This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.
In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).
Changes in this commit:
* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
generate_psa_constant_names).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Also fiixed the following merge problems:
crypto_struct.h : Added MBEDTLS_PRIVATE to psa_aead_operation_s
members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
call (change of API during development)
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
The API reached 1.0.0 some time ago, and we've caught up with the
incompatible changes already.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This was already documented for mbedtls_md_info_t. Also document it for
mbedtls_pk_info_t (where it's fairly obvious since the structure is not
defined in a public header) and for mbedtls_cipher_info_t (where it's not
obvious since the structure is defined in a public header).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The structures mbedtls_x509_time, mbedtls_x509_crl_entry, mbedtls_x509_crl,
mbedtls_x509_crt, mbedtls_x509_san_other_name,
mbedtls_x509_subject_alternative_name, mbedtls_x509_csr are designed to
expose the result of parsing X.509 data. Document many of their fields as
being publicly readable.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The structures mbedtls_asn1_buf, mbedtls_asn1_bitstring,
mbedtls_asn1_sequence and mbedtls_asn1_named_data are designed to allow
access to data after parsing. Make their fields public.
Document that chaining fields are essentially read-only.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
On platforms with BSD-like sockets, it is useful for applications to have
access to the underlying file descriptor so that they can use functions like
select() and poll().
Do not promise that the field will exist on other platforms such as
Windows (where the type and name of the field are technically wrong because
Windows socket handles are actually not file descriptors).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add functions to read the type, mode, name and key_bitlen fields from
mbedtls_cipher_info_t. These are the fields that applications are most
likely to care about.
TLS code also uses iv_size and block_size, which it might make sense to
expose, but most applications shouldn't need those, so I'm not exposing them
for now.
Call the new functions in unit tests, so they're at least smoke-tested.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The whole point of this structure is to provide information, both for the
library's own sake and to applications.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Conflicts:
library/ccm.c
Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
