Commit graph

29459 commits

Author SHA1 Message Date
Ryan Everett
afb2eee263 Add PKCS5/12 exceptions to analyze_block_cipher_dispatch
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:31:54 +00:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
Tom Cosgrove
1dbfc8ad3c
Merge pull request #8790 from paul-elliott-arm/fix_ctr_drbg_comment
Fix confusing comment in ctr drbg thread test
2024-02-08 11:11:50 +00:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
Tom Cosgrove
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
Valerio Setti
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 16:16:58 +01:00
Paul Elliott
bda577bb0b Fix confusing comment in ctr drbg thread test
Make it clearer where the magic number chosen for entropy_len actually
comes from, and why we chose this value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-07 15:13:46 +00:00
Dave Rodgman
9b272ac1c6
Merge pull request #8794 from daverodgman/pr-guidelines
Remind contributors not to force-push
2024-02-07 15:08:42 +00:00
Valerio Setti
ef07fa0fc3 test_suite_psa_crypto_util: add more test for raw->der
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:16:45 +01:00
Valerio Setti
affba30833 psa_util: update documentation for mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:03:33 +01:00
Manuel Pégourié-Gonnard
b02c0be06a
Merge pull request #8791 from gilles-peskine-arm/psa-legacy-bridges-ecdsa-bits-first
Update ECDSA signature conversion specification
2024-02-07 13:43:29 +00:00
Ryan Everett
a8082c43d5 Add MBEDTLS_CIPHER_C dependencies to new pkparse tests
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 13:31:19 +00:00
Paul Elliott
292b1dc1e1
Merge pull request #8789 from paul-elliott-arm/fix_tsan_gcc
Stop platform test failures with GCC and TSAN
2024-02-07 11:32:39 +00:00
Dave Rodgman
2a6593bbb6 Slightly soften force-push suggestion
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 11:05:47 +00:00
Dave Rodgman
c1a4d1f09a Remove comments about rebasing vs merging; link to longer RTD document
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 11:04:14 +00:00
Dave Rodgman
2840523ae4 Remind contributors not to force-push
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-07 10:42:41 +00:00
Gilles Peskine
3f557ad59c Wording improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-07 11:22:16 +01:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
Dave Rodgman
57a0957938
Merge pull request #8788 from daverodgman/old-gcc-alignment-bug
Change unaligned access method for old gcc
2024-02-07 09:31:45 +00:00
Valerio Setti
447bbce8b4 rsa: remove unnecessary check in priv/pub key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 08:02:03 +01:00
Gilles Peskine
30a303f1a8 ECDSA signature conversion: put bits first
Metadata, then inputs, then outputs.
https://github.com/Mbed-TLS/mbedtls/pull/8703#discussion_r1474697136

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 19:45:11 +01:00
Paul Elliott
e053cb2f12 Stop platform test failures with GCC and TSAN
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2024-02-06 18:10:43 +00:00
Gilles Peskine
8bdd8cdc4f
Merge pull request #8729 from adeaarm/crypto_struct_client_view
Add a client view of the multipart contexts
2024-02-06 17:29:55 +00:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Valerio Setti
1810fd9ac8 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 17:03:32 +01:00
Valerio Setti
bb76f80218 pk_wrap: use proper raw buffer length in ecdsa_sign_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:23 +01:00
Valerio Setti
cf81f69977 psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:12 +01:00
Dave Rodgman
91d5fde944
Merge pull request #8745 from adeaarm/trail_key_id_field
Put the id field at the end of the psa_key_attributes_s structure
2024-02-06 15:55:56 +00:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
This reverts commit d4fc5d9d1c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Valerio Setti
2b6a7b37f4 suite_psa_crypto_util: use 521 bits data and bit-size instead of 528
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:21:44 +01:00
Dave Rodgman
e093281a8b Pacify check-names
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 15:00:58 +00:00
Valerio Setti
94c5806a64 suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 15:49:06 +01:00
Dave Rodgman
d09f96b829 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:51:58 +00:00
Valerio Setti
eae7fce829 add changelog
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 14:40:59 +01:00
Dave Rodgman
22b934e6d2 Use struct not union
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Dave Rodgman
f4e8234f93 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Dave Rodgman
ec9936d122 Improve gcc guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:04:09 +00:00
Dave Rodgman
b327a1e706 Change unaligned access method for old gcc
gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows
that __attribute__ aligned may be ignored.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 11:32:01 +00:00
Ronald Cron
d0a772740e tests: early data: Complete the handshake
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 11:15:48 +01:00
Gilles Peskine
735ac3ec05 Fix builds with secp224k1 as the only curve
Normally, if an elliptic curve is enabled in the legacy API then it's also
enabled in the PSA API. In particular, if the legacy API has at least one
curve then that curve also works with PSA. There is an exception with
secp224k1 which PSA does not support. In a build with secp224k1 as the only
legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the
curve through PK) but PSA does not support any elliptic curve, so we can't
run PK-PSA bridge tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-06 11:11:32 +01:00
Chien Wong
4e9683e818
Reduce many unnecessary static memory consumption
.data section of ssl_client1 becomes 320 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
2024-02-06 17:50:44 +08:00
Valerio Setti
c213a2e1e5 adjust_legacy_from_psa: use groups instead of curves for DH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 10:49:14 +01:00
Gilles Peskine
8a85673a39 Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage 2024-02-06 10:14:17 +01:00
Valerio Setti
d4fc5d9d1c psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.

Note = trying to impose a strict sizing on the raw buffer causes
       several failures in test suites. This suggests that it is
       quite common to use larger buffer to store raw signatures.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:42:42 +01:00
Valerio Setti
fe329cea3f rsa: handle buffer length similarly in private and public key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:00:18 +01:00
Ronald Cron
33327dab85 tests: early data: Switch to mnemonics for test scenarios
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 18:27:04 +01:00