Commit graph

5902 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Dave Rodgman
f918d42332 Tidy up ARMCE terminology
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:23 +00:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
David Horstmann
d855b4680d Add space to appease doxygen bug
See doxygen/doxygen#8706

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:00:36 +00:00
Gilles Peskine
0bfccfa537 Document the new state of AESNI support
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:49:44 +01:00
Gilles Peskine
dd6021caf1 Remove the dependency of MBEDTLS_AESNI_C on MBEDTLS_HAVE_ASM
AESNI can now be implemented with intrinsics.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 16:51:40 +01:00
Manuel Pégourié-Gonnard
9d698df4f4 Further clarify a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
a9ab4a2d60 Clarify a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
39a376a417 Finish removing HMAC from MD-light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
d8ea37f1a3 Add engine field to context structure
For multi-part operations, we want to make the decision to use PSA or
not only once, during setup(), and remember it afterwards. This supports
the introduction, in the next few commits, of a dynamic component to
that decision: has the PSA driver sub-system been initialized yet?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
83d9e09b15 Switch metadata functions to the PSA-aware availability symbols
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
416d0e2b01 Introduce preprocessor symbols for MD algorithm support via PSA
These new symbols will allow code to call the md module and benefit from PSA
accelerator drivers. Code must use MBEDTLS_MD_CAN_xxx instead of
MBEDTLS_xxx_C to check for support for a particular algorithm.

This commit only defines the symbols. Subsequent commits will implement
those symbols in the md module, and in users of the md module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Valerio Setti
82b484ecbc ecjpake: fix guards for driver only builds
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 08:21:44 +01:00
Pengyu Lv
b1895899f1 ssl_cache: Improve some comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-16 14:33:28 +08:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Jan Bruckner
a0589e75a0 Changes from review
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-15 11:04:45 +01:00
Dave Rodgman
b599562033
Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234
Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems
2023-03-15 09:04:44 +00:00
Yanray Wang
83548b5c10 fix inappropriate description for function in RSA
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:49:52 +08:00
Yanray Wang
12cb39661c rsa.c: provide interface to get hash_id of RSA context
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:42:48 +08:00
Yanray Wang
a730df6f86 rsa.c: provide interface to get padding mode of RSA context
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:42:26 +08:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
Pengyu Lv
0b9c012f21 ssl_cache: return the error code for mutex failure
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 14:37:32 +08:00
Dave Rodgman
023c8853ac
Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce
Add CPU modifier for AESCE
2023-03-14 15:58:57 +00:00
Przemek Stekiel
c0e6250ff9 Fix documentation and tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 11:49:36 +01:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Dave Rodgman
cdaaef52f4
Update include/mbedtls/pkcs7.h
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-14 07:13:50 +00:00
Dave Rodgman
bcc92d4f03
Update include/mbedtls/pkcs7.h
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-14 07:13:44 +00:00
Jerry Yu
fbf9523449 Revert "Add experimental warning"
This reverts commit be510fe470.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-14 10:33:32 +08:00
Paul Elliott
e4622a3436 Merge remote-tracking branch 'development/development' into development-restricted
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-13 17:49:32 +00:00
Przemek Stekiel
fde112830f Code optimizations and documentation fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-13 16:28:27 +01:00
Dave Rodgman
efbc5f7322 Update wording in comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-13 12:15:49 +00:00
Jerry Yu
be510fe470 Add experimental warning
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 11:26:35 +08:00
Jerry Yu
be78386681 Remove documents about command line options.
After this PR, the issue has been fixed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 10:58:41 +08:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
d7f6ad7bc8 Minor fixes (comments, cleanup)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Dave Rodgman
25b2dfa6da Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
957cc36be9 Improve wording; use PKCS #7 not PKCS7
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306 Apply suggestions from code review
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
7c33b0cac6 Remove pre-production warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Przemek Stekiel
e9254a0e55 Adapt driver dispatch documentation for user/peer getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118 Add input getters for jpake user and peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587 Enable support for user/peer for JPAKE
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:02 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Tom Cosgrove
94e841290d Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it
Fixes #7234

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-09 17:17:42 +00:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 12:14:26 +01:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307
Fix typos in development prior to release
2023-03-08 17:19:59 +00:00
Valerio Setti
1470ce3eba fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:50:12 +01:00
Valerio Setti
30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Gilles Peskine
ed7b5978cd
Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init
Document the need to call psa_crypto_init for TLS 1.3
2023-03-07 20:13:53 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors
Unify PSA to Mbed TLS error translation
2023-03-07 19:55:44 +01:00
Tom Cosgrove
5c8505f061 Fix typos
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 11:39:52 +00:00
Przemek Stekiel
57580f2539 Use proper enum types for pake state/sequence/step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Pengyu Lv
7b6299b49b ssl_cache: Add an interface to remove cache entry by session id
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-07 15:00:22 +08:00
Przemek Stekiel
e3ef3a15cd Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-06 17:24:32 +01:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt
Allow alternative names for overridable PSA headers
2023-03-03 12:37:51 +00:00
Przemek Stekiel
57207711d8 Add MBEDTLS_ASN1_CHK_CLEANUP_ADD macro to be able to release memory on failure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:29 +01:00
Przemek Stekiel
5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Andrzej Kurek
270b3f9790 Rename error_pair_t to mbedtls_error_pair_t
Required by our coding standards.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:54:13 -05:00
Andrzej Kurek
daf5b56b02 Translate to MD errors in ssl-tls.c
With the introduction of #7047, ssl_tls.c uses 
mbedtls_md_error_from_psa. This complicates
the dependencies for compiling in psa_to_md_errors,
since now these should be ifdeffed also by
MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed
MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA.
Since this mechanism will be removed soon, we can simplify it to
just MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:52:28 -05:00
Andrzej Kurek
747ab4ea5e Introduce error_pair_t to psa utils
This way error handling can be written in a cleaner way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
138b30ac62 Add missing const qualifiers
Also improve documentation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:45 -05:00
Andrzej Kurek
8a045ce5e6 Unify PSA to Mbed TLS error translation
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-03 05:23:44 -05:00
Dave Rodgman
05b80a4eee
Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation
Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds
2023-03-03 09:56:51 +00:00
Gilles Peskine
6def41b146
Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail
Replace CPU modifier check with file scope target cpu modifiers
2023-03-02 15:36:41 +01:00
Gilles Peskine
5b7e1644a7 Document the need to call psa_crypto_init() with USE_PSA_CRYPTO
When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call
psa_crypto_init() before directly or indirectly calling cipher or PK code
that will use PSA under the hood. Document this explicitly for some
functions.

To avoid clutter, this commit only documents the need to call
psa_crypto_init() in common, non-obvious cases: parsing a public key
directly or via X.509, or setting up an SSL context. Functions that are
normally only called after such a function (for example, using an already
constructed PK object), or where the need for PSA is obvious because they
take a key ID as argument, do not need more explicit documentaion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-01 20:10:29 +01:00
Gilles Peskine
a8d7e438e6 Move non-boolean config options to the proper section
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-01 20:10:20 +01:00
Gilles Peskine
8c2830a06a Document what "TLS 1.3 depends on PSA" entails
Explicitly document that when using TLS 1.3, you must initialize PSA crypto
before starting a handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-01 20:06:35 +01:00
Gilles Peskine
7d3186d18a Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration
There's no renegotiation in TLS 1.3, so this option should have no effect.
Insist on having it disabled, to avoid the risk of accidentally having
different behavior in TLS 1.3 if the option is enabled (as happened in
https://github.com/Mbed-TLS/mbedtls/issues/6200).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-01 19:47:23 +01:00
Gilles Peskine
802ff1b116
Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers
Remove driver entry points for psa_{get|set}_max_ops()
2023-03-01 10:46:09 +01:00
Gilles Peskine
7e677fa2c5
Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite
Remove pkwrite dependency in pk using PSA for ECDSA
2023-02-28 18:17:16 +01:00
Gilles Peskine
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension
Add AES with armv8 crypto extension
2023-02-28 18:16:37 +01:00
Paul Elliott
148903ca7d
Merge pull request #7185 from paul-elliott-arm/interruptible_sign_hash_pacify_clang
Interruptible {sign|verify} hash - Pacify Clang 15
2023-02-28 15:31:15 +00:00
Jerry Yu
608e1093de Improve comment about conflicts between aesce and sha512-crypto
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-28 12:50:00 +08:00
Paul Elliott
15d7d43904 Pacify Clang 15
Changes for interruptible {sign|verify} hash were not merged at the time of the
previous clang 15 /retval fixes, thus this fixes code added at that time.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-27 17:25:57 +00:00
Dave Rodgman
dd4427cc5b
Merge pull request #7169 from AndrzejKurek/mpi-window-size
Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2
2023-02-27 17:12:38 +00:00
Paul Elliott
ac2251dad1
Merge pull request #7076 from mprse/parse_RFC822_name
Add parsing of x509 RFC822 name + test
2023-02-27 14:16:13 +00:00
Paul Elliott
a16ce9f601 Remove driver entry points for {get|set}_max_ops().
Move the global variable to the PSA layer, and just set that when calling PSA
level functions.

Move the internal ecp set to before each ecp call.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-24 14:44:18 +00:00
Andrzej Kurek
86f30ff626 Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2
As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790,
after introducing side-channel counter-measures to bignum,
the performance of RSA decryption in correlation to the
MBEDTLS_ECP_WINDOW_SIZE has changed.
The default value of 2 has been chosen as it provides best
or close-to-best results for tests on Cortex-M4 and Intel i7.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-24 07:51:21 -05:00
Ronald Cron
ee54de02b1 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-24 12:06:30 +01:00
Paul Elliott
a3b625b0a1
Merge pull request #7098 from gilles-peskine-arm/retval-non-empty
Pacify Clang 15 about empty \retval
2023-02-24 09:10:53 +00:00
Jerry Yu
c66deda4c5 Add explanation for aesce limitation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-24 11:42:07 +08:00
Gilles Peskine
95c915201e Move the implication of MBEDTLS_PSA_CRYPTO_CLIENT where it belongs
If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable
MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the
full PSA crypto feature set. Historically, we didn't have a good place for
configuration modification, so we did this early in the crypto.h include
tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that.

Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Gilles Peskine
361b5f992f Make sure the configuration is always included
Before, if psa/crypto_platform.h was overridden and the override didn't
include "mbedtls/build_info.h", it was possible to end up with parts of
the headers not taking the library configuration into account, if no
mbedtls header was included before "psa/crypto.h". Make sure that
the mbedtls configuration is visible from the start, no matter what is
or is not in the platform header.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 13:02:13 +01:00
Jerry Yu
f181e54968 Revert minimal integer requests
Roll back to 64bits

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-23 17:16:26 +08:00
Ronald Cron
1aa6e8d6e9 Restore same PSK length enforcement
Restore same PSK length enforcement in
conf_psk and set_hs_psk, whether the
negotiated protocol is TLS 1.2 or TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-02-23 09:48:50 +01:00
Manuel Pégourié-Gonnard
cacc0ea144 Fix a couple more typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:42:37 +01:00
Manuel Pégourié-Gonnard
39a4f4285d Add links for macros in doxygen documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:40:24 +01:00
Manuel Pégourié-Gonnard
f3953c878e Clarify relationship between MD_C and MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:39:05 +01:00
Manuel Pégourié-Gonnard
82a43942c8 Make it clearer what's part of MD-light or not
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 09:36:29 +01:00
Jerry Yu
05bc87866e Improve documents about ms_time
And fix typo error

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-23 11:20:45 +08:00
Gilles Peskine
b1176f2583 Allow alternative names for overridden PSA headers
Integrators of Mbed TLS may override the header files
"psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files
or by placing alternative versions earlier in the include file search path.
These two methods are sometimes inconvenient, so allow a third method which
doesn't require overwriting files or having a precise order for the include
path: integrators can now specify alternative names for the headers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-22 22:07:28 +01:00
Janos Follath
406b9172ad
Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup
Bignum: Add named moduli setup
2023-02-22 12:14:33 +00:00
Przemek Stekiel
6b64862ef7 Documentation fixes and code adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
251e86ae3f Adapt names to more suitable and fix conditional compilation flags
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ac067d779e Fix PSA_PAKE_OPERATION_INIT macro
Needs to be adapted for the clang -Wall -Wextra.
Requirea to explicitly initialize all the members of the struct that is the first member in the union.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
1c3cfb4fb0 Introduce PSA_PAKE_OPERATION_STAGE_SETUP to optimize out alg checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
dde6a910bb Optimize out psa_pake_computation_stage_t
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
38b4e1761d Remove typedef for enum
Workaround for CI error:
Parsing source code...
Compiling...
=============
All symbols in header: PASS
Naming patterns of public_macros: PASS
Naming patterns of internal_macros: PASS
Naming patterns of enum_consts: FAIL

    > include/psa/crypto_extra.h:1857: 'return' does not match the required
      pattern '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'.
      |
 1857 |     return cipher_suite->algorithm;
      |     ^^^^^^

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
ca8d2b2589 Add get-data functions for inputs + tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
0f50f689b7 Remove redundant dummy fields inside unions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
7b730175b3 Simplify psa_pake_computation_stage_s structure
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
b09c487546 Combine core pake computation stage(step,sequence,state) into single driver step
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
5798003b99 Add enum that presents computation stage as single value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
e12ed36a6c Move JPAKE state machine logic from driver to core
- Add `alg` and `computation_stage` to `psa_pake_operation_s`.
  Now when logic is moved to core information about `alg` is required.
  `computation_stage` is a structure that provides a union of computation stages for pake algorithms.
- Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms.
- Removed test that seems to be redundant as we can't be sure that operation is aborted after failure.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
96ae8b939d Move pake definitions to headers for composite algorithms
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
51eac53b93 Divide pake operation into two phases collecting inputs and computation.
Functions that only set inputs do not have driver entry points.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Przemek Stekiel
d91bcb7673 Refactor structures for pake driver support
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Gilles Peskine
250a5ac4cb
Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle
Implement PSA interruptible sign/verify hash
2023-02-21 15:13:34 +01:00
Hannes Tschofenig
6b108606fa Added ability to include the SubjectAltName extension to a CSR
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2023-02-21 13:42:39 +01:00
Dave Rodgman
e42cedf256
Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased
Pkcs7 fixes
2023-02-21 11:53:30 +00:00
Jerry Yu
10ce540a8c Put *MS_TIME* into together.
If MS_TIME_TYPE is changed, the printf fmt string should be changed also.
Otherwise, compiler might report fmt warning

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:39:02 +08:00
Jerry Yu
1ae2b2f034 Improve code style
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:37:12 +08:00
Jerry Yu
330e6ae111 Add document about runtime detection of AESCE
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:16:20 +08:00
Jerry Yu
c8bcdc8b91 fix various issues
- Improve some function names
- Improve comments
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-21 15:16:20 +08:00
Przemek Stekiel
ecee12f04f Add parsing of SAN: rfc822Name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-20 15:09:50 +01:00
Minos Galanakis
a30afe2216 ecp_curves: Minor refactoring.
This patch introduces the following changes:
* Documentation for `mbedtls_ecp_modulus_setup()`
  moved to `ecp_invasive.h`.
* Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`.
* Adjusted negative tests to use invalid selectors.
* Reworded documentation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:53:06 +00:00
Minos Galanakis
d2ca802329 ecp_curves: Added mbedtls_ecp_modulus_setup().
This patch introduces a new static method, responsible
for automatically initialising an modulus structure,
based on the curve id and a modulus type selector.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-02-20 13:49:46 +00:00
Manuel Pégourié-Gonnard
718eb4f190
Merge pull request #7025 from AndrzejKurek/uri_san
Add the uniformResourceIdentifier subtype for the subjectAltName
2023-02-20 11:29:59 +01:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 22:30:06 +01:00
Manuel Pégourié-Gonnard
ba2412fd21 Remove internal function md_process()
It was already marked as internal use only, and no longer used
internally. Also, it won't work when we dispatch to PSA.

Remove it before the MD_LIGHT split to avoid a corner case: it's
technically a hashing function, no HMAC or extra metadata, but we still
don't want it in MD_LIGHT really.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 18:44:46 +01:00
Paul Elliott
5686533ba2 Add warning to mbedtls_ecp_set_max_ops()
Using PSA interruptible interfaces will cause previously set values to be
overwritten.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
21c3951139 Add reference to mbedtls_ecp_set_max_ops() to docs
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Paul Elliott
93d9ca83ea Move num_ops ECP abstraction fully into internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-16 12:15:39 +00:00
Andrzej Kurek
81b0b89a34 Clarify comments on subjectAltName types
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-16 06:55:10 -05:00
Jerry Yu
f7dccb303b Remove limitation for sha256/512 arm64 accelerator
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 17:56:33 +08:00
Jerry Yu
751e76bb04 Replace crypto engine with crypto extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-16 10:48:15 +08:00
Paul Elliott
fe9e77ff7a Better formatting of include guard comments
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
84329464d5 Replace allocated hash buffer with array
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
c9774411d4 Ensure that operation is put into error state if error occurs
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
f9c91a7fb5 Store the hash, rather than the pointer
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1bc59df92c Rename curve_bytes to coordinate_bytes
Also remove unneeded instance from verify operation struct.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4ca521fcdb Remove obsolete comments
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
4684525ae9 Remove unrequired mpis from sign operation struct
These are only used at the output stage.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
a3a8abadff Fix operation initialisers if no algorithms defined
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
1b49ef5384 Fix abort documentation.
Make it clear that these functions reset the number of ops, and remove
statements that say they have no effect.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00
Paul Elliott
90a91f041c Ensure structs are not empty even if ECDSA not supported
Also make previous changes apply to both interruptible sign hash operation
structures rather than just the one as it was.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-02-15 23:34:29 +00:00