yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
29702 commits 1 branch 0 tags 94 MiB
Commit graph

12931 commits

Author SHA1 Message Date
Tomi Fontanilles
8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti
689c0f71cb tests: use new CCM/GCM capability macros in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:18 +01:00
Manuel Pégourié-Gonnard
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995 
PK: clean up pkwrite
 2023-12-20 08:20:10 +00:00
Valerio Setti
50333977c6 cipher_wrap: fix guards for alloc/free functions of CCM/GCM 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 07:36:05 +01:00
Dave Rodgman
a69c782351
Merge pull request #8634 from daverodgman/iar-fixes 
IAR warning fix & some improvements
 2023-12-19 16:26:23 +00:00
Dave Rodgman
d47186d6e3 Disable automatic setting of clang target flags on old clang 
Old versions of clang don't support this pragma, so we have to assume
that the user will have set the flags.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-19 13:11:47 +00:00
Valerio Setti
7f062a58fb pkwrite: add newlines when calling mbedtls_pem_write_buffer() 
New defines, which are shared with the pkparse module, lack the
new line so we manually add it when invoking
mbedtls_pem_write_buffer().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-19 07:48:42 +01:00
Valerio Setti
4bb5740a7d Revert "pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()" 
This reverts commit 180915018d.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-19 07:48:38 +01:00
Paul Elliott
8860021abc Fix false claim of variables used unitialised 
GCC with TSan + O3 causes an error where it claims key_len and iv_len
may be used uninitialised. This is, as far as I can tell incorrect (the
only way it could not be set is in the error case, and then it is not
used), however the simplest option seemed to be just to fix it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-12-18 14:49:34 +00:00
Dave Rodgman
af616d9123 Merge remote-tracking branch 'origin/development' into iar-fixes 2023-12-18 13:38:22 +00:00
Manuel Pégourié-Gonnard
8f1c36df00
Merge pull request #8607 from valeriosetti/issue8602 
Make enrollement "optional" in pk_can_do_ext()
 2023-12-18 11:30:04 +00:00
Bence Szépkúti
a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len 
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
 2023-12-18 02:03:17 +00:00
Valerio Setti
4ff405cf80 block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t 
This information was redundant with the already existing mbedtls_block_cipher_id_t.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-15 16:10:52 +01:00
Dave Rodgman
543d275c68
Merge pull request #8635 from daverodgman/asan-opt 
CI perf - prefer clang for Asan
 2023-12-15 13:25:02 +00:00
Manuel Pégourié-Gonnard
cddab78612
Merge pull request #8630 from joerchan/mbedtls-tfm-compat 
Mbedtls tfm compat
 2023-12-15 09:31:27 +00:00
Dave Rodgman
815b240d72 Fix unused function/variable warnings from clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-14 23:20:48 +00:00
Valerio Setti
bd7528a592 ccm/gcm: use BLOCK_CIPHER whenever possible 
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
785ec17795 block_cipher: use PSA_BITS_TO_BYTES() in mbedtls_block_cipher_setkey() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
849a1abfdd block_cipher: remove useless use of psa_cipher_operation_t 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
c6f004f0e2 psa_crypto: add internal helper to signal that cipher driver is ready 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
8ceaa75b73 psa_util: add error translations from PSA to cipher 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
c1db99d3f5 block_cipher: add PSA dispatch if possible 
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Waleed Elmelegy
26e3698357 Revert back checking on handshake messages length 
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-14 16:23:25 +00:00
Waleed Elmelegy
05d670b711 Revert "Skip checking on maximum fragment length during handshake" 
This reverts commit 419f841511.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-14 16:23:10 +00:00
Wenxing Hou
3b9de38208 Make clienthello comment clear 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
 2023-12-14 22:44:08 +08:00
Joakim Andersson
b349108b99 library: Move mbedtls_ecc helper functions to psa_util 
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
 2023-12-14 13:55:11 +01:00
Dave Rodgman
69928dbe86 Fix compile warning from IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-14 12:09:18 +00:00
Dave Rodgman
650674bb41 Add MBEDTLS_BSWAPxx intrinsics for IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-14 12:08:57 +00:00
Dave Rodgman
f3c04f3f47 Better definition of MBEDTLS_IS_BIG_ENDIAN for IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-14 12:08:57 +00:00
Manuel Pégourié-Gonnard
1f67363d6a
Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa 
Add test for driver-only RSA (crypto only)
 2023-12-14 11:05:55 +00:00
Manuel Pégourié-Gonnard
001fb73131
Merge pull request #8612 from valeriosetti/issue8601 
Quit using enrollment in pkparse
 2023-12-13 14:55:34 +00:00
Manuel Pégourié-Gonnard
ea6b3c030d
Merge pull request #8605 from valeriosetti/issue8600 
Quit using enrollment alg in for ECDSA in PK
 2023-12-12 16:53:15 +00:00
Joakim Andersson
c5b7285da9 library: Remove unused psa_crypto_core.h include 
Remove unused psa_crypto_core.h include.
The PSA util file provides helper functions when using the PSA API.
It should not rely on PSA internal headers, and instead only use
public headers.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
 2023-12-11 21:25:44 +01:00
Tom Cosgrove
656d4b3c74 Avoid use of ip_len as it clashes with a macro in AIX system headers 
Fixes #8624

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-12-08 21:51:15 +00:00
Pengyu Lv
f75893bb36 Update comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 17:40:00 +08:00
Pengyu Lv
e9efbc2aa5 Error out when get domain_parameters is not supported 
From time being, domain_parameters could not be extracted
from driver. We need to return error to indicate this
situation. This is temporary and would be fixed after #6494.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 17:30:26 +08:00
Pengyu Lv
94a42ccb3e Add tls13 in ticket flags helper function names 
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 11:12:46 +08:00
Yanray Wang
90acdc65e5 tl13: srv: improve comment 
Improve comment when received version 1.2 of the protocol while TLS
1.2 is disabled on server side.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-08 11:00:38 +08:00
Yanray Wang
2bef917a3c tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-08 11:00:35 +08:00
Yanray Wang
177e49ad7a tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-08 11:00:33 +08:00
Yanray Wang
408ba6f7b8 tls13: srv: replace with internal API to check is_tls12_enabled 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-08 11:00:30 +08:00
Pengyu Lv
abd844f379 Fix wrong format in the function doc 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
02e72f65da Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
bc4aab7673 Add "_is_" to functions ssl_tls13_key_exchange_.*_available 
Done by command:

```
sed -i \
"s/ssl_tls13_key_exchange_\(.*\)_available/ssl_tls13_key_exchange_is_\1_available/g" \
library/*.[ch]
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
b2cfafbb9e Consistent renaming 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
2333b826f4 tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes 
The function is renamed to
`mbedtls_ssl_tls13_is_kex_mode_supported` and
the behaviour is reversed.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
0a1ff2b969 Consistent renaming 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
4f537f73fa tls13: rename mbedtls_ssl_session_check_ticket_flags 
The function is renamed to mbedtls_ssl_session_ticket_has_flags.
Descriptions are added.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:58 +08:00
Pengyu Lv
d72e858fd1 tls13: srv: rename ssl_tls13_ticket_permission_check 
The function is renamed to
ssl_tls13_ticket_is_kex_mode_permitted

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:57 +08:00
Pengyu Lv
fc2cb9632b tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes 
The function is renamed to
mbedtls_ssl_conf_tls13_is_kex_mode_enabled.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:57 +08:00
Pengyu Lv
60a22567e4 tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes 
To keep the convention in TLS code, check functions should return 0
when check is successful.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:57 +08:00
Pengyu Lv
981ec14744 tls13: rename ssl_tls13_check_*_key_exchange functions 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-08 10:01:57 +08:00
Waleed Elmelegy
419f841511 Skip checking on maximum fragment length during handshake 
MbedTLS currently does not support maximum fragment length
during handshake so we skip it for now.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-07 18:33:42 +00:00
Ronald Cron
90d07118ad
Merge pull request #6721 from yuhaoth/pr/tls13-early-data-extension-of-nst 
TLS 1.3: EarlyData SRV: Write `early_data` extension of NewSessionTicket
 2023-12-07 09:25:35 +00:00
Gilles Peskine
f3ccfddb45
Merge pull request #8615 from davidhorstmann-arm/fix-cast-potential-overflow 
Fix possible integer overflows
 2023-12-07 00:42:10 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441 
[G4] Make CTR-DRBG fall back on PSA when AES not built in
 2023-12-06 18:25:44 +00:00
David Horstmann
4749007f64 Fix possible integer overflows before widening 
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-06 17:22:53 +00:00
Valerio Setti
202bb71dcd ssl_tls12_server: do not export/import opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 17:05:24 +01:00
Waleed Elmelegy
9aec1c71f2 Add record size checking during handshake 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension 
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-12-06 15:18:08 +00:00
Manuel Pégourié-Gonnard
ad4f0ada37
Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg 
Fix uninitialized variable warnings in ssl_msg.c
 2023-12-06 11:06:03 +00:00
Valerio Setti
2bd53667d6 pk: guard key enrollment function with PSA_CRYPTO_CLIENT 
Use key enrollment function only when MBEDTLS_PSA_CRYPTO_CLIENT
is enabled, i.e. when the Mbed TLS implementation of PSA Crypto
is being used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 11:24:50 +01:00
Jerry Yu
95648b0134 Some minor improvement 
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow`  in 2nd place

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4 change prototype of write_early_data_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff remove assignment for session->max_early_data_size 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9 fix various issue 
- rename connection time variable
- remove unnecessary comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253 Add missing debug message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7 add ticket max_early_data_size check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f share write_early_data_ext function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141 improve comments of new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8 set max_early_data_size of ticket to keep consistent 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c Add max_early_data_size check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac Revert "change max_early_data_size source" 
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9 Revert "set init value for max_early_data_size in session" 
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae change max_early_data_size source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62 set init value for max_early_data_size in session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5 improve early data comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b replace ticket permission set 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6 replace early data permission check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6 add early data flag check function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9 fix various issues 
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e rename nst early data write function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:16:56 +08:00
Jerry Yu
fceddb310e Add early data permission check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8 add early data extension of NST 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7 ssl_tls12_server: export/import PK parsed key in TLS side 
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:

- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.

Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
  can do both ECDSA and ECDH.

So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 10:40:47 +01:00
Valerio Setti
fbbafa0d2d pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 10:07:34 +01:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data 
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
 2023-12-06 06:47:32 +00:00
Jerry Yu
42020fb186 revert output message which used by testing 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 17:35:53 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment 
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
 2023-12-05 08:31:24 +00:00
Valerio Setti
4ac2c18834 pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa() 
Instead of extracting key's properties in order to check whether it
supports deterministic or non-deterministic ECDSA, we try both.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-05 07:59:01 +01:00
Jerry Yu
ebb1b1d48f fix ci test failure 
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5 fix various issues 
- remove unnecessary statements
- improve macro name
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 10:27:17 +08:00
Valerio Setti
8aec84f3a7 pkwrite: minor code reshape 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 16:04:21 +01:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc psa: free RNG implementation before checking for remaining open key slots 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc ctr_drbg: add alternative PSA implementation when AES_C is not defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Dave Rodgman
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562 
Fixed compilation for Haiku OS
 2023-12-04 09:53:08 +00:00
Yanray Wang
fb0f47b1f8 tls13: srv: check tls version in ClientHello with min_tls_version 
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 17:50:36 +08:00
Jerry Yu
7bb40a3650 send unexpected alert when not received eoed or app during reading early data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a Send decode error alert when EOED parsing fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c fix various issues 
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 09:58:54 +08:00
Yanray Wang
744577a429 tls13: early_data: cli: check a PSK has been selected in EE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740 Remove unused code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf Shortening a comment line 
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562

Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
 2023-12-01 12:23:26 +01:00
Yanray Wang
9ae6534c20 tls13: early_data: cli: improve comment 
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0 tls13: early_data: cli: improve comment 
This commit improves comment of the check for handshake parameters
in Encrypted Extension.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263 improve comments and output message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555 print received early application data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a switch inbound transform to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5 implement parser of eoed 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2 implement coordinate of eoed 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2 Add dummy framework of eoed state 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b empty process_end_of_early_data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:30:34 +08:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size 
TLS1.3 EarlyData: client: parse max_early_data_size
 2023-12-01 08:27:26 +00:00
Jerry Yu
9b72e39701 re-introduce process_wait_flight2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23 remove wait_flight2 state 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:25:16 +08:00
Yanray Wang
e72dfff1d6 tls13: early_data: cli: improve comment 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d tls13: early_data: cli: remove guard to fix failure 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 12:02:56 +08:00
Dave Rodgman
059f66ce7c Remove redundant check 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 11:02:03 +00:00
Dave Rodgman
6eee57bc07 Merge remote-tracking branch 'origin/development' into msft-aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 11:01:50 +00:00
Dave Rodgman
12d1c3ad4f Use MBEDTLS_HAVE_NEON_INTRINSICS in aesce 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 09:38:38 +00:00
Dave Rodgman
d879b47b52 tidy up macros in mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 09:35:14 +00:00
Dave Rodgman
59059ec503 Merge remote-tracking branch 'origin/development' into msft-aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 09:34:41 +00:00
Yanray Wang
b3e207d762 tls13: early_data: cli: rename early_data parser in nst 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-30 16:49:51 +08:00
Yanray Wang
0790041dc6 Revert "tls13: early_data: cli: remove nst_ prefix" 
This reverts commit 3781ab40fb.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-30 16:44:44 +08:00
Dave Rodgman
10dfe76425
Merge pull request #8573 from daverodgman/iar-aesce2 
Disable hw AES on Arm for IAR
 2023-11-30 08:22:09 +00:00
Yanray Wang
f4bad42670 itls13: early_data: cli: improve comment 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-30 15:58:07 +08:00
Valerio Setti
ad6d016b8f pkwrite: fix return value in pk_get_type_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-30 08:10:36 +01:00
Valerio Setti
3cc486aa11 pkparse: make pk_internal.h always available 
This is needed because now "pk_internal.h" contains defines for
PEM strings

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-30 08:09:47 +01:00
Yanray Wang
a29db7da2e tls13: early_data: cli: assign ciphersuite properly 
When early_data extension is enabled and sent in ClientHello,
the client does not know if the server will accept early data
and select the first proposed pre-shared key with a ciphersuite
that is different from the ciphersuite associated to the selected
pre-shared key. To address aforementioned case, we do associated
verification when parsing early_data ext in EncryptedExtensions.
Therefore we have to assign the ciphersuite in current handshake
to session_negotiate later than the associated verification.
This won't impact decryption of EncryptedExtensions since we
compute handshake keys by the ciphersuite in handshake not via
the one in session_negotiate.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-30 14:27:38 +08:00
Valerio Setti
bcc004b549 pkwrite: some reshaping for Montgomery keys in mbedtls_pk_write_pubkey_der() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-29 17:16:55 +01:00
Valerio Setti
a4f70fe3fe pkwrite: simplify management of opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-29 15:05:47 +01:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction 
Make mutex abstraction and tests thread safe
 2023-11-29 13:26:23 +00:00
Dave Rodgman
fb96d800ab
Merge pull request #8569 from yuhaoth/pr/fix-warning-on-arm64-gcc-5.4 
fix build warning with arm64 gcc 5.4
 2023-11-29 11:52:18 +00:00
Jerry Yu
92787e42c4 fix wrong gcc version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-29 16:30:38 +08:00
Jerry Yu
e743aa74b5 add non-gcc arm_neon support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-29 15:54:32 +08:00
Valerio Setti
f9362b7324 pk_internal: small renaming for mbedtls_pk_get_group_id() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-29 08:42:27 +01:00
Jerry Yu
d33f7a8c72 improve document 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-29 15:09:21 +08:00
Jerry Yu
71fada10e5 Guards neon path 
Old GCC(<7.3) reports warning in NEON path

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-29 10:38:07 +08:00
Jerry Yu
5b96b81980 Revert "fix build warning with arm64 gcc 5.4" 
This reverts commit da3c206ebd.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-29 10:25:00 +08:00
Valerio Setti
bcd305913f pk: move functions to verify RFC8410 group ID to pk_internal 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-28 16:27:55 +01:00
Dave Rodgman
410ad44725 Disable hw AES on Arm for IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-28 13:42:17 +00:00
Valerio Setti
d5604bacc4 pkwrite: add internal defines for proper key buffer sizes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-28 14:10:43 +01:00
Valerio Setti
605f03cb76 pkwrite: reorganize code 
This commits just moves code around. The goal is to group together
functions by guards and functionality:
- RSA, EC, Opaque
- internal VS public

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-28 12:46:39 +01:00
Manuel Pégourié-Gonnard
294f5d7ea9
Merge pull request #8540 from valeriosetti/issue8060 
[G2] Make CCM and GCM work with the new block_cipher module
 2023-11-28 08:18:45 +00:00
Valerio Setti
854c737db1 pk: use common header/footer macros for pkwrite and pkparse 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-28 08:37:57 +01:00
Valerio Setti
180915018d pem: auto add newlines to header/footer in mbedtls_pem_write_buffer() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-28 08:37:06 +01:00
Jerry Yu
da3c206ebd fix build warning with arm64 gcc 5.4 
GCC 5.4 reports below warning on Arm64
```
warning: 'vst1q_u8' is static but used in inline function 'mbedtls_xor' which is not static
```
This inline function miss `static`, others have the keyword

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-28 14:28:03 +08:00
Dave Rodgman
4e9d5aa2ba
Merge pull request #8515 from mschulz-at-hilscher/fixes/pragma-error-gcc452 
Fix compiler error on gcc 4.5.2.
 2023-11-27 11:28:30 +00:00
Dave Rodgman
9fbac381e6
Merge pull request #8326 from daverodgman/aesce-thumb2 
Support hw-accelerated AES on Thumb and Arm
 2023-11-27 09:58:58 +00:00
Dave Rodgman
c94f8f1163
Merge pull request #8551 from daverodgman/sign-conversion-part1 
Sign conversion part 1
 2023-11-24 15:12:00 +00:00
Dave Rodgman
a3b80386d9 Merge remote-tracking branch 'origin/development' into sign-conversion-part1 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-24 11:27:18 +00:00
Janos Follath
905409abe2
Merge pull request #8500 from Ryan-Everett-arm/8409-make-empty-key-slots-explicit 
Make empty key slots explicit
 2023-11-24 08:52:01 +00:00
Oldes Huhuman
1b58ecbfb0 Fixed compilation for Haiku OS 
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562

Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
 2023-11-23 22:46:20 +01:00
Paul Elliott
8c6d332c44 Fix comment typos 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-23 18:53:13 +00:00
Dave Rodgman
8cd4bc4ac2
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only 
Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
 2023-11-23 17:43:00 +00:00
Ryan Everett
2a0d4e2995 Revert "Refactor psa_load_persistent_key_into_slot to remove bad goto" 
This reverts commit d69f4017fb.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-23 16:34:35 +00:00
Dave Rodgman
c44042ddbc
Merge pull request #7905 from lpy4105/issue/misc-improvement 
misc improvements
 2023-11-23 16:20:58 +00:00
Ryan Everett
d69f4017fb Refactor psa_load_persistent_key_into_slot to remove bad goto 
Merges the two calls to `psa_copy_key_material_into_slot.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-23 16:20:45 +00:00
Yanray Wang
3781ab40fb tls13: early_data: cli: remove nst_ prefix 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-23 18:17:14 +08:00
Yanray Wang
d012084e91 tls13: early_data: cli: optimize code 
- remove unnecessary check
- using local variable session

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-23 16:38:20 +08:00
Yanray Wang
690ee81533 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
Gilles Peskine
3f5e1e81b2
Merge pull request #8440 from yuhaoth/pr/fix-missing-pre_shared_key-ext-sent-mask 
Fix missing pre shared key ext sent mask
 2023-11-22 16:40:12 +00:00
Yanray Wang
554ee62fba tls13: early_data: fix wrong debug_ret message 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 18:55:03 +08:00
Yanray Wang
5da8ecffe6 tls13: nst early_data: remove duplicate code 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 18:52:21 +08:00
Yanray Wang
1136fad126 ssl_tls: improve readability in ssl_*_preset_*_sig_algs 
- fix wrong comment in #endif
- no semantics changes

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 17:41:52 +08:00
Jerry Yu
87b5ed4e5b Add server side end-of-early-data handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-22 16:48:39 +08:00
Jerry Yu
7d8c3fe12c Add wait flight2 state. 
The state is come from RFC8446 section A.2

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-22 16:48:39 +08:00
Jerry Yu
4e9b70e03a Add early transform computation when accepted 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-22 16:48:39 +08:00
Yanray Wang
69ceb391a0 ssl_tls: remove RSA sig-algs in ssl_tls12_preset_suiteb_sig_algs 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 16:32:55 +08:00
Yanray Wang
b1f60163ba ssl_tls: remove RSA sig-algs in ssl_preset_suiteb_sig_algs 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 16:28:54 +08:00
Yanray Wang
fd25654311 ssl_tls: remove unnecessary guard 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 10:33:11 +08:00
Yanray Wang
365ee3eaa9 ssl_tls: return correct error code if mbedtls_calloc fails 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 10:33:11 +08:00
Yanray Wang
920db45818 tls13: early_data: support to parse max_early_data_size ext 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-22 10:33:11 +08:00
Dave Rodgman
e467d62042 Add casts for NEON 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
c37ad4432b misc type fixes in ssl 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
df4d42106a Use standard byte conversion fns in lms 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
a3d0f61aec Use MBEDTLS_GET_UINTxx_BE macro 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
b2e8419b50 Fix types in entropy_poll.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
e4a6f5a7ec Use size_t cast for pointer subtractions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Manuel Pégourié-Gonnard
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard 
ssl_tls: add missing macro guard
 2023-11-21 14:57:47 +00:00
Ryan Everett
9f176a2766 Fix status assignments when loading persistent keys 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-21 11:49:57 +00:00
Jerry Yu
60e997205d replace check string 
The output has been changed

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
713ce1f889 various improvement 
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
d84c14f80c improve code style 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
9cb953a402 improve document 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
8e0174ac05 Add maximum ticket lifetime check 
Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
472a69260b fix build failure 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:20 +08:00
Jerry Yu
cf9135100e fix various issues 
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef rename ticket received 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74 Add maximum ticket lifetime check 
Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
28e7c554f4 Change the bottom of tolerance window 
The unit of ticket time has been changed to milliseconds.
And age difference might be negative

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
31b601aa15 improve comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues 
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Valerio Setti
d0eebc1f94 ccm/gcm: improve code maintainability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-20 15:17:53 +01:00
Gilles Peskine
473ff34d59
Merge pull request #8489 from valeriosetti/issue8482 
Make CCM* and CCM independent
 2023-11-20 14:07:14 +00:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field 
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
 2023-11-20 08:04:57 +00:00
Paul Elliott
5fa986c8cb Move handling of mutex->is_valid into threading_helpers.c 
This is now a field only used for testing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-16 15:13:05 +00:00
Ryan Everett
975d411d92 Only set slot to OCCUPIED on successful key loading 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-16 13:37:51 +00:00
Valerio Setti
9b7a8b2a0c ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-16 11:48:00 +01:00
Yanray Wang
19e4dc8df7 tls: fix unused parameter in mbedtls_ssl_cipher_to_psa 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-16 18:05:51 +08:00
Yanray Wang
1a369d68aa ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-16 15:17:33 +08:00
Manuel Pégourié-Gonnard
dc848955d6
Merge pull request #8519 from mpg/block-cipher 
[G2] Add internal module block_cipher
 2023-11-15 11:53:22 +00:00
Valerio Setti
5e378d70e6 ssl_misc: remove DES from the list of key types supporting CBC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-15 09:18:14 +01:00
Dave Rodgman
cba4091581
Merge pull request #8516 from mschulz-at-hilscher/fixes/divided-assembler-syntax-error-gcc493 
Fixes invalid default choice of thumb assembler syntax.
 2023-11-14 17:57:37 +00:00
Matthias Schulz
90c8c3235b
Update library/constant_time_impl.h 
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
 2023-11-14 16:35:50 +01:00
Matthias Schulz
3f80ffb9ff
Update library/constant_time_impl.h 
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
 2023-11-14 16:35:45 +01:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323 
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
 2023-11-14 11:39:06 +00:00
Yanray Wang
c43479103a aesce: fix unused parameter 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-14 11:09:56 +08:00
Matthias Schulz
e94525bd17 Updated comments. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 14:01:02 +01:00
Matthias Schulz
35842f52f2 Simplified check. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 13:57:05 +01:00
Ryan Everett
34d6a5c3df Move enum definition to satisfy check_names.py 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-13 09:52:12 +00:00
Matthias Schulz
ca8981c1ee Added proposed fixes 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 10:04:19 +01:00
Matthias Schulz
be1e9c5951 Pop only when pushed. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 09:33:33 +01:00
Tom Cosgrove
08ea9bfa1f
Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data 
TLS 1.3: Rename early_data and max_early_data_size configuration function
 2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard
76fa16cab3 block_cipher: add encrypt() 
Test data copied from existing test suites.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 12:14:53 +01:00
Manuel Pégourié-Gonnard
3e0884fc53 block_cipher: add setkey() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 11:52:10 +01:00
Yanray Wang
0287b9d260 padlock.c: guard mbedtls_padlock_xcryptcbc by CIPHER_MODE_CBC 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-10 18:21:22 +08:00
Manuel Pégourié-Gonnard
21718769d1 Start adding internal module block_cipher.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-11-10 11:21:17 +01:00
Yanray Wang
cd25d22526 cipher.c: remove checks for CBC,XTS,KW,KWP in cipher_setkey 
We have checks for CBC, XTS and KW modes in check_config.h. This
means we should never get a successful build with above three modes.
Therefore, the checks in cipher_setkey is not necessary as other
error will be emitted if asking for those modes in the cipher.
Additionally, removing the checks can save extra code size.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-10 15:40:58 +08:00
Valerio Setti
01c4fa3e88 ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h 
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-10 08:12:07 +01:00
Yanray Wang
111159b89c BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-10 15:03:23 +08:00
Matthias Schulz
5ffc42442d Fix preprocessor syntax error. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-09 15:44:24 +01:00
Matthias Schulz
2e068cef09 fixes invalid default choice of thumb assembler syntax. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-09 15:25:52 +01:00
Matthias Schulz
ee10b8470a Fix compiler error on gcc 4.5.2. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-09 15:19:28 +01:00
Matthias Schulz
9916b06ce7 Fix uninitialized variable warnings. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-09 14:25:01 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls 
[G3] Driver-only cipher+aead: TLS: main test suite
 2023-11-09 11:10:34 +00:00
Yanray Wang
f03b49122c aes.c: guard RSb and RTx properly 
If we enabled AES_DECRYPT_ALT and either AES_SETKEY_DEC_ALT or
AES_USE_HARDWARE_ONLY, this means RSb and RTx are not needed.
This commit extends how we guard RSb and RTx for the combinations of
these configurations.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-09 11:43:21 +08:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 
Fixes "CSR parsing with critical fields fails"
 2023-11-08 18:07:04 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr 
Mbed TLS 3.5.1
 2023-11-08 18:01:32 +00:00
Ryan Everett
5567e3a34b Make empty key slots explicit 
Add new status field to key slots, and use it.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-08 13:28:20 +00:00
Dave Rodgman
28d40930ae Restore bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-08 11:40:08 +00:00
Yanray Wang
004a60c087 aes.c: remove non-functional code 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-08 19:05:31 +08:00
Pengyu Lv
2bd56de3f4 ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros 
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:21:19 +08:00
Pengyu Lv
65458fa969 ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h 
Done by commands:

```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 12:16:29 +08:00
Pengyu Lv
829dd2048a ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c 
Mainly done by the commands, with some manual adjust.

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 12:01:26 +08:00
Pengyu Lv
f1b86b088f ssl: add macro to indicate CBC mode is available 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 11:28:42 +08:00
Pengyu Lv
e870cc8c86 ssl: add macro for available key types 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 11:28:36 +08:00
Tom Cosgrove
53199b1c0a
Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed 
TLS 1.3: EarlyData SRV: Write early data extension  in EncryptedExtension
 2023-11-07 13:59:13 +00:00
Yanray Wang
4995e0c31b cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT 
- fix remaining dependency in test_suite_psa_crypto.data

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 17:51:32 +08:00
Tom Cosgrove
4122c16abd
Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination 
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
 2023-11-07 09:26:21 +00:00
Jerry Yu
7cca7f6820 move ext print to the end of write client hello 
pre_shared_key extension is done at the end. The
information should be print after that

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 15:19:13 +08:00
Jerry Yu
1ccd6108e8 Revert "fix miss sent extensions mask" 
This reverts commit 06b364fdfd.

It has been set in write_binders

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:57:44 +08:00
Jerry Yu
7ef9fd8989 fix various issues 
- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e check the ticket version unconditional 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:18:17 +08:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function 
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function 
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:24 +08:00
Pengyu Lv
44670c6eda Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" 
This reverts commit dadeb20383.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-07 09:58:53 +08:00
Dave Rodgman
4b67ac8adf
Merge pull request #8444 from Mbed-TLS/cvv-code-size 
code size for mbedtls_cipher_validate_values
 2023-11-06 12:50:37 +00:00
Yanray Wang
0d76b6ef76 Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT 
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-06 10:02:10 +08:00
Yanray Wang
de0e2599ad cipher_wrap.c: remove unnecessary NO_DECRYPT guard for DES 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-06 10:02:10 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407 
[G2] Make TLS work without Cipher
 2023-11-04 15:05:00 +00:00
Dave Rodgman
bb5a18344a Bump version 
./scripts/bump_version.sh --version 3.5.1 --so-crypto 15 --so-x509 6 --so-tls 20

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 12:31:30 +00:00
Dave Rodgman
a9b6c64a69 Fix some non-standard headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 12:24:58 +00:00
Dave Rodgman
e3c05853d6 Header updates 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 12:21:36 +00:00
Dave Rodgman
4eb44e4780 Standardise some more headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 12:15:12 +00:00
Dave Rodgman
ce38adb731 Fix header in ssl_tls13_keys.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 10:29:25 +00:00
Dave Rodgman
f8be5f6ade Fix overlooked files 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Dave Rodgman
e91d7c5d68 Update comment to mention IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 10:36:38 +00:00
Dave Rodgman
b351d60e99 Merge remote-tracking branch 'origin/development' into msft-aarch64 2023-11-01 13:20:53 +00:00
Jerry Yu
960b7ebbcf move psk check to EE message on client side 
early_data extension is sent in EE. So it should
not be checked in SH message.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:18 +08:00
Jerry Yu
82fd6c11bd Add selected key and ciphersuite check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9 move ticket version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25 fix various issues 
- improve output message
- Remove unnecessary checks
- Simplify test command

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:28:43 +08:00
Dave Rodgman
9ba640d318 Simplify use of __has_builtin 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:34:02 +00:00
Dave Rodgman
90c8ac2205 Add case for MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:27:24 +00:00
Dave Rodgman
64bdeb89b9 Use non-empty definition for fallback 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:27:04 +00:00
Dave Rodgman
52e7052b6c tidy up comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:26:44 +00:00
Dave Rodgman
3e5cc175e0 Reduce code size in mbedtls_cipher_validate_values 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 18:00:01 +00:00
Dave Rodgman
6d2c1b3748 Restructure mbedtls_cipher_validate_values 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 18:00:01 +00:00
Dave Rodgman
fb24a8425a Introduce MBEDTLS_ASSUME 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 17:59:56 +00:00
Yanray Wang
b67b47425e Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-10-31 17:22:06 +08:00
Pengyu Lv
dbd1e0d986 tls13: add helpers to check if psk[_ephemeral] allowed by ticket 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b tls13: server: fully check ticket_flags with available kex mode. 
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.

Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 09:34:14 +08:00
Dave Rodgman
b06d701f56
Merge pull request #8406 from beni-sandu/aesni 
AES-NI: use target attributes for x86 32-bit intrinsics
 2023-10-30 17:01:06 +00:00
Tom Cosgrove
3857bad9a2
Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge 
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
 2023-10-30 15:29:26 +00:00
Valerio Setti
467271dede ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:40:32 +01:00
Valerio Setti
1ebb6cd68d ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols 
These are used in tests to determine whether there is support for
one of those keys for CBC mode.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:36:32 +01:00
Jerry Yu
06b364fdfd fix miss sent extensions mask 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-30 17:18:42 +08:00
Pengyu Lv
cfb23b8090 tls13: server: parse pre_shared_key only when some psk is selectable 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-30 15:26:26 +08:00
Beniamin Sandu
800f2b7c02 AES-NI: use target attributes for x86 32-bit intrinsics 
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
 2023-10-27 17:02:22 +01:00
Valerio Setti
36fe8b9f4b psa_crypto_cipher: add guard for unused variable 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:13:33 +02:00
Valerio Setti
1e21f26d88 psa_crypto_cipher: add helper to validate PSA cipher values 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:13:33 +02:00
Valerio Setti
4a249828a8 psa_crypto_cipher: add mbedtls_cipher_values_from_psa() 
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:

- mbedtls_cipher_values_from_psa() that performs parameters' validation and
  return cipher's values

- mbedtls_cipher_info_from_psa() which then use those values to return
  the proper cipher_info pointer. Of course this depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:12:06 +02:00
Valerio Setti
2c2adedd82 psa_crypto_aead: add guard for CIPHER_C dependency 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:12:06 +02:00
Jerry Yu
71c14f1db6 write early data indication in EE msg 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-27 10:52:49 +08:00
Jerry Yu
985c967a14 tls13: add more checks for server early data 
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-27 10:52:27 +08:00
Bence Szépkúti
51328162e6
Merge pull request #8374 from sergio-nsk/sergio-nsk/8372/2 
Fix compiling AESNI in Mbed-TLS with clang on Windows
 2023-10-26 21:21:01 +00:00
Dave Rodgman
2db1e354e3
Merge pull request #8408 from daverodgman/iar-fix-aes 
Fix MBEDTLS_MAYBE_UNUSED for IAR
 2023-10-26 15:53:11 +00:00
Gilles Peskine
b3d0ed2e6e
Merge pull request #8303 from valeriosetti/issue6316 
Add test component with all ciphers and AEADs accelerated only
 2023-10-26 15:53:10 +00:00
Tom Cosgrove
257f6dd57d Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME 
Fixes #8422

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-10-26 14:04:34 +01:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello 
TLS 1.3: EarlyData SRV: Add early data extension parser.
 2023-10-26 08:31:53 +00:00
Valerio Setti
bbc46b4cc2 cipher: improve code readibility in mbedtls_cipher_setup() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-26 09:00:21 +02:00
Dave Rodgman
6e51abf11d Merge remote-tracking branch 'origin/development' into msft-aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 15:17:11 +01:00
Dave Rodgman
d1c4fb07ee Support older IAR versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 15:07:35 +01:00
Valerio Setti
79a02de79f cipher: check that ctx_alloc_func is not NULL before calling it 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-25 12:03:36 +02:00
Valerio Setti
a6c0761c43 cipher_wrap: fix guards for GCM/CCM AES 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-25 12:03:36 +02:00
Valerio Setti
e86677d0c3 pkparse: fix missing guards for pkcs5/12 functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-25 12:03:36 +02:00
Dave Rodgman
5e41937eba Remove dependency on asm/hwcap.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
9fd1b526c3 Use MBEDTLS_ARCH_IS_ARMV8_A not MBEDTLS_ARCH_IS_ARMV8 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
cb5c9fb0c2 Add volatile to prevent asm being optimised out 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
b34fe8b88b Fix #error typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
90291dfe33 Share some definitions that are common for clang and GCC 5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
46267f6a2d Tidy-up: move GCM code into one place 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
f4ee5d4c94 Code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
2c25bdb7cf Don't use #ifdef on vreinterpretq_xxx 
Co-authored-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
f60e44d063 Add link to ACLE docs in comment 
Co-authored-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
48b965d941 Update clang version requirements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
472a1906d5 fix tabs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
4b8e8dc043 Improve compiler version checking + docs + testing for armclang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
ece803b0ae Fix behaviour for Armv8 targets without Neon 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
851cf5a325 Fix runtime detection on A32/T32 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:24 +01:00
Dave Rodgman
27e3c87fc1 Suppport AESCE on A32 and T32 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 09:06:22 +01:00
Dave Rodgman
d69d3cda34
Merge pull request #8298 from daverodgman/sha-armce-thumb2 
Support SHA256 acceleration on Armv8 thumb2 and arm
 2023-10-24 21:23:15 +00:00
Dave Rodgman
f842868dd9 Fix MBEDTLS_MAYBE_UNUSED for IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-24 14:18:38 +01:00
Pengyu Lv
7b711710b2 Add check_ticket_flags helper function 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-24 17:07:14 +08:00
Dave Rodgman
514590210b Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-23 15:35:07 +01:00
Dave Rodgman
66d5512571 Remove dependency on asm/hwcap.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-23 15:12:32 +01:00
Dave Rodgman
bcb810252c
Merge pull request #8363 from daverodgman/iar-fixes-2 
Stop IAR warning about goto skipping variable definition
 2023-10-23 14:59:15 +01:00
Tom Cosgrove
235e361b6c
Merge pull request #8339 from lpy4105/issue/support-cpuid-for-win32 
Support cpuid for win32
 2023-10-23 10:43:39 +00:00
Manuel Pégourié-Gonnard
2bf0870e25
Merge pull request #7861 from mpg/cleanup-pk-parse 
cleanup PK parse - part 1
 2023-10-23 08:49:16 +00:00
Matthias Schulz
edc32eaf1a Uncrustified 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-19 16:09:08 +02:00
Sergey Markelov
3898f10fed Fix #8372 - Error compiling AESNI in Mbed-TLS with clang on Windows 
It can successfully compile w/ the clang options -maes -mpclmul.

Signed-off-by: Sergey Markelov <sergey@solidstatenetworks.com>
 2023-10-18 20:24:39 -07:00
Gilles Peskine
6407f8fc54
Merge pull request #8322 from valeriosetti/issue8257 
Improve location of MD_CAN macros
 2023-10-18 14:31:28 +00:00
Paul Elliott
4fb1955b31 Remove NULL-ing of passed in SSL context in ssl_populate_transform() 
Remove a piece of code that was meant to ensure non-usage of the ssl
context under conditions where it should not be used, as this now makes
less sense and also triggers coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-10-18 15:16:45 +01:00
Matthias Schulz
ab4082290e Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-18 13:20:59 +02:00
Gilles Peskine
f6f4695824
Merge pull request #8320 from valeriosetti/issue8263 
Fix dependencies of mbedtls_pk_ec_ro and mbedtls_pk_ec_rw
 2023-10-18 10:03:46 +00:00
Pengyu Lv
ed5e4e86a5 Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination 2023-10-18 18:03:07 +08:00
Jerry Yu
b47b2990d6 fix various issues 
- fix wrong typo
- remove redundant check
- remove psk mode tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-18 15:50:35 +08:00
Manuel Pégourié-Gonnard
c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064 
Change accel_aead component to full config
 2023-10-18 07:15:59 +00:00
Matthias Schulz
873a202d18 Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 16:02:20 +02:00
Matthias Schulz
cc923f307e Added missing like between variables and function body. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 12:36:56 +02:00
Matthias Schulz
adb3cc4d43 Fixes #8377. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 11:57:10 +02:00
Valerio Setti
2f00b7a5da cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard
745ec5d75e Fix static initializer warning 
In a hypothetical build with no curves, or in the future when we add a
new curve type and possibly forget updating this function with a new
block for the new type, we write to `ret` at the beginning or the
function then immediately overwrite it with MPI_CHK(check_privkey),
which static analyzers understandably find questionable.

Use `ret` here and check the key only if it was actually set.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-17 10:13:45 +02:00
Yanray Wang
4b6595aa83 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-10-17 11:13:00 +08:00
Dave Rodgman
2fde39a22c
Merge pull request #8283 from daverodgman/more-aes-checks 
More AES guards testing and some fixes
 2023-10-16 18:22:51 +00:00
Valerio Setti
9fc1f24331 md: restore md.h includes in source files directly using its elements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 14:39:38 +02:00
Valerio Setti
74cb404b0d ssl: improve ssl_check_key_curve() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 13:40:50 +02:00
Yanray Wang
aa01ee303a Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-10-16 17:38:32 +08:00
Valerio Setti
dcee98730b cipher_wrap: add VIA_LEGACY_OR_USE_PSA to new internal symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 11:35:57 +02:00
Valerio Setti
596ef6c0b1 cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 11:26:08 +02:00
Valerio Setti
0521633559 cipher: fix guards in mbedtls_cipher_auth_[encrypt/decrypt]_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 11:22:21 +02:00
Manuel Pégourié-Gonnard
52e9548c22 Fix check for format supported by PSA 
For non-Weierstrass curves there's only one format and it's supported.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
f1b7633443 Use clearer function name 
I went for "may be" as I was thinking just checking the tag technically
does not guarantee that what follows is correct, but I was wrong:
according to ASN.1, when there are variants, the tag does distinguish
unambiguously between variants, so we can be more positive here.
(Whether the thing inside that variant is correct is a different
question.)

As a welcome side effect, this makes the name more standard hence more
readable.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
842ffc5085 Make code more robust 
Using return here is only correct if we know that group_load() is atomic
(either succeeds, or allocates no ressources). I'm not sure it is, and
even if it were, goto exit is more obviously correct, so let's use that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
94cf1f82ad Fix a typo in a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
564bc1bb96 Fix limitation in checking supported alg in pk_sign 
The recent changes in pkparse made it so ECDSA (deterministic or not) is
set as the secondary alg and ECDH the first one. This broke the wrapper
in pk_wrap as it was only checking the first alg when deciding whether
to use deterministic or not. The wrapper should not have unnecessary
requirements on how algs are set up, so make the check more flexible.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
53d3e40a21 Fix unused warnings in dummy definition 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
12ea63a5f7 Abstract away MBEDTLS_PK_PARSE_EC_EXTENDED 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
fac9819edc Fix and document return of pk_ecc_set_pubkey() 
One of the calling site needs to distinguish between "the format is
potentially valid but not supported" vs "other errors", and it uses
MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for that.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
ff72ea9d51 Rework pk_ecc_set_pubkey() 
- Fix the logic around format: we were just assuming that if the format
was not compressed, it was uncompressed, but it could also have been
just invalid.
- Remove redundant length check: the fallback does its own checks.
- Remove set_algorithm() that's not needed and introduced a depencency
on ECDSA.
- Some style / naming / scope reduction.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
e4c883bc8c New signature for pk_ecc_set_pubkey() 
Also new name, for consistency, and documentation.

The signature **p, *end is mostly for parsing functions that may not
consume everything, and need to update the "current" pointer to reflect
what has been consumed. This is not the case here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
681e30b727 Rework pk_ecc_set_pubkey_psa_ecp_fallback() 
- new semantic: sets the pubkey directly in the PK context
- new name to reflect that semantic and obey the naming scheme
- trivial case first
- documentation and better parameter names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
0b8e45650f Tune body of pk_ecc_set_pubkey_from_prv() 
- avoid useless use of ret in PSA code, keep only status
- improve variable names
- keep declarations closer to use
- a few internal comments

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
de25194a20 Rename and document pk_ecc_set_pubkey_from_prv() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
d1aa642394 Document pk_ecc_set_group() and pk_ecc_set_key() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
5470898e37 Move code around again 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
997a95e592 Merge two consecutive #ifs 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
212517b87d Start re-ordering functions in pkparse 
The general order is low-level first, top-level last, for the sake of
static function and avoiding forward declarations.

The obvious exception was functions that parse files that were at the
beginning; move them to the end.

Also start defining sections in the file; this is incomplete as I don't
have a clear view of the beginning of the file yet. Will continue in
further commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
df151bbc37 Minor improvements to pk_ecc_read_compressed() 
- new name starting with pk_ecc for consistency
- re-order params to match the PSA convention: buf, len, &size
- add comment about input consumption

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
e82fcd9c9e Avoid nested #ifs in body of pk_get_ecpubkey() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard
116175c5d7 Use helper macro for (deterministic) ECDSA 
- centralizes decision making about which version to use when
- avoids nested #ifs in pk_ecc_set_key()

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:27:22 +02:00
Dave Rodgman
0a48717b83 Simplify Windows-on-Arm macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Dave Rodgman
c5cc727dd0 Use new MBEDTLS_ARCH_IS_xxx macros 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Dave Rodgman
a0f10da9d2 Use MBEDTLS_HAVE_NEON_INTRINSICS instead of __ARM_NEON 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Dave Rodgman
4ffd7c7614 Introduce MBEDTLS_HAVE_NEON_INTRINSICS and simplify NEON header inclusion 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Dave Rodgman
be09286666 Enable 8-byte fastpath in mbedtls_xor on ARM64 and ARM64EC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Dave Rodgman
ad71b6a834 Support ARM64EC in the same way as ARM64 in sha256 and sha512 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Dave Rodgman
78fc0bd1db Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS on Windows-on-Arm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-16 09:25:59 +01:00
Manuel Pégourié-Gonnard
dcd98fffab Factor similar code into pk_ecc_set_key() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
6db11d5068 Group two versions of the same code 
Just moving code around. The two blocks do morally the same thing: load
the key, and grouping them makes the #if #else structure clearer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
d5b4372012 Slightly simplify pk_derive_public_key() 
- add a comment explain potentially surprising parameters
- avoid nesting #if guards: I find the linear structure #if #elif #else
makes the three cases clearer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
2585852231 Factor common code into a function 
There were two places that were calling either pk_update_ecparams() or
mbedtls_ecp_group_load() depending on the same guard. Factor this into a
single function, that works in both configs, so that callers don't have
to worry about guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
5fcbe4c1f8 Further rationalize includes 
- only include psa_util when we use PSA Crypto
- re-order includes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
da88c380bd Minimize key-type-related includes 
- we don't use any ECDSA function here
- we only need to include ecp.h when supporting ECC keys

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Manuel Pégourié-Gonnard
4b0e8f0e2c Remove redundant include 
It's also included later, guarded by support for ECC keys, and actually
that's the only case where we need it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-16 10:25:44 +02:00
Valerio Setti
5f5573fa90 cipher: reintroduce symbol for legacy AEAD support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-13 17:29:27 +02:00
Dave Rodgman
515af1d80d Stop IAR warning about goto skipping variable definition 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 16:03:25 +01:00
Bence Szépkúti
195411bb17
Merge pull request #8062 from yanrayw/save_stack_usage_pkwrite 
pkwrite: use heap to save stack usage for writing keys in PEM string
 2023-10-13 14:27:13 +00:00
Dave Rodgman
2457bcd26c Tidy up logic for MBEDTLS_MAYBE_UNUSED 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-13 12:31:45 +01:00
Gilles Peskine
97a6231b5c
Revert "Fix a few IAR warnings" 2023-10-13 11:39:53 +02:00
Dave Rodgman
2d67e3a07b
Merge pull request #8352 from daverodgman/iar-fixes 
Fix a few IAR warnings
 2023-10-13 09:20:28 +01:00
Tom Cosgrove
71f2e398bd
Merge pull request #8345 from mcagriaksoy/branch_issue_8344 
Add missing casting size_t to int on ssl_tls13_keys.c
 2023-10-12 18:39:33 +00:00
Dave Rodgman
584c8108b3 Use a block to save 12b 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:55:23 +01:00
Dave Rodgman
351a81c65d Keep initialisation of p in its original location 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:36:05 +01:00
Dave Rodgman
bcb1818e19 Fix IAR 'transfer of control bypasses initialization' warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:23:11 +01:00
Dave Rodgman
4b779bef9e
Merge branch 'development' into more-aes-checks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 16:17:10 +01:00
Dave Rodgman
54bb76e106
Merge pull request #8348 from kasjer/kasjer/aes-rcon-rename 
Rename local variable in aes.c
 2023-10-12 12:30:35 +00:00
Ryan Everett
1a91309324 Restore array formatting 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Maciej Zwoliński
720c638717 Add AES encrypted keys support for PKCS5 PBES2 
Signed-off-by: Maciej Zwoliński <mac.zwolinski@gmail.com>
 2023-10-12 12:00:01 +01:00
Valerio Setti
db1ca8fc33 cipher: keep MBEDTLS_CIPHER_HAVE symbols private 
This commit also improve the usage of these new symbols in
cipher_wrap code

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-12 10:39:54 +02:00
Valerio Setti
e570704f1f ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-12 10:39:37 +02:00
Dave Rodgman
4fd868e4b1
Refer to Armv8-A (not Armv8) in comments 
Co-authored-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-12 09:09:42 +01:00
Jerry Yu
ab0da370a4 Add early data status update 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00
Jerry Yu
1eb0bd557d Add not-received status 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00