This eliminates the use of MBEDTLS_PRIVATE in sample programs to access
fields of an mbedtls_ecp_keypair structure.
When displaying elliptic curve points, the program now display the
coordinates in the standard form instead of the internal representation.
The auxiliary function show_ecp_key is present in three programs. It's more
complex than the previous code which was also triplicated. There's no good
place for such auxiliary functions that don't belong in the library and are
used in multiple sample programs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Directly export the public part of a key pair without having to go through
intermediate objects (using mbedtls_ecp_point_write_binary would require a
group object and a point object).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Set the public key in a key pair. This complements mbedtls_ecp_read_key and
the functions can be used in either order.
Document the need to call check functions separately.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Sometimes you don't need to have all the parts of a key pair object. Relax
the behavior of mbedtls_ecp_keypair so that you can extract just the parts
that you need.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a simple function to get the group id from a key object.
This information is available via mbedtls_ecp_export, but that function
consumes a lot of memory, which is a waste if all you need is to identify
the curve.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
And remove the comment on the uniformity in the PK module
with regards to PSA_CRYPTO_C not being referenced anymore;
end users are probably not interested in that.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
And use it in the non-PSA version of mbedtls_pk_sign_ext()
to bypass checks that didn't succeed when used by TLS 1.3.
That is because in the failing scenarios the padding of
the RSA context is not set to PKCS_V21.
See the discussion on PR #7930 for more details.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes#7583.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
This brings some improvements to comments/
function prototypes that relate to PKCS#1.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
New defines, which are shared with the pkparse module, lack the
new line so we manually add it when invoking
mbedtls_pem_write_buffer().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Set the entropy len prior to doing the test to ensure the outcome is the
same regardless of whether SHA512 or SHA256 is used.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This would break platforms that do not have pthread. Put the linking
instead behind a define and add this define where required to all.sh.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Compiler is unhappy that the return from mbedtls_cipher_get_name() could
be NULL as this is used in a printf statement.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
