Make use of ticket generation time and associated fields
conditional on MBEDTLS_HAVE_TIME, to avoid compile errors
on baremetal.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Test cases added to check curve parameters and information for each
curve supported. Expected parameters are taken from references: SEC 2
for NIST, RFC 5639 for Brainpool, and RFC 7748 for curve25519/curve448.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
In the new bignum files (bignum_core.c, bignum_mod_raw.c and
bignum_mod.c) the loop variables are declared in the loop head wherever
this change is beneficial.
There are loops where the loop variable is used after the end of the
loop (this might not be good practice, but that is out of scope for this
commit) and others where there are several loop variables and declaring
them there would hurt readability.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The modulus value won't change during normal operations, make this clear
in the struct and the function signatures.
This won't prevent the caller from modifying the passed buffer, but
might give a hint and reinforces the message of the documentation.
Signed-off-by: Janos Follath <janos.follath@arm.com>
- Instead of macros, use direct calculations for array sizes
- Move variable declarations closer to first use
Signed-off-by: Janos Follath <janos.follath@arm.com>
Skip reading if output pointer is NULL even if the length of the input buffer is 0.
The memory sanitizer will mark this as an error.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
These functions have full documentation in the header. Maintaing two
copies does not worth the effort and having an out of sync reduced
duplicate is not helpful.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This used to resize MPIs in the legacy interface, which is not
needed/possible as the new interface has fixed size MPIs.
Inlining this function makes the code easier to read and maintain, while
there is no obvious drawback to it.
Signed-off-by: Janos Follath <janos.follath@arm.com>
A null pointer dereference, or null pointer plus small offset, is a
clean runtime error in most environments. So it's not particularly
useful to protect against this.
While at it make a null pointer check that is actually necessary more
robust.
Signed-off-by: Janos Follath <janos.follath@arm.com>
- Made use of enums in struct and function declaration
- All enums are handled by switch case now
- If the switch does nothing on default, omit the default case to make
compiler warnings more powerful
- The two enums are now disjoint and the value 1 is skipped to make
mistakes easier to detect
Signed-off-by: Janos Follath <janos.follath@arm.com>
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Previously these tests depended on the definition from
inside the MD module, which in turn could be 32 or 64
bytes depending on whether MBEDTLS_SHA512_C was
defined. This is unnecessary, so a constant is itnroduced
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
