Some documentation in rsa.h was
still incorrect regarding f_rng
being mandatory. This has now
been corrected.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Conflicts:
library/version_features.c
programs/test/query_config.c
Files were removed in development branch and modified by current branch.
Conflicts fixes by removing them.
This commit removes the RSA
constants MBEDTLS_RSA_PUBLIC
and MBEDTLS_RSA_PRIVATE because
they are now superfluous given
that the mode parameter has been
removed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify_ext
function. This change is propagated
throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the f_rng parameter from
the mbedtls_rsa_rsassa_pss_verify_ext
function. This is in preparation for
the removal of the mode parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes p_rng parameter from the
mbedtls_rsa_rsassa_pss_verify_ext function
in preparation for removal of the mode
parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the mode parameter
from the mbedtls_rsa_rsassa_pss_verify
function and propagates the change
throughout the process.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes f_rng parameter from
mbedtls_rsa_rsassa_pss_verify function in
preparation of mode parameter removal.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes p_rng parameter from
mbedtls_rsa_rsassa_pss_verify function
as preparation for removing the mode
parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_verify and
propagates the change throughout the
codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit performs removal of f_rng parameter
from mbedtls_rsa_rsassa_pkcs1_v15_verify
function in preparation for removal of mode
parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes p_rng from
mbedtls_rsa_rsassa_pkcs1_v15_verify function in
preparation of removal of mode parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
lines where development made a change unrelated to MBEDTLS_SHAxxx and our
branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
`MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
no change to what the test does. Pick the other branch's dependency
changes then apply our SHA dpeendency change.
To simplify the documentation, and because there are only two realistic
behaviors in practice, only allow two behaviors for multipart output:
immediate output, or buffering of the last partial block.
State some simple rules that applications can follow if they don't care about
the details.
Explicitly state how much output is needed for finish(). Only require the
buffer size to be the size of the actual output, not the size of the potential
output in the worst case. Rename the parameter from output_len to output_size
since it's a buffer size and not necessarily the length of the data.
No longer guarantee that the built-in implementation produces immediate
output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes p_rng from mbedtls_rsa_pkcs1_verify
since p_rng has no relevance following the removal
of f_rng from this function.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the mode param from
mbedtls_rsa_rsassa_pss_sign and propagates
the changes throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_sign and
propagates the change throughout the
codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
This commit modifies the typedef of
mbedtls_pk_rsa_alt_sign_func and propagates the
associated changes throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of mode parameter from
mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit
propagates the change to all relevant function calls
and tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
As picked up in review, this commit
modifies the documentation by removing some
wording that is now superfluous given the
removal of the mode parameter.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
The output parameter of mbedtls_sha256_finish_ret and mbedtls_sha256_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-224 hash into a
28-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The output parameter of mbedtls_sha512_finish_ret and mbedtls_sha512_ret
now has a pointer type rather than array type. This removes spurious
warnings in some compilers when outputting a SHA-384 hash into a
48-byte buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove mode param from mbedtls_rsa_rsaes_pkcs1_v15_decrypt
and also modify and remove relevant tests.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removing the mode parameter from the mbedtls_rsa_rsaes_oaep_decrypt
function. The change is progagated to all function calls, including in
test suite .function files. Additionally fully removing one test
where the wrong mode was being tested.
Signed-off-by: Tom Daubney <Thomas.Daubney@arm.com>
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
The mode parameter has been removed from the
mbedtls_rsa_pkcs1_decrypt function. The change
has been progagated to all function calls,
including in test suite .function files.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Removed a conditional compilation block
relating to MBEDTLS_PKCS1_V15 in
rsa_pkcs1_verify_raw function that was no
longer relevant.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Building the library without entropy sources negates any and all security
provided by the library.
This option was originally requested a relatively long time ago and it
does not provide any tangible benefit for users any more.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Rework SHA224 and SHA283 documentation.
Define MBEDTLS_SHAxxx_C options in alphabetic order.
Fix SHA224 and SHA384 dependencies in test suites.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
It makes sense to do the length checking in the core rather than expect
each driver to deal with it themselves. This puts the onus on the core to
dictate which algorithm/key combinations are valid before calling a driver.
Additionally, this commit also updates the psa_mac_sign_finish function
to better deal with output buffer sanitation, as per the review comments
on #4247.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This means there is no longer a need to have an internal HMAC API, so
it is being removed in this commit as well.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Prefix with 'mbedtls_psa' as per the other types which implement some
sort of algorithm in software.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
The purpose of key_set was to guard the operation structure from being
used for update/finish before a key was set. Now that the implementation
fully adheres to the PSA API, that function is covered by the `alg`
variable instead. It's set to the algorithm in use when a key is set, and
is zero when the operation is reset/invalid.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Apparently it was at some point assumed that there would be
support for MAC algorithms with IV, but that hasn't been
implemented yet. Until that time, these context structure
members are superfluous and can be removed.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Typedef'ed structures are suffixed _t
Also updated the initialiser macro with content that actually
matches the structure's content.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Since HMAC moved into its own compilation unit, the internal API needed
to be documented and finalized. This means no more reaching deep into
the operation structure from within the PSA Crypto core. This will make
future refactoring work easier, since internal HMAC is now opaque to the
core.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
Modeled after the include chain of the primitive operation contexts.
Also moved the HMAC context structure to the builtin composites file,
since that is where it conceptually belongs. This is a preparatory
step for implementing driver dispatch of MAC multipart operations.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This was probably included by mistake, because the file itself is part
of the inclusion chain starting with crypto.h.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This is a preparatory step in order to be able to organize the include
chain from crypto_struct in such a way that the MAC operation structure
for the PSA 'software' driver can make use of the hash operation structure.
Conceptually:
* Primitives:
* Hash
* Cipher
* Composites:
* AEAD (can use cipher)
* MAC (can use cipher and/or hash)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This algorithm is used for example by the Thread 1.1.1 specification,
which is not public but can be obtained free of charge at
https://www.threadgroup.org/ThreadSpec
Here it doesn't really make sense to define a parametrised family, as
this really seems to be the only use of PBKDF2 with a CMAC-based PRF (or
with any PRF other than HMAC with SHA1 or SHA2, for that matter).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Might make the implementer's life a bit simpler, and is not a big
constraint on applications.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
No change of behaviour, encoding or naming intended in this commit: just
describe the same behaviour, but in a way that's hopefully clearer and
more complete.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit removes the unused error code
```
MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
```
from the public API for Mbed TLS 3.0.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This error is used when the output buffer isn't large enough
to hold our own certificate.
In the interest of cleaning up the error space for 3.0, this commit
removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single
use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The SSL error code MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED is unused.
Remove it for Mbed TLS 3.0.
The code being unused comes as a surprise, at is seems to be
reasonable to report it to the user upon peer CRT verification
failure. However, this study (can potentially re-introduction
of the code) can be left for 3.x, while the error code removal
can only happen in 3.0.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The SSL error code MBEDTLS_ERR_SSL_UNKNOWN_CIPHER is unused.
Remove it for Mbed TLS 3.0 and leave a comment indicating the
gap in the error code space it creates.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.
check_config is the only module which enforces that SHA512 is
enabled together with SHA384.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
Fix an issue where `MBEDTLS_X509_REMOVE_INFO` was defined/enabled by default
in `include/mbedtls/config.h`. This should also fix the `context-info.sh` test
where it ran the default config and expected to see some output from the x509
info functions that were removed.
Also updated relevant comments to more accurately explain how the
configuration option works.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
The new compile-time option MBEDTLS_X509_REMOVE_INFO removes various
X.509 debugging strings and functionality, including
```
mbedtls_x509_crt_verify_info()
```
which ssl_client2.c and ssl_server2.c use to print human readable
descriptions of X.509 verification failure conditions. Those
conditions are also grepped for in numerous ssl-opt.sh tests.
Instead of disabling those tests if MBEDTLS_X509_REMOVE_INFO is set,
this commit essentially moves mbedtls_x509_crt_verify_info() to
ssl_client2.c and ssl_server2.c. However, instead of just copy-pasting
the code from x509_crt.c, the following approach is used:
A macro MBEDTLS_X509_CRT_ERROR_INFO_LIST is introduced which for each
verification failure condition invokes a user-defined macro X509_CRT_ERROR_INFO
with (a) the numerical error code, (b) the string presentation of the
corresponding error macro, (c) the info string for the error condition.
This macro can thus be used to generate code which somehow iterates over
the verifiation failure conditions, but the list of error conditions and
information strings is nowhere duplicated.
This is then used to re-implement mbedtls_x509_crt_verify_info() in
x509_crt.c and to provide a functionally equivalent (yet slightly different)
version in ssl_client2.c and ssl_server2.c in case MBEDTLS_X509_REMOVE_INFO
is set.
This way, little changes to ssl-opt.sh will be necessary in case
MBEDTLS_X509_REMOVE_INFO is set because the info strings for the
verification failure conditions will be printed regardless of whether
MBEDTLS_X509_REMOVE_INFO is set or not.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
This function was previously called mbedtls_error_add_ext because there
was a macro called mbedtls_error_add. That later got capitalised which
allows the function to now be named mbedtls_error_add.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
