Valerio Setti
a45a399a6b
lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
...
Symbols defined starting from MBEDTLS_INTERNAL_VALIDATE[_RET]
are removed as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:15 +01:00
Valerio Setti
cc0fd47531
platform_util: remove declarations of MBEDTLS_INTERNAL_VALIDATE[_RET]()
...
These macros end up as being always "empty", so they
can be removed.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 10:19:52 +01:00
Valerio Setti
0a6acf8db4
adjust_legacy_from_psa: use EC pattern for enabling builtin elements of DH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:09 +01:00
Valerio Setti
c22bb7a0a4
adjust_legacy_from_psa: optimize legacy enablement also for EC key types
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:06 +01:00
Valerio Setti
bcf0fc5119
adjust_legacy_crypto: add parenthesis to improve clarity
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:53:28 +01:00
Valerio Setti
48e4167ced
adjust_legacy_from_psa: improve pattern for enabling internal symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 10:34:32 +01:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc
...
Mbedtls 3.5.2rc
2024-01-25 12:22:54 +00:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen
...
Improve codegen of unaligned access for IAR and gcc
2024-01-25 08:31:45 +00:00
Gilles Peskine
9cd2e9ad1b
mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C
...
Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:10:50 +01:00
Valerio Setti
688f795cb3
asn1: use the new symbol to guard dependencies of ECDSA conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
f4d2dc2d77
psa_util: guard ECDSA conversion functions with proper (internal) symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
c22e3ce8ef
psa_util: remove CRYPTO_C guard from ECDSA conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:31 +01:00
Valerio Setti
99c0369d31
psa_util: add include asn1write.h in public header
...
This is mandatory to have support for the error codes defined
in the asn1write.h header file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
84890c9be2
psa_util: improve description for ECDSA conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
75501f5ede
psa_util: add raw<->DER ECDSA conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
b0498ef995
adjust_legacy_from_psa: use intermediate symbol to enable builtin support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 15:55:33 +01:00
Antonio de Angelis
667cad5b81
Put the id field at the end of the psa_key_attributes_s structure
...
Putting the id at the of the psa_key_attributes_s structure allows
for a more efficient marshalling of the parameters around a transport
channel which provides separation between a client view and a service
view of the key parameters.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-24 13:34:48 +00:00
Valerio Setti
2ddabb34d6
config_adjust_legacy: do not auto-enable PK when RSA is enabled in PSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Dave Rodgman
13f2f4e7f1
Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc
2024-01-24 09:49:15 +00:00
Gilles Peskine
0b17255da1
Introduce mbedtls_pk_get_psa_attributes
...
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381
, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)
This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Dave Rodgman
e23d6479cc
Bump version
...
./scripts/bump_version.sh --version 3.5.1
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Janos Follath
393df9c995
Add warning for PKCS 1.5 decryption
...
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.
In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf ) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.
They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.
This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.
Add a warning to PKCS 1.5 decryption to warn users about this.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Antonio de Angelis
90d18343ce
Update the initialization macros
...
The initializatio macros need to be updated to support the case
where the crypto client view of the structures is being initialized
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-22 13:15:39 +00:00
Antonio de Angelis
6425a188df
Add a client view of the multipart contexts
...
In case MBEDTLS_PSA_CRYPTO_CLIENT is defined and MBEDTLS_PSA_CRYPTO_C
is not, a client view of the multipart operation contexts is provided
through an handle object that allows mapping to the corresponding
service side data structures.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-22 11:39:36 +00:00
Janos Follath
fb12d9204d
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
...
Implement the key slot mutex
2024-01-19 20:49:18 +00:00
Dave Rodgman
336efeec50
Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 16:38:53 +00:00
Ryan Everett
558da2ffd3
Move key_slot_mutex to threading.h
...
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 12:59:28 +00:00
Valerio Setti
639d5678b5
pk: move mbedtls_pk_load_file to pk_internal
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-19 09:07:39 +01:00
Valerio Setti
25b282ebfe
x509: move internal functions declarations to a private header
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-19 09:07:35 +01:00
Valerio Setti
b4f5076270
debug: move internal functions declarations to an internal header file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:30:46 +01:00
Valerio Setti
d929106f36
ssl_ciphersuites: move internal functions declarations to a private header
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:08:28 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Ryan Everett
0e3b677cf4
Support PSA_ERROR_SERVICE_FAILURE
...
To be returned in the case where mbedtls_mutex_lock and
mbedtls_mutex_unlock fail.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:29 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial
...
ECP keypair utility functions
2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
...
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Valerio Setti
de50413009
crypto_sizes: adjust PSA_VENDOR_FFDH_MAX_KEY_BITS based on the supported groups
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 15:56:30 +01:00
Valerio Setti
fecef8bc8e
config_adjust: fix adjustments between legacy and PSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 15:56:26 +01:00
Valerio Setti
bbff303fe1
crypto_config: define feature macros for DH keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 11:47:44 +01:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Manuel Pégourié-Gonnard
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api
...
Add deprecated flag in document for sig_hashes
2024-01-11 09:33:10 +00:00
Ryan Everett
ae0b4bd04c
Add more details to comments
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-10 19:19:10 +00:00
Waleed Elmelegy
09561a7575
Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Valerio Setti
39faa9cad4
psa_util: rename parameter of mbedtls_ecc_group_from_psa
...
The new name better reflects the fact that the 1st parameter
is just the EC family and not the curve.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:53 +01:00
Valerio Setti
d0aa9c1316
psa_util: update documentation for PSA conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:53 +01:00
Valerio Setti
eca07140f3
psa_util: update documentation of EC conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
0e608807e3
psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
3b7663de29
psa_util: update the documentation of ECC conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
d36c313b53
psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
ddba51e6c9
psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa"
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard
454ab28be5
Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1
...
Fix incorrect test data for SECP_R1 in automatically generated tests
2024-01-09 09:21:14 +00:00
Valerio Setti
dd2afcd881
Revert "psa_util: add algorithm's availability checks for MD conversion functions"
...
This reverts commit 3d2e0f5f42
.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 08:41:29 +01:00
Valerio Setti
cd38f27206
Revert "psa_util: fix typo in comment"
...
This reverts commit 98f5db9fca
.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 08:41:03 +01:00
Valerio Setti
d5cab81405
mbedtls_config: update documentation for CIPHER_C and CRYPTO_C
...
Adding auto-enablement sections.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 07:23:33 +01:00
Valerio Setti
9772642b8c
adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 07:23:33 +01:00
Valerio Setti
1aaffec7cf
Revert "check_config: add check for PSA builtin unauthenticated ciphers"
...
This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-08 16:57:18 +01:00
Valerio Setti
c95ab2a1a0
mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-08 16:57:18 +01:00
Valerio Setti
95c32973f9
check_config: add check for PSA builtin unauthenticated ciphers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-08 16:57:18 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
...
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Valerio Setti
98f5db9fca
psa_util: fix typo in comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-05 18:17:38 +01:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
...
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Gilles Peskine
44d557c52d
Indicate which curves Mbed TLS supports
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:59:38 +01:00
Gilles Peskine
6e2069661e
Note unusual curve size
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:59:03 +01:00
Gilles Peskine
2a22dac694
Fix typo in curve name
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:58:55 +01:00
Gilles Peskine
39b7bba8a0
Make input parameter const
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 17:56:54 +01:00
Dave Rodgman
1cc90a1003
Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910
...
Fixes redundant declarations for psa_set_key_domain_parameters
2024-01-02 16:34:40 +00:00
Valerio Setti
6315441be7
adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling
...
CCM/GCM can be either fully accelerated or rely on just the key type
being accelerated. This means that ultimately it is just the key
type which determines if the legacy block cipher modes need to
be auto-enabled or not.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 17:21:01 +01:00
Valerio Setti
3d2e0f5f42
psa_util: add algorithm's availability checks for MD conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 14:57:47 +01:00
Valerio Setti
45c3cae8a5
md: move PSA conversion functions from md_psa.h to psa_util.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:26:04 +01:00
Valerio Setti
e581e140cc
oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
...
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Valerio Setti
1994e72e18
check_config/block_cipher: minor improvements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:04 +01:00
Valerio Setti
e98ad5931a
mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 10:42:12 +01:00
Gilles Peskine
62e33bcc64
New function mbedtls_ecp_write_public_key
...
Directly export the public part of a key pair without having to go through
intermediate objects (using mbedtls_ecp_point_write_binary would require a
group object and a point object).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-24 15:23:19 +01:00
Gilles Peskine
ad5e437c8e
mbedtls_ecp_read_key: explain how to set the public key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-24 15:23:19 +01:00
Gilles Peskine
7ea72026cd
New function mbedtls_ecp_keypair_calc_public
...
For when you calculate or import a private key, and then need to calculate
the public key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
28240323d3
New function mbedtls_ecp_set_public_key
...
Set the public key in a key pair. This complements mbedtls_ecp_read_key and
the functions can be used in either order.
Document the need to call check functions separately.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
091a85a762
Promise mbedtls_ecp_read_key doesn't overwrite the public key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
ba5b5d67aa
Support partial export from mbedtls_ecp_keypair
...
Sometimes you don't need to have all the parts of a key pair object. Relax
the behavior of mbedtls_ecp_keypair so that you can extract just the parts
that you need.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Gilles Peskine
e6886102ef
New function mbedtls_ecp_keypair_get_group_id
...
Add a simple function to get the group id from a key object.
This information is available via mbedtls_ecp_export, but that function
consumes a lot of memory, which is a waste if all you need is to identify
the curve.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 21:30:03 +01:00
Valerio Setti
6d3a68162c
check_config: remove CIPHER_C requirement for PKCS[5/12]
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-21 16:40:03 +01:00
Valerio Setti
a69e872001
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
...
This commit also updates corresponding test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-21 16:39:04 +01:00
Waleed Elmelegy
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Tomi Fontanilles
851d8df58d
fix/work around dependency issues when !MBEDTLS_ECP_C
...
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
2023-12-20 13:09:27 +02:00
Tomi Fontanilles
bad170e159
pk: remove last references to MBEDTLS_PSA_CRYPTO_C
...
They are replaced by MBEDTLS_USE_PSA_CRYPTO.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64
pk: implement non-PSA mbedtls_pk_sign_ext()
...
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes #7583 .
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Tomi Fontanilles
a70b3c24f6
rsa: minor comment/guard improvements
...
This brings some improvements to comments/
function prototypes that relate to PKCS#1.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
2023-12-20 12:59:57 +02:00
Valerio Setti
689c0f71cb
tests: use new CCM/GCM capability macros in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:54:18 +01:00
Valerio Setti
bfa675fe48
adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-20 09:52:08 +01:00
Gilles Peskine
1a9e05bf08
Note that domain parameters are not supported with drivers
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-19 12:23:22 +01:00
Gilles Peskine
5ad9539363
Remove DSA and DH domain parameters from the documentation
...
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-19 12:22:46 +01:00
Gilles Peskine
9deb54900e
Document the domain_parameters_size==SIZE_MAX hack
...
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-18 21:01:18 +01:00
Bence Szépkúti
a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len
...
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
2023-12-18 02:03:17 +00:00
Valerio Setti
4ff405cf80
block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t
...
This information was redundant with the already existing mbedtls_block_cipher_id_t.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-15 16:10:52 +01:00
Valerio Setti
bd7528a592
ccm/gcm: use BLOCK_CIPHER whenever possible
...
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
4a5d57d225
adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available
...
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
2684e3f2e3
config_adjust_legacy_crypto: fix typo
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
291571b447
block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
849a1abfdd
block_cipher: remove useless use of psa_cipher_operation_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00
Valerio Setti
4bc7fac99a
crypto_builtin_composites: add missing guards for includes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-14 18:08:14 +01:00