mbedtls

Author	SHA1	Message	Date
Dave Rodgman	85a88133aa	Use fewer bits for block_size Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 13:37:28 +01:00
Dave Rodgman	3b46b77cf1	code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 13:37:28 +01:00
Dave Rodgman	de3de773e6	Use look-up table for base Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 12:59:31 +01:00
Dave Rodgman	0ffb68ee3f	Use fewer bits for iv_size Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 12:59:31 +01:00
Dave Rodgman	6c6c84212e	Use fewer bits for key_bitlen Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 11:14:34 +01:00
Dave Rodgman	3319ae9679	Re-order mbedtls_cipher_info_t Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 10:55:04 +01:00
Dave Rodgman	48d13c5143	Use bit-fields Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-24 10:53:37 +01:00
David Horstmann	07c22c6708	Reword the description of mbedtls_net_free() This makes it clearer that the context itself is not being freed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-23 23:19:40 +01:00
Dave Rodgman	f9c9c92a40	Change types in mbedtls_cipher_info_t Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-23 17:16:17 +01:00
David Horstmann	279d227971	Add "completed" clarification to struct comments Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-22 15:22:35 +01:00
David Horstmann	096093bac5	Remove redundant structures from previous design Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-22 15:22:35 +01:00
David Horstmann	024e5c5f2e	Rename struct member mode to io_mode Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-22 15:22:35 +01:00
David Horstmann	5da9560178	Properly namespace enum values within PSA_JPAKE_ Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-22 15:22:35 +01:00
David Horstmann	e7f21e65b6	Change J-PAKE internal state machine Keep track of the J-PAKE internal state in a more intuitive way. Specifically, replace the current state with a struct of 5 fields: * The round of J-PAKE we are currently in, FIRST or SECOND * The 'mode' we are currently working in, INPUT or OUTPUT * The number of inputs so far this round * The number of outputs so far this round * The PAKE step we are expecting, KEY_SHARE, ZK_PUBLIC or ZK_PROOF This should improve the readability of the state-transformation code. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-22 15:22:35 +01:00
Manuel Pégourié-Gonnard	2fb9d00f6d	Merge pull request #7682 from valeriosetti/issue7453 driver-only ECC: ECPf.PK testing	2023-06-22 09:45:57 +02:00
Paul Elliott	458b96b1a7	Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips Use better IP parsing in x509 apps	2023-06-20 17:21:04 +01:00
Valerio Setti	a9aab1a85b	pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() This allows also to: - removing the dependency on ECP_C for these functions and only rely on PSA symbols - removing extra header inclusing from crypto_extra.h - return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to their original position in pk.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 19:24:05 +02:00
Valerio Setti	bc2b1d3288	psa: move mbedtls_ecc_group_to_psa() from inline function to standard one Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 19:24:05 +02:00
Valerio Setti	f54ca35b8a	build_info: do not enable ECP_LIGHT when PSA_WANT_ALG_ECDSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 19:24:05 +02:00
Valerio Setti	81d75127ba	library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 19:24:05 +02:00
Valerio Setti	e489e81437	pk: add new symbol to state that PK has support for EC keys Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS has been move on top of the pk.h file because we need these symbols when crypto.h is evaluated otherwise functions like mbedtls_ecc_group_of_psa() won't be available. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 19:24:05 +02:00
Marek Jansta	8bde649c0b	Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate Signed-off-by: Marek Jansta <jansta@2n.cz>	2023-06-19 12:49:27 +02:00
Valerio Setti	3cd4ef7a7a	mbedtls_config: improved description of PK_PARSE_EC_COMPRESSED Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 11:35:10 +02:00
Valerio Setti	a18385b197	build_info: improved description of ECP_LIGHT auto-enabling symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 11:34:28 +02:00
Valerio Setti	fdf15ddfbe	build_info: auto enable PK_PARSE_EC_COMPRESSED when PK_PARSE_C && ECP_C This helps backward compatibility since compressed points were always supported in previous releases as long as PK_PARSE_C and ECP_C were defined. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 16:03:47 +02:00
Valerio Setti	4922ba132a	build_info: complete list of symbols that auto-enable ECP_LIGHT The comment is also updated accordingly. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 16:03:46 +02:00
Valerio Setti	addeee4531	mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol This includes also: - auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is defined - replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse - disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves (it get disabled also in the reference components because we want to achieve test parity) - remove skipped checks in analyze_outcomes.py Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 16:03:46 +02:00
Valerio Setti	aecd32c90a	pk: let PK_PARSE_EC_EXTENDED auto-enable ECP_LIGHT Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 16:03:46 +02:00
Valerio Setti	01cc88a46b	config_psa: replace USE symbols with BASIC one for all KEY_PAIRs Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:27:02 +02:00
Valerio Setti	4520a8f312	config_psa: only KEY_PAIR_USE includes PUBLIC_KEY While the other (IMPORT, EXPORT, GENERATE, DERIVE) only include the USE one. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	aac957b493	config_psa: always enable PUBLIC_KEY when any KEY_PAIR is enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	f4d7ede72c	config_psa: fix logic for updating legacy symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	38a3e8d10c	config_psa: ECP_C do not enable ECC_KEY_PAIR_DERIVE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	b0d9aaee1c	psa: move PSA_WANT checks to check_crypto_config Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	c51cba92a3	config_psa: avoid repetitions when including MBEDTLS symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	b7ef51a193	crypto: move legacy symbols support to a dedicated header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	ddb577626d	config_psa: add missing BUILTIN symbols when ECP_C is defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	89cb1444a5	config_psa: fix comment for LEGACY symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	602ee2ed98	config_psa: remove support for PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	a801b56600	config_psa: remove GENPRIME from enabled symbols of PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
valerio	36befce51a	config_psa: remove leftover comment on ECC derivation Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-06-16 12:26:26 +02:00
Valerio Setti	8bb5763a85	library: replace deprecated symbols with temporary _LEGACY ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:23:55 +02:00
Valerio Setti	f87b505511	config_psa: replace legacy symbols with new ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:23:55 +02:00
Valerio Setti	8d6e98c170	psa: add support for legacy symbols Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:23:55 +02:00
Valerio Setti	67a3e3eb7b	crypto_config: introducing new definitions for PSA_WANT KEY_PAIRs - deprecate legacy PSA_WANT_KEY_TYPE_xxx_KEY_PAIR - introduce new PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy where - xxx is either RSA, DH or ECC - yyy can be USE, IMPORT, EXPORT, GENERATE, DERIVE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:23:55 +02:00
Janos Follath	a426dc31cc	Merge pull request #7782 from gilles-peskine-arm/mbedtls_ecp_modulus_type-move Move mbedtls_ecp_modulus_type out of the public headers	2023-06-16 11:12:57 +01:00
Gilles Peskine	f45a5a0ddd	Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes PBKDF2: Output bytes	2023-06-16 10:08:02 +02:00
Gilles Peskine	637c049349	Move mbedtls_ecp_modulus_type out of the public headers This is an internal detail of the ECC arithmetic implementation, only exposed for the sake of the unit tests Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined in a public header, but without Doxygen documentation, and without any public function or data structure using it. So removing it is not an API break. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-15 19:07:41 +02:00
Przemek Stekiel	ce05f54283	Properly disable ECDH in only (psk) ephemeral ffdh key exchange components Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-15 16:44:08 +02:00
Andrzej Kurek	c6beb3a741	Rename NUL to null in x509 IP parsing description Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-15 09:54:37 -04:00
Tom Cosgrove	6edf8b8c7b	Merge pull request #7451 from yanrayw/7376_aes_128bit_only Introduce config option of 128-bit key only in AES calculation	2023-06-15 10:35:32 +01:00
Yanray Wang	55ef22c2cb	mbedtls_config.h: add description for CTR_DRBG about AES-128 only Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-06-15 10:05:27 +08:00
Gilles Peskine	c453e2e7e8	Officially deprecate MBEDTLS_CIPHER_BLKSIZE_MAX Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-14 18:00:37 +02:00
Gilles Peskine	9e930e2887	Rename MBEDTLS_CIPHER_BLKSIZE_MAX internally Replace all occurrences of MBEDTLS_CIPHER_BLKSIZE_MAX by the new name with the same semantics MBEDTLS_CMAC_MAX_BLOCK_SIZE, except when defining or testing the old name. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-14 18:00:37 +02:00
Gilles Peskine	7282a9e1a0	Replacement for MBEDTLS_CIPHER_BLKSIZE_MAX Prepare to rename this constant by MBEDTLS_CMAC_MAX_BLOCK_SIZE. The old name was misleading since it looked like it covered all cipher support, not just CMAC support, but CMAC doesn't support Camellia or ARIA so the two are different. This commit introduces the new constant. Subsequent commits will replace internal uses of MBEDTLS_CIPHER_BLKSIZE_MAX and deprecate it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-14 18:00:37 +02:00
Gilles Peskine	16bb83cb57	Explicitly document that Camellia and ARIA aren't supported In particular, this explains why the definition of MBEDTLS_CIPHER_BLKSIZE_MAX is correct. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-06-14 18:00:37 +02:00
Przemek Stekiel	7d42c0d0e5	Code cleanup #2 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 12:30:40 +02:00
Przemek Stekiel	75a5a9c205	Code cleanup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 09:57:23 +02:00
Dave Rodgman	f956312174	Fix typo in MBEDTLS_MD_CAN macros Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>	2023-06-11 16:04:29 +01:00
Glenn Strauss	61d99304da	mbedtls_x509_time_gmtime() to fill struct w/ time Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-06-09 17:01:03 +01:00
Glenn Strauss	416dc03467	mbedtls_x509_time_cmp() compare mbedtls_x509_time Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-06-09 17:01:03 +01:00
Dave Rodgman	0442e1b561	Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-08 16:03:33 +01:00
Manuel Pégourié-Gonnard	1f6d2e352d	Simplify implementation of MD<->PSA translation Also, add tests and comments due from previous commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-08 12:09:20 +02:00
Manuel Pégourié-Gonnard	9b76318138	Change values of md_type enum Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-08 11:48:53 +02:00
Dave Rodgman	9304186ae9	Restore accidentally removed comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-08 10:13:22 +01:00
Dave Rodgman	ff45d44c02	Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-08 10:11:34 +01:00
Dave Rodgman	b61cd1042a	Correct minor merge mistakes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 18:14:45 +01:00
Dave Rodgman	05d71ffe5b	Merge remote-tracking branch 'origin/development' into sha3-updated	2023-06-07 18:02:04 +01:00
Dave Rodgman	f9d8f4cd68	Remove reference to SHAKE Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 17:08:29 +01:00
Dave Rodgman	a35551ef01	Use MBEDTLS_PRIVATE Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 17:08:19 +01:00
Dave Rodgman	cf4d2bdc09	Spell as SHA-3 not SHA3 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 17:08:09 +01:00
Dave Rodgman	c3048b3eea	Tidy-up definition of mbedtls_sha3_context Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 16:50:15 +01:00
Dave Rodgman	9d7fa93e6c	move mbedtls_sha3_family_functions out of public interface Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 16:50:15 +01:00
Dave Rodgman	e627bef2f8	Use faster type for state index Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 16:50:15 +01:00
Dave Rodgman	1789d84282	remove not-needed fields from SHA-3 context Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-06-07 16:50:15 +01:00
Andrzej Kurek	5d9aeba899	Fix param documentation for mbedtls_x509_crt_parse_cn_inet_pton Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-07 08:54:35 -04:00
Andrzej Kurek	cd17ecfe85	Use better IP parsing in x509 programs Remove unnecessary duplicated code. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-07 08:50:05 -04:00
Gilles Peskine	13230a4ad3	Merge pull request #7349 from mpg/rm-hash-info Remove `hash_info` module	2023-06-06 21:05:13 +02:00
Gilles Peskine	d598eaf212	Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string Parse an OID from a string	2023-06-06 20:57:17 +02:00
Przemek Stekiel	ff9fcbcace	ssl_client2, ssl_server2: code optimization + guards adaptation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:53:40 +02:00
Przemek Stekiel	e7db09bede	Move FFDH helper functions and macros to more suitable locations Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Przemek Stekiel	cceb933e30	Add FFDH definitions and translation functions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:07 +02:00
Kusumit Ghoderao	85e6bdb7ad	Add additional members to pbkdf2 struct Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-06-06 15:05:39 +05:30
Manuel Pégourié-Gonnard	c9d9829533	Add comment on macros that should be kept in sync Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	f76c2208f6	Remove mbedtls_psa_translate_md(). The header clearly states all functions here are internal, so we're free to remove them at any time. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	45b34517fb	Keep MD and PSA max size in sync Some TLS code is using MD_MAX_SIZE in parts that are common to USE_PSA and non-USE_PSA, then using PSA_HASH_MAX_SIZE in parts specific to USE_PSA, and having different values causes trouble. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	725d2e24aa	Fix guard for PSA->MD error conversion Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	1c32e37b0c	Formally deprecate mbedtls_psa_translate_md() The previous informal comment was not enough to prevent it from being used in several places in the library. This should have more effect, considering with have builds with DEPRECATED_REMOVED. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	6076f4124a	Remove hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	2d6d993662	Use MD<->PSA functions from MD light As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	9b41eb8533	Replace hash_info_get_type with MD function Mostly a search and replace with just two manual changes: 1. Now PK and TLS need MD light, so auto-enable it. 2. Remove the old function in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	1ef26e285e	Add convenience inline function to md.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Gilles Peskine	5c3d6e277c	Merge pull request #7575 from AndrzejKurek/URI-SAN-verification Add partial support for URI SubjectAltNames verification	2023-06-05 16:46:47 +02:00
Gilles Peskine	975d9c0faf	Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes Miscellaneous fixes for SubjectAltName code / docs	2023-06-05 15:38:53 +02:00
Gilles Peskine	84b547b5ee	Merge pull request #7400 from AndrzejKurek/cert-write-sans Add a possibility to generate certificates with a Subject Alternative Name	2023-06-05 15:38:38 +02:00
Manuel Pégourié-Gonnard	f37b94b5bf	Merge pull request #7533 from valeriosetti/issue7484 PK: add support for private key writing with "opaque" EC keys	2023-06-05 10:53:53 +02:00
Tom Cosgrove	32b06f50df	Merge pull request #7650 from yanrayw/7360-code-size-tfm-medium code size measurement support for tfm-medium	2023-06-02 13:25:26 +01:00
Andrzej Kurek	1747304a7a	Update the descriptions of SANs All of them are listed, so the previous description was wrong. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-01 18:20:24 +01:00
David Horstmann	bf95e9a058	Reword description and change NUL to null Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-01 15:33:15 +01:00
David Horstmann	017139751a	Change behaviour away from NUL-terminated strings Instead, require the length of the string to be passed. This is more useful for our use-case, as it is likely we will parse OIDs from the middle of strings. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-01 15:04:20 +01:00
David Horstmann	d1a203a382	Cosmetic fixes to doxygen comment Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-06-01 15:02:15 +01:00
valerio	64e0184a39	psa_util: add support for rfc8410's OIDs Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-06-01 11:06:40 +02:00
Manuel Pégourié-Gonnard	7b1136836c	Merge pull request #7438 from valeriosetti/issue7074 Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C	2023-06-01 10:06:45 +02:00
Gilles Peskine	a1b416670e	Merge pull request #7547 from silabs-Kusumit/PBKDF2_input_validation PBKDF2: Input Validation	2023-06-01 10:05:34 +02:00
David Horstmann	b97b689832	Reword function description slightly Use of the term "dotted-decimal" improves clarity. Put a full-stop where one should have been. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-05-31 14:42:00 +01:00
Kusumit Ghoderao	b20f13a41b	Change input cost type to uint64_t and fix max iteration test case Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-31 12:51:02 +05:30
Kusumit Ghoderao	10cc6bda1c	Add PSA_ALG_PBKDF2_HMAC_GET_HASH macro Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-24 12:35:14 +05:30
Kusumit Ghoderao	e66a8ad8d6	Define PSA_VENDOR_PBKDF2_MAX_ITERATIONS Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-24 12:30:43 +05:30
Kusumit Ghoderao	52fe517a77	Change pbkdf2 password to array Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-24 12:28:46 +05:30
Dave Rodgman	b2e551d347	Merge pull request #6943 from ucko/2023b-platform	2023-05-23 18:37:54 +01:00
Valerio Setti	7ef8a8d0da	pk: improve description for the new priv_id field Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-23 18:39:54 +02:00
Manuel Pégourié-Gonnard	9dc9204b77	Merge pull request #7554 from valeriosetti/issue7073-reshape Avoid parse/unparse public ECC keys in PK with USE_PSA when !ECP_C	2023-05-23 15:08:45 +02:00
Aditya Deshpande	2f1ae5a86e	Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style. Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds. Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-05-23 15:40:11 +08:00
Valerio Setti	016264b6cb	pk: fix a return value and a typo in comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-22 18:40:35 +02:00
Gilles Peskine	50729eac74	Merge pull request #7611 from yanrayw/7609_tweak_build_info_include_order build_info.h: fix mutual implications with config_psa.h temporarily	2023-05-22 17:49:55 +02:00
Yanray Wang	37db332658	build_info.h: rewrite comment Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-22 16:50:39 +08:00
Aaron M. Ucko	5e4a01bff5	mbedtls/platform.h: Avoid potential macro redefinition warnings. Some identifiers (e.g. mbedtls_free) can name either functions or macros depending on configuration settings. For those that turn out to name macros, first clear out any existing macro definitions to accommodate possible unconditional bulk symbol renaming. (There remains no standard provision for such renaming, but it's nevertheless straightforward enough to do as desired, particularly with this change in place.) Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>	2023-05-19 10:50:06 -04:00
Valerio Setti	f57007dd1e	pk: fixing and improving comments Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-19 13:54:39 +02:00
Paul Elliott	9a11f8a122	Merge pull request #7573 from tom-cosgrove-arm/add-psa_want_alg_some_pake Only include psa_pake_setup() and friends if some PAKE algorithms are required	2023-05-18 09:59:52 +01:00
Andrzej Kurek	1bc7df2540	Add documentation and a changelog entry Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Paul Elliott	8203f2d89f	Merge pull request #7535 from minosgalanakis/ecp/7264_enable_core_shift_l [Bignum] Adjust mbedtls_mpi_core_shift_l to use the core function	2023-05-17 18:45:44 +01:00
Valerio Setti	c1541cb3c7	pk: minor fixes (guards and a wrong assignment) Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-17 19:23:02 +02:00
Andrzej Kurek	67fdb3307d	Add a possibility to write subject alt names in a certificate Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 11:45:36 -04:00
Andrzej Kurek	1a75269589	Move mbedtls_x509_san_list to x509.h Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 11:45:36 -04:00
Valerio Setti	92c3f36866	test_suite_debug: fix USE_PSA_INIT/DONE guards in a test Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-17 15:38:34 +02:00
Valerio Setti	722f8f7472	pk: adding a new field to store the public key in raw format Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-17 15:31:21 +02:00
Manuel Pégourié-Gonnard	b1c0afe484	Merge pull request #7595 from valeriosetti/deprecate_pk_ec Set mbedtls_pk_ec() as internal function when ECP_C is not defined	2023-05-17 12:27:03 +02:00
Yanray Wang	419a55e929	build_info.h: rewrite comment for inclusion of config_psa.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-17 18:22:34 +08:00
Yanray Wang	6397673cb8	build_info.h: change location of including config_psa.h In build_info.h, some macros are defined based on PSA_WANT_XXX symbol. This commit tweaks the location of including config_psa.h so that macros in build_info.h could imply config options correctly. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-17 13:57:22 +08:00
Minos Galanakis	2056d09893	bignum: Updated documentation for `mbedtls_mpi_shift_l()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-05-16 17:16:26 +01:00
Valerio Setti	3f00b84dd1	pk: fix build issues Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-15 12:57:06 +02:00
Valerio Setti	77a75685ed	pk: align library and tests code to the new internal functions Note = programs are not aligned to this change because: - the original mbedtls_pk_ec is not ufficially deprecated - that function is used in tests when ECP_C is defined, so the legacy version of that function is available in that case Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-15 11:18:46 +02:00
Valerio Setti	229bf1031f	pk: make mbedtls_pk_ec internal when !ECP_C mbedtls_pk_ec() is not an ideal function because: - it provides direct access to the ecp_keypair structure wrapped by the pk_context and - this bypasses the PK module's control However, since for backward compatibility, it cannot be deprecated immediately, 2 alternative internal functions are proposed. As a consequence: - when ECP_C is defined, then the legacy mbedtls_pk_ec is available - when only ECP_LIGHT is defined, but ECP_C is not, then only the new internal functions will be available Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-15 11:13:55 +02:00
Fredrik Hesse	cc207bc379	Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. Signed-off-by: Fredrik Hesse <fredrik@hesse.se>	2023-05-12 14:59:01 +01:00
Tom Cosgrove	6d62faca8e	Only include psa_pake_setup() and friends if some PAKE algorithms are required Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-05-12 12:36:24 +01:00
Andrzej Kurek	199eab97e7	Add partial support for URI SubjectAltNames Only exact matching without normalization is supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-10 09:57:19 -04:00
Yanray Wang	7265bab8ad	mbedtls_config.h: remove empty * line before closing */ line Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-10 17:50:58 +08:00
Yanray Wang	d2ae432364	mbedtls_config.h: rewrite comment for AES_ONLY_128_BIT_KEY_LENGTH Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-10 17:49:34 +08:00
Manuel Pégourié-Gonnard	1d046fa0dd	Merge pull request #6010 from mprse/ffdh_import_export FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests	2023-05-10 11:40:54 +02:00
Yanray Wang	ab4fb0d34c	aes.h: rewrite comment for aes round key buf Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-10 10:06:14 +08:00
Gilles Peskine	8d42cfddd6	Merge pull request #7539 from gilles-peskine-arm/mbedtls_error_pair_t-smaller Halve size of mbedtls_error_pair_t	2023-05-09 15:55:51 +02:00
Gilles Peskine	97edeb4fb8	Merge pull request #6866 from mprse/extract-key-ids Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2	2023-05-08 20:38:29 +02:00
Kusumit Ghoderao	9016bc4ed2	Clean up commented code Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-08 16:04:05 +05:30
Kusumit Ghoderao	3fc4ca7272	Limit max input cost to 32bit Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-08 15:57:41 +05:30
Gilles Peskine	4837e9d1c0	Correct comment about mbedtls error codes Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-07 20:27:13 +02:00
Pol Henarejos	d06c6fc45b	Merge branch 'development' into sha3 Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2023-05-05 16:01:18 +02:00
Valerio Setti	92da2a79aa	pk: improve description for the next opaque ID field Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 12:31:23 +02:00
Valerio Setti	4f387ef277	pk: use better naming for the new key ID field Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:59:32 +02:00
Valerio Setti	e00954d0ed	pk: store opaque key ID directly in the pk_context structure Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:57:26 +02:00
Yanray Wang	1ed226f790	Auto-enable CTR_DRBG_USE_128_BIT_KEY with AES_ONLY_128_BIT_KEY_LENGTH This commit adds support to auto-enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled. Furthermore, the corresponding check is removed in check_config.h. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 16:23:31 +08:00
Yanray Wang	8b9877bad7	aes.h: add comment for round key buffer in aes context Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 16:17:48 +08:00
Yanray Wang	4a7fdffa5e	mbedtls_config.h: paraphrase code size saving in comment Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 16:11:33 +08:00
Yanray Wang	3d4d146f07	mbedtls_config.h: fix issue in grammar Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 15:05:46 +08:00
Yanray Wang	a87046704f	Add checks if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled This commit adds configuration check in check_config.h if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled. Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled by default in scripts/config.py for full configuration. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 11:21:18 +08:00
Arto Kinnunen	b1c626b5c6	AES: adjust AES RAM usage according to config options Do not reserve additional space for mbedtls_aes_context if config option AES_ONLY_128_BIT_KEY_LENGTH is used and PADLOCK_C is not used. This reduces RAM usage by 96 bytes. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 11:21:13 +08:00
Arto Kinnunen	732ca3221d	AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH Add configuration option to support 128-bit key length only in AES calculation. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-05-05 11:20:38 +08:00
Jethro Beekman	0167244be4	Read and write X25519 and X448 private keys Signed-off-by: Jethro Beekman <jethro@fortanix.com> Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com> Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>	2023-05-04 13:01:47 +02:00
Kusumit Ghoderao	b9410e89b4	Fix failing CI Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-04 13:17:51 +05:30
Przemek Stekiel	746dfaea3f	Enable FFDH through PSA if it's enabled in the legacy interface Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-05-04 09:14:08 +02:00
Kusumit Ghoderao	dcfa548293	Add pbkdf2 to key_derivation context struct Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-03 14:20:35 +05:30
Kusumit Ghoderao	30ced52497	Add pbkdf2 struct to crypto_builtin_key_derivation.h Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-03 14:20:35 +05:30
Kusumit Ghoderao	876e2c2424	Add psa_pbkdf2_key_derivation_state_t Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-03 14:20:34 +05:30
Kusumit Ghoderao	83baf8968d	Add builtin PBKDF2_HMAC definition in config_psa.h Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-03 14:20:34 +05:30
Kusumit Ghoderao	aca31654e6	Enable PSA_WANT_ALG_PBKDF2_HMAC in crypto_config.h Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-05-03 14:20:34 +05:30
Gilles Peskine	b567f8326d	Halve size of mbedtls_error_pair_t All PSA crypto error codes fit comfortably in 16 bits and we have no plans to ever change this. So use 16 bits to store them, which reduces mbedtls_error_pair_t from 8 bytes to 4 bytes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-05-02 21:40:07 +02:00
Gilles Peskine	d3ca5e5897	Merge pull request #7328 from mprse/ec-jpake-fix1 Fix the JPAKE driver interface for user+peer	2023-05-02 20:42:25 +02:00
Manuel Pégourié-Gonnard	8e076e4132	Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle Document (with examples) how to integrate a third-party driver with Mbed TLS	2023-05-02 12:13:42 +02:00
Manuel Pégourié-Gonnard	f317df98ea	Merge pull request #7461 from valeriosetti/issue7460-part1 Fixing USE_PSA_INIT/DONE in SSL/X509/PK test suites	2023-05-02 10:44:13 +02:00
Aditya Deshpande	f100f00679	Add warnings to documentation stating that p256-m code may be out of date with upstream, plus other minor grammatical fixes. Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-04-28 17:54:15 +01:00
Aditya Deshpande	bac592d53e	Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-04-28 17:54:15 +01:00
Aditya Deshpande	e41f7e457f	Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example. (Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch) Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2023-04-28 17:54:09 +01:00
Przemek Stekiel	4ce523256b	Fix definition of PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (ECC vs FFDH max) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-28 13:40:34 +02:00
Przemek Stekiel	eb511a4495	Update config files to make PSA FFDH undependent on MBEDTLS_DHM_C To enable support for FFDH in PSA MBEDTLS_USE_PSA_CRYPTO needs to be enabled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-28 13:20:16 +02:00
Przemek Stekiel	6d85afa0cc	Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-28 11:42:17 +02:00
Przemek Stekiel	5357a7a6d9	Use PSA_MAX_OF_THREE in PSA_EXPORT_KEY_PAIR_MAX_SIZE Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-27 11:22:36 +02:00
Dave Rodgman	98062a7c5d	Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module Add msvc support for AESCE	2023-04-26 21:27:08 +01:00
David Horstmann	9643575d92	Limit OIDs to 128 components The longest OID known by oid-info.com is 34 components[1], so 128 should be plenty and will limit the potential for attacks. [1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48 Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-04-26 11:50:14 +01:00
Przemek Stekiel	654bef0be0	Fix typos, comments, style, optimize macros Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-26 09:07:20 +02:00
Przemek Stekiel	87d9a4a30c	Provide PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY configuration Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-26 09:07:20 +02:00
Przemek Stekiel	ed23b61020	Adapt size macros for FFDH Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-26 09:04:32 +02:00
Przemek Stekiel	84ee3e2921	Adapt config files for FFDH Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-26 09:04:32 +02:00
Jerry Yu	a1a039dba6	Improve minimum compiler versions document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-04-26 10:21:42 +08:00
Przemek Stekiel	aede2ad554	Optimize code (pake role type, freeing buffers) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-25 14:30:34 +02:00
Przemek Stekiel	6e628a4e7b	Add undfined role for ec j-pake Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-25 13:11:36 +02:00
Jerry Yu	f015a93f98	Add msvc version document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-04-25 10:38:03 +08:00
valerio	cf35d774fe	doc: update USE_PSA_CRYPTO description Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-04-24 13:47:18 +02:00
Gilles Peskine	935a987b2b	Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip x509 SAN IP parsing	2023-04-21 22:00:58 +02:00
Jerry Yu	a7d454cec2	Remove unnecessary check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-04-20 10:32:38 +08:00
Paul Elliott	4359badbb2	Merge pull request #7331 from mprse/ec-jpake-fix2 PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input	2023-04-17 16:31:09 +01:00
Ronald Cron	f54762e498	Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined	2023-04-17 15:41:25 +02:00
Przemek Stekiel	7921a03425	Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-17 12:32:06 +02:00
harshal.patil	8c77644906	ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined - In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public. - But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`, only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined. Signed-off-by: harshal.patil <harshal.patil@espressif.com>	2023-04-17 12:53:00 +05:30
Manuel Pégourié-Gonnard	ed5998cd7d	Merge pull request #7422 from valeriosetti/remove-psa-have-full-symbols Remove PSA_HAVE_FULL_xxx symbols	2023-04-17 09:19:00 +02:00
Stephan Koch	48fba6fbac	Fix so that PSA_WANT_ALG_DETERMINISTIC_ECDSA implies PSA_HAVE_FULL_ECDSA. Signed-off-by: Stephan Koch <koch@oberon.ch> Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-14 13:41:10 +02:00
Glenn Strauss	c26bd76020	x509 crt verify SAN iPAddress Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2023-04-11 08:29:42 -04:00
Valerio Setti	6b006c126b	remove KEY_TYPE_ECC_PUBLIC_KEY unnecessary requirement Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 12:02:19 +02:00
Valerio Setti	6c496a1553	solve disparities for ECP_LIGHT between ref/accel Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	151bdf9668	build_info: fixed comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	d4a5d461de	library: add remaining changes for the new ECP_LIGHT symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	0d2980f117	pk: adapt to new ECP_LIGHT symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	fd122f4e95	ecp: introduce new ECP_LIGHT symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	969e206e28	remove PSA_HAVE_FULL_JPAKE symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 10:55:25 +02:00
Valerio Setti	6f66664ed6	remove PSA_HAVE_FULL_ECDSA symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 10:54:22 +02:00
Valerio Setti	48859cc7d8	remove PSA_HAVE_FULL_ECDH symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 10:50:47 +02:00
Gilles Peskine	7c1c7ce90e	Merge pull request #7401 from AndrzejKurek/md-guards-missing Add missing md.h includes	2023-04-11 09:32:17 +02:00
Gilles Peskine	c9e8a65d06	Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api ssl_cache: misc improvements	2023-04-11 09:30:40 +02:00
Pengyu Lv	723ac268e7	ssh_cache: Add back description of other errors for cache getter Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-04-11 09:19:08 +08:00
Pengyu Lv	e3746d7ce6	ssl_cache: Error renaming and document improvement Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-04-10 14:40:03 +08:00
Ronald Cron	b828c7d3de	Fix, improve and add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	8a12aeec93	tls: Initialize SSL context tls_version in mbedtls_ssl_setup() Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Przemek Stekiel	21903ec860	Fix after rebase Handle manually functions that have been moved to different locations. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	8a13866f65	Remove parsing of rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	9a511c5bdf	Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
toth92g	8d435a0c8b	Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. Also updated the x509_get_general_names function to be able to parse rfc822Names Test are also updated according these changes. Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:28 +02:00
toth92g	a41954d0cf	Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags. Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:27 +02:00
Andrzej Kurek	1b75e5f784	Add missing md.h includes MBEDTLS_MD_CAN_SHAXXX are defined there. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-04-04 09:55:06 -04:00
Ronald Cron	219f978097	Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc PSA cryptography miscellaneous	2023-04-04 10:54:03 +02:00
Manuel Pégourié-Gonnard	86d5d4bf31	Merge pull request #7103 from valeriosetti/issue6622 Some MAX_SIZE macros are too small when PSA ECC is accelerated	2023-04-03 16:23:27 +02:00
Dave Rodgman	dd48c6e3df	Merge pull request #7385 from daverodgman/timing_alignment Fix cast alignment warning in timing.c	2023-03-31 19:48:34 +01:00
Dave Rodgman	33b2210065	Fix cast alignment warning in timing.c Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-31 15:50:54 +01:00
Dave Rodgman	b8f5ba826b	Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function Add milliseconds platform time function	2023-03-31 11:47:37 +01:00
Ronald Cron	789cef87f8	Fix documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:07:57 +02:00
Ronald Cron	135f2ae312	Pacify doxygen.sh Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:07:57 +02:00
Ronald Cron	f6236f032a	psa: Introduce psa/build_info.h The PSA cryptography repository is based to start with on the PSA cryptography implementation in Mbed TLS but with a different directority structure, build system and build configuration. The build-time configuration information in the PSA cryptography repository is psa/build_info.h. This commit introduces this file in Mbed TLS to be used in place of mbedtls/build_info.h (but basically just an alias to it) in PSA headers. This is to ease the update of the PSA cryptography repository. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:07:57 +02:00
Ronald Cron	e6e6b75ad3	psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option The support for the PSA crypto driver interface is not optional anymore as the implementation of the PSA cryptography interface has been restructured around the PSA crypto driver interface (see psa-crypto-implementation-structure.md). There is thus no purpose for the configuration options MBEDTLS_PSA_CRYPTO_DRIVERS anymore. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:07:54 +02:00
Ronald Cron	2f10fceccd	psa: include: Move key derivation builtin and driver contexts Move key derivation builtin and driver contexts to specific header files as key derivation contexts depend both on primitive and composite crypto algorithms contexts. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:01:45 +02:00
Ronald Cron	e7cde181ea	psa: include: Move some Mbed TLS headers The structures related to CMAC, GCM, CCM and CHACHAPOLY operations are defined in crypto_builtin_composites.h not in crypto_struct.h. Thus move the cmac.h, gcm.h, ccm.h and chachapoly.h header inclusions from crypto_struct.h to crypto_builtin_composites.h. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:01:45 +02:00
Ronald Cron	fe8e135816	psa: Remove unnecessary headers Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-03-31 09:01:45 +02:00
Paul Elliott	03d557db35	Merge pull request #6900 from AndrzejKurek/san-dirname Add support for directoryName subjectAltName	2023-03-30 18:37:26 +01:00
Manuel Pégourié-Gonnard	0ab380a8ae	Merge pull request #7354 from mpg/ecc-doc-update Ecc doc update	2023-03-30 15:38:47 +02:00
Manuel Pégourié-Gonnard	9463e780c6	Fix a typo Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-30 09:37:39 +02:00
Manuel Pégourié-Gonnard	59b61da7c4	Fix dependency check for TLS 1.3 ECDH This part is specific to 1.3 and directly calls PSA APIs regardless of whether MBEDTLS_USE_PSA_CRYPTO is defined, so use PSA_WANT. Note: the code is already using PSA_WANT everywhere in ssl_tls13*.c. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-30 09:35:41 +02:00
Andrzej Kurek	c27ba3a531	Clarify SAN structure memory management Co-authored-by: David Horstmann <david.horstmann@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:41:34 -04:00
Andrzej Kurek	8bc128eca7	Add missing information about supported subjectAltName types Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:40:38 -04:00
Andrzej Kurek	5f0c6e82fb	Add missing deallocation of subject alt name Since mbedtls_x509_get_name allocates memory when parsing a directoryName, deallocation has to be performed if anything fails in the meantime. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:40:38 -04:00
Andrzej Kurek	d40c2b65a6	Introduce proper memory management for SANs DirectoryName parsing performs allocation that has to be handled. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:03:01 -04:00
Andrzej Kurek	e12b01d31b	Add support for directoryName subjectAltName Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-29 11:03:01 -04:00
Dave Rodgman	05c5a91514	Merge pull request #7307 from Mbed-TLS/sphinx-versioned-documentation Generate API documentation with Sphinx and Breathe	2023-03-29 12:01:59 +01:00
Manuel Pégourié-Gonnard	4fa702ae79	Update documented dependencies on ECC algs Previous PRs update check_config.h correctly, but forgot the documentation in mbedtls_config.h. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-29 12:19:41 +02:00
Manuel Pégourié-Gonnard	93b21e74f9	Update documentation to mention ECC drivers Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-29 10:30:26 +02:00
Valerio Setti	ee9fa46111	check_config: add helper symbol for SECP256R1 Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-29 10:28:39 +02:00
Valerio Setti	1a6d96f59e	test: use full config as test starting point and solve issues Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-29 10:28:06 +02:00
Valerio Setti	271c12e256	psa: use only PSA_WANT symbols for PSA_VENDOR_ECC_MAX_CURVE_BITS Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-29 10:27:18 +02:00
Valerio Setti	8f1e98a971	psa: set PSA_VENDOR_ECC_MAX_CURVE_BITS based on both SW and accelerated support Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-29 10:27:18 +02:00
Valerio Setti	77a904c761	ssl: remove useless guard Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-28 16:26:48 +02:00
Valerio Setti	1fa5c56863	ssl_tls: fix guard symbols for EC accelerated tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-28 16:26:47 +02:00
Paul Elliott	69034388e9	Fix conflict between restricted and development MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA was removed in development and replaced with MBEDTLS_MD_CAN_SHA384. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-27 21:24:45 +01:00
Paul Elliott	d01a3bca05	Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback Mbed TLS 3.4.0	2023-03-27 18:09:49 +01:00
Valerio Setti	ab9dc667ff	psa_util: fix for correctly computing elements in array Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-27 11:25:10 -04:00
Pengyu Lv	4e70724396	ssl_cache: Add descriptions of returns of cache accessors Add descriptions of the return values of mbedtls_ssl_cache_get and mbedtls_ssl_cache_set. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-27 11:29:49 +08:00
Manuel Pégourié-Gonnard	2ca08c8409	Try again to clarify USE_PSA_CRYPTO Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard	a22857b710	Fix documented dependencies on TLS 1.2 The check in check_config.h was fixed in a previous PR, but the documentation hadn't been updated accordingly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard	70a1b6d828	Fix typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard	5a51d0d789	Fix depends.py failure with correct TLS 1.2 deps TLS 1.2 has never been able to work with only SHA-512, it just happened to pass previously because the declared dependencies were too lax. (Probably related to the fact that in the past we didn't distinguish between SHA-512 and SHA-384 in dependencies.) So, just disable all of TLS in SHA-512-only builds. While at it, tune build_info.h to make this easier - it already had partial support for disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at the same time. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard	a31ddb98dc	Fix and simplify TLS hash dependency declarations Fixes #6441 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard	bb21c5afa7	Use helper macros for hashes in check_config.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard	93302422fd	Fix instances of old feature macros being used sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/.c programs/x509/.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data Then manually revert programs/pkey/ecdsa.c as it's using a low-level hash API. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard	4011eb49dc	Fix entropy-related feature macros Was causing testing disparities picked by analyze_outcomes.py Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard	5cd4b6403b	Use MD-light in entropy.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-24 10:43:40 +01:00
Przemek Stekiel	b175b146a2	Remove driver_pake_get_role function Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-23 13:37:18 +01:00
Przemek Stekiel	e80ec0a9af	Adapt J-PAKE built-in impl to use user/peer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-23 13:37:12 +01:00
Paul Elliott	db67e99bbf	Bump library, libcrypto and libx509 versions Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-23 10:57:39 +00:00
Pengyu Lv	5038a38695	ssl_cache: Return standard mbedtls error code Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-23 15:53:43 +08:00
Przemek Stekiel	656b2595fb	psa_pake_input: validate buffer size using PSA_PAKE_INPUT_SIZE Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-23 08:05:52 +01:00
Pengyu Lv	cdf06f69dd	Improve function return value description Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-23 11:15:24 +08:00
Valerio Setti	080a22ba75	ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:48:34 +01:00
Valerio Setti	4059aba353	accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:48:34 +01:00
Valerio Setti	ccf0be28e8	fix typo Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:40:05 +01:00
Valerio Setti	da8535b74e	ecdh: simplify guards for the newly created PSA_HAVE_FULL_ECDH symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:40:05 +01:00
Valerio Setti	d3f0b9e78c	ecdhe: fix guards for accelerated ECDHE key exchanges Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:36:59 +01:00
Przemek Stekiel	1f778bcfd8	EC-JPAKE: remove limitation for user/peer (alow any value) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-22 09:52:08 +01:00
Paul Elliott	f1eb5e2a04	Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard	161dca63c3	Fix typos & improve wording in comments Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	7224086ebc	Remove legacy_or_psa.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard	a946489efd	X.509: use MD_CAN macros Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	49e67f814f	PKCS5: always use MD As a consequence, MD_C is now enabled in component accel_hash_use_psa. Fix guards in X.509 info function to avoid this causing a failure now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	fb8d90a2db	RSA: always use MD light Note: already auto-enabled in build_info.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	1c2008fa37	PEM: always use MD light Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	be97afe5d4	PKCS12: always use MD light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	41bc8b6b1e	ECJPAKE: always use MD light This enables access to all available hashes, instead of the previous situation where you had to choose by including MD_C or not. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	235a933f99	PSA hash algs must be a superset of built-ins Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	534d64d67e	MD no longer depends on a built-in hash Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard	e0e161b54a	Merge pull request #7296 from valeriosetti/issue7253-part1 driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1	2023-03-21 16:09:02 +01:00
Dave Rodgman	3543806026	Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID RSA: provide interface to retrieve padding mode and hash_id	2023-03-20 18:34:53 +00:00
Dave Rodgman	97fd217748	Merge pull request #7318 from tom-cosgrove-arm/update-mbedtls_have_asm-requirements-in-mbedtls_config.h Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C	2023-03-20 18:22:25 +00:00
Dave Rodgman	d3b6e92967	Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics Implement AESNI with intrinsics	2023-03-20 18:20:51 +00:00
Tom Cosgrove	f586aa2af2	Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-03-20 14:45:27 +00:00
Valerio Setti	5d1f29e700	ssl_tls: fix guards for accelerated ECDH Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard	4ebe2a7372	Merge pull request #7300 from valeriosetti/issue7281 Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity	2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard	14c194aae9	Merge pull request #7271 from mpg/use-md-light Use md light	2023-03-20 09:01:16 +01:00
Dave Rodgman	f918d42332	Tidy up ARMCE terminology Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-17 17:52:23 +00:00
Yanray Wang	d41684e8bc	rsa.c: rename getter function of hash_id Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-17 18:57:42 +08:00
Dave Rodgman	0e2b06a1ce	Merge pull request #7083 from KloolK/record-size-limit/parsing Add parsing for Record Size Limit extension in TLS 1.3	2023-03-17 10:18:34 +00:00
Paul Elliott	9f02a4177b	Merge pull request #7009 from mprse/csr_write_san Added ability to include the SubjectAltName extension to a CSR - v.2	2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard	b33ef74d44	Use MD_LIGHT, not sha1.h, in RSA selftest Same note as previous commit regarding guards. Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined, and even only when SHA1_C is defined too, but somewhere down the line we'll want to auto-enable it for the sake of other RSA function (not in selftest and could use any hash), so there's little point in optimizing the temporary condition, let's use the simple one upfront. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard	8316209c02	Use MD_LIGHT rather than md5.h in pem.c But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the guards once that has changed. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-17 09:43:27 +01:00
David Horstmann	d855b4680d	Add space to appease doxygen bug See doxygen/doxygen#8706 Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-03-16 18:00:36 +00:00
Gilles Peskine	0bfccfa537	Document the new state of AESNI support Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 17:49:44 +01:00
Gilles Peskine	dd6021caf1	Remove the dependency of MBEDTLS_AESNI_C on MBEDTLS_HAVE_ASM AESNI can now be implemented with intrinsics. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-16 16:51:40 +01:00
Manuel Pégourié-Gonnard	9d698df4f4	Further clarify a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard	a9ab4a2d60	Clarify a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard	39a376a417	Finish removing HMAC from MD-light Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	9b14639342	Dispatch according to init status. We shouldn't dispatch to PSA when drivers have not been initialized yet. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard	d8ea37f1a3	Add engine field to context structure For multi-part operations, we want to make the decision to use PSA or not only once, during setup(), and remember it afterwards. This supports the introduction, in the next few commits, of a dynamic component to that decision: has the PSA driver sub-system been initialized yet? Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:50 +01:00
Gilles Peskine	83d9e09b15	Switch metadata functions to the PSA-aware availability symbols Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:50 +01:00
Gilles Peskine	416d0e2b01	Introduce preprocessor symbols for MD algorithm support via PSA These new symbols will allow code to call the md module and benefit from PSA accelerator drivers. Code must use MBEDTLS_MD_CAN_xxx instead of MBEDTLS_xxx_C to check for support for a particular algorithm. This commit only defines the symbols. Subsequent commits will implement those symbols in the md module, and in users of the md module. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-16 09:46:50 +01:00
Valerio Setti	82b484ecbc	ecjpake: fix guards for driver only builds Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-16 08:21:44 +01:00
Pengyu Lv	b1895899f1	ssl_cache: Improve some comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-16 14:33:28 +08:00
Gilles Peskine	2a44ac245f	Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api ssl_cache: Add cache entry removal api	2023-03-15 15:38:06 +01:00
Jan Bruckner	a0589e75a0	Changes from review Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-15 11:04:45 +01:00
Dave Rodgman	b599562033	Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234 Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems	2023-03-15 09:04:44 +00:00
Yanray Wang	83548b5c10	fix inappropriate description for function in RSA Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-15 16:49:52 +08:00
Yanray Wang	12cb39661c	rsa.c: provide interface to get hash_id of RSA context Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-15 16:42:48 +08:00
Yanray Wang	a730df6f86	rsa.c: provide interface to get padding mode of RSA context Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-03-15 16:42:26 +08:00
Manuel Pégourié-Gonnard	18336dace2	Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user EC J-PAKE: partial fix for role vs user+peer	2023-03-15 09:37:30 +01:00
Pengyu Lv	0b9c012f21	ssl_cache: return the error code for mutex failure Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-15 14:37:32 +08:00
Dave Rodgman	023c8853ac	Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce Add CPU modifier for AESCE	2023-03-14 15:58:57 +00:00
Przemek Stekiel	c0e6250ff9	Fix documentation and tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-14 11:49:36 +01:00
Jan Bruckner	151f64283f	Add parsing for Record Size Limit extension in TLS 1.3 Fixes #7007 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-14 08:41:25 +01:00
Dave Rodgman	cdaaef52f4	Update include/mbedtls/pkcs7.h Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-14 07:13:50 +00:00
Dave Rodgman	bcc92d4f03	Update include/mbedtls/pkcs7.h Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-14 07:13:44 +00:00
Jerry Yu	fbf9523449	Revert "Add experimental warning" This reverts commit `be510fe470`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-14 10:33:32 +08:00
Paul Elliott	e4622a3436	Merge remote-tracking branch 'development/development' into development-restricted Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-13 17:49:32 +00:00
Przemek Stekiel	fde112830f	Code optimizations and documentation fixes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-13 16:28:27 +01:00
Dave Rodgman	efbc5f7322	Update wording in comments Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-13 12:15:49 +00:00
Jerry Yu	be510fe470	Add experimental warning Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-13 11:26:35 +08:00
Jerry Yu	be78386681	Remove documents about command line options. After this PR, the issue has been fixed. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-03-13 10:58:41 +08:00
Przemek Stekiel	18cd6c908c	Use local macros for j-pake slient/server strings Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Przemek Stekiel	d7f6ad7bc8	Minor fixes (comments, cleanup) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-12 16:59:28 +01:00
Dave Rodgman	25b2dfa6da	Fix comment typo Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	957cc36be9	Improve wording; use PKCS #7 not PKCS7 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	3fe2abf306	Apply suggestions from code review Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Dave Rodgman	7c33b0cac6	Remove pre-production warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard	439dbc5c60	Fix dependency for TLS 1.3 as well Turns out TLS 1.3 is using the PK layer for signature generation & verification, and the PK layer is influenced by USE_PSA_CRYPTO. Also update docs/use-psa-crypto.md accordingly. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard	45bcb6aac8	Fix dependencies of 1.2 ECDSA key exchanges Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2... Also, move the definition of PSA_HAVE_FULL_ECDSA outside the MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-03-10 12:37:15 +01:00
Przemek Stekiel	e9254a0e55	Adapt driver dispatch documentation for user/peer getters Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	1e7a927118	Add input getters for jpake user and peer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:03 +01:00
Przemek Stekiel	26c909d587	Enable support for user/peer for JPAKE This is only partial support. Only 'client' and 'server' values are accepted for peer and user. Remove support for role. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-10 09:18:02 +01:00
Gilles Peskine	4da92832b0	Merge pull request #7117 from valeriosetti/issue6862 driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges	2023-03-09 20:49:44 +01:00
Dave Rodgman	bf4016e5d5	Merge pull request #6567 from mprse/ecjpake-driver-dispatch	2023-03-09 19:23:05 +00:00
Tom Cosgrove	94e841290d	Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it Fixes #7234 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-03-09 17:17:42 +00:00
Przemek Stekiel	b8eaf635ba	Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-09 12:14:26 +01:00
Dave Rodgman	5e5aa4a4e6	Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 Fix typos in development prior to release	2023-03-08 17:19:59 +00:00
Valerio Setti	1470ce3eba	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:50:12 +01:00
Valerio Setti	30c4618970	Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:47:28 +01:00
Gilles Peskine	ed7b5978cd	Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init Document the need to call psa_crypto_init for TLS 1.3	2023-03-07 20:13:53 +01:00
Gilles Peskine	a2fc399f57	Merge pull request #6829 from AndrzejKurek/unify-psa-errors Unify PSA to Mbed TLS error translation	2023-03-07 19:55:44 +01:00
Tom Cosgrove	5c8505f061	Fix typos Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-03-07 11:39:52 +00:00
Przemek Stekiel	57580f2539	Use proper enum types for pake state/sequence/step Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-07 10:50:09 +01:00
Przemek Stekiel	4aa99403f4	Fix configuration for accelerated jpake Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-07 10:50:09 +01:00
Pengyu Lv	7b6299b49b	ssl_cache: Add an interface to remove cache entry by session id Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-07 15:00:22 +08:00
Przemek Stekiel	e3ef3a15cd	Further pake code optimizations Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-06 17:24:32 +01:00
Pol Henarejos	f61d6c0a2b	Merge branch 'development' into sha3	2023-03-04 00:03:06 +01:00
Dave Rodgman	45cef61fa4	Merge branch 'development' into md-light Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-03 14:28:13 +00:00
Dave Rodgman	1f39a62ce6	Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt Allow alternative names for overridable PSA headers	2023-03-03 12:37:51 +00:00
Przemek Stekiel	57207711d8	Add MBEDTLS_ASN1_CHK_CLEANUP_ADD macro to be able to release memory on failure Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-03 12:58:29 +01:00
Przemek Stekiel	5a49d3cce3	Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-03 12:58:11 +01:00
Andrzej Kurek	270b3f9790	Rename error_pair_t to mbedtls_error_pair_t Required by our coding standards. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:54:13 -05:00
Andrzej Kurek	daf5b56b02	Translate to MD errors in ssl-tls.c With the introduction of #7047, ssl_tls.c uses mbedtls_md_error_from_psa. This complicates the dependencies for compiling in psa_to_md_errors, since now these should be ifdeffed also by MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA. Since this mechanism will be removed soon, we can simplify it to just MBEDTLS_USE_PSA_CRYPTO. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:52:28 -05:00
Andrzej Kurek	747ab4ea5e	Introduce error_pair_t to psa utils This way error handling can be written in a cleaner way. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:23:45 -05:00
Andrzej Kurek	138b30ac62	Add missing const qualifiers Also improve documentation Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:23:45 -05:00
Andrzej Kurek	8a045ce5e6	Unify PSA to Mbed TLS error translation Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:23:44 -05:00
Dave Rodgman	05b80a4eee	Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds	2023-03-03 09:56:51 +00:00
Gilles Peskine	6def41b146	Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail Replace CPU modifier check with file scope target cpu modifiers	2023-03-02 15:36:41 +01:00
Gilles Peskine	5b7e1644a7	Document the need to call psa_crypto_init() with USE_PSA_CRYPTO When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call psa_crypto_init() before directly or indirectly calling cipher or PK code that will use PSA under the hood. Document this explicitly for some functions. To avoid clutter, this commit only documents the need to call psa_crypto_init() in common, non-obvious cases: parsing a public key directly or via X.509, or setting up an SSL context. Functions that are normally only called after such a function (for example, using an already constructed PK object), or where the need for PSA is obvious because they take a key ID as argument, do not need more explicit documentaion. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:10:29 +01:00
Gilles Peskine	a8d7e438e6	Move non-boolean config options to the proper section Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:10:20 +01:00
Gilles Peskine	8c2830a06a	Document what "TLS 1.3 depends on PSA" entails Explicitly document that when using TLS 1.3, you must initialize PSA crypto before starting a handshake. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:06:35 +01:00
Gilles Peskine	7d3186d18a	Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:47:23 +01:00
Gilles Peskine	802ff1b116	Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers Remove driver entry points for psa_{get\|set}_max_ops()	2023-03-01 10:46:09 +01:00
Gilles Peskine	7e677fa2c5	Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite Remove pkwrite dependency in pk using PSA for ECDSA	2023-02-28 18:17:16 +01:00
Gilles Peskine	b52b788e55	Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension Add AES with armv8 crypto extension	2023-02-28 18:16:37 +01:00
Paul Elliott	148903ca7d	Merge pull request #7185 from paul-elliott-arm/interruptible_sign_hash_pacify_clang Interruptible {sign\|verify} hash - Pacify Clang 15	2023-02-28 15:31:15 +00:00
Jerry Yu	608e1093de	Improve comment about conflicts between aesce and sha512-crypto Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-28 12:50:00 +08:00
Paul Elliott	15d7d43904	Pacify Clang 15 Changes for interruptible {sign\|verify} hash were not merged at the time of the previous clang 15 /retval fixes, thus this fixes code added at that time. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 17:25:57 +00:00
Dave Rodgman	dd4427cc5b	Merge pull request #7169 from AndrzejKurek/mpi-window-size Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2	2023-02-27 17:12:38 +00:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Paul Elliott	a16ce9f601	Remove driver entry points for {get\|set}_max_ops(). Move the global variable to the PSA layer, and just set that when calling PSA level functions. Move the internal ecp set to before each ecp call. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-24 14:44:18 +00:00
Andrzej Kurek	86f30ff626	Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790, after introducing side-channel counter-measures to bignum, the performance of RSA decryption in correlation to the MBEDTLS_ECP_WINDOW_SIZE has changed. The default value of 2 has been chosen as it provides best or close-to-best results for tests on Cortex-M4 and Intel i7. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-24 07:51:21 -05:00
Ronald Cron	ee54de02b1	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-24 12:06:30 +01:00
Paul Elliott	a3b625b0a1	Merge pull request #7098 from gilles-peskine-arm/retval-non-empty Pacify Clang 15 about empty \retval	2023-02-24 09:10:53 +00:00
Jerry Yu	c66deda4c5	Add explanation for aesce limitation Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-24 11:42:07 +08:00
Gilles Peskine	95c915201e	Move the implication of MBEDTLS_PSA_CRYPTO_CLIENT where it belongs If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the full PSA crypto feature set. Historically, we didn't have a good place for configuration modification, so we did this early in the crypto.h include tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that. Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 . Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-23 17:18:33 +01:00
Gilles Peskine	361b5f992f	Make sure the configuration is always included Before, if psa/crypto_platform.h was overridden and the override didn't include "mbedtls/build_info.h", it was possible to end up with parts of the headers not taking the library configuration into account, if no mbedtls header was included before "psa/crypto.h". Make sure that the mbedtls configuration is visible from the start, no matter what is or is not in the platform header. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-23 17:18:33 +01:00
David Horstmann	099be74d28	Change free'd to freed for consistency Also clarify that the user must use mbedtls_free(). Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-23 13:51:43 +00:00
Manuel Pégourié-Gonnard	0d4152186d	Make MBEDTLS_MD_LIGHT private for now. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 13:02:13 +01:00
Jerry Yu	f181e54968	Revert minimal integer requests Roll back to 64bits Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-23 17:16:26 +08:00
Ronald Cron	1aa6e8d6e9	Restore same PSK length enforcement Restore same PSK length enforcement in conf_psk and set_hs_psk, whether the negotiated protocol is TLS 1.2 or TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-23 09:48:50 +01:00
Manuel Pégourié-Gonnard	cacc0ea144	Fix a couple more typos Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 09:42:37 +01:00
Manuel Pégourié-Gonnard	39a4f4285d	Add links for macros in doxygen documentation Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 09:40:24 +01:00
Manuel Pégourié-Gonnard	f3953c878e	Clarify relationship between MD_C and MD_LIGHT Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 09:39:05 +01:00
Manuel Pégourié-Gonnard	82a43942c8	Make it clearer what's part of MD-light or not Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-23 09:36:29 +01:00
Jerry Yu	05bc87866e	Improve documents about ms_time And fix typo error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-23 11:20:45 +08:00
Gilles Peskine	b1176f2583	Allow alternative names for overridden PSA headers Integrators of Mbed TLS may override the header files "psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files or by placing alternative versions earlier in the include file search path. These two methods are sometimes inconvenient, so allow a third method which doesn't require overwriting files or having a precise order for the include path: integrators can now specify alternative names for the headers. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-22 22:07:28 +01:00
David Horstmann	59400ffed5	Improve header docs and rename parameter Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-22 18:27:59 +00:00
David Horstmann	92337c0e62	Add function to parse an OID from a string Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-22 16:34:26 +00:00
Janos Follath	406b9172ad	Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup Bignum: Add named moduli setup	2023-02-22 12:14:33 +00:00
Przemek Stekiel	6b64862ef7	Documentation fixes and code adaptation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	251e86ae3f	Adapt names to more suitable and fix conditional compilation flags Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	ac067d779e	Fix PSA_PAKE_OPERATION_INIT macro Needs to be adapted for the clang -Wall -Wextra. Requirea to explicitly initialize all the members of the struct that is the first member in the union. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00
Przemek Stekiel	9dd2440c95	Change pake input: key_lifetime -> key attributes In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key(). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-22 11:30:32 +01:00

... 6 7 8 9 10 ...

6454 commits