Dave Rodgman
a02b36886c
Fix gcc warnings when -Wredundant-decls set
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-14 13:43:39 +01:00
Andrzej Kurek
f14a5c3fcb
Improve the documentation of MBEDTLS_PLATFORM_MEMORY
...
Introduce requests from review comments.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-14 06:15:15 -04:00
Andrzej Kurek
377eb5f0c3
doxygen: \p commands misuse - review comments
...
Apply comments suggested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-13 10:02:32 -04:00
Andrzej Kurek
00b54e6885
doxygen: fix parameter name typos and misused \p commands
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-13 10:02:32 -04:00
Andrzej Kurek
43dfd51ab4
doxygen: fix misused \p commands in rsa.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-13 10:02:32 -04:00
Andrzej Kurek
3bedb5b663
doxygen: fix parameter name typos and misused \p commands
...
\p is reserved for function parameters.
\c is used to describe other values and variables.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-13 10:02:32 -04:00
Andrzej Kurek
69ed8c41fa
Fix documentation - parameter name mistakes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-13 10:02:32 -04:00
Andrzej Kurek
7d49a1c907
doxygen: remove unnecessary description
...
Due to the nature of CTR, there is no mode parameter.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-13 10:02:32 -04:00
Jerry Yu
8bfa24b021
Update compiler versions requirement
...
For time being, we haven't verified MSVC
for sha256 and 512. So we do not add msvc
information.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-13 10:40:29 +08:00
Jerry Yu
8e96e78dbe
update document and error message
...
Chang the spell of armclang
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-13 10:40:28 +08:00
Jerry Yu
c37e260dc5
Add armclang version requirement for sha512
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-07-13 10:40:28 +08:00
Dave Rodgman
98e632f210
Re-order mbedtls_mpi to save a few extra bytes with clang
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-11 16:02:50 +01:00
Valerio Setti
980383421a
config_psa: enable KEY_PAIR_GENERATE only when GENPRIME is defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 16:32:50 +02:00
Valerio Setti
0d5c5e5a38
config_psa: enable KEY_PAIR_[IMPORT/EXPORT] as soon as BASIC is enabled
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
a9a3c5581e
config_psa: enable GENPRIME when BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
b2bcedbf9a
library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Valerio Setti
f6d4dfb745
library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-11 14:06:00 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal
...
Split psa_util.h between internal and public
2023-07-10 18:33:23 +02:00
Valerio Setti
6f0441d11e
tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Pengyu Lv
08daebb410
Make endpoint getter parameter a pointer to const
...
It would be convenient for users to query the endpoint
type directly from a ssl context:
```
mbedtls_ssl_conf_get_endpoint(
mbedtls_ssl_context_get_config(&ssl))
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
accd53ff6a
Add getter access to endpoint field in mbedtls_ssl_config
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
918ebf3975
Add getter access to hostname field in mbedtls_ssl_context
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Pengyu Lv
af724dd112
ssl_cache: Add getter access to timeout field
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-10 11:33:23 +08:00
Valerio Setti
aa7cbd619c
build_info: replace PK_CAN_ECDH with CAN_ECDH and fix comments
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 19:02:23 +02:00
Valerio Setti
3d237b5ff1
ssl_misc: fix guards for PSA data used in XXDH key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 19:02:16 +02:00
Valerio Setti
0a0d0d5527
ssl: keep all helper definitions in ssl_ciphersuites.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:31:40 +02:00
Valerio Setti
ed365e66bb
ssl: improve/fix definitions for internal helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:31:40 +02:00
Valerio Setti
a15078b784
pk: do not duplicate internal symbols for ECDH/ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:31:40 +02:00
Valerio Setti
e87915b66f
ssl: update new symbols to include also FFDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:23:53 +02:00
Valerio Setti
b302efc8d9
debug: replace ECDH_C symbol with key exchange one
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:23:53 +02:00
Valerio Setti
c2232eadfb
tls: replace PK_CAN_ECDH guards with new helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:23:53 +02:00
Valerio Setti
7aeec54094
tls: replace ECDH_C guards with new helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:23:53 +02:00
Valerio Setti
00dc4063e2
ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-07 17:23:53 +02:00
Andrzej Kurek
c508dc29f6
Unify csr and crt san writing functions
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 09:05:30 -04:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771
...
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
2023-07-07 10:22:47 +02:00
Manuel Pégourié-Gonnard
999ce227fc
Make the PSA-mbedtls RNG API public
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
abfe640864
Rationalize includes in psa_util
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:27 +02:00
Manuel Pégourié-Gonnard
b7e8939198
Move error functions to internal header
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
a5a8f29d7e
Move ECC and FFDH macros to internal header
...
ECC macros used in the following files:
library/pk.c
library/pk_wrap.c
library/pkparse.c
library/pkwrite.c
library/ssl_misc.h
library/ssl_tls12_client.c
FFDH macro use only in library/ssl_misc.h so could possibly be moved
there, but it seems cleaner to keep it close to the ECC macros are they
are very similar in nature.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:45:54 +02:00
Manuel Pégourié-Gonnard
f9b012f313
Remove unused function from psa_util.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
5c731b0afb
Use consistent guards for deprecated feature
...
Fixes an "unused static function" warning in builds with
DEPRECATED_REMOVED.
While at it, remove an include that's now useless.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
efcc1f21c8
Make cipher functions static in cipher.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
2be8c63af7
Create psa_util_internal.h
...
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-07-06 12:42:33 +02:00
Tom Cosgrove
836aed7cf8
Merge pull request #6003 from gstrauss/x509_time
...
mbedtls_x509_time performance and reduce memory use
2023-07-06 09:28:14 +01:00
Dave Rodgman
852b6c30b7
Support MBEDTLS_MD_SHA3_xxx_VIA_PSA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 19:47:08 +01:00
Dave Rodgman
527f48f14d
Add OID definitions for SHA3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 18:57:30 +01:00
Dave Rodgman
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size
...
Cipher wrap size improvement
2023-07-05 15:45:48 +01:00
Dave Rodgman
761d0dcfbf
Improve doxygen formatting
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 12:33:53 +01:00
Dave Rodgman
ff4c2db489
Improve comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-07-05 12:11:32 +01:00
Kusumit Ghoderao
3fde8feaa9
FIx name of macro
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
b3042c39fe
Define PSA_ALG_WANT_PBKDF2_AES_CMAC_PRF_128 and fix config
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
857cd4b3ee
Add AES_CMAC_PRF_128 output size macro
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
dd45667a18
Define struct for pbkdf2_cmac
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:16:59 +05:30
Kusumit Ghoderao
3cb6e41dfa
Add define for builtin pbkdf2_cmac
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-07-04 15:16:59 +05:30
Andrzej Kurek
2b3c06edb3
Enable certain documented defines only when generating doxygen
...
Avoid an "unrecognized define" error.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-03 10:42:15 -04:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Valerio Setti
06dfba7fd9
config_psa: enabled EC key derivation support when ECP_C is enabled
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:22 +02:00
Valerio Setti
27c501a10c
lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT
...
Also the python script for automatic test generation is fixed accordingly
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:22 +02:00
Valerio Setti
6a9d0ee373
library/test: replace LEGACY symbol with BASIC_IMPORT_EXPORT
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:21 +02:00
Valerio Setti
73fc082fcd
config_psa: introduce new internal KEY_PAIR symbol for BASIC+IMPORT+EXPORT
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:21 +02:00
Gilles Peskine
053022fe24
Reduce the size of mbedtls_mpi
...
Reduce the size of mbedtls_mpi from 3 words to 2 on most architectures.
This also reduces the code size significantly in bignum.o and ecp_curves.o,
with negligible variations in other modules.
This removes the ability to set MBEDTLS_MPI_MAX_LIMBS to a value >=65536,
but we don't support customizing this value anyway (it's always 10000).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-29 19:33:44 +02:00
Andrzej Kurek
aae3208c29
Add an mbedtls_calloc(SIZE_MAX/2, SIZE_MAX/2) test
...
It should return NULL and not a valid pointer.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
84356a16e9
Add a description of how mbedtls_calloc is determined
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
ecaf6fb8b2
Documentation and cosmetic fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
2d981f092e
Extend mbedtls_calloc and mbedtls_free documentation
...
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
c08ccd00f3
Add a test for calloc zeroization
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
b9f8974c6c
Document mbedtls_calloc zeroization
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
David Horstmann
4506e7de61
Move clarification to a separate note
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-27 12:20:32 +01:00
David Horstmann
5dbe17de36
Add PSA_JPAKE_FINISHED to EXPECTED_{IN,OUT}PUTS()
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-27 10:30:28 +01:00
Dave Rodgman
47a2ac1c25
Fix incorrectly named macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-26 18:39:42 +01:00
Dave Rodgman
5734bb99cc
Fix PSA_HMAC_MAX_HASH_BLOCK_SIZE and PSA_HASH_MAX_SIZE definitions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-26 18:23:08 +01:00
Przemek Stekiel
98d79335d1
Update guards for supported groups
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-26 16:28:45 +02:00
Dave Rodgman
09822a35f5
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-26 11:11:23 +01:00
Dave Rodgman
f66cd61daa
Use more standard PSA macro names
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-26 11:02:12 +01:00
Dave Rodgman
98083c6a17
Add support for SHA-3 in PSA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-25 23:27:45 +01:00
Gilles Peskine
e8e1e157cb
Fix empty union when TLS is disabled
...
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-25 21:41:58 +02:00
Dave Rodgman
4f8d2efec9
Improve docs
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 18:40:46 +01:00
Dave Rodgman
d30eed4d55
More struct re-ordering
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 18:35:42 +01:00
Dave Rodgman
92cf6e52d3
Adjust stuct order for better packing / smaller accessor code size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 18:21:11 +01:00
Dave Rodgman
e59b9d44b1
Fix some compiler type warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 16:53:13 +01:00
Dave Rodgman
a2e2fce60d
Fix accidental mis-named field
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 14:44:27 +01:00
Dave Rodgman
eb65fec023
Fix use of enum in a bitfield
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 14:29:25 +01:00
Dave Rodgman
85a88133aa
Use fewer bits for block_size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 13:37:28 +01:00
Dave Rodgman
3b46b77cf1
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 13:37:28 +01:00
Dave Rodgman
de3de773e6
Use look-up table for base
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 12:59:31 +01:00
Dave Rodgman
0ffb68ee3f
Use fewer bits for iv_size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 12:59:31 +01:00
Dave Rodgman
6c6c84212e
Use fewer bits for key_bitlen
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 11:14:34 +01:00
Dave Rodgman
3319ae9679
Re-order mbedtls_cipher_info_t
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 10:55:04 +01:00
Dave Rodgman
48d13c5143
Use bit-fields
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-24 10:53:37 +01:00
David Horstmann
07c22c6708
Reword the description of mbedtls_net_free()
...
This makes it clearer that the context itself is not being freed.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-23 23:19:40 +01:00
Dave Rodgman
f9c9c92a40
Change types in mbedtls_cipher_info_t
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-23 17:16:17 +01:00
David Horstmann
279d227971
Add "completed" clarification to struct comments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-22 15:22:35 +01:00
David Horstmann
096093bac5
Remove redundant structures from previous design
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-22 15:22:35 +01:00
David Horstmann
024e5c5f2e
Rename struct member mode to io_mode
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-22 15:22:35 +01:00
David Horstmann
5da9560178
Properly namespace enum values within PSA_JPAKE_
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-22 15:22:35 +01:00
David Horstmann
e7f21e65b6
Change J-PAKE internal state machine
...
Keep track of the J-PAKE internal state in a more intuitive way.
Specifically, replace the current state with a struct of 5 fields:
* The round of J-PAKE we are currently in, FIRST or SECOND
* The 'mode' we are currently working in, INPUT or OUTPUT
* The number of inputs so far this round
* The number of outputs so far this round
* The PAKE step we are expecting, KEY_SHARE, ZK_PUBLIC or ZK_PROOF
This should improve the readability of the state-transformation code.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-22 15:22:35 +01:00
Manuel Pégourié-Gonnard
2fb9d00f6d
Merge pull request #7682 from valeriosetti/issue7453
...
driver-only ECC: ECPf.PK testing
2023-06-22 09:45:57 +02:00
Paul Elliott
458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips
...
Use better IP parsing in x509 apps
2023-06-20 17:21:04 +01:00
Valerio Setti
a9aab1a85b
pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa()
...
This allows also to:
- removing the dependency on ECP_C for these functions and only rely
on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
their original position in pk.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Valerio Setti
bc2b1d3288
psa: move mbedtls_ecc_group_to_psa() from inline function to standard one
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Valerio Setti
f54ca35b8a
build_info: do not enable ECP_LIGHT when PSA_WANT_ALG_ECDSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Valerio Setti
81d75127ba
library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Valerio Setti
e489e81437
pk: add new symbol to state that PK has support for EC keys
...
Note: both MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS
has been move on top of the pk.h file because we need these symbols
when crypto.h is evaluated otherwise functions like
mbedtls_ecc_group_of_psa() won't be available.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 19:24:05 +02:00
Marek Jansta
8bde649c0b
Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate
...
Signed-off-by: Marek Jansta <jansta@2n.cz>
2023-06-19 12:49:27 +02:00
Valerio Setti
3cd4ef7a7a
mbedtls_config: improved description of PK_PARSE_EC_COMPRESSED
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 11:35:10 +02:00
Valerio Setti
a18385b197
build_info: improved description of ECP_LIGHT auto-enabling symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-19 11:34:28 +02:00
Valerio Setti
fdf15ddfbe
build_info: auto enable PK_PARSE_EC_COMPRESSED when PK_PARSE_C && ECP_C
...
This helps backward compatibility since compressed points were
always supported in previous releases as long as PK_PARSE_C and
ECP_C were defined.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 16:03:47 +02:00
Valerio Setti
4922ba132a
build_info: complete list of symbols that auto-enable ECP_LIGHT
...
The comment is also updated accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 16:03:46 +02:00
Valerio Setti
addeee4531
mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol
...
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
(it get disabled also in the reference components because we want
to achieve test parity)
- remove skipped checks in analyze_outcomes.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 16:03:46 +02:00
Valerio Setti
aecd32c90a
pk: let PK_PARSE_EC_EXTENDED auto-enable ECP_LIGHT
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 16:03:46 +02:00
Valerio Setti
01cc88a46b
config_psa: replace USE symbols with BASIC one for all KEY_PAIRs
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:27:02 +02:00
Valerio Setti
4520a8f312
config_psa: only KEY_PAIR_USE includes PUBLIC_KEY
...
While the other (IMPORT, EXPORT, GENERATE, DERIVE) only include
the USE one.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
aac957b493
config_psa: always enable PUBLIC_KEY when any KEY_PAIR is enabled
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
f4d7ede72c
config_psa: fix logic for updating legacy symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
38a3e8d10c
config_psa: ECP_C do not enable ECC_KEY_PAIR_DERIVE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
b0d9aaee1c
psa: move PSA_WANT checks to check_crypto_config
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
c51cba92a3
config_psa: avoid repetitions when including MBEDTLS symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
b7ef51a193
crypto: move legacy symbols support to a dedicated header file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
ddb577626d
config_psa: add missing BUILTIN symbols when ECP_C is defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
89cb1444a5
config_psa: fix comment for LEGACY symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
602ee2ed98
config_psa: remove support for PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
a801b56600
config_psa: remove GENPRIME from enabled symbols of PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
valerio
36befce51a
config_psa: remove leftover comment on ECC derivation
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
8bb5763a85
library: replace deprecated symbols with temporary _LEGACY ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Valerio Setti
f87b505511
config_psa: replace legacy symbols with new ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Valerio Setti
8d6e98c170
psa: add support for legacy symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Valerio Setti
67a3e3eb7b
crypto_config: introducing new definitions for PSA_WANT KEY_PAIRs
...
- deprecate legacy PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- introduce new PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy where
- xxx is either RSA, DH or ECC
- yyy can be USE, IMPORT, EXPORT, GENERATE, DERIVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Janos Follath
a426dc31cc
Merge pull request #7782 from gilles-peskine-arm/mbedtls_ecp_modulus_type-move
...
Move mbedtls_ecp_modulus_type out of the public headers
2023-06-16 11:12:57 +01:00
Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes
...
PBKDF2: Output bytes
2023-06-16 10:08:02 +02:00
Gilles Peskine
637c049349
Move mbedtls_ecp_modulus_type out of the public headers
...
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests
Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 19:07:41 +02:00
Przemek Stekiel
ce05f54283
Properly disable ECDH in only (psk) ephemeral ffdh key exchange components
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 16:44:08 +02:00
Andrzej Kurek
c6beb3a741
Rename NUL to null in x509 IP parsing description
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-15 09:54:37 -04:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only
...
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Yanray Wang
55ef22c2cb
mbedtls_config.h: add description for CTR_DRBG about AES-128 only
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-15 10:05:27 +08:00
Gilles Peskine
c453e2e7e8
Officially deprecate MBEDTLS_CIPHER_BLKSIZE_MAX
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-14 18:00:37 +02:00
Gilles Peskine
9e930e2887
Rename MBEDTLS_CIPHER_BLKSIZE_MAX internally
...
Replace all occurrences of MBEDTLS_CIPHER_BLKSIZE_MAX by the new name with
the same semantics MBEDTLS_CMAC_MAX_BLOCK_SIZE, except when defining or
testing the old name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-14 18:00:37 +02:00
Gilles Peskine
7282a9e1a0
Replacement for MBEDTLS_CIPHER_BLKSIZE_MAX
...
Prepare to rename this constant by MBEDTLS_CMAC_MAX_BLOCK_SIZE. The old name
was misleading since it looked like it covered all cipher support, not just
CMAC support, but CMAC doesn't support Camellia or ARIA so the two are
different.
This commit introduces the new constant. Subsequent commits will replace
internal uses of MBEDTLS_CIPHER_BLKSIZE_MAX and deprecate it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-14 18:00:37 +02:00
Gilles Peskine
16bb83cb57
Explicitly document that Camellia and ARIA aren't supported
...
In particular, this explains why the definition of
MBEDTLS_CIPHER_BLKSIZE_MAX is correct.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-14 18:00:37 +02:00
Przemek Stekiel
7d42c0d0e5
Code cleanup #2
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Przemek Stekiel
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Dave Rodgman
f956312174
Fix typo in MBEDTLS_MD_CAN macros
...
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-11 16:04:29 +01:00
Glenn Strauss
61d99304da
mbedtls_x509_time_gmtime() to fill struct w/ time
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-06-09 17:01:03 +01:00
Glenn Strauss
416dc03467
mbedtls_x509_time_cmp() compare mbedtls_x509_time
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-06-09 17:01:03 +01:00
Dave Rodgman
0442e1b561
Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 16:03:33 +01:00
Manuel Pégourié-Gonnard
1f6d2e352d
Simplify implementation of MD<->PSA translation
...
Also, add tests and comments due from previous commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 12:09:20 +02:00
Manuel Pégourié-Gonnard
9b76318138
Change values of md_type enum
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 11:48:53 +02:00
Dave Rodgman
9304186ae9
Restore accidentally removed comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 10:13:22 +01:00
Dave Rodgman
ff45d44c02
Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 10:11:34 +01:00
Dave Rodgman
b61cd1042a
Correct minor merge mistakes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 18:14:45 +01:00
Dave Rodgman
05d71ffe5b
Merge remote-tracking branch 'origin/development' into sha3-updated
2023-06-07 18:02:04 +01:00
Dave Rodgman
f9d8f4cd68
Remove reference to SHAKE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:29 +01:00
Dave Rodgman
a35551ef01
Use MBEDTLS_PRIVATE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:19 +01:00
Dave Rodgman
cf4d2bdc09
Spell as SHA-3 not SHA3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:09 +01:00
Dave Rodgman
c3048b3eea
Tidy-up definition of mbedtls_sha3_context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
9d7fa93e6c
move mbedtls_sha3_family_functions out of public interface
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
e627bef2f8
Use faster type for state index
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
1789d84282
remove not-needed fields from SHA-3 context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Andrzej Kurek
5d9aeba899
Fix param documentation for mbedtls_x509_crt_parse_cn_inet_pton
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85
Use better IP parsing in x509 programs
...
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:50:05 -04:00
Gilles Peskine
13230a4ad3
Merge pull request #7349 from mpg/rm-hash-info
...
Remove `hash_info` module
2023-06-06 21:05:13 +02:00
Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string
...
Parse an OID from a string
2023-06-06 20:57:17 +02:00
Przemek Stekiel
ff9fcbcace
ssl_client2, ssl_server2: code optimization + guards adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
Przemek Stekiel
e7db09bede
Move FFDH helper functions and macros to more suitable locations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
cceb933e30
Add FFDH definitions and translation functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:07 +02:00
Kusumit Ghoderao
85e6bdb7ad
Add additional members to pbkdf2 struct
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-06 15:05:39 +05:30
Manuel Pégourié-Gonnard
c9d9829533
Add comment on macros that should be kept in sync
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
f76c2208f6
Remove mbedtls_psa_translate_md().
...
The header clearly states all functions here are internal, so we're free
to remove them at any time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
45b34517fb
Keep MD and PSA max size in sync
...
Some TLS code is using MD_MAX_SIZE in parts that are common to USE_PSA
and non-USE_PSA, then using PSA_HASH_MAX_SIZE in parts specific to
USE_PSA, and having different values causes trouble.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
725d2e24aa
Fix guard for PSA->MD error conversion
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1c32e37b0c
Formally deprecate mbedtls_psa_translate_md()
...
The previous informal comment was not enough to prevent it from being
used in several places in the library. This should have more effect,
considering with have builds with DEPRECATED_REMOVED.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
6076f4124a
Remove hash_info.[ch]
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
2d6d993662
Use MD<->PSA functions from MD light
...
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
9b41eb8533
Replace hash_info_get_type with MD function
...
Mostly a search and replace with just two manual changes:
1. Now PK and TLS need MD light, so auto-enable it.
2. Remove the old function in hash_info.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1ef26e285e
Add convenience inline function to md.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Gilles Peskine
5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification
...
Add partial support for URI SubjectAltNames verification
2023-06-05 16:46:47 +02:00
Gilles Peskine
975d9c0faf
Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes
...
Miscellaneous fixes for SubjectAltName code / docs
2023-06-05 15:38:53 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans
...
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00
Manuel Pégourié-Gonnard
f37b94b5bf
Merge pull request #7533 from valeriosetti/issue7484
...
PK: add support for private key writing with "opaque" EC keys
2023-06-05 10:53:53 +02:00
Tom Cosgrove
32b06f50df
Merge pull request #7650 from yanrayw/7360-code-size-tfm-medium
...
code size measurement support for tfm-medium
2023-06-02 13:25:26 +01:00
Andrzej Kurek
1747304a7a
Update the descriptions of SANs
...
All of them are listed, so the previous description was wrong.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-01 18:20:24 +01:00
David Horstmann
bf95e9a058
Reword description and change NUL to null
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:33:15 +01:00
David Horstmann
017139751a
Change behaviour away from NUL-terminated strings
...
Instead, require the length of the string to be passed. This is more
useful for our use-case, as it is likely we will parse OIDs from the
middle of strings.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:04:20 +01:00
David Horstmann
d1a203a382
Cosmetic fixes to doxygen comment
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:02:15 +01:00
valerio
64e0184a39
psa_util: add support for rfc8410's OIDs
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-06-01 11:06:40 +02:00
Manuel Pégourié-Gonnard
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
...
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
Gilles Peskine
a1b416670e
Merge pull request #7547 from silabs-Kusumit/PBKDF2_input_validation
...
PBKDF2: Input Validation
2023-06-01 10:05:34 +02:00
David Horstmann
b97b689832
Reword function description slightly
...
Use of the term "dotted-decimal" improves clarity. Put a full-stop where
one should have been.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-05-31 14:42:00 +01:00
Kusumit Ghoderao
b20f13a41b
Change input cost type to uint64_t and fix max iteration test case
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-31 12:51:02 +05:30
Kusumit Ghoderao
10cc6bda1c
Add PSA_ALG_PBKDF2_HMAC_GET_HASH macro
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-24 12:35:14 +05:30
Kusumit Ghoderao
e66a8ad8d6
Define PSA_VENDOR_PBKDF2_MAX_ITERATIONS
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-24 12:30:43 +05:30
Kusumit Ghoderao
52fe517a77
Change pbkdf2 password to array
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-24 12:28:46 +05:30
Dave Rodgman
b2e551d347
Merge pull request #6943 from ucko/2023b-platform
2023-05-23 18:37:54 +01:00
Valerio Setti
7ef8a8d0da
pk: improve description for the new priv_id field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 18:39:54 +02:00
Manuel Pégourié-Gonnard
9dc9204b77
Merge pull request #7554 from valeriosetti/issue7073-reshape
...
Avoid parse/unparse public ECC keys in PK with USE_PSA when !ECP_C
2023-05-23 15:08:45 +02:00
Aditya Deshpande
2f1ae5a86e
Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style.
...
Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-05-23 15:40:11 +08:00
Valerio Setti
016264b6cb
pk: fix a return value and a typo in comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-22 18:40:35 +02:00
Gilles Peskine
50729eac74
Merge pull request #7611 from yanrayw/7609_tweak_build_info_include_order
...
build_info.h: fix mutual implications with config_psa.h temporarily
2023-05-22 17:49:55 +02:00
Yanray Wang
37db332658
build_info.h: rewrite comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-22 16:50:39 +08:00
Aaron M. Ucko
5e4a01bff5
mbedtls/platform.h: Avoid potential macro redefinition warnings.
...
Some identifiers (e.g. mbedtls_free) can name either functions or
macros depending on configuration settings. For those that turn out
to name macros, first clear out any existing macro definitions to
accommodate possible unconditional bulk symbol renaming. (There
remains no standard provision for such renaming, but it's nevertheless
straightforward enough to do as desired, particularly with this change
in place.)
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-05-19 10:50:06 -04:00
Valerio Setti
f57007dd1e
pk: fixing and improving comments
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-19 13:54:39 +02:00
Paul Elliott
9a11f8a122
Merge pull request #7573 from tom-cosgrove-arm/add-psa_want_alg_some_pake
...
Only include psa_pake_setup() and friends if some PAKE algorithms are required
2023-05-18 09:59:52 +01:00
Andrzej Kurek
1bc7df2540
Add documentation and a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Paul Elliott
8203f2d89f
Merge pull request #7535 from minosgalanakis/ecp/7264_enable_core_shift_l
...
[Bignum] Adjust mbedtls_mpi_core_shift_l to use the core function
2023-05-17 18:45:44 +01:00
Valerio Setti
c1541cb3c7
pk: minor fixes (guards and a wrong assignment)
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 19:23:02 +02:00
Andrzej Kurek
67fdb3307d
Add a possibility to write subject alt names in a certificate
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 11:45:36 -04:00
Andrzej Kurek
1a75269589
Move mbedtls_x509_san_list to x509.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 11:45:36 -04:00
Valerio Setti
92c3f36866
test_suite_debug: fix USE_PSA_INIT/DONE guards in a test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:38:34 +02:00
Valerio Setti
722f8f7472
pk: adding a new field to store the public key in raw format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:31:21 +02:00
Manuel Pégourié-Gonnard
b1c0afe484
Merge pull request #7595 from valeriosetti/deprecate_pk_ec
...
Set mbedtls_pk_ec() as internal function when ECP_C is not defined
2023-05-17 12:27:03 +02:00
Yanray Wang
419a55e929
build_info.h: rewrite comment for inclusion of config_psa.h
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-17 18:22:34 +08:00
Yanray Wang
6397673cb8
build_info.h: change location of including config_psa.h
...
In build_info.h, some macros are defined based on PSA_WANT_XXX symbol.
This commit tweaks the location of including config_psa.h
so that macros in build_info.h could imply config options correctly.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-17 13:57:22 +08:00
Minos Galanakis
2056d09893
bignum: Updated documentation for mbedtls_mpi_shift_l()
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-16 17:16:26 +01:00
Valerio Setti
3f00b84dd1
pk: fix build issues
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 12:57:06 +02:00
Valerio Setti
77a75685ed
pk: align library and tests code to the new internal functions
...
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
the legacy version of that function is available in that
case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:18:46 +02:00
Valerio Setti
229bf1031f
pk: make mbedtls_pk_ec internal when !ECP_C
...
mbedtls_pk_ec() is not an ideal function because:
- it provides direct access to the ecp_keypair structure wrapped
by the pk_context and
- this bypasses the PK module's control
However, since for backward compatibility, it cannot be deprecated
immediately, 2 alternative internal functions are proposed.
As a consequence:
- when ECP_C is defined, then the legacy mbedtls_pk_ec is available
- when only ECP_LIGHT is defined, but ECP_C is not, then only the
new internal functions will be available
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:13:55 +02:00
Fredrik Hesse
cc207bc379
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Tom Cosgrove
6d62faca8e
Only include psa_pake_setup() and friends if some PAKE algorithms are required
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-12 12:36:24 +01:00
Andrzej Kurek
199eab97e7
Add partial support for URI SubjectAltNames
...
Only exact matching without normalization is supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-10 09:57:19 -04:00
Yanray Wang
7265bab8ad
mbedtls_config.h: remove empty * line before closing */ line
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-10 17:50:58 +08:00
Yanray Wang
d2ae432364
mbedtls_config.h: rewrite comment for AES_ONLY_128_BIT_KEY_LENGTH
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-10 17:49:34 +08:00
Manuel Pégourié-Gonnard
1d046fa0dd
Merge pull request #6010 from mprse/ffdh_import_export
...
FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
2023-05-10 11:40:54 +02:00
Yanray Wang
ab4fb0d34c
aes.h: rewrite comment for aes round key buf
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-10 10:06:14 +08:00
Gilles Peskine
8d42cfddd6
Merge pull request #7539 from gilles-peskine-arm/mbedtls_error_pair_t-smaller
...
Halve size of mbedtls_error_pair_t
2023-05-09 15:55:51 +02:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Kusumit Ghoderao
9016bc4ed2
Clean up commented code
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-08 16:04:05 +05:30
Kusumit Ghoderao
3fc4ca7272
Limit max input cost to 32bit
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-08 15:57:41 +05:30
Gilles Peskine
4837e9d1c0
Correct comment about mbedtls error codes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-07 20:27:13 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Valerio Setti
92da2a79aa
pk: improve description for the next opaque ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 12:31:23 +02:00
Valerio Setti
4f387ef277
pk: use better naming for the new key ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
e00954d0ed
pk: store opaque key ID directly in the pk_context structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:57:26 +02:00
Yanray Wang
1ed226f790
Auto-enable CTR_DRBG_USE_128_BIT_KEY with AES_ONLY_128_BIT_KEY_LENGTH
...
This commit adds support to auto-enable
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, the corresponding check is removed in check_config.h.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:23:31 +08:00
Yanray Wang
8b9877bad7
aes.h: add comment for round key buffer in aes context
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:17:48 +08:00
Yanray Wang
4a7fdffa5e
mbedtls_config.h: paraphrase code size saving in comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:11:33 +08:00
Yanray Wang
3d4d146f07
mbedtls_config.h: fix issue in grammar
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 15:05:46 +08:00
Yanray Wang
a87046704f
Add checks if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled
...
This commit adds configuration check in check_config.h if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is disabled
by default in scripts/config.py for full configuration.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:18 +08:00
Arto Kinnunen
b1c626b5c6
AES: adjust AES RAM usage according to config options
...
Do not reserve additional space for mbedtls_aes_context if config
option AES_ONLY_128_BIT_KEY_LENGTH is used and PADLOCK_C is not used.
This reduces RAM usage by 96 bytes.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:13 +08:00
Arto Kinnunen
732ca3221d
AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
...
Add configuration option to support 128-bit key length only
in AES calculation.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:38 +08:00
Jethro Beekman
0167244be4
Read and write X25519 and X448 private keys
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Kusumit Ghoderao
b9410e89b4
Fix failing CI
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-04 13:17:51 +05:30
Przemek Stekiel
746dfaea3f
Enable FFDH through PSA if it's enabled in the legacy interface
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-04 09:14:08 +02:00
Kusumit Ghoderao
dcfa548293
Add pbkdf2 to key_derivation context struct
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:35 +05:30
Kusumit Ghoderao
30ced52497
Add pbkdf2 struct to crypto_builtin_key_derivation.h
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:35 +05:30
Kusumit Ghoderao
876e2c2424
Add psa_pbkdf2_key_derivation_state_t
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:34 +05:30
Kusumit Ghoderao
83baf8968d
Add builtin PBKDF2_HMAC definition in config_psa.h
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:34 +05:30
Kusumit Ghoderao
aca31654e6
Enable PSA_WANT_ALG_PBKDF2_HMAC in crypto_config.h
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:34 +05:30
Gilles Peskine
b567f8326d
Halve size of mbedtls_error_pair_t
...
All PSA crypto error codes fit comfortably in 16 bits and we have no plans
to ever change this. So use 16 bits to store them, which reduces
mbedtls_error_pair_t from 8 bytes to 4 bytes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-02 21:40:07 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
...
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Manuel Pégourié-Gonnard
8e076e4132
Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle
...
Document (with examples) how to integrate a third-party driver with Mbed TLS
2023-05-02 12:13:42 +02:00
Manuel Pégourié-Gonnard
f317df98ea
Merge pull request #7461 from valeriosetti/issue7460-part1
...
Fixing USE_PSA_INIT/DONE in SSL/X509/PK test suites
2023-05-02 10:44:13 +02:00
Aditya Deshpande
f100f00679
Add warnings to documentation stating that p256-m code may be out of date with upstream, plus other minor grammatical fixes.
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
bac592d53e
Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f
Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
...
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
Przemek Stekiel
4ce523256b
Fix definition of PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (ECC vs FFDH max)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 13:40:34 +02:00
Przemek Stekiel
eb511a4495
Update config files to make PSA FFDH undependent on MBEDTLS_DHM_C
...
To enable support for FFDH in PSA MBEDTLS_USE_PSA_CRYPTO needs to be enabled.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 13:20:16 +02:00
Przemek Stekiel
6d85afa0cc
Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 11:42:17 +02:00
Przemek Stekiel
5357a7a6d9
Use PSA_MAX_OF_THREE in PSA_EXPORT_KEY_PAIR_MAX_SIZE
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:22:36 +02:00
Dave Rodgman
98062a7c5d
Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module
...
Add msvc support for AESCE
2023-04-26 21:27:08 +01:00
David Horstmann
9643575d92
Limit OIDs to 128 components
...
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.
[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 11:50:14 +01:00
Przemek Stekiel
654bef0be0
Fix typos, comments, style, optimize macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
87d9a4a30c
Provide PSA_WANT_KEY_TYPE_FFDH_PUBLIC_KEY configuration
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
ed23b61020
Adapt size macros for FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
84ee3e2921
Adapt config files for FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Jerry Yu
a1a039dba6
Improve minimum compiler versions document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-26 10:21:42 +08:00
Przemek Stekiel
aede2ad554
Optimize code (pake role type, freeing buffers)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 14:30:34 +02:00
Przemek Stekiel
6e628a4e7b
Add undfined role for ec j-pake
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 13:11:36 +02:00
Jerry Yu
f015a93f98
Add msvc version document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-25 10:38:03 +08:00
valerio
cf35d774fe
doc: update USE_PSA_CRYPTO description
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 13:47:18 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
...
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Jerry Yu
a7d454cec2
Remove unnecessary check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:38 +08:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
...
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Ronald Cron
f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function
...
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
2023-04-17 15:41:25 +02:00
Przemek Stekiel
7921a03425
Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 12:32:06 +02:00
harshal.patil
8c77644906
ecdsa: fix -missing-prototypes
warning when MBEDTLS_ECDSA_SIGN_ALT
is defined
...
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.
Signed-off-by: harshal.patil <harshal.patil@espressif.com>
2023-04-17 12:53:00 +05:30
Manuel Pégourié-Gonnard
ed5998cd7d
Merge pull request #7422 from valeriosetti/remove-psa-have-full-symbols
...
Remove PSA_HAVE_FULL_xxx symbols
2023-04-17 09:19:00 +02:00
Stephan Koch
48fba6fbac
Fix so that PSA_WANT_ALG_DETERMINISTIC_ECDSA implies PSA_HAVE_FULL_ECDSA.
...
Signed-off-by: Stephan Koch <koch@oberon.ch>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-14 13:41:10 +02:00
Glenn Strauss
c26bd76020
x509 crt verify SAN iPAddress
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Valerio Setti
6b006c126b
remove KEY_TYPE_ECC_PUBLIC_KEY unnecessary requirement
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 12:02:19 +02:00
Valerio Setti
6c496a1553
solve disparities for ECP_LIGHT between ref/accel
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
151bdf9668
build_info: fixed comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
d4a5d461de
library: add remaining changes for the new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
0d2980f117
pk: adapt to new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
fd122f4e95
ecp: introduce new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
969e206e28
remove PSA_HAVE_FULL_JPAKE symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 10:55:25 +02:00
Valerio Setti
6f66664ed6
remove PSA_HAVE_FULL_ECDSA symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 10:54:22 +02:00
Valerio Setti
48859cc7d8
remove PSA_HAVE_FULL_ECDH symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 10:50:47 +02:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing
...
Add missing md.h includes
2023-04-11 09:32:17 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
Pengyu Lv
723ac268e7
ssh_cache: Add back description of other errors for cache getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 09:19:08 +08:00
Pengyu Lv
e3746d7ce6
ssl_cache: Error renaming and document improvement
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-10 14:40:03 +08:00
Ronald Cron
b828c7d3de
Fix, improve and add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93
tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Przemek Stekiel
21903ec860
Fix after rebase
...
Handle manually functions that have been moved to different locations.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
8a13866f65
Remove parsing of rfc822Name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
9a511c5bdf
Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
toth92g
8d435a0c8b
Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.
...
Also updated the x509_get_general_names function to be able to parse rfc822Names
Test are also updated according these changes.
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
a41954d0cf
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
...
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Andrzej Kurek
1b75e5f784
Add missing md.h includes
...
MBEDTLS_MD_CAN_SHAXXX are defined there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-04 09:55:06 -04:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
...
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
...
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00