Andrzej Kurek
1bc7df2540
Add documentation and a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
67fdb3307d
Add a possibility to write subject alt names in a certificate
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 11:45:36 -04:00
Andrzej Kurek
1a75269589
Move mbedtls_x509_san_list to x509.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 11:45:36 -04:00
Manuel Pégourié-Gonnard
b1c0afe484
Merge pull request #7595 from valeriosetti/deprecate_pk_ec
...
Set mbedtls_pk_ec() as internal function when ECP_C is not defined
2023-05-17 12:27:03 +02:00
Valerio Setti
3f00b84dd1
pk: fix build issues
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 12:57:06 +02:00
Valerio Setti
77a75685ed
pk: align library and tests code to the new internal functions
...
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
the legacy version of that function is available in that
case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:18:46 +02:00
Valerio Setti
229bf1031f
pk: make mbedtls_pk_ec internal when !ECP_C
...
mbedtls_pk_ec() is not an ideal function because:
- it provides direct access to the ecp_keypair structure wrapped
by the pk_context and
- this bypasses the PK module's control
However, since for backward compatibility, it cannot be deprecated
immediately, 2 alternative internal functions are proposed.
As a consequence:
- when ECP_C is defined, then the legacy mbedtls_pk_ec is available
- when only ECP_LIGHT is defined, but ECP_C is not, then only the
new internal functions will be available
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:13:55 +02:00
Fredrik Hesse
cc207bc379
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Manuel Pégourié-Gonnard
1d046fa0dd
Merge pull request #6010 from mprse/ffdh_import_export
...
FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
2023-05-10 11:40:54 +02:00
Gilles Peskine
8d42cfddd6
Merge pull request #7539 from gilles-peskine-arm/mbedtls_error_pair_t-smaller
...
Halve size of mbedtls_error_pair_t
2023-05-09 15:55:51 +02:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Gilles Peskine
4837e9d1c0
Correct comment about mbedtls error codes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-07 20:27:13 +02:00
Valerio Setti
92da2a79aa
pk: improve description for the next opaque ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 12:31:23 +02:00
Valerio Setti
4f387ef277
pk: use better naming for the new key ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
e00954d0ed
pk: store opaque key ID directly in the pk_context structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:57:26 +02:00
Jethro Beekman
0167244be4
Read and write X25519 and X448 private keys
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Przemek Stekiel
746dfaea3f
Enable FFDH through PSA if it's enabled in the legacy interface
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-04 09:14:08 +02:00
Gilles Peskine
b567f8326d
Halve size of mbedtls_error_pair_t
...
All PSA crypto error codes fit comfortably in 16 bits and we have no plans
to ever change this. So use 16 bits to store them, which reduces
mbedtls_error_pair_t from 8 bytes to 4 bytes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-02 21:40:07 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
...
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Manuel Pégourié-Gonnard
8e076e4132
Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle
...
Document (with examples) how to integrate a third-party driver with Mbed TLS
2023-05-02 12:13:42 +02:00
Manuel Pégourié-Gonnard
f317df98ea
Merge pull request #7461 from valeriosetti/issue7460-part1
...
Fixing USE_PSA_INIT/DONE in SSL/X509/PK test suites
2023-05-02 10:44:13 +02:00
Aditya Deshpande
f100f00679
Add warnings to documentation stating that p256-m code may be out of date with upstream, plus other minor grammatical fixes.
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
bac592d53e
Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f
Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
...
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
Przemek Stekiel
4ce523256b
Fix definition of PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (ECC vs FFDH max)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 13:40:34 +02:00
Przemek Stekiel
eb511a4495
Update config files to make PSA FFDH undependent on MBEDTLS_DHM_C
...
To enable support for FFDH in PSA MBEDTLS_USE_PSA_CRYPTO needs to be enabled.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 13:20:16 +02:00
Przemek Stekiel
6d85afa0cc
Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 11:42:17 +02:00
Przemek Stekiel
5357a7a6d9
Use PSA_MAX_OF_THREE in PSA_EXPORT_KEY_PAIR_MAX_SIZE
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:22:36 +02:00
Dave Rodgman
98062a7c5d
Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module
...
Add msvc support for AESCE
2023-04-26 21:27:08 +01:00
Przemek Stekiel
654bef0be0
Fix typos, comments, style, optimize macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
87d9a4a30c
Provide PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY configuration
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
ed23b61020
Adapt size macros for FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
84ee3e2921
Adapt config files for FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Jerry Yu
a1a039dba6
Improve minimum compiler versions document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-26 10:21:42 +08:00
Przemek Stekiel
aede2ad554
Optimize code (pake role type, freeing buffers)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 14:30:34 +02:00
Przemek Stekiel
6e628a4e7b
Add undfined role for ec j-pake
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 13:11:36 +02:00
Jerry Yu
f015a93f98
Add msvc version document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-25 10:38:03 +08:00
valerio
cf35d774fe
doc: update USE_PSA_CRYPTO description
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 13:47:18 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
...
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Jerry Yu
a7d454cec2
Remove unnecessary check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:38 +08:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
...
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function
...
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
2023-04-17 15:41:25 +02:00
Przemek Stekiel
7921a03425
Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 12:32:06 +02:00
harshal.patil
8c77644906
ecdsa: fix -missing-prototypes
warning when MBEDTLS_ECDSA_SIGN_ALT
is defined
...
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.
Signed-off-by: harshal.patil <harshal.patil@espressif.com>
2023-04-17 12:53:00 +05:30
Manuel Pégourié-Gonnard
ed5998cd7d
Merge pull request #7422 from valeriosetti/remove-psa-have-full-symbols
...
Remove PSA_HAVE_FULL_xxx symbols
2023-04-17 09:19:00 +02:00
Stephan Koch
48fba6fbac
Fix so that PSA_WANT_ALG_DETERMINISTIC_ECDSA implies PSA_HAVE_FULL_ECDSA.
...
Signed-off-by: Stephan Koch <koch@oberon.ch>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-14 13:41:10 +02:00
Glenn Strauss
c26bd76020
x509 crt verify SAN iPAddress
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Valerio Setti
6b006c126b
remove KEY_TYPE_ECC_PUBLIC_KEY unnecessary requirement
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 12:02:19 +02:00
Valerio Setti
6c496a1553
solve disparities for ECP_LIGHT between ref/accel
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
151bdf9668
build_info: fixed comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00