mbedtls

Author	SHA1	Message	Date
Przemek Stekiel	52a428b824	Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 11:23:18 +02:00
Jerry Yu	8897c07075	Add server only guards for psk callback Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jan Bruckner	b33f6e5ee2	Fix typo Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2022-10-06 11:23:49 +02:00
Manuel Pégourié-Gonnard	79617d99ae	Fix namespacing issue This macro is specific to the Mbed TLS implementation and not part of the public API, so it shouldn't used the PSA_ namespace. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard	ec7012dbc7	Fix I/O format of PSA EC J-PAKE for compliance The format used by the mbedtls_ecjpake_xxx() APIs and that defined by the PSA Crypto PAKE extension are quite different; the former is tailored to the needs of TLS while the later is quite generic and plain. Previously we only addressed some part of this impedance mismatch: the different number of I/O rounds, but failed to address the part where the legacy API adds some extras (length bytes, ECParameters) that shouldn't be present in the PSA Crypto version. See comments in the code. Add some length testing as well; would have caught the issue. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:52:48 +02:00
Przemek Stekiel	0957e7bfc5	Rmove MBEDTLS_NIST_KW_C dependency from MBEDTLS_SSL_TICKET_C Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-03 11:39:02 +02:00
Przemek Stekiel	460192ee19	Fix and sync configuration file and configuration verifiation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-03 08:55:29 +02:00
Nick Child	7dbe8528f3	pkcs7: Import header files with included directory path not relative path In #include statements, rely on -I paths instead of relative paths. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-30 17:28:16 -05:00
Przemek Stekiel	ce5b68c7a3	Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions" This reverts commit `a82290b727`. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 15:29:18 +02:00
Manuel Pégourié-Gonnard	f3f9e450b6	Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 Ad-hoc KDF for EC J-PAKE in TLS 1.2	2022-09-28 09:47:32 +02:00
Przemek Stekiel	e31ba83675	Use basic symbols instead MBEDTLS_CIPHER_MODE_AEAD in check config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 09:44:58 +02:00
Przemek Stekiel	d582a01073	Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 07:59:01 +02:00
Przemek Stekiel	a82290b727	Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C flags - make it consistent. As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available). Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Andrzej Kurek	e09aff8f5a	Add information about ECJPAKE_TO_PMS output size expectations Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:59:31 -04:00
Andrzej Kurek	96b9f23853	Adjust ECJPAKE_TO_PMS macro value This way the low 8 bits of the identifier indicate that this algorithm is used with SHA-256. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:30:46 -04:00
Paul Elliott	2c282c9bd0	Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.	2022-09-23 15:48:33 +01:00
Jerry Yu	ba627bfd0d	improve document about session tickets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-23 09:58:22 +08:00
Jerry Yu	40b4a01388	Improve documents Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 23:48:38 +08:00
Jerry Yu	f3bdf9dd51	fix various issues - improve document about configuration item. - format issue - variable type issue. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 23:47:14 +08:00
Jerry Yu	d0766eca58	fix various issues - Improve comments - Align count variable name to `new_session_tickets_count` - move tickets_count init to handshake init Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 13:21:29 +08:00
Manuel Pégourié-Gonnard	d433cd7d07	Merge pull request #6283 from mpg/driver-only-hashes-wrap-up Driver only hashes wrap-up	2022-09-21 08:29:46 +02:00
Manuel Pégourié-Gonnard	b4e28aa2f7	Fix two typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-19 11:55:00 +02:00
Manuel Pégourié-Gonnard	3c16abebd4	Fix dependencies of KEY_EXCHANGE_ECJPAKE The EC J-PAKE module the ability to "fall back" to PSA when MD is not present a few PRs ago, but the dependency of this key exchange on SHA-256 wasn't updated at the time. (Note: the crypto primitive doesn't depend on SHA-256, only its use in the TLS key exchange does.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-19 10:47:05 +02:00
Jerry Yu	1ad7ace6b7	Add conf new session tickets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-19 14:22:21 +08:00
Ronald Cron	be0224aef3	Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets	2022-09-18 21:18:13 +02:00
Gilles Peskine	ef843f2b0c	MBEDTLS_PLATFORM_VSNPRINTF_ALT requires MBEDTLS_PLATFORM_C mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT. (MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's a separate preexisting problem which I do not try address at this time.) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-18 14:05:23 +02:00
Nick Child	9512bde5c3	pkcs7: Fix pkcs7 error code values Mbed TLS uses a two layer system for error codes. The least significant 7 bits should be used to signal low-level module errors. Since PKCS7 is a high level module, it should leave these bits unassigned. To do this, the least significant byte of PKCS7 error codes must either be 0x00 or 0x80. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-16 09:49:06 -05:00
Andrzej Kurek	3c4c514302	Remove `PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS` Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 07:24:14 -04:00
Andrzej Kurek	1fafb1f778	Documentation clarifications for ECJPAKE-to-PMS Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 07:19:49 -04:00
Manuel Pégourié-Gonnard	1be45825ab	Remove useless guard around include Including a header is harmless, so we can include do it unconditionally. The condition was wrong, should have been USE_PSA \|\| PROTO_TLS1_3. If we just fixed to condition, then we would need to make sure things like: #define MBEDTLS_TLS1_3_MD_MAX_SIZE PSA_HASH_MAX_SIZE are also guarded, which is useless (extra defines are harmless) and annoying, so just remove the condition altogether. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 13:18:36 +02:00
Manuel Pégourié-Gonnard	138387fc8c	Fix some typos, improve wording & formatting Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard	72687b76ca	Clarify dependencies in mbedtls_config.h - One module was missing the warning on psa_crypto_init(). - For modules that are affected by USE_PSA_CRYPTO, it makes more sense to mention that in the warning. - Attempt to improve the description of the TLS 1.3 situation. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard	f17f85ef0c	Simplify definition of TLS 1.3 MD max size. Actually this macro is never used in parts that depend on USE_PSA, so it's always using PSA. Currently the macro seems a bit redundant, but: - since it's public we can't remove it; - and there are plans in the future to make it more precise (actually the largest hash that matters for TLS 1.3 is SHA-384 now). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard	e896705c1a	Take advantage of legacy_or_psa.h being public Opportunities for using the macros were spotted using: git grep -E -n -A2 'MBEDTLS_(MD\|SHA)[0-9]+_C' \| egrep 'PSA_WANT_ALG_(MD\|SHA)' then manually filtering the results. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard	07018f97d2	Make legacy_or_psa.h public. As a public header, it should no longer include common.h, just use build_info.h which is what we actually need anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:02:48 +02:00
Gilles Peskine	04e4c19ee3	Document the base state of platform abstraction It's `#define mbedtls_xxx xxx` unless some option to override `mbedtls_xxx` is enabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:34:50 +02:00
Manuel Pégourié-Gonnard	409a620dea	Merge pull request #6255 from mprse/md_tls13 Driver-only hashes: TLS 1.3	2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard	18dff1f226	Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake Expose ECJPAKE through the PSA Crypto API	2022-09-15 09:25:55 +02:00
Nick Child	8ce1b1afc8	pkcs7: Correct various syntatical mistakes Resond to feedback from the following comments: - use correct spacing [1-7] - remove unnecessary parenthesis [8] - fixup comments [9-11] - remove unnecessary init work [12] - use var instead of type for sizeof [13] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953655691 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953661514 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953689929 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953696384 [5] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697558 [6] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697793 [7] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697951 [8] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953699102 [9] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r971223775 [10] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967133905 [11] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967135932 [12] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967151430 [13] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967154159 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-14 15:13:52 -05:00
Andrzej Kurek	d60907b85d	Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 14:57:51 -04:00
Przemyslaw Stekiel	67ffab5600	ssl.h: use PSA hash buffer size when PSA is used Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-14 14:51:14 +02:00
Andrzej Kurek	18f8e8d62c	Document the input size restriction for EC J-PAKE to PMS Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 08:44:34 -04:00
Andrzej Kurek	08d34b8693	Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 TLS uses it to derive the session secret. The algorithm takes a serialized point in an uncompressed form, extracts the X coordinate and computes SHA256 of it. It is only expected to work with P-256. Fixes #5978. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 08:39:26 -04:00
Przemyslaw Stekiel	034492bd56	ssl.h: Fix hash guards Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-14 11:09:20 +02:00
Przemek Stekiel	ce0aa58fd9	check_config.h: make TLS1.3 requirements verification more readable Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	8a2f2b0bd6	check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	9408b70513	check_config.h: revert HKDF requirements Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	a06787a629	build_info.h: include config_psa.h also when MBEDTLS_PSA_CRYPTO_C This is done to have PSA_WANT_xxx symbols available in check_config.h when MBEDTLS_PSA_CRYPTO_C. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	cf9d972a9a	Fix config for MBEDTLS_SSL_PROTO_TLS1_3 Remove MBEDTLS_HKDF_C as it is not needed since #5838 Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	a9a8816107	ssl.h: adapt guards for MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Jerry Yu	6cf85a4bb0	update document abourt maximum ticket_age_tolerance Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 14:28:15 +08:00
Neil Armstrong	fb3093a9cb	Use PSA_PAKE_ROLE_NONE in PSA_PAKE_OPERATION_INIT macro instead of 0 Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-08 14:59:32 +02:00
Neil Armstrong	7cd4eacbd4	Fix typo in mbedtls_ecjpake_write_shared_key() comment Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-08 14:57:55 +02:00
Neil Armstrong	ecb221b1ff	Move operation buffer in operation struct and remove dynamic allocation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-08 11:21:07 +02:00
Hannes Tschofenig	fd6cca4448	CID update to RFC 9146 The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content. Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>	2022-09-07 17:15:05 +02:00
Andrzej Kurek	f000471c66	Add missing MD dependency for pkcs5_pbkdf2_hmac Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	345a92b321	Adjust PKCS5 dependencies in check_config It's possible to build PKCS5 with PSA instead of MD Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	65bf73ed6a	Enable HMAC in config_psa.h regardless of MD availability Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	890e78ae66	Deprecate mbedtls_pkcs5_pbkdf2_hmac Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	dd36c76f09	Provide a version of pkcs5_pbkdf2_hmac without MD usage Use the new implementation locally Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard	97fc247d6a	Merge pull request #6232 from AndrzejKurek/pkcs12-no-md Remove MD dependency from pkcs12 module	2022-09-02 09:43:13 +02:00
Nick Child	5d881c36ea	pkcs7: Change copyright Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Nick Child	390e61a47a	pkcs7.h: Make pkcs7 fields private All fields in the mbedtls_pkcs7 struct have been made private with MBEDTLS_PRIVATE. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Nayna Jain	673a226698	pkcs7: add support for signed data OpenSSL provides APIs to generate only the signted data format PKCS7 i.e. without content type OID. This patch adds support to parse the data correctly even if formatted only as signed data Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:41 -05:00
Nayna Jain	c9deb184b0	mbedtls: add support for pkcs7 PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Eric Richter <erichte@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:33 -05:00
Andrzej Kurek	7bd12c5d5e	Remove MD dependency from pkcs12 module Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-01 08:57:41 -04:00
Jerry Yu	89eb95a221	Add ticket age tolerance config option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Neil Armstrong	b764fb60aa	Remove MBEDTLS_MD_C dep in config_psa.h when ECJPAJE is wanted Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	12663092bc	Introduce mbedtls_ecjpake_write_shared_key() to export the EC J-PAKE shared key material before the KDF() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	ed40782628	Fix SECP256R1 enable when PSA_WANT_ALG_JPAKE is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	a557cb8c8b	Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	7616ad28e3	Fix guard of ecjpake.h include in crypto_extra.h Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	63212ddf2f	Fix formatting of PSA_PAKE_OPERATION_INIT macro Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	7aaa34a1ba	Fix formatting of PSA_PAKE_OUTPUT_SIZE & PSA_PAKE_INPUT_SIZE macros Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	637d0a0290	Enable buildin PSA PAKE implementation when ECJPAKE_C is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	35269d93da	Fill psa_pake_operation and INPUT/OUTPUT min/max sizes for PSA PAKE builtin implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Manuel Pégourié-Gonnard	bf22a2500b	Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured Remove the dependency on MD from TLS 1.2 tests	2022-08-30 12:34:37 +02:00
Nicholas Wilson	8e5bdfbbcf	Improve programs/cert_write with a way to set extended key usages Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:08:43 +01:00
Dave Rodgman	0edfa9dd26	Merge pull request #6207 from daverodgman/ticket_time Fix type used for capturing TLS ticket generation time	2022-08-30 10:03:06 +01:00
Andrzej Kurek	cccb044804	Style & formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:26:02 -04:00
Janos Follath	645ff5b8ff	Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures Add the new modulus and the residue structures with low level I/O operations	2022-08-23 09:02:43 +01:00
Andrzej Kurek	e02da81086	Update TLS1.2 dependencies description in mbedtls_config.h It is possible to use it without MBEDTLS_SHAXXX defines and USE_PSA_CRYPTO instead. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	7e16ce3a72	Clarify TLS 1.2 dependencies with and without PSA crypto Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Dave Rodgman	0ce93933e8	Merge pull request #6219 from KloolK/development Fix minor typos	2022-08-22 21:47:21 +01:00
Gilles Peskine	e5018c97f9	Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake Driver-only hashes: EC J-PAKE	2022-08-22 17:28:15 +02:00
Gilles Peskine	20ebaac85e	Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1 Be explicit about constant time bignum functions that must take a 0 or 1 condition value	2022-08-22 17:24:04 +02:00
Jan Bruckner	9ff6f8cdbd	Fix minor typos Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2022-08-22 16:05:58 +02:00
Dave Rodgman	34ff6a7a31	Correct documentation for mbedtls_ecdsa_verify Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-19 11:17:36 +01:00
Neil Armstrong	ecaba1c9b2	Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Neil Armstrong	0d76341eac	Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Przemek Stekiel	10836a04a9	config: Fix requirements for MBEDTLS_X509_USE_C and MBEDTLS_X509_CREATE_C Restore MBEDTLS_PK_PARSE_C as it was removed by mistake. Fix module name in added warnings. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	12e69cb806	oid.h: remove MBEDTLS_MD_C guard * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	55c17430be	oid.h: remove redundant MBEDTLS_MD_C dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	278b6674bd	check_config.h: Adjust x509 dependencies (MBEDTLS_MD_C or MBEDTLS_USE_PSA_CRYPTO) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	fd18366965	Adjust declared dependencies in library/x509* * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Tom Cosgrove	583816caaf	Be explicit about constant time bignum functions that must take a 0 or 1 condition value Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-18 14:09:18 +01:00
Dave Rodgman	536f28c892	Respect MBEDTLS_HAVE_TIME in ssl_ticket Make use of ticket generation time and associated fields conditional on MBEDTLS_HAVE_TIME, to avoid compile errors on baremetal. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 14:20:36 +01:00
Dave Rodgman	392f714153	Fix type used for capturing TLS ticket generation time Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 12:38:24 +01:00
Gabor Mezei	d41f627650	Order the file names Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:20:21 +02:00
Manuel Pégourié-Gonnard	077ba8489d	PKCS#1 v2.1 now builds with PSA if no MD_C Test coverage not there yet, as the entire test_suite_pkcs1_v21 is skipped so far - dependencies to be adjusted in a future commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Janos Follath	d1baedb786	Bignum: extract bignum_mod.h functions Extract functions declared in bignum_mod.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point This makes library/bignum_new.c empty and therefore it is deleted. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:44:53 +01:00
Janos Follath	0ded631879	Bignum: extract bignum_mod_raw.h functions Extract functions declared in bignum_mod_raw.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:34:54 +01:00
Janos Follath	3ca0775e59	Bignum: extract bignum_core.h functions Extract functions declared in bignum_core.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 11:45:47 +01:00
Gabor Mezei	0c655572dc	Build the new bignum_new.c file Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gilles Peskine	5740ff5f1f	Merge pull request #5949 from Summer-ARM/mbedtls-psa-crypto-config MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined	2022-08-05 11:03:45 +02:00
Dave Rodgman	27036c9e28	Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments Fix a/an typos in doxygen and other comments	2022-07-29 12:59:05 +01:00
Dave Rodgman	aba26d0099	Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new Remove use of SSL session compression	2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard	f6b8c3297a	Merge pull request #6065 from mpg/explore2 Driver-only hashes: RSA 1.5 and PK + strategy doc	2022-07-28 10:43:38 +02:00
Tom Cosgrove	ce7f18c00b	Fix a/an typos in doxygen and other comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-28 05:50:56 +01:00
Thomas Daubney	20f89a9605	Remove uses of SSL compression Remove or modify current uses of session compression. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:03 +01:00
Jan Bruckner	25fdc2addb	Fix minor typos Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2022-07-26 10:52:46 +02:00
Ronald Cron	e579ece305	Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load TLS 1.3: Add serialize session save load I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123. Thus I am ok to merge it as it is.	2022-07-23 08:57:11 +02:00
Ronald Cron	340c559cb3	Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.	2022-07-23 08:50:45 +02:00
Jerry Yu	a66fecebe7	Add endpoint/ticket_flag field for session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	77f0148e11	Add psk/psk_ephemeral key exchange check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 23:27:22 +08:00
Ronald Cron	32578b3bd0	Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket TLS 1.3:add tls13 write new session ticket Validated by the internal CI and Travis.	2022-07-21 16:17:35 +02:00
Jerry Yu	e67bef4aba	Add tls13 write new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Dave Rodgman	7085aa42ee	Merge pull request #5896 from wernerlewis/aes_shallow_copy Refactor AES context to be shallow-copyable	2022-07-20 15:16:37 +01:00
Jerry Yu	9750f813a7	Rename MBEDTLS_SSL_TICKET_NONCE_LENGTH Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 12:36:28 +08:00
Jerry Yu	0a430c8aaf	Rename resumption_key and the hardcode len `resumption_key` is better name. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	b14413804a	Remove ticket_flags It should be added later. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	08aed4def9	fix comments and time_t type issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	af2c0c8dd6	fix various comment/format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	f8a4994ec7	Add tls13 new session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	c62ae5f539	Add new session ticket message check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a270f67340	Add tls13 session fields Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	0038c5ff1c	Add ticket nonce setting Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard	abac037a7b	Migrate from old inline to new actual function. This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/.c tests/suites/.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	1f7f7172dc	Document existing dependency of MD_C Trying to compile MD_C without any of the hash modules would result in a bunch of unused parameter warning (hence errors in -Werror builds). We could silence those warnings by casting the parameters to void, but still, compiling the module in such a configuration would mean all of its functions are useless (always returning an error). Seems better to just document the dependency. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 12:49:20 +02:00
Ronald Cron	d5b1eb51db	Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext TLS 1.3: PSK: Add parser of psk kex mode ext on server side	2022-07-18 11:34:24 +02:00
Paul Elliott	0b5f4950cc	Merge pull request #5953 from tuvshinzayaArm/update-document-PSA_ALG_RSA_PSS Update documentation of PSA_ALG_RSA_PSS	2022-07-14 10:40:21 +01:00
Jerry Yu	e19e3b9eb8	Add psk_key_exchange_modes parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:35 +00:00
Paul Elliott	cd08ba0326	Bump version to 3.2.1 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:55 +01:00
Manuel Pégourié-Gonnard	bab73ab842	Loosen guards in mbedtls_psa_translate_md() Depending only of our software implementation was too strict. The function can be useful when only the PSA implementation is available, since oftentimes the algorithm will still be expressed as an md_type for legacy reasons. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard	46a295422d	Build and test RSA PKCS#1v1.5 without MD Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	3f4778995e	Rm dependency on MD in psa_crypto_rsa.c The previous commit made the PKCS#1v1.5 part of rsa.c independent from md.c, but there was still a dependency in the corresponding part in PSA. This commit removes it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	fe2b9b5397	Make mbedtls_oid_get_md_alg() always available This is a step towards building with RSA PKCS#1v1.5 without MD. Also loosen guards around oid data: the OID definitions clearly don't depend on our software implementation. We could simply have no dependency as this is just data. But for the sake of code size, let's have some guards so that people who don't use MD5, SHA1 or RIPEMD160 don't have to pay the price for them. Note: this is used for RSA (PKCS#v1.5) signatures among other things, an area that is not influenced by USE_PSA, so the guards should not depend on it either. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	b86279fc63	Build and test PK without MD Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Paul Elliott	20362cd1ca	Bump library and so versions for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Manuel Pégourié-Gonnard	3e83098e01	Clarify the TLS 1.3 situation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard	ff43ff6e78	Remove stability waiver from USE_PSA It was initially motivated by the fact that the PSA Crypto APIs themselves were not stable. In the meantime, PSA Crypto has reached 1.0.0 so this no longer applies. If we want user to be able to fully benefit from PSA in order to isolate long-term secrets, they need to be able to use the new APIs with confidence. There is no reason to think those APIs are any more likely to change than any of our other APIs, and if they do, we'll follow the normal process (deprecated in favour of a new variant). For reference, the APIs in question are: mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS mbedtls_ssl_conf_psk_opaque() // for PSA-held PSKs in TLS mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS mbedtls_cipher_setup_psa() (deprecated in 3.2) mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard	4d7af2aee0	Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection Permissions 2a: TLS 1.2 ciphersuite selection	2022-07-04 12:37:02 +02:00
Paul Elliott	41aa808a56	Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf Turn off stdio buffering with setbuf()	2022-07-04 10:12:22 +01:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Manuel Pégourié-Gonnard	790ab52ee0	Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 Documentation about storage format compatibility	2022-07-01 12:21:17 +02:00
Gilles Peskine	0bd76ee2ed	Fix Doxygen documentation attached to non-existent elements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 19:32:02 +02:00
Gilles Peskine	6497b5a1d1	Add setbuf platform function Add a platform function mbedtls_setbuf(), defaulting to setbuf(). The intent is to allow disabling stdio buffering when reading or writing files with sensitive data, because this exposes the sensitive data to a subsequent memory disclosure vulnerability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:01:40 +02:00
Ronald Cron	bcde39ca4a	Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 Fully validated by the internal CI. No need to wait for the open one.	2022-06-30 15:10:02 +02:00
Manuel Pégourié-Gonnard	31fcfd5632	Merge pull request #5981 from mprse/hkdf_config_fix Add comment to config_psa.h about enabling PSA_HKDF/-EXTRACT/-EXPAND	2022-06-30 11:27:16 +02:00
Tom Cosgrove	afb2fe1acf	Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed, so no longer mention it. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-06-29 16:36:12 +01:00
Werner Lewis	6d71944f0d	Specify unit for rk_offset in AES context Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Werner Lewis	dd76ef359d	Refactor AES context to be shallow-copyable Replace RK pointer in AES context with a buffer offset, to allow shallow copying. Fixes #2147. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Gilles Peskine	955993c4b5	For status values, the macro expansions must not change either Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-29 14:37:17 +02:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Gilles Peskine	7d14c19730	Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development Changelog improvements before the 3.2 release	2022-06-28 21:00:10 +02:00
Glenn Strauss	999ef70b27	Add accessors to config DN hints for cert request mbedtls_ssl_conf_dn_hints() mbedtls_ssl_set_hs_dn_hints() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-28 12:43:59 -04:00
Neil Armstrong	9f4606e6d2	Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	0c9c10a401	Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	f7044eaec8	Fix name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Summer Qin	9f2596f387	Add MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined Signed-off-by: Summer Qin <summer.qin@arm.com>	2022-06-28 17:56:27 +08:00
Glenn Strauss	01d2f52a32	Inline mbedtls_x509_dn_get_next() in x509.h Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-27 14:20:07 -04:00
Przemek Stekiel	18399d8d53	Add comment to config_psa.h about enabling PSA_HKDF/PSA_HKDF_EXRACT/PSA_HKDF_EXPAND algs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 15:36:06 +02:00
Manuel Pégourié-Gonnard	93a7f7d7f8	Merge pull request #5954 from wernerlewis/x509_next_merged Add mbedtls_x509_dn_get_next function	2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard	4cfaae5b6b	Save code size by calling get_type only once This is an external function, so in the absence of link-time optimisation (LTO) the compiler can't know anything about it and has to call it the number of times it's called in the source code. This only matters for pk_ec, but change pk_rsa as well for the sake of uniformity. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-23 09:43:39 +02:00
Gabor Mezei	7b39bf178e	Send dummy change_cipher_spec records from TLS 1.3 server Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Przemek Stekiel	b33bd19197	Enable HKDF EXTRACT/EXPAND algs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 09:58:51 +02:00
Manuel Pégourié-Gonnard	22e84de971	Improve contract of mbedtls_pk_ec/rsa() Trusting the caller to perform the appropriate check is both risky, and a bit user-unfriendly. Returning NULL on error seems both safer (dereferencing a NULL pointer is more likely to result in a clean crash, while mis-casting a pointer might have deeper, less predictable consequences) and friendlier (the caller can just check the return value for NULL, which is a common idiom). Only add that as an additional way of using the function, for the sake of backwards compatibility. Calls where we know the type of the context for sure (for example because we just set it up) were legal and safe, so they should remain legal without checking the result for NULL, which would be redundant. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	1c91b0c434	Clarify warning about mbedtls_pk_ec/rsa() The previous wording "ensure it holds an XXX" context did not mean anything without looking at the source. Looking at the source, the criterion is: - for mbedtls_pk_rsa(), that the info structure uses rsa_alloc_wrap; - for mbedtls_pk_ec(), that it uses eckey_alloc_wrap or ecdsa_alloc_wrap, since mbedtls_ecdsa_context is a typedef for mbedtls_ecp_keypair. (Note that our test code uses mbedtls_pk_ec() on contexts of type MBEDTLS_PK_ECDSA.) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	4b873874a3	Backward compatibility: the key store with drivers Promise that we will try to keep backward compatibility with basic driver usage, but not with more experimental aspects. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:50:09 +02:00
Gilles Peskine	98473c4523	Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C This was intended as experimental, and we've been saying for a long time that it's superseded by the "unified driver interface", but we hadn't documented that inside the Mbed TLS source code. So announce it as deprecated. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:46:22 +02:00
Gilles Peskine	7973399f7b	Add compatibility notes regarding values embedded in the key store Certain numerical values are written to the key store. Changing those numerical values would break the backward compatibility of stored keys. Add a note to the affected types. Add comments near the definitions of affected values. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:41:20 +02:00
Gilles Peskine	f070a5e5d5	Document how PSA identifiers are generally constructed Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-20 18:40:45 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Werner Lewis	2f1d51070c	Fix incorrect param in function declaration Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-20 11:48:35 +01:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Tuvshinzaya Erdenekhuu	44baacd089	Update documenation of PSA_ALG_RSA_PSS Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-06-17 12:10:35 +01:00
Gilles Peskine	9b3278b263	Doc: the SHA256/SHA512 options also cover SHA224/SHA384 Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 19:09:38 +02:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Dave Rodgman	4b55a89327	Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor Add accessor for x509 certificate extension types	2022-06-06 21:51:38 +01:00
Thomas Daubney	a5f39e0ec2	Move accessor definition Move the definition of the accessor so that it is not defined within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the dependency from the test and test cases. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-06 15:42:32 +01:00
Przemek Stekiel	3e8249cde0	Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:15 +02:00
Przemek Stekiel	73f97d4841	PSA_ALG_HKDF: add salt processing warning Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:15 +02:00
Przemek Stekiel	a29b488296	Optimize code by adding PSA_ALG_IS_ANY_HKDF macro Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:09 +02:00
Przemek Stekiel	459ee35062	Fix typo and style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-02 11:16:52 +02:00
Thomas Daubney	979aa49d1c	Add accessor for x509 certificate extension types Add accessor for x509 certificate extension types Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-06-01 10:22:14 +01:00
Gilles Peskine	09858ae664	Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa Deprecate mbedtls_cipher_setup_psa()	2022-05-31 10:56:52 +02:00
Janos Follath	07c2e5e6d5	Merge pull request #5860 from superna9999/4745-psa-jpake-api-fixes PSA J-PAKE API has missing elements and confusing documentation	2022-05-31 08:27:32 +01:00
Jerry Yu	4dec0e5329	fix state undeclare error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 15:06:04 +08:00
Neil Armstrong	ccffab38a3	Remove linkage documentation on PAKE cipher-suite helpers Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-30 15:49:21 +02:00
Dave Rodgman	52625b739e	Merge pull request #5876 from tom-cosgrove-arm/fix-typos-220526 Fix spelling and typographical errors found by cspell	2022-05-30 11:35:55 +01:00
Janos Follath	1bc0ca4ed3	Merge pull request #5875 from Summer-ARM/mbedtls-psa-crypto-config Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h	2022-05-30 09:41:48 +01:00
Neil Armstrong	5ed8a0ec73	Overall PSA PAKE API style issues fixes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-27 09:47:53 +02:00
Neil Armstrong	5892aa69e3	Fix typo in PSA_ALG_JPAKE documentation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-27 09:44:47 +02:00
Tom Cosgrove	1e21144194	Fix spelling and typographical errors found by cspell Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-05-26 11:51:00 +01:00
Summer Qin	f0b4253c68	Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h Signed-off-by: Summer Qin <summer.qin@arm.com>	2022-05-26 09:38:33 +08:00
XiaokangQian	6b916b1616	Add client certificate parse and certificate verify Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:40:53 +00:00
Neil Armstrong	ef15751f08	PSA PAKE API typos in documentation fixes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-25 11:49:45 +02:00
Neil Armstrong	72ab56a1fe	Overall PSA PAKE API style issues fixes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-25 11:48:37 +02:00
Neil Armstrong	eb93a6f1d8	Use PSA_ALG_NONE in PSA_PAKE_OPERATION_INIT to init psa_algorithm_t Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-25 11:41:05 +02:00
Neil Armstrong	2056ce5111	Fix PSA_PAKE_OUTPUT_MAX_SIZE/PSA_PAKE_INPUT_MAX_SIZE commment about parameters to PSA_PAKE_OUTPUT_SIZE/PSA_PAKE_INPUT_SIZE Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-25 11:38:15 +02:00
Manuel Pégourié-Gonnard	69e348db85	Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa Permissions 1: create `mbedtls_pk_can_do_ext()`	2022-05-23 10:58:32 +02:00
Neil Armstrong	b2f2b027c2	Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 12:00:56 +02:00
Neil Armstrong	e9b4581b16	Clarify BAD_STATE return documentation on bad ordering of input and output steps for psa_pake_input() & psa_pake_output() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	0d24575ad0	Clarify BAD_STATE return documentation of psa_pake_set_peer() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	59fa8ee090	Update return documentation of psa_pake_abort() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	97d74b8abb	Update return documentation of psa_pake_get_implicit_key() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	407b27b516	Update return documentation of psa_pake_input() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	664077e3ae	Update return documentation of psa_pake_output() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	2a6dd9c2a8	Rename & update documentation of function, types, and macros for psa_pake_set_role() and associated Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:52:30 +02:00
Neil Armstrong	16ff788f9d	Update return documentation of psa_pake_set_peer() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	3585168259	Update return documentation of psa_pake_set_user() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	71cae6121d	Update return documentation of psa_pake_set_password_key() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	4721a6f33e	Update return documentation of psa_pake_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	1614537697	Fix password wording in PSA_ALG_JPAKE documentation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	7bc71e9c04	Fix output_size documentation of psa_pake_output() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	cd974d590b	Fix return documentation of PSA_PAKE_OUTPUT_SIZE Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	d5a4825b84	Add missing psa_pake_cs_get_bits() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	ff9cac72e7	Add missing psa_pake_cs_get_family() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	0c8ef93c8e	Add missing psa_pake_abort() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	799106b441	Pass input as const reference and fix documentation of psa_pake_input() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:22 +02:00
Neil Armstrong	47e700e7de	Pass cipher_suite parameter of psa_pake_setup() by const reference Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:51:20 +02:00
Neil Armstrong	0151c55b56	Add documentation of PSA_PAKE_OPERATION_INIT Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:50:58 +02:00
Neil Armstrong	5ff6a7fa97	Add missing psa_pake_cipher_suite_init() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 11:50:57 +02:00
Neil Armstrong	fb99302726	Add missing PSA_PAKE_CIPHER_SUITE_INIT Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 10:45:01 +02:00
Neil Armstrong	a724f7ae17	Document mbedtls_pk_can_do_ext() return for non-allowed algorithms and usage flags Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 09:28:12 +02:00
bootstrap-prime	6dbbf44d78	Fix typos in documentation and constants with typo finding tool Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>	2022-05-18 14:15:33 -04:00
Przemek Stekiel	b398d8693f	Update descryption of HKDF-Extract/Expand algs and fix comment Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-18 15:43:54 +02:00
Neil Armstrong	408f6a60a3	Add usage parameter to mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 14:23:20 +02:00
Neil Armstrong	cec133a242	Fix typo in mbedtls_pk_can_do_ext() documentation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 11:56:01 +02:00
Manuel Pégourié-Gonnard	1cd4f6a873	Merge pull request #5794 from mprse/cipher_dep Fix undeclared dependencies: CIPHER	2022-05-12 13:09:04 +02:00
Manuel Pégourié-Gonnard	4014a0408e	Merge pull request #5617 from gilles-peskine-arm/chacha20-rfc7539-test-vector PSA: ChaCha20: add RFC 7539 test vector with counter=1	2022-05-12 12:34:20 +02:00
Neil Armstrong	0b5295848e	Add definition of mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-12 11:53:02 +02:00
Przemek Stekiel	a09f835bd8	Fix CIPHER dependencies dependeny and error messages Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-12 10:42:20 +02:00
Przemek Stekiel	ea805b4f20	mbedtls_config.h, check_config.h: fix CIPHER dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-12 10:42:20 +02:00
Dave Rodgman	58f591526e	Merge pull request #5732 from daverodgman/warmsocks_spellingfixes Fixed spelling and typographical errors found by CodeSpell	2022-05-12 09:26:29 +01:00
Manuel Pégourié-Gonnard	34f6ac7c22	Merge pull request #5812 from adeaarm/development Fix key_id and owner_id accessor macros	2022-05-12 10:25:02 +02:00
Andrzej Kurek	5c65c5781f	Fix additional misspellings found by codespell Remaining hits seem to be hex data, certificates, and other miscellaneous exceptions. List generated by running codespell -w -L keypair,Keypair,KeyPair,keyPair,ciph,nd Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-05-11 21:25:54 +01:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Przemek Stekiel	ebf6281ce6	crypto_values.h: fix description Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-11 14:16:05 +02:00
Przemek Stekiel	6b6ce3278e	Add definitions for HKDF-Extract and HKDF-Expand algs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-10 12:38:27 +02:00
Manuel Pégourié-Gonnard	42650260a9	Merge pull request #5783 from mprse/md_dep_v3 Fix undeclared dependencies: MD	2022-05-10 10:41:32 +02:00
Przemek Stekiel	6e71282c87	Fix caller list of the MD module Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 11:40:20 +02:00
Przemek Stekiel	ef1fb4a3d3	Deprecate mbedtls_cipher_setup_psa() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 10:55:10 +02:00
Antonio de Angelis	6729474fbb	Fix key_id and owner_id accessor macros The accessor macros for key_id and owner_id in the mbedtls_svc_key_id_t need to have the MBEDTLS_PRIVATE() specifier as these fields are private Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>	2022-05-05 18:45:31 +01:00
Neil Armstrong	8ecd66884f	Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-05 14:01:49 +02:00
Neil Armstrong	e952a30d47	Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	501c93220d	Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard	068a13d909	Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`	2022-05-02 09:06:49 +02:00

... 3 4 5 6 7 ...

5608 commits