Commit graph

24347 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
235a933f99 PSA hash algs must be a superset of built-ins
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
534d64d67e MD no longer depends on a built-in hash
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
97fd217748
Merge pull request #7318 from tom-cosgrove-arm/update-mbedtls_have_asm-requirements-in-mbedtls_config.h
Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
2023-03-20 18:22:25 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Dave Rodgman
43f9a25277
Merge pull request #7315 from mpg/ecjpake-changelog
Add ChangeLog entry for driver-only EC J-PAKE
2023-03-20 15:14:15 +00:00
Tom Cosgrove
f586aa2af2 Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-20 14:45:27 +00:00
Dave Rodgman
c5807a6fa8
Merge pull request #6918 from yuhaoth/pr/add-gcm-with-armv8-crypto-extension
Add GCM  with armv8 crypto extension
2023-03-20 14:45:14 +00:00
Valerio Setti
fdea36d137 test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
2f8eb62946 ssl-opt: remove leftover debug commands and fix comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
866aa187e8 ecdh: solve disparities in accelerated ECDH vs reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
5d1f29e700 ssl_tls: fix guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
6ba247c236 ssl-opt: solve errors in ECDH reference tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Valerio Setti
53a5844abc test: enable ECDH key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Manuel Pégourié-Gonnard
e9a60224fd Add ChangeLog entry for driver-only EC J-PAKE
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-20 10:03:55 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
e91aadaeed
Merge pull request #7299 from valeriosetti/issue7280
Driver only EC JPAKE: enable ssl-opt.sh and get test parity
2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Yanray Wang
b46ccf235c fix line length of ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-20 12:41:10 +08:00
Dave Rodgman
b937c92853
Merge pull request #7313 from daverodgman/aes-armv8-changelog
Changelog and terminology tidy-up for AESCE
2023-03-18 14:33:04 +00:00
Dave Rodgman
f992e6fe38 Changelog for AESCE support
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:38 +00:00
Dave Rodgman
f918d42332 Tidy up ARMCE terminology
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:23 +00:00
Dave Rodgman
55ef304e8a
Merge pull request #998 from yanesca/changelog_for_7083
Add changelog entry
2023-03-17 16:48:24 +00:00
Gilles Peskine
36b9e47eed Fix preprocessor conditional
This was intended as an if-else-if chain. Make it so.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:31:18 +01:00
Gilles Peskine
30e9f2a293 Finish sentence in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:29:58 +01:00
Manuel Pégourié-Gonnard
0f60d09aa8 Add a test with all of ECC accelerated
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:23:17 +01:00
Manuel Pégourié-Gonnard
3831637e85 Handle dependency on ECP_C in ECC KDF
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:21:26 +01:00
Joakim Andersson
bb576febb2 psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
Fix psa_key_derivation_output_key not being able to derive ECC keys
without MBEDTLS_BUILTIN ECC key types enabled.
The PSA crypto drivers can generate these keys without requiring the
builtin key types.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-03-17 15:21:26 +01:00
David Horstmann
d50daedcca Add exemption for make.bat in checks for tabs
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-17 13:47:17 +00:00
Yanray Wang
69bc8403eb rsa_tests: use TEST_EQUAL instead of TEST_ASSERT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:33:08 +08:00
Yanray Wang
e05a21f084 rsa: add a test to check default padding mode and hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:09:20 +08:00
Yanray Wang
15d3df7aec rsa: add positive test cases for getter functions
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 19:49:04 +08:00
Dave Rodgman
8a7ed6951d Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:58:11 +08:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
320f7eed3e
Merge pull request #1001 from paul-elliott-arm/development-restricted-test
Fix CI build after repository merge conflict
2023-03-17 10:13:47 +01:00
Manuel Pégourié-Gonnard
0d957d3a83
Merge pull request #7275 from valeriosetti/issue7255
Driver-only EC JPAKE: starter
2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard
6ea8d3414f Fix a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:50 +01:00
Manuel Pégourié-Gonnard
1b5ffc63cc Avoid double definition of MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard
ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa
Implement MD dispatch to PSA
2023-03-17 09:42:40 +01:00
Dave Rodgman
a6b9e11799
Merge pull request #994 from yanesca/threat_model_summary
Add Threat Model Summary
2023-03-16 21:58:10 +00:00
Gilles Peskine
28e4dc1e39 Fix use of arithmetic on void*
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 21:39:47 +01:00
Janos Follath
c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction
Extract Secp256r1 fast reduction from the prototype
2023-03-16 19:43:25 +00:00
David Horstmann
1305581114 Ignore mbedtls macros causing warnings
Sphinx's breathe plugin cannot readily parse the Mbed TLS macros, so
define the less essential ones away at the doxygen step to reduce the
number of warnings.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:58 +00:00
David Horstmann
633a081c7e Add configuration for Read The Docs
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:58 +00:00