Valerio Setti
689c0f71cb
tests: use new CCM/GCM capability macros in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:18 +01:00
Valerio Setti
bfa675fe48
adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:52:08 +01:00
Valerio Setti
4ff405cf80
block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t
...
This information was redundant with the already existing mbedtls_block_cipher_id_t.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-15 16:10:52 +01:00
Valerio Setti
bd7528a592
ccm/gcm: use BLOCK_CIPHER whenever possible
...
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
4a5d57d225
adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available
...
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
2684e3f2e3
config_adjust_legacy_crypto: fix typo
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
291571b447
block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
849a1abfdd
block_cipher: remove useless use of psa_cipher_operation_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
4bc7fac99a
crypto_builtin_composites: add missing guards for includes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
c0f9bbca2c
check_config: use new helpers for legacy GCM_C/CCM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
8bba087fe1
adjust_legacy_crypto: add helpers for block ciphers capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
c1db99d3f5
block_cipher: add PSA dispatch if possible
...
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
...
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
...
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
Valerio Setti
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4
mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc
psa: free RNG implementation before checking for remaining open key slots
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc
ctr_drbg: add alternative PSA implementation when AES_C is not defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
fbefe04bf3
check_config: fix requirements for CTR_DRBG
...
The module now depends on either:
- AES_C, which is the default and the preferred solution for
backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
new solution when AES_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12
...
pkcs[5/12]: use cipher enums for encrypt and decrypt
2023-12-04 10:03:02 +00:00
Valerio Setti
4577bda6d5
pkcs[5|12]: use cipher enums for encrypt and decrypt
...
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-01 16:51:24 +01:00
Jerry Yu
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-01 16:25:16 +08:00
Dave Rodgman
59059ec503
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:34:41 +00:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
...
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
Manuel Pégourié-Gonnard
6b5cedf51f
Merge pull request #8547 from valeriosetti/issue8483
...
[G2] Make PSA-AEAD work with cipher-light
2023-11-29 08:53:42 +00:00
Valerio Setti
919e3fa729
check_config: fix guards for PSA builtin implementation of cipher/AEAD
...
While the PSA builtin implementation of cipher still depends on
CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not
defined, BLOCK_CIPHER_C is used instead, thus making it possible
to support AEADs without CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 11:45:38 +01:00
Valerio Setti
b1cf8aeda4
adjust_psa_from_legacy: add required CIPHER_C dependencies
...
Some PSA_WANT symbols do not have a 1:1 matching with legacy ones.
For example, previous to this commit:
- CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG
even thought the two are not equivalent (authenticated VS
non-authenticated).
- there was no legacy equivalent for ECB_NO_PADDING
What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and
PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation
depends on CIPHER_C. Therefore this commits adds this guards to
select whether or not to enable the above mentioned PSA_WANT symbols.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 11:45:38 +01:00
Manuel Pégourié-Gonnard
11c3fd1f73
Merge pull request #8568 from yanrayw/issue/8356/block_cipher_no_decrypt_cleanup
...
Driver-only: G1: clean up for BLOCK_CIPHER_NO_DECRYPT
2023-11-28 08:49:48 +00:00
Manuel Pégourié-Gonnard
294f5d7ea9
Merge pull request #8540 from valeriosetti/issue8060
...
[G2] Make CCM and GCM work with the new block_cipher module
2023-11-28 08:18:45 +00:00
Dave Rodgman
9fbac381e6
Merge pull request #8326 from daverodgman/aesce-thumb2
...
Support hw-accelerated AES on Thumb and Arm
2023-11-27 09:58:58 +00:00
Yanray Wang
16b00f9522
mbedtls_config: improve documentation for BLOCK_CIPHER_NO_DECRYPT
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-27 15:52:28 +08:00
Yanray Wang
690ee81533
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
Dave Rodgman
2e342f6938
Merge pull request #8546 from BrianX7c/development
...
[cipher.h] Arithmetic overflow in binary left shift operation
2023-11-22 19:36:25 +00:00
Jerry Yu
7d8c3fe12c
Add wait flight2 state.
...
The state is come from RFC8446 section A.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-22 16:48:39 +08:00
Manuel Pégourié-Gonnard
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard
...
ssl_tls: add missing macro guard
2023-11-21 14:57:47 +00:00
Jerry Yu
04fceb782b
Add freshness check information into document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:24 +08:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef
rename ticket_creation
to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
034a8b77d1
Update document of ticket age tolerance
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
8cf44953b2
guards ticket creation field
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
702fc590ed
Add ticket_creation field
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
03511b00aa
Replace c99 fmt macro
...
For c99 compatible compilers, we use PRI64d
and others use official fix.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Gilles Peskine
473ff34d59
Merge pull request #8489 from valeriosetti/issue8482
...
Make CCM* and CCM independent
2023-11-20 14:07:14 +00:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
BrianX7c
5c7ab6fe86
[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT)
...
Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio
Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>
2023-11-18 11:07:37 +01:00
Paul Elliott
9e25936241
Rename mutex->is_valid to mutex->state
...
Rename struct member to make it more representative of its current use.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:14:16 +00:00
Paul Elliott
3774637518
Make threading helpers tests thread safe
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:49 +00:00
Paul Elliott
5fa986c8cb
Move handling of mutex->is_valid into threading_helpers.c
...
This is now a field only used for testing.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-16 15:13:05 +00:00