Przemek Stekiel
96ae8b939d
Move pake definitions to headers for composite algorithms
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93
Divide pake operation into two phases collecting inputs and computation.
...
Functions that only set inputs do not have driver entry points.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
d91bcb7673
Refactor structures for pake driver support
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
...
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
...
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
...
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Paul Elliott
5686533ba2
Add warning to mbedtls_ecp_set_max_ops()
...
Using PSA interruptible interfaces will cause previously set values to be
overwritten.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
21c3951139
Add reference to mbedtls_ecp_set_max_ops() to docs
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
93d9ca83ea
Move num_ops ECP abstraction fully into internal implementation
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Andrzej Kurek
81b0b89a34
Clarify comments on subjectAltName types
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-16 06:55:10 -05:00
Paul Elliott
fe9e77ff7a
Better formatting of include guard comments
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
84329464d5
Replace allocated hash buffer with array
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c9774411d4
Ensure that operation is put into error state if error occurs
...
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
f9c91a7fb5
Store the hash, rather than the pointer
...
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1bc59df92c
Rename curve_bytes to coordinate_bytes
...
Also remove unneeded instance from verify operation struct.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
ab7c5c8550
Change incorrect define for MAX_OPS_UNLIMITED
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4ca521fcdb
Remove obsolete comments
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4684525ae9
Remove unrequired mpis from sign operation struct
...
These are only used at the output stage.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
a3a8abadff
Fix operation initialisers if no algorithms defined
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1b49ef5384
Fix abort documentation.
...
Make it clear that these functions reset the number of ops, and remove
statements that say they have no effect.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
90a91f041c
Ensure structs are not empty even if ECDSA not supported
...
Also make previous changes apply to both interruptible sign hash operation
structures rather than just the one as it was.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
749dec54ef
Clean up structure include guards
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
3225f19803
Fix ecdsa.h documentation error
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
296ede99c9
Fix issues with get_{sign/verify}_num_ops
...
Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
588f8ed498
Add internal implementation
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
2ba002cc2f
Make ECDSA restartable sign and verify functions public
...
Make public the versions of ECSDA sign and verify which return raw signatures
rather than returning ASN.1 encoded signatures, in order to use them for the
internal implemention of psa_sign/verify_hash_interruptible.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
2d247923e5
Initial empty driver wrapper implementation
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 12:13:17 +00:00
Paul Elliott
1265f00494
First draft of PSA interruptible ECC signing design
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 12:13:17 +00:00
Gilles Peskine
c5e2a4fe67
Merge pull request #6937 from valeriosetti/issue6886
...
Add test for PK parsing of keys using compressed points
2023-02-14 19:54:29 +01:00
Andrzej Kurek
50836c4dfb
Fix a comment in x509_crt.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:21:14 -05:00
Andrzej Kurek
7a05fab716
Added the uniformResourceIdentifier subtype for the subjectAltName.
...
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-13 10:03:07 -05:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
...
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Valerio Setti
178b5bdddf
pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 11:15:06 +01:00
Valerio Setti
78f79d323d
ecp: add documentation for compressed points limitations
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-10 16:32:58 +01:00
Gilles Peskine
928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public
...
Make the fields of mbedtls_pk_rsassa_pss_options public
2023-02-10 15:08:06 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
...
Fix typos
2023-02-10 15:07:07 +01:00
Demi Marie Obenour
6cfc469296
pkcs7: reject signatures with internal data
...
A CMS signature can have internal data, but mbedTLS does not support
verifying such signatures. Reject them during parsing.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
e373a254c4
pkcs7: do not store content type OIDs
...
They will always be constant.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Demi Marie Obenour
aaf3c0028d
pkcs7: do not store content type OID
...
Since only one content type (signed data) is supported, storing the
content type just wastes memory.
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-02-10 12:56:10 +00:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
...
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data
...
Tls13 write end of early data
2023-02-10 11:08:22 +01:00
Xiaokang Qian
ea28a78384
Revert new field and check ciphersuite match when resume by exist info_id
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
33ff868dca
Fix various errors
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
f10f474981
Check server selected cipher suite indicating a Hash associated with the PSK
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
592021aceb
Add CCS after client hello in case of early data and comp mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
Xiaokang Qian
5b410075cf
Remove useless comments about handshake messages for TLS13
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:48 +00:00
Xiaokang Qian
125afcb060
Add end-of-early-data write
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:58 +00:00
Nick Child
3dafc6c3b3
pkcs7: Drop support for signature in contentInfo of signed data
...
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.
Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
- Demi Marie Obenour <demiobenour@gmail.com>
- Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-07 20:04:52 +00:00
Valerio Setti
0568decc0c
ecdsa: add comment for ecdsa_context
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
cf084ae256
pk: add generic defines for ECDSA capabilities
...
The idea is to state what are ECDSA capabilities independently from how
this is achieved
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00