Commit graph

5794 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e ECJPAKE: always use MD light
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
235a933f99 PSA hash algs must be a superset of built-ins
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
534d64d67e MD no longer depends on a built-in hash
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
97fd217748
Merge pull request #7318 from tom-cosgrove-arm/update-mbedtls_have_asm-requirements-in-mbedtls_config.h
Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
2023-03-20 18:22:25 +00:00
Tom Cosgrove
f586aa2af2 Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-20 14:45:27 +00:00
Valerio Setti
5d1f29e700 ssl_tls: fix guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Dave Rodgman
f918d42332 Tidy up ARMCE terminology
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:23 +00:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard
9d698df4f4 Further clarify a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
a9ab4a2d60 Clarify a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
39a376a417 Finish removing HMAC from MD-light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
d8ea37f1a3 Add engine field to context structure
For multi-part operations, we want to make the decision to use PSA or
not only once, during setup(), and remember it afterwards. This supports
the introduction, in the next few commits, of a dynamic component to
that decision: has the PSA driver sub-system been initialized yet?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
83d9e09b15 Switch metadata functions to the PSA-aware availability symbols
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
416d0e2b01 Introduce preprocessor symbols for MD algorithm support via PSA
These new symbols will allow code to call the md module and benefit from PSA
accelerator drivers. Code must use MBEDTLS_MD_CAN_xxx instead of
MBEDTLS_xxx_C to check for support for a particular algorithm.

This commit only defines the symbols. Subsequent commits will implement
those symbols in the md module, and in users of the md module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Valerio Setti
82b484ecbc ecjpake: fix guards for driver only builds
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 08:21:44 +01:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Jan Bruckner
a0589e75a0 Changes from review
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-15 11:04:45 +01:00
Dave Rodgman
b599562033
Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234
Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems
2023-03-15 09:04:44 +00:00
Yanray Wang
83548b5c10 fix inappropriate description for function in RSA
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:49:52 +08:00
Yanray Wang
12cb39661c rsa.c: provide interface to get hash_id of RSA context
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:42:48 +08:00
Yanray Wang
a730df6f86 rsa.c: provide interface to get padding mode of RSA context
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-15 16:42:26 +08:00
Manuel Pégourié-Gonnard
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
Pengyu Lv
0b9c012f21 ssl_cache: return the error code for mutex failure
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 14:37:32 +08:00
Dave Rodgman
023c8853ac
Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce
Add CPU modifier for AESCE
2023-03-14 15:58:57 +00:00
Przemek Stekiel
c0e6250ff9 Fix documentation and tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 11:49:36 +01:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Dave Rodgman
cdaaef52f4
Update include/mbedtls/pkcs7.h
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-14 07:13:50 +00:00
Dave Rodgman
bcc92d4f03
Update include/mbedtls/pkcs7.h
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-14 07:13:44 +00:00
Jerry Yu
fbf9523449 Revert "Add experimental warning"
This reverts commit be510fe470.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-14 10:33:32 +08:00
Przemek Stekiel
fde112830f Code optimizations and documentation fixes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-13 16:28:27 +01:00
Dave Rodgman
efbc5f7322 Update wording in comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-13 12:15:49 +00:00
Jerry Yu
be510fe470 Add experimental warning
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 11:26:35 +08:00
Jerry Yu
be78386681 Remove documents about command line options.
After this PR, the issue has been fixed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-03-13 10:58:41 +08:00
Przemek Stekiel
18cd6c908c Use local macros for j-pake slient/server strings
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Przemek Stekiel
d7f6ad7bc8 Minor fixes (comments, cleanup)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-12 16:59:28 +01:00
Dave Rodgman
25b2dfa6da Fix comment typo
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
957cc36be9 Improve wording; use PKCS #7 not PKCS7
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
3fe2abf306 Apply suggestions from code review
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Dave Rodgman
7c33b0cac6 Remove pre-production warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00