mbedtls

Author	SHA1	Message	Date
Gilles Peskine	091a85a762	Promise mbedtls_ecp_read_key doesn't overwrite the public key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Gilles Peskine	ba5b5d67aa	Support partial export from mbedtls_ecp_keypair Sometimes you don't need to have all the parts of a key pair object. Relax the behavior of mbedtls_ecp_keypair so that you can extract just the parts that you need. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Gilles Peskine	e6886102ef	New function mbedtls_ecp_keypair_get_group_id Add a simple function to get the group id from a key object. This information is available via mbedtls_ecp_export, but that function consumes a lot of memory, which is a waste if all you need is to identify the curve. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Valerio Setti	6d3a68162c	check_config: remove CIPHER_C requirement for PKCS[5/12] Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-21 16:40:03 +01:00
Valerio Setti	a69e872001	pkcs[5/12]: add CIPHER_C for [en/de]crypting functions This commit also updates corresponding test suites. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-21 16:39:04 +01:00
Waleed Elmelegy	049cd302ed	Refactor record size limit extension handling Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-20 17:28:31 +00:00
Tomi Fontanilles	851d8df58d	fix/work around dependency issues when !MBEDTLS_ECP_C Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>	2023-12-20 13:09:27 +02:00
Tomi Fontanilles	bad170e159	pk: remove last references to MBEDTLS_PSA_CRYPTO_C They are replaced by MBEDTLS_USE_PSA_CRYPTO. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>	2023-12-20 12:59:57 +02:00
Tomi Fontanilles	8174662b64	pk: implement non-PSA mbedtls_pk_sign_ext() This makes the function always available with its its implementation depending on MBEDTLS_USE_PSA_CRYPTO. Related dependencies and tests are updated as well. Fixes #7583. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>	2023-12-20 12:59:57 +02:00
Tomi Fontanilles	a70b3c24f6	rsa: minor comment/guard improvements This brings some improvements to comments/ function prototypes that relate to PKCS#1. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>	2023-12-20 12:59:57 +02:00
Valerio Setti	689c0f71cb	tests: use new CCM/GCM capability macros in tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-20 09:54:18 +01:00
Valerio Setti	bfa675fe48	adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-20 09:52:08 +01:00
Gilles Peskine	1a9e05bf08	Note that domain parameters are not supported with drivers Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-19 12:23:22 +01:00
Gilles Peskine	5ad9539363	Remove DSA and DH domain parameters from the documentation Mbed TLS doesn't support DSA at all, and doesn't support domain parameters for FFDH (only predefined groups). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-19 12:22:46 +01:00
Gilles Peskine	9deb54900e	Document the domain_parameters_size==SIZE_MAX hack It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not documented. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-18 21:01:18 +01:00
Bence Szépkúti	a085fa8ccf	Merge pull request #8627 from tom-cosgrove-arm/ip_len Avoid use of `ip_len` as it clashes with a macro in AIX system headers	2023-12-18 02:03:17 +00:00
Valerio Setti	4ff405cf80	block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t This information was redundant with the already existing mbedtls_block_cipher_id_t. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-15 16:10:52 +01:00
Valerio Setti	bd7528a592	ccm/gcm: use BLOCK_CIPHER whenever possible Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	4a5d57d225	adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available As a consequence BLOCK_CIPHER will be enabled when: - CIPHER_C is not defined - a proper driver is present for one of AES, ARIA and/or Camellia key types Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	2684e3f2e3	config_adjust_legacy_crypto: fix typo Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	291571b447	block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	849a1abfdd	block_cipher: remove useless use of psa_cipher_operation_t Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	4bc7fac99a	crypto_builtin_composites: add missing guards for includes Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	c0f9bbca2c	check_config: use new helpers for legacy GCM_C/CCM_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	8bba087fe1	adjust_legacy_crypto: add helpers for block ciphers capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	c1db99d3f5	block_cipher: add PSA dispatch if possible "if possible" means: - PSA has been initialized - requested key type is available in PSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Joakim Andersson	b349108b99	library: Move mbedtls_ecc helper functions to psa_util Move the mbedtls_ecc helper functions from psa_core to psa_util. These files are not implemented as part of the PSA API and should not be part of the PSA crypto implementation. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>	2023-12-14 13:55:11 +01:00
Tom Cosgrove	656d4b3c74	Avoid use of `ip_len` as it clashes with a macro in AIX system headers Fixes #8624 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-12-08 21:51:15 +00:00
Gilles Peskine	57e401b39f	Merge pull request #8521 from valeriosetti/issue8441 [G4] Make CTR-DRBG fall back on PSA when AES not built in	2023-12-06 18:25:44 +00:00
Waleed Elmelegy	9aec1c71f2	Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-06 15:18:15 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Ronald Cron	40f3f1c36f	Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data TLS 1.3 EarlyData SRV: Parsing 0-RTT data	2023-12-06 06:47:32 +00:00
Valerio Setti	83e0de8481	crypto_extra: revert changes to mbedtls_psa_random_free() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:42 +01:00
Valerio Setti	7ab90723c4	mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:42 +01:00
Valerio Setti	402cfba4dc	psa: free RNG implementation before checking for remaining open key slots Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:41 +01:00
Valerio Setti	5f4b28defc	ctr_drbg: add alternative PSA implementation when AES_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:41 +01:00
Valerio Setti	fbefe04bf3	check_config: fix requirements for CTR_DRBG The module now depends on either: - AES_C, which is the default and the preferred solution for backward compatibility - CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the new solution when AES_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard	3d12d65946	Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12 pkcs[5/12]: use cipher enums for encrypt and decrypt	2023-12-04 10:03:02 +00:00
Valerio Setti	4577bda6d5	pkcs[5\|12]: use cipher enums for encrypt and decrypt Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values are to be used with the mbedtls_cipher_setkey() function, ensure that their value matches with enums in cipher.h. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-01 16:51:24 +01:00
Jerry Yu	e32fac3d23	remove wait_flight2 state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:25:16 +08:00
Dave Rodgman	59059ec503	Merge remote-tracking branch 'origin/development' into msft-aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-30 09:34:41 +00:00
Janos Follath	c6f1637f8c	Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction Make mutex abstraction and tests thread safe	2023-11-29 13:26:23 +00:00
Manuel Pégourié-Gonnard	6b5cedf51f	Merge pull request #8547 from valeriosetti/issue8483 [G2] Make PSA-AEAD work with cipher-light	2023-11-29 08:53:42 +00:00
Valerio Setti	919e3fa729	check_config: fix guards for PSA builtin implementation of cipher/AEAD While the PSA builtin implementation of cipher still depends on CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not defined, BLOCK_CIPHER_C is used instead, thus making it possible to support AEADs without CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-28 11:45:38 +01:00
Valerio Setti	b1cf8aeda4	adjust_psa_from_legacy: add required CIPHER_C dependencies Some PSA_WANT symbols do not have a 1:1 matching with legacy ones. For example, previous to this commit: - CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG even thought the two are not equivalent (authenticated VS non-authenticated). - there was no legacy equivalent for ECB_NO_PADDING What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation depends on CIPHER_C. Therefore this commits adds this guards to select whether or not to enable the above mentioned PSA_WANT symbols. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-28 11:45:38 +01:00
Manuel Pégourié-Gonnard	11c3fd1f73	Merge pull request #8568 from yanrayw/issue/8356/block_cipher_no_decrypt_cleanup Driver-only: G1: clean up for BLOCK_CIPHER_NO_DECRYPT	2023-11-28 08:49:48 +00:00
Manuel Pégourié-Gonnard	294f5d7ea9	Merge pull request #8540 from valeriosetti/issue8060 [G2] Make CCM and GCM work with the new block_cipher module	2023-11-28 08:18:45 +00:00
Dave Rodgman	9fbac381e6	Merge pull request #8326 from daverodgman/aesce-thumb2 Support hw-accelerated AES on Thumb and Arm	2023-11-27 09:58:58 +00:00
Yanray Wang	16b00f9522	mbedtls_config: improve documentation for BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-27 15:52:28 +08:00
Yanray Wang	690ee81533	Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only	2023-11-23 10:31:26 +08:00
Dave Rodgman	2e342f6938	Merge pull request #8546 from BrianX7c/development [cipher.h] Arithmetic overflow in binary left shift operation	2023-11-22 19:36:25 +00:00
Jerry Yu	7d8c3fe12c	Add wait flight2 state. The state is come from RFC8446 section A.2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-22 16:48:39 +08:00
Yanray Wang	55933a3e9c	tls13: fix a wrong RFC reference section Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 16:34:16 +08:00
Manuel Pégourié-Gonnard	d4dc354185	Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard ssl_tls: add missing macro guard	2023-11-21 14:57:47 +00:00
Jerry Yu	04fceb782b	Add freshness check information into document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	342a555eef	rename ticket received Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	25ba4d40ef	rename `ticket_creation` to `ticket_creation_time` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	034a8b77d1	Update document of ticket age tolerance Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	8cf44953b2	guards ticket creation field Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	702fc590ed	Add ticket_creation field Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	03511b00aa	Replace c99 fmt macro For c99 compatible compilers, we use PRI64d and others use official fix. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	cebffc3446	change time unit of ticket to milliseconds Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Gilles Peskine	473ff34d59	Merge pull request #8489 from valeriosetti/issue8482 Make CCM* and CCM independent	2023-11-20 14:07:14 +00:00
Ronald Cron	97137f91b6	Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field TLS 1.3 EarlyData: add `max_early_data_size` field for ticket	2023-11-20 08:04:57 +00:00
BrianX7c	5c7ab6fe86	[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT) Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>	2023-11-18 11:07:37 +01:00
Paul Elliott	9e25936241	Rename mutex->is_valid to mutex->state Rename struct member to make it more representative of its current use. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:14:16 +00:00
Paul Elliott	3774637518	Make threading helpers tests thread safe Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:13:49 +00:00
Paul Elliott	5fa986c8cb	Move handling of mutex->is_valid into threading_helpers.c This is now a field only used for testing. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:13:05 +00:00
Valerio Setti	9b7a8b2a0c	ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 11:48:00 +01:00
Valerio Setti	8db46e4ee1	check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C or BLOCK_CIPHER_C and the latter is auto-enabled in case the former is not enabled. As a consequence there is no need to enforce the dependency on CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 10:58:27 +01:00
Valerio Setti	dbfd6a9f62	adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 10:56:00 +01:00
Yanray Wang	4ed8691f6d	ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-16 15:20:57 +08:00
Manuel Pégourié-Gonnard	dc848955d6	Merge pull request #8519 from mpg/block-cipher [G2] Add internal module block_cipher	2023-11-15 11:53:22 +00:00
Manuel Pégourié-Gonnard	9e80a91f27	Merge pull request #8164 from yanrayw/adjust_tfm_configs Adjust how we handle TF-M config files	2023-11-15 08:21:27 +00:00
Valerio Setti	a56eb46ce6	adjust_legacy_from_psa: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:18:14 +01:00
Valerio Setti	c2d68f5611	adjust_legacy_from_psa: treat CCM and CCM* separately Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:16:37 +01:00
Valerio Setti	cab5eff98c	adjust_config_synonyms: make CCM and CCM* indipendent Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:16:37 +01:00
Jerry Yu	fedaeb21b3	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-15 13:59:07 +08:00
Jerry Yu	6c485dad44	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-15 10:18:47 +08:00
Manuel Pégourié-Gonnard	752dd39a69	Merge pull request #8508 from valeriosetti/issue6323 [G3] Driver-only cipher+aead: TLS: ssl-opt.sh	2023-11-14 11:39:06 +00:00
Jerry Yu	1b23bce4a2	improve brief description of conf_sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-13 13:45:14 +08:00
Tom Cosgrove	08ea9bfa1f	Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data TLS 1.3: Rename early_data and max_early_data_size configuration function	2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard	5f3361c0c6	Temporary hack to pacify check_names.py Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-11-10 12:24:11 +01:00
Manuel Pégourié-Gonnard	21718769d1	Start adding internal module block_cipher.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-11-10 11:21:17 +01:00
Valerio Setti	01c4fa3e88	ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-10 08:12:07 +01:00
Yanray Wang	111159b89c	BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-10 15:03:23 +08:00
Matthias Schulz	5a39c4ecf2	Fixes https://github.com/Mbed-TLS/mbedtls/issues/6910 as proposed in https://github.com/Mbed-TLS/mbedtls/issues/6910#issuecomment-1573301661 Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-09 15:53:01 +01:00
Jerry Yu	53c4a0da07	Improve documents Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-09 10:38:17 +08:00
Gilles Peskine	4dec9ebdc2	Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 Fixes "CSR parsing with critical fields fails"	2023-11-08 18:07:04 +00:00
Dave Rodgman	9eb2abd1e0	Add docs re Everest license Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:17 +00:00
Dave Rodgman	28d40930ae	Restore bump version Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:08 +00:00
Dave Rodgman	edb8fec988	Add docs re Everest license Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:36:00 +00:00
Yanray Wang	d137da5a93	check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-08 19:17:44 +08:00
Yanray Wang	30769696e7	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-11-08 10:00:24 +08:00
Matthias Schulz	c55b500343	Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-07 16:47:37 +01:00
Yanray Wang	0751761b49	max_early_data_size: rename configuration function Rename mbedtls_ssl_tls13_conf_max_early_data_size as mbedtls_ssl_conf_max_early_data_size since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:34 +08:00
Yanray Wang	d5ed36ff24	early data: rename configuration function Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:24 +08:00
Yanray Wang	0d76b6ef76	Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Yanray Wang	956aa00202	check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Gilles Peskine	8b6b41f6cd	Merge pull request #8434 from valeriosetti/issue8407 [G2] Make TLS work without Cipher	2023-11-04 15:05:00 +00:00
Dave Rodgman	bb5a18344a	Bump version ./scripts/bump_version.sh --version 3.5.1 --so-crypto 15 --so-x509 6 --so-tls 20 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:31:30 +00:00
Dave Rodgman	e3c05853d6	Header updates Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:21:36 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Yanray Wang	b799eea123	check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-02 12:38:01 +08:00
Yanray Wang	e367e47be0	mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT With the introduction of negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable it through PSA. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-02 12:36:41 +08:00
Dave Rodgman	b351d60e99	Merge remote-tracking branch 'origin/development' into msft-aarch64	2023-11-01 13:20:53 +00:00
Yanray Wang	b67b47425e	Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-31 17:22:06 +08:00
Yanray Wang	5779096753	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-10-31 13:39:07 +08:00
Valerio Setti	d531dab4f6	check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO TLS code already implements proper dispatching to either builtin or PSA implementations based on USE_PSA guards, so we can improve the check_config guards to reflect this. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:36:32 +01:00
Jerry Yu	2c46ca3474	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 17:32:20 +08:00
Jerry Yu	83536c23f3	Add translation ruler into document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 16:18:21 +08:00
Jerry Yu	01c7356944	Add deprecated flag in document for sig_hashes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-27 17:03:20 +08:00
Valerio Setti	c5d9dd262b	adjust_psa_from_legacy: enable ALG_STREAM_CIPHER on when CIPHER_C is defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-27 09:12:06 +02:00
Valerio Setti	c1d50b6314	check_config: fix dependency of PSA_CRYPTO_C on CIPHER_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-27 09:12:06 +02:00
Ronald Cron	95b735530c	Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello TLS 1.3: EarlyData SRV: Add early data extension parser.	2023-10-26 08:31:53 +00:00
Dave Rodgman	6e51abf11d	Merge remote-tracking branch 'origin/development' into msft-aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 15:17:11 +01:00
Dave Rodgman	48b965d941	Update clang version requirements Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	4b8e8dc043	Improve compiler version checking + docs + testing for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	18838f6c1a	Fix docs for MBEDTLS_AESCE_C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	d69d3cda34	Merge pull request #8298 from daverodgman/sha-armce-thumb2 Support SHA256 acceleration on Armv8 thumb2 and arm	2023-10-24 21:23:15 +00:00
Dave Rodgman	514590210b	Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-23 15:35:07 +01:00
Valerio Setti	bd24d95c27	legacy_from_psa: fix support for PSA_ACCEL_ALG_[STREAM_CIPHER/ECB_NO_PADDING] Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-23 15:01:52 +02:00
Matthias Schulz	edc32eaf1a	Uncrustified Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-19 16:09:08 +02:00
Yanray Wang	08e9423f14	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-10-19 17:44:47 +08:00
Yanray Wang	893623fb28	PBKDF2-AES-CMAC: remove not needed preprocessor directive PBKDF2-AES-CMAC works if we provide the driver of AES-CMAC or KEY-TYPE-AES or both. So if PBKDF2-AES-CMAC is requested via PSA, we don't need to additionally enable builtin AES-CMAC or builtin KEY-TYPE-AES. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-19 16:13:34 +08:00
Gilles Peskine	6407f8fc54	Merge pull request #8322 from valeriosetti/issue8257 Improve location of MD_CAN macros	2023-10-18 14:31:28 +00:00
Matthias Schulz	ab4082290e	Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-18 13:20:59 +02:00
Manuel Pégourié-Gonnard	c6d633ffbc	Merge pull request #8297 from valeriosetti/issue8064 Change accel_aead component to full config	2023-10-18 07:15:59 +00:00
Valerio Setti	2f00b7a5da	cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard	6d42921633	Require at least on curve for ECP_LIGHT ECP_LIGHT is not usable without any curve, just the same as ECP_C. We forgot to update this check when introducing the ECP_LIGHT subset. Note: the message doesn't mention ECP_LIGHT as that's not a public config knob, hence the message with "ECP_C or a subset" (that's how it's referred to in user-facing documentation such as docs/driver-only-builds.md). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-17 10:01:33 +02:00
Valerio Setti	9fc1f24331	md: restore md.h includes in source files directly using its elements Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 14:39:38 +02:00
Yanray Wang	aa01ee303a	Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only	2023-10-16 17:38:32 +08:00
Valerio Setti	596ef6c0b1	cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 11:26:08 +02:00
Dave Rodgman	3e52184923	Make macro definition more consistent with similar defns Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	0a48717b83	Simplify Windows-on-Arm macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Valerio Setti	5f5573fa90	cipher: reintroduce symbol for legacy AEAD support Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-13 17:29:27 +02:00
Dave Rodgman	7821df3e8b	Adjust use of deprecated in Doxygen Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-13 09:39:11 +01:00
Dave Rodgman	d85277c62e	Doxygen fixes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-13 09:22:54 +01:00
Valerio Setti	193e383686	check_config: fix typo causing build issues with only CCM enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-13 09:37:24 +02:00
Maciej Zwoliński	720c638717	Add AES encrypted keys support for PKCS5 PBES2 Signed-off-by: Maciej Zwoliński <mac.zwolinski@gmail.com>	2023-10-12 12:00:01 +01:00
Valerio Setti	db1ca8fc33	cipher: keep MBEDTLS_CIPHER_HAVE symbols private This commit also improve the usage of these new symbols in cipher_wrap code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:54 +02:00
Valerio Setti	e570704f1f	ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:37 +02:00
Jerry Yu	7a799ccacd	Share `early_data_status` between server and client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:02:01 +08:00
Jerry Yu	02e3a074a3	Add max_early_data_size into ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:00:26 +08:00
Bence Szépkúti	9b0c8164eb	Merge pull request #8330 from KloolK/extern-c Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled	2023-10-11 16:19:39 +00:00
Dave Rodgman	b0d9830373	Merge branch 'development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-11 13:53:41 +01:00
Valerio Setti	02a634decd	md: remove unnecessary inclusions of mbedtls/md.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:15:58 +02:00
Valerio Setti	6bd3d9b166	cipher: fix missing spaces Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Valerio Setti	d0411defa2	cipher: add internal symbols for AEAD capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Valerio Setti	e7bac17b5d	test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Dave Rodgman	be7915aa6c	Revert renaming of SHA512 options Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-11 10:59:05 +01:00
Bence Szépkúti	cffd7135c6	Merge pull request #8328 from yanrayw/sha256_context_guard sha256_context: guard is224 by MBEDTLS_SHA224_C	2023-10-11 09:13:33 +00:00
Ronald Cron	a89d2ba132	Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name Adapt to new PSA Crypto repo name	2023-10-11 06:45:30 +00:00
Dave Rodgman	5b89c55bb8	Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:57 +01:00
Dave Rodgman	fe9fda81aa	Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:56 +01:00
Dave Rodgman	f097bef6ea	Refer to Armv8-A (not Armv8) in docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:30 +01:00
Dave Rodgman	c5861d5bf2	Code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 14:01:54 +01:00
Dave Rodgman	6ab314f71d	More config option renaming Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 14:00:17 +01:00
Dave Rodgman	94a634db96	Rename A64 config options Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 12:59:29 +01:00
Ronald Cron	7871cb14a7	Include psa/build_info.h instead of mbedtls/build_info.h In PSA headers include psa/build_info.h instead of mbedtls/build_info.h. In Mbed TLS, both are equivalent but not in TF-PSA-Crypto where psa/build_info.h is the correct one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-10-10 09:35:22 +02:00
Jan Bruckner	946720aac5	Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-10-09 16:53:41 +02:00
Yanray Wang	29db8b061d	sha256.h: add guard for is224 in sha256 context Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-09 18:09:47 +08:00
Ronald Cron	070e8652d5	Adapt to new PSA Crypto repo name Patterns I looked for: grep -i "psa-crypto" grep -i "psa.crypto.repo" grep -i "psa.crypto.root" Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-10-09 10:26:18 +02:00
Thomas Daubney	540324cd21	Correct styling of Mbed TLS in documentation Several bits of documentation were incorrectly styling Mbed TLS as MbedTLS. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-10-06 17:07:24 +01:00
Valerio Setti	85d2a98549	md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-06 16:04:49 +02:00
Dave Rodgman	7ed619d3fa	Enable run-time detection for Thumb and Arm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 09:39:56 +01:00
Dave Rodgman	bfe6021e85	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 08:31:22 +01:00
Dave Rodgman	ca92f50e12	Update docs for MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 08:24:55 +01:00
Dave Rodgman	8690859097	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 17:40:25 +01:00
Minos Galanakis	31ca313efa	Bump version to 3.5.0 ``` ./scripts/bump_version.sh --version 3.5.0 ``` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-03 22:02:18 +01:00
Minos Galanakis	1a3ad265cc	Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-03 21:57:51 +01:00
Dave Rodgman	cc5bf4946f	Make SHA256 depend on Armv8, not aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-03 18:02:56 +01:00
Dave Rodgman	5ed7b2dec2	Introduce MBEDTLS_ARCH_IS_ARMV8 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-03 18:02:31 +01:00
Dave Rodgman	b51f3da354	Merge pull request #8264 from mpg/follow-up-8075 Follow up to 8075	2023-09-28 17:32:12 +00:00
Manuel Pégourié-Gonnard	140c08e325	Minor clarifications. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 11:02:37 +02:00
Manuel Pégourié-Gonnard	7f22f3478d	Add check for unsupported partial curves acceleration Manual test: run test_psa_crypto_config_accel_ecc_non_weierstrass_curves or test_psa_crypto_config_accel_ecc_weierstrass_curves as they are now, observe it failing with the expected #error. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:18 +02:00
Manuel Pégourié-Gonnard	842d3552b6	Add check for unsupported partial key type acceleration Tested manually as follows: in component_test_psa_crypto_config_accel_ecc_some_key_types, modify loc_accel_list to remove one of the key types between helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main, and observe that the 2nd build fails with the expected #error. Note: removing one of the key types before helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to fail, which is quite acceptable, just not what we're trying to observe. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:16 +02:00
Manuel Pégourié-Gonnard	822870bd5d	Adjust handling of special case for DERIVE Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:15 +02:00
Manuel Pégourié-Gonnard	e662736f4c	Rename macros for consistency It's spelled KEY_TYPE everywhere else. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:14 +02:00
Manuel Pégourié-Gonnard	dfa42b34ab	Improve documentation about driver-only p256-m. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard	eda7086bdd	Auto-enable ACCEL macros for p256-m driver Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard	f07ce3b8ff	Don't extend support for deprecated functions Restore guards from the previous release, instead of the new, more permissive guards. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:51:51 +02:00
Gilles Peskine	7f288566c3	Merge pull request #8260 from gilles-peskine-arm/crypto_spe-include-fix Fix include path to psa/crypto_spe.h	2023-09-27 18:10:16 +00:00
Dave Rodgman	0fc86b2ddf	Merge pull request #8075 from valeriosetti/issue8016 driver-only ECC: curve acceleration macros	2023-09-27 14:39:02 +00:00
Gilles Peskine	7a6836b9f2	Document that MBEDTLS_PSA_CRYPTO_SPM needs crypto_spe.h Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-27 15:48:47 +02:00
Gilles Peskine	3529285308	Fix include path to psa/crypto_spe.h We can't have a public header or library file reference our test environment (except possibly under test-only options, and even so, it would be with great reluctance). This breaks the build for other people. Fix #8259. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-27 15:45:16 +02:00
Manuel Pégourié-Gonnard	561bce6b16	Add build with some curves accelerated but not all I chose to divide along the lines of Weierstrass vs other curve shapes (currently just Montgomery), mainly because it's the first thing that came to mind. It happened to reveal an issue in the logic for when (deterministic) ECDSA and ECJPAKE are built-in, which this commit is also fixing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-26 11:36:13 +02:00
Yanray Wang	145bb2946e	check_config: add check of ASN1_[WRITE/PARSE]_C This commit adds dependency check when PK_CAN_ECDSA_SIGN or PK_CAN_ECDSA_VERIFY is enabled but no corresponding ASN1_WRITE_C or ASN1_PARSE_C is enabled under PSA. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-09-26 17:15:52 +08:00
Xiaokang Qian	845693c513	Change comments to psa_crypto_driver_wrappers.h Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Dave Rodgman	6da7872aa2	Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 Merge development into development-restricted	2023-09-25 18:16:01 +01:00
Manuel Pégourié-Gonnard	702b645dce	Rename new header file Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	8e82654ec4	Be more subtle about key_type -> alg interaction Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	3bc4d26f20	Special-case KEYPAIR_DERIVE (no driver support yet) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	c2b12b17a4	Fix dependencies of built-in ECC keypair types More key management operations only require ECP_LIGHT, except: - generate (scalar multiplication) - export (exporting public from private also needs scalar multiplication). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	b4b13ccff4	Fix deterministic ECDSA built-in dependencies They're a superset of the dependencies for randomized ECDSA. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	3ccda15d8f	Use consistent ordering for built-in activation The usual order is: - MBEDTLS_PSA_BUILTIN_xxx macro - MBEDTLS_xxx legacy macros But curves had it the other way round for some reason. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	2d04d78561	Fix logic of ECC built-in activation again The previous fix was enabling more than needed in some circumstances, for example: - requested: (`PSA_WANT`): all ECC algs, all ECC key types, all curves; - we have acceleration (`MBEDTLS_PSA_ACCEL`) for: ECDH, all ECC key types, all curves; - as a consequence, we need built-in: all algs except ECDH, all ECC key types, all curves. This is what's happening in test_psa_crypto_config_accel_ecdh which, before this commit, was failing as built-in ECDH was enabled contrary to the component's (rightful) expectations. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	1db44dd68d	Remove useless instances of MBEDTLS_SOME_BUILTIN_EC Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	1a0a4d60d9	Implement new strategy for ECC accel/built-in Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	0d99271d14	Group all ECC-related things in legacy_from_psa.h Just moving things, no change. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	bfc6ef7a5c	Improve PSA config adjustment relate to keypair types Centralize it in a new file psa/config_adjust_keypair_types.h. I think this file indeed belongs in include/psa (as opposed to include/mbedtls) because it only touches PSA_WANT symbols (no MBEDTLS_PSA symbols), and implements things that are described in psa-conditional-inclusion.md. The code is not new, just moved from config_psa.h and config_adjust_legacy_from_psa.h where is was intermingled with handling of ACCEL/BUILTIN symbols. (git's --color-moved option will hardly help in checking that assertion, due to the way things were intermixed.) Note: the parts about BUILTIN in config_psa.h were not moved, just removed for now. They belong to include/mbedtls/config_adjust_legacy_from_psa.h and will be re-added there in a future commit which will completely re-organize the handling or ACCEL/BUILTIN for ECC. See comments inside the commit about placement of this file relative to others. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	7af9d07c05	Remove unnecessary block Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Valerio Setti	bf206b8f41	adjust_legacy_from_psa: undef SOME_BUILTIN_EC when builtin curves are used Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	19d92108c1	config_psa: resolve symbol redefinition issue Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	ea167c39d0	check_config: remove unnecessary check about builtin curve usage Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	db6b4db7a0	Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	b2219f633d	config_psa: moving PSA_WANT auto-enabling code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	e6f65a951f	config_psa: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	67d82e742b	build_info: add helpers to signal some support for a specific curve Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	4b75a764c7	check_config: include also ECJPAKE_C as usage for builtin curves Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	dca8492043	check_config: request at least 1 builtin EC alg if there is at least 1 builtin curve This slightly changes the previous requirement. Instead of enabling ALL builtin EC algs when there is at least 1 built in curve, we ask for at least one built alg if there is at least one builtin curve. This relaxes the previous check while still keeping the base idea: there must be a reason for which builtin curves are included into the build. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	29837c7301	config_psa: include builtin algs if there is at least 1 builtin curve Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	9aed893fb0	config_psa: check curves' support before EC ALGs Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	d6b473adcd	config_psa: add internal helper to signal that some curve is builtin Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	87076abbfb	config_psa: ensure PSA_WANT_ECC is enabled for each MBEDTLS_ECP_DP Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	8ec212098e	check_config: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	8600de818c	check_config: perform checks only when config_psa.h is evaluated Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	3b69e3ed12	check_config: skip check on SECP224K1 because the PSA is never enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	a7a18313a6	check_config: verify that each ECP_DP has the corresponding PSA_WANT_ECC Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Gilles Peskine	ffe590d197	Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called Check set_padding has been called in mbedtls_cipher_finish	2023-09-25 17:12:36 +02:00
Gilles Peskine	ca1e605b9c	Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 Conflicts: * `include/mbedtls/build_info.h`: a new fragment to auto-enable `MBEDTLS_CIPHER_PADDING_PKCS7` was added in `c9f4040f7f` in `development-restricted`. In `development`, this section of the file has moved to `include/mbedtls/config_adjust_legacy_crypto.h`. * `library/bignum.c`: function name change in `development-restricted` vs comment change in development. The comment change in `development` is not really relevant, so just take the line from `development-restricted`.	2023-09-25 16:16:26 +02:00
Waleed Elmelegy	a86b776f94	Remove invalid comment from mbedtls_cipher_set_padding_mode() Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-22 17:44:58 +01:00
Dave Rodgman	aaebc9be51	Merge pull request #8235 from daverodgman/misc-size	2023-09-21 18:42:37 +01:00
Dave Rodgman	d3450da98d	Re-order mbedtls_ccm_context Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-21 10:34:45 +01:00
Gilles Peskine	67cf66b427	Add a note about the code size benefits We don't normally make promises related to code size, but this one is vague enough (just "to benefit"), and it's what a lot of users of this option care about. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-20 23:19:46 +02:00
Gilles Peskine	3aa79691fc	Add a note about p256m near the option to enable secp256r1 Only document it with the PSA configuration, not for MBEDTLS_ECP_DP_SECP256R1_ENABLED, since p256m can't be used with the classic API. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-20 20:54:50 +02:00
Gilles Peskine	08b66cd7d7	Move MBEDTLS_PSA_P256M_DRIVER_ENABLED to keep alphabetical order Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-20 20:51:47 +02:00
Gilles Peskine	efaee9a299	Give a production-sounding name to the p256m option Now that p256-m is officially a production feature and not just an example, give it a more suitable name. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-20 20:49:47 +02:00
Waleed Elmelegy	5e48cad7f0	Fix codestyle issues in pkcs12.h & pkparse.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	d527896b7e	Switch pkparse to use new mbedtls_pkcs12_pbe_ext function Switch pkparse to use new mbedtls_pkcs12_pbe_ext function and deprecate mbedtls_pkcs12_pbe function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:29:02 +01:00
Waleed Elmelegy	c9f4040f7f	Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function and deprecate mbedtls_pkcs5_pbes2 function. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-09-20 19:28:28 +01:00
Manuel Pégourié-Gonnard	5edb942708	Merge pull request #8041 from mpg/tfm-p256m Test TF-M config with p256-m driver	2023-09-20 16:09:56 +00:00
Gilles Peskine	eda1b1f744	Merge pull request #7921 from valeriosetti/issue7613 TLS: Clean up ECDSA dependencies	2023-09-20 12:47:55 +00:00
Gilles Peskine	452beb9076	Merge pull request #8203 from gilles-peskine-arm/p256-m-production Declare p256-m as ready for production	2023-09-20 09:36:05 +00:00
Manuel Pégourié-Gonnard	97bb726e2d	Add clarifying comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-18 11:28:32 +02:00
Gilles Peskine	67c86e626b	Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config	2023-09-18 08:13:12 +00:00
Manuel Pégourié-Gonnard	4f119b8f21	Remove extra copies of a block of comment/define Not sure how it happened, but this block was not just duplicated, but triplicated. Keep only the first copy: the one before the code that uses the macro being defined. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-18 09:57:04 +02:00
Manuel Pégourié-Gonnard	f7298cd397	Fix some issues in comments Ranging from typos to outdated comment contradicting the code. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-18 09:55:24 +02:00
jnmeurisse	83f0a65d71	Fix issue #8215 : add missing requires documentation in mbedtls_config.h Add missing requirements MBEDTLS_SSL_PROTO_TLS1_2 to option MBEDTLS_SSL_RENEGOTIATION documentation. Signed-off-by: jnmeurisse <88129653+jnmeurisse@users.noreply.github.com>	2023-09-16 18:12:18 +02:00
Gilles Peskine	865730ec67	Merge pull request #8212 from tom-cosgrove-arm/mbedtls_ssl_max_early_data_size-default-value MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config	2023-09-15 05:51:59 +00:00
Tom Cosgrove	a63775b168	Move MBEDTLS_SSL_MAX_EARLY_DATA_SIZE to the correct section Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-14 13:31:19 +01:00
Tom Cosgrove	3b4471ef87	MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config Numeric options should be commented out with their default values in the config file, and a separate header file should set the default value if necessary. This was done for most other options in #8161; do it here for MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-14 13:18:50 +01:00
Gilles Peskine	016db89107	Update p256-m to state that it's ready for production Add some guidance as to whether and how to enable it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-13 14:34:40 +02:00
Gilles Peskine	3cea3efc25	Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509 Accept numericoid hexstring x509	2023-09-13 08:54:33 +00:00
Gilles Peskine	f22999e99f	Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros Add architecture detection macros	2023-09-13 08:53:47 +00:00
Gilles Peskine	2e38a0d603	More spelling corrections Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:19:31 +02:00
Gilles Peskine	e820c0abc8	Update spelling "mbed TLS" to "Mbed TLS" The official spelling of the trade mark changed from all-lowercase "mbed" to normal proper noun capitalization "Mbed" a few years ago. We've been using the new spelling in new text but still have the old spelling in a lot of text. This commit updates most occurrences of "mbed TLS": ``` sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/*' ':!tests/suites/.data' ':!programs/x509/' ':!configs/tfm') ``` Justification for the omissions: * `ChangeLog`: historical text. * `test/data_files/*`, `tests/suites/.data`, `programs/x509/`: many occurrences are significant names in certificates and such. Changing the spelling would invalidate many signatures and tests. `configs/tfm*`: this is an imported file. We'll follow the upstream updates. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:18:17 +02:00
Ronald Cron	ad2f351c6b	Merge pull request #8171 from ronald-cron-arm/misc-minor-fixes One minor fix	2023-09-12 06:00:48 +00:00
Dave Rodgman	7fda906a68	Merge pull request #8161 from gilles-peskine-arm/config-boolean-options-wrong-section-202309 Fix module configuration options in mbedtls_config.h	2023-09-11 15:08:56 +00:00

... 3 4 5 6 7 ...

6791 commits