Commit graph

5382 commits

Author SHA1 Message Date
Jerry Yu
a270f67340 Add tls13 session fields
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
0038c5ff1c Add ticket nonce setting
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function.
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
1f7f7172dc Document existing dependency of MD_C
Trying to compile MD_C without any of the hash modules would result in a
bunch of unused parameter warning (hence errors in -Werror builds).

We could silence those warnings by casting the parameters to void, but
still, compiling the module in such a configuration would mean all of
its functions are useless (always returning an error).

Seems better to just document the dependency.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:20 +02:00
Ronald Cron
d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
2022-07-18 11:34:24 +02:00
Paul Elliott
0b5f4950cc
Merge pull request #5953 from tuvshinzayaArm/update-document-PSA_ALG_RSA_PSS
Update documentation of PSA_ALG_RSA_PSS
2022-07-14 10:40:21 +01:00
Jerry Yu
e19e3b9eb8 Add psk_key_exchange_modes parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:35 +00:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Manuel Pégourié-Gonnard
bab73ab842 Loosen guards in mbedtls_psa_translate_md()
Depending only of our software implementation was too strict. The
function can be useful when only the PSA implementation is available,
since oftentimes the algorithm will still be expressed as an md_type for
legacy reasons.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
46a295422d Build and test RSA PKCS#1v1.5 without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
3f4778995e Rm dependency on MD in psa_crypto_rsa.c
The previous commit made the PKCS#1v1.5 part of rsa.c independent from
md.c, but there was still a dependency in the corresponding part in PSA.
This commit removes it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
fe2b9b5397 Make mbedtls_oid_get_md_alg() always available
This is a step towards building with RSA PKCS#1v1.5 without MD.

Also loosen guards around oid data: the OID definitions clearly don't
depend on our software implementation.

We could simply have no dependency as this is just data. But for the
sake of code size, let's have some guards so that people who don't use
MD5, SHA1 or RIPEMD160 don't have to pay the price for them.

Note: this is used for RSA (PKCS#v1.5) signatures among other things, an
area that is not influenced by USE_PSA, so the guards should not depend
on it either.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
b86279fc63 Build and test PK without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Manuel Pégourié-Gonnard
3e83098e01 Clarify the TLS 1.3 situation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard
ff43ff6e78 Remove stability waiver from USE_PSA
It was initially motivated by the fact that the PSA Crypto APIs
themselves were not stable. In the meantime, PSA Crypto has reached
1.0.0 so this no longer applies.

If we want user to be able to fully benefit from PSA in order to
isolate long-term secrets, they need to be able to use the new APIs with
confidence. There is no reason to think those APIs are any more likely
to change than any of our other APIs, and if they do, we'll follow the
normal process (deprecated in favour of a new variant).

For reference, the APIs in question are:

mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS

mbedtls_ssl_conf_psk_opaque()   // for PSA-held PSKs in TLS
mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS

mbedtls_cipher_setup_psa() (deprecated in 3.2)
mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206
Documentation about storage format compatibility
2022-07-01 12:21:17 +02:00
Gilles Peskine
0bd76ee2ed Fix Doxygen documentation attached to non-existent elements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 19:32:02 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:01:40 +02:00
Ronald Cron
bcde39ca4a
Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options
Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3

Fully validated by the internal CI. No need to wait for the open one.
2022-06-30 15:10:02 +02:00
Manuel Pégourié-Gonnard
31fcfd5632
Merge pull request #5981 from mprse/hkdf_config_fix
Add comment to config_psa.h about enabling PSA_HKDF/-EXTRACT/-EXPAND
2022-06-30 11:27:16 +02:00
Tom Cosgrove
afb2fe1acf Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-06-29 16:36:12 +01:00
Werner Lewis
6d71944f0d Specify unit for rk_offset in AES context
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Gilles Peskine
955993c4b5 For status values, the macro expansions must not change either
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-29 14:37:17 +02:00
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
2022-06-29 09:47:49 +02:00
Gilles Peskine
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development
Changelog improvements before the 3.2 release
2022-06-28 21:00:10 +02:00
Glenn Strauss
999ef70b27 Add accessors to config DN hints for cert request
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-28 12:43:59 -04:00
Neil Armstrong
9f4606e6d2 Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
0c9c10a401 Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:10:48 +02:00
Gabor Mezei
f7044eaec8
Fix name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 16:01:49 +02:00
Summer Qin
9f2596f387 Add MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed
when PSA_WANT_ALG_CHACHA20_POLY1305 is defined

Signed-off-by: Summer Qin <summer.qin@arm.com>
2022-06-28 17:56:27 +08:00
Glenn Strauss
01d2f52a32 Inline mbedtls_x509_dn_get_next() in x509.h
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-27 14:20:07 -04:00
Przemek Stekiel
18399d8d53 Add comment to config_psa.h about enabling PSA_HKDF/PSA_HKDF_EXRACT/PSA_HKDF_EXPAND algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 15:36:06 +02:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
4cfaae5b6b Save code size by calling get_type only once
This is an external function, so in the absence of link-time
optimisation (LTO) the compiler can't know anything about it and has to
call it the number of times it's called in the source code.

This only matters for pk_ec, but change pk_rsa as well for the sake of
uniformity.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-23 09:43:39 +02:00
Gabor Mezei
7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Przemek Stekiel
b33bd19197 Enable HKDF EXTRACT/EXPAND algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 09:58:51 +02:00
Manuel Pégourié-Gonnard
22e84de971 Improve contract of mbedtls_pk_ec/rsa()
Trusting the caller to perform the appropriate check is both risky, and
a bit user-unfriendly. Returning NULL on error seems both safer
(dereferencing a NULL pointer is more likely to result in a clean crash,
while mis-casting a pointer might have deeper, less predictable
consequences) and friendlier (the caller can just check the return
value for NULL, which is a common idiom).

Only add that as an additional way of using the function, for the sake
of backwards compatibility. Calls where we know the type of the context
for sure (for example because we just set it up) were legal and safe, so
they should remain legal without checking the result for NULL, which
would be redundant.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
1c91b0c434 Clarify warning about mbedtls_pk_ec/rsa()
The previous wording "ensure it holds an XXX" context did not mean
anything without looking at the source.

Looking at the source, the criterion is:
- for mbedtls_pk_rsa(), that the info structure uses rsa_alloc_wrap;
- for mbedtls_pk_ec(), that it uses eckey_alloc_wrap or
ecdsa_alloc_wrap, since mbedtls_ecdsa_context is a typedef for
mbedtls_ecp_keypair. (Note that our test code uses mbedtls_pk_ec() on
contexts of type MBEDTLS_PK_ECDSA.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:29 +02:00
Gilles Peskine
4b873874a3 Backward compatibility: the key store with drivers
Promise that we will try to keep backward compatibility with basic driver
usage, but not with more experimental aspects.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:50:09 +02:00
Gilles Peskine
98473c4523 Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:46:22 +02:00
Gilles Peskine
7973399f7b Add compatibility notes regarding values embedded in the key store
Certain numerical values are written to the key store. Changing those
numerical values would break the backward compatibility of stored keys. Add
a note to the affected types. Add comments near the definitions of affected
values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:41:20 +02:00
Gilles Peskine
f070a5e5d5 Document how PSA identifiers are generally constructed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:40:45 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
2022-06-20 15:27:46 +02:00
Werner Lewis
2f1d51070c Fix incorrect param in function declaration
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-20 11:48:35 +01:00
Werner Lewis
b3acb053fb Add mbedtls_x509_dn_get_next function
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Tuvshinzaya Erdenekhuu
44baacd089 Update documenation of PSA_ALG_RSA_PSS
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-06-17 12:10:35 +01:00
Gilles Peskine
9b3278b263 Doc: the SHA256/SHA512 options also cover SHA224/SHA384
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-09 19:09:38 +02:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
73f97d4841 PSA_ALG_HKDF: add salt processing warning
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-03 16:18:09 +02:00
Przemek Stekiel
459ee35062 Fix typo and style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-02 11:16:52 +02:00
Thomas Daubney
979aa49d1c Add accessor for x509 certificate extension types
Add accessor for x509 certificate extension types

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:22:14 +01:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Janos Follath
07c2e5e6d5
Merge pull request #5860 from superna9999/4745-psa-jpake-api-fixes
PSA J-PAKE API has missing elements and confusing documentation
2022-05-31 08:27:32 +01:00
Jerry Yu
4dec0e5329 fix state undeclare error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Neil Armstrong
ccffab38a3 Remove linkage documentation on PAKE cipher-suite helpers
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-30 15:49:21 +02:00
Dave Rodgman
52625b739e
Merge pull request #5876 from tom-cosgrove-arm/fix-typos-220526
Fix spelling and typographical errors found by cspell
2022-05-30 11:35:55 +01:00
Janos Follath
1bc0ca4ed3
Merge pull request #5875 from Summer-ARM/mbedtls-psa-crypto-config
Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h
2022-05-30 09:41:48 +01:00
Neil Armstrong
5ed8a0ec73 Overall PSA PAKE API style issues fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-27 09:47:53 +02:00
Neil Armstrong
5892aa69e3 Fix typo in PSA_ALG_JPAKE documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-27 09:44:47 +02:00
Tom Cosgrove
1e21144194 Fix spelling and typographical errors found by cspell
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-05-26 11:51:00 +01:00
Summer Qin
f0b4253c68 Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h
Signed-off-by: Summer Qin <summer.qin@arm.com>
2022-05-26 09:38:33 +08:00
XiaokangQian
6b916b1616 Add client certificate parse and certificate verify
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:40:53 +00:00
Neil Armstrong
ef15751f08 PSA PAKE API typos in documentation fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:49:45 +02:00
Neil Armstrong
72ab56a1fe Overall PSA PAKE API style issues fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:48:37 +02:00
Neil Armstrong
eb93a6f1d8 Use PSA_ALG_NONE in PSA_PAKE_OPERATION_INIT to init psa_algorithm_t
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:41:05 +02:00
Neil Armstrong
2056ce5111 Fix PSA_PAKE_OUTPUT_MAX_SIZE/PSA_PAKE_INPUT_MAX_SIZE commment about parameters to PSA_PAKE_OUTPUT_SIZE/PSA_PAKE_INPUT_SIZE
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-25 11:38:15 +02:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Neil Armstrong
b2f2b027c2 Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 12:00:56 +02:00
Neil Armstrong
e9b4581b16 Clarify BAD_STATE return documentation on bad ordering of input and output steps for psa_pake_input() & psa_pake_output()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
0d24575ad0 Clarify BAD_STATE return documentation of psa_pake_set_peer()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
59fa8ee090 Update return documentation of psa_pake_abort()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
97d74b8abb Update return documentation of psa_pake_get_implicit_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
407b27b516 Update return documentation of psa_pake_input()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
664077e3ae Update return documentation of psa_pake_output()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
2a6dd9c2a8 Rename & update documentation of function, types, and macros for psa_pake_set_role() and associated
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:52:30 +02:00
Neil Armstrong
16ff788f9d Update return documentation of psa_pake_set_peer()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
3585168259 Update return documentation of psa_pake_set_user()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
71cae6121d Update return documentation of psa_pake_set_password_key()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
4721a6f33e Update return documentation of psa_pake_setup()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
1614537697 Fix password wording in PSA_ALG_JPAKE documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
7bc71e9c04 Fix output_size documentation of psa_pake_output()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
cd974d590b Fix return documentation of PSA_PAKE_OUTPUT_SIZE
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
d5a4825b84 Add missing psa_pake_cs_get_bits()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
ff9cac72e7 Add missing psa_pake_cs_get_family()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
0c8ef93c8e Add missing psa_pake_abort()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
799106b441 Pass input as const reference and fix documentation of psa_pake_input()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:22 +02:00
Neil Armstrong
47e700e7de Pass cipher_suite parameter of psa_pake_setup() by const reference
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:51:20 +02:00
Neil Armstrong
0151c55b56 Add documentation of PSA_PAKE_OPERATION_INIT
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:58 +02:00
Neil Armstrong
5ff6a7fa97 Add missing psa_pake_cipher_suite_init()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 11:50:57 +02:00
Neil Armstrong
fb99302726 Add missing PSA_PAKE_CIPHER_SUITE_INIT
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 10:45:01 +02:00
Neil Armstrong
a724f7ae17 Document mbedtls_pk_can_do_ext() return for non-allowed algorithms and usage flags
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:28:12 +02:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Przemek Stekiel
b398d8693f Update descryption of HKDF-Extract/Expand algs and fix comment
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-18 15:43:54 +02:00
Neil Armstrong
408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
cec133a242 Fix typo in mbedtls_pk_can_do_ext() documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:01 +02:00
Manuel Pégourié-Gonnard
1cd4f6a873
Merge pull request #5794 from mprse/cipher_dep
Fix undeclared dependencies: CIPHER
2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard
4014a0408e
Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector
PSA: ChaCha20: add RFC 7539 test vector with counter=1
2022-05-12 12:34:20 +02:00
Neil Armstrong
0b5295848e Add definition of mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-12 11:53:02 +02:00
Przemek Stekiel
a09f835bd8 Fix CIPHER dependencies dependeny and error messages
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
ea805b4f20 mbedtls_config.h, check_config.h: fix CIPHER dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Dave Rodgman
58f591526e
Merge pull request #5732 from daverodgman/warmsocks_spellingfixes
Fixed spelling and typographical errors found by CodeSpell
2022-05-12 09:26:29 +01:00
Manuel Pégourié-Gonnard
34f6ac7c22
Merge pull request #5812 from adeaarm/development
Fix key_id and owner_id accessor macros
2022-05-12 10:25:02 +02:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Przemek Stekiel
ebf6281ce6 crypto_values.h: fix description
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-11 14:16:05 +02:00
Przemek Stekiel
6b6ce3278e Add definitions for HKDF-Extract and HKDF-Expand algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-10 12:38:27 +02:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Przemek Stekiel
6e71282c87 Fix caller list of the MD module
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:40:20 +02:00
Przemek Stekiel
ef1fb4a3d3 Deprecate mbedtls_cipher_setup_psa()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 10:55:10 +02:00
Antonio de Angelis
6729474fbb Fix key_id and owner_id accessor macros
The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t
need to have the MBEDTLS_PRIVATE() specifier as these fields are private

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2022-05-05 18:45:31 +01:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
501c93220d Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
f21617915f
Merge pull request #2082 from hanno-arm/iotssl-2490
Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
2022-04-28 18:13:55 +02:00
Neil Armstrong
a1fc18fa55 Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Przemek Stekiel
bc3cfed43e check_config.h: Add MBEDTLS_MD_C dependency MBEDTLS_PKCS12_C, MBEDTLS_PKCS1_V15, MBEDTLS_PKCS1_V21, MBEDTLS_PK_C
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-27 14:49:13 +02:00
Przemek Stekiel
6aadf0b44f mbedtls_config.h: update dependencies for MBEDTLS_MD_C
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-27 14:49:13 +02:00
Gilles Peskine
efffd6410a Note that MBEDTLS_CONFIG_FILE can't be defined inside the config file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-26 18:16:33 +02:00
Manuel Pégourié-Gonnard
8ba99e736a Clarify wording of documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:47 +02:00
Hanno Becker
2b9fb88281 Clarify documentation of mbedtls_x509_crt_profile
This commit fixes #1992: The documentation of mbedtls_x509_crt_profile
previously stated that the bitfield `allowed_pks` defined which signature
algorithms shall be allowed in CRT chains. In actual fact, however,
the field also applies to guard the public key of the end entity
certificate.

This commit changes the documentation to state that `allowed_pks`
applies to the public keys of all CRTs in the provided chain.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-25 11:17:15 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
70701e39b5
Merge pull request #5726 from mprse/mixed_psk_1_v2
Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)
2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard
90c70146b5
Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign
RSA-PSS sign 1: PK
2022-04-21 17:11:18 +02:00
Przemek Stekiel
7f1c89d1d4 Provide other_secret, other_secret_length fields if MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS is defined
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-21 11:53:57 +02:00
Neil Armstrong
23143dca2a Update mbedtls_pk_wrap_as_opaque() public documentation for RSA & RSA-PSS
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 11:33:54 +02:00
XiaokangQian
0a1b54ed73 Minor change the place of some functions
Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-21 03:01:38 +00:00
XiaokangQian
75d40ef8cb Refine code base on review
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side

Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 11:05:24 +00:00
XiaokangQian
0803755347 Update code base on review comments
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes

Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:50:14 +00:00
XiaokangQian
8f9dfe41c0 Fix comments about coding styles and test cases
Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
217d699d85 Fix Doxygen marks
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:28:51 +02:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
6d187afd8d psa_crypto does not support XTS
The cipher module implements XTS, and the PSA API specifies XTS, but the PSA
implementation does not support XTS. It requires double-size keys, which
psa_crypto does not currently support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00