: add an alternative function for checking private/public key pairs
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.

Tests were also fixed accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 15:00:21 +02:00
Gabor Mezei
6f182c33a8
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:17:06 +02:00
Tom Cosgrove
6af26f3838
Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_mul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:16:00 +02:00
Hanno Becker
4ae890bbd0
Extract MPI_CORE(mul) from the prototype
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:10:34 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function
Add milliseconds platform time function
2023-03-31 11:47:37 +01:00
Ronald Cron
afbc7eda65 psa: Introduce PSA crypto core common symbols
When compiling some PSA core files of the
PSA cryptography repository, both the
Mbed TLS library and the PSA cryptography
core common.h are included and if they
define the same inline functions (same name),
the compilation fails.

Thus, inline functions prefixed by psa_crypto_
instead of mbedtls_ are defined in the
PSA cryptography core common.h header.

To ease the maintenance of the PSA cryptography
repository, introduce those symbols in Mbed TLS
as well and use them in PSA crypto core code
files instead of their Mbed TLS equivalent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Ronald Cron
fe8e135816 psa: Remove unnecessary headers
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:01:45 +02:00
Paul Elliott
03d557db35
Merge pull request #6900 from AndrzejKurek/san-dirname
Add support for directoryName subjectAltName
2023-03-30 18:37:26 +01:00
Janos Follath
54118a1720
Merge pull request #7352 from gabor-mezei-arm/6349_fix_merge
Remove obsolete ecp_fix_negative function
2023-03-30 14:48:13 +01:00
Andrzej Kurek
5f0c6e82fb Add missing deallocation of subject alt name
Since mbedtls_x509_get_name allocates memory
when parsing a directoryName, deallocation
has to be performed if anything fails in the
meantime.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:40:38 -04:00
Andrzej Kurek
bf8ccd8109 Adjust error reporting in x509 SAN parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
d40c2b65a6 Introduce proper memory management for SANs
DirectoryName parsing performs allocation that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
e12b01d31b Add support for directoryName subjectAltName
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Gabor Mezei
df9c029dd5
Remove obsolete ecp_fix_negative function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-28 18:43:07 +02:00
Valerio Setti
46423164c1 tls12_client: remove unnecessary parentheses
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
77a904c761 ssl: remove useless guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
9affb73e44 psa_crypto: fix guard for mbedtls_ecc_group_of_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
1fa5c56863 ssl_tls: fix guard symbols for EC accelerated tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Gabor Mezei
514806bbe9
Add a second round of carry reduction for P192 fast reduction
The first round of carry reduction can generate a carry so a
second round is needed.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-28 15:09:34 +02:00
Paul Elliott
f04848cc3b Revert "Add generated files"
This reverts commit df2b5da57f.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-27 21:20:52 +01:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Janos Follath
445c3bfcac
Merge pull request #7222 from minosgalanakis/bignum/6851_extract_Secp384r1_fast_reduction
Bignum:  Extract secp384r1 fast reduction from the prototype
2023-03-27 16:56:30 +01:00
Valerio Setti
ab9dc667ff psa_util: fix for correctly computing elements in array
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-27 11:25:10 -04:00
Gabor Mezei
2f73edbbc4
Prevent mpi_mod_write from corrupting the input
Allocate a working buffer to store the converted value needed for the
mpi_mod_write function.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-27 15:53:14 +02:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
4011eb49dc Fix entropy-related feature macros
Was causing testing disparities picked by analyze_outcomes.py

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5cd4b6403b Use MD-light in entropy.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Przemek Stekiel
256c75df90 Fix signed/unsigned comparison (windows compilation failure)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 14:09:34 +01:00
Przemek Stekiel
b175b146a2 Remove driver_pake_get_role function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Przemek Stekiel
e80ec0a9af Adapt J-PAKE built-in impl to use user/peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:12 +01:00
Minos Galanakis
f9fca53cb4 ecp_curves: Updated ecp_mod_p384_raw documentation
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-23 12:17:17 +00:00
Paul Elliott
df2b5da57f Add generated files
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:58:43 +00:00
Paul Elliott
db67e99bbf Bump library, libcrypto and libx509 versions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:57:39 +00:00
Valerio Setti
226f9b903f ssl_tls: fix guard in ssl_misc.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-23 09:28:51 +01:00
Pengyu Lv
5038a38695 ssl_cache: Return standard mbedtls error code
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-23 15:53:43 +08:00
Przemek Stekiel
656b2595fb psa_pake_input: validate buffer size using PSA_PAKE_INPUT_SIZE
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:05:52 +01:00
Minos Galanakis
68d64a10b6 ecp_curves: Re-introduced mbedtls_ecp_fix_negative()
This patch re-introduces `mbedtls_ecp_fix_negative` and
appropriately adjusts its' define guards.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-22 11:28:15 +00:00
Valerio Setti
080a22ba75 ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
0c8ec3983e ssl_tls: fix proper guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
90df310d89 ssl_tls13: fix guards for accel ECDH
These changes fix all failures found in test_suite_ssl

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Przemek Stekiel
1f778bcfd8 EC-JPAKE: remove limitation for user/peer (alow any value)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-22 09:52:08 +01:00
Minos Galanakis
37f4cb6d0e ecp_curves: Minor rework for p384
This patch adjusts formatting, documentation and testing.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:46:50 +00:00
Minos Galanakis
6fb105fb2e ecp_curves: Ported prototypes
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:41:26 +00:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
a946489efd X.509: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ebef58d301 OID + misc crypto: use MD_CAN and fix failures
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a5f04621bd PKCS5: use MD_CAN macros
sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
c1f10441e0 RSA: use MD_CAN macros
sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db RSA: always use MD light
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
52d02a85d3 PEM: use MD_CAN macros
sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1c2008fa37 PEM: always use MD light
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
b2eb1f7456 ECJPAKE: use MD_CAN macros
sed -i -f md.sed \
    library/ecjpake.c \
    include/medtls/ecjpake.h \
    tests/suites/test_suite_ecjpake.*

With md.sed as follows:

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e ECJPAKE: always use MD light
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Dave Rodgman
c5807a6fa8
Merge pull request #6918 from yuhaoth/pr/add-gcm-with-armv8-crypto-extension
Add GCM  with armv8 crypto extension
2023-03-20 14:45:14 +00:00
Valerio Setti
5d1f29e700 ssl_tls: fix guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Dave Rodgman
f918d42332 Tidy up ARMCE terminology
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:23 +00:00
Gilles Peskine
36b9e47eed Fix preprocessor conditional
This was intended as an if-else-if chain. Make it so.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:31:18 +01:00
Gilles Peskine
30e9f2a293 Finish sentence in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:29:58 +01:00
Manuel Pégourié-Gonnard
3831637e85 Handle dependency on ECP_C in ECC KDF
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:21:26 +01:00
Joakim Andersson
bb576febb2 psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
Fix psa_key_derivation_output_key not being able to derive ECC keys
without MBEDTLS_BUILTIN ECC key types enabled.
The PSA crypto drivers can generate these keys without requiring the
builtin key types.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-03-17 15:21:26 +01:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard
ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa
Implement MD dispatch to PSA
2023-03-17 09:42:40 +01:00
Janos Follath
c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction
Extract Secp256r1 fast reduction from the prototype
2023-03-16 19:43:25 +00:00
Gilles Peskine
9c682e724a AESNI: Overhaul implementation selection
Have clearly separated code to:
* determine whether the assembly-based implementation is available;
* determine whether the intrinsics-based implementation is available;
* select one of the available implementations if any.

Now MBEDTLS_AESNI_HAVE_CODE can be the single interface for aes.c and
aesni.c to determine which AESNI is built.

Change the implementation selection: now, if both implementations are
available, always prefer assembly. Before, the intrinsics were used if
available. This preference is to minimize disruption, and will likely
be revised in a later minor release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:21:33 +01:00
Gilles Peskine
0de8f853f0 Clean up AES context alignment code
Use a single auxiliary function to determine rk_offset, covering both
setkey_enc and setkey_dec, covering both AESNI and PADLOCK. For AESNI, only
build this when using the intrinsics-based implementation, since the
assembly implementation supports unaligned access.

Simplify "do we need to realign?" to "is the desired offset now equal to
the current offset?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:14:59 +01:00
Dave Rodgman
3ac99fdf07
Merge pull request #7301 from gilles-peskine-arm/msan-explicit_bzero
Fix Msan failure with explicit_bzero
2023-03-16 14:55:18 +00:00
Gilles Peskine
0f454e4642 Use consistent guards for padlock code
The padlock feature is enabled if
```
defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
```
with the second macro coming from `padlock.h`. The availability of the
macro `MBEDTLS_PADLOCK_ALIGN16` is coincidentally equivalent to
`MBEDTLS_HAVE_X86` but this is not meaningful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:58:46 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Gilles Peskine
148cad134a Fix unaligned access if the context is moved during operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:42 +01:00
Gilles Peskine
d0185f78c0 Fix typo in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:18 +01:00
Gilles Peskine
0cd9ab7107 Fix code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:06:14 +01:00
Gilles Peskine
a8d2ff3fdf Fix Msan failure with explicit_bzero
On some platforms, including modern Linux, Clang with Msan does not
recognize that explicit_bzero() writes well-defined content to its output
buffer. For us, this causes CMAC operations to fail in Msan builds when
mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 10:53:46 +01:00
Manuel Pégourié-Gonnard
f48b1f810e Rename internal function to something clearer
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
39a376a417 Finish removing HMAC from MD-light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
7abdf7eee5 Add utility function to check for drivers init
This will be used in the next commit.

While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
d8ea37f1a3 Add engine field to context structure
For multi-part operations, we want to make the decision to use PSA or
not only once, during setup(), and remember it afterwards. This supports
the introduction, in the next few commits, of a dynamic component to
that decision: has the PSA driver sub-system been initialized yet?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
12612e5ab4 Implement md over PSA
When MBEDTLS_MD_xxx_VIA_PSA is enabled (by mbdetls/md.h), route calls to xxx
over PSA rather than through the built-in implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00