mbedtls

Author	SHA1	Message	Date
Valerio Setti	ddba51e6c9	psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa" Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard	454ab28be5	Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1 Fix incorrect test data for SECP_R1 in automatically generated tests	2024-01-09 09:21:14 +00:00
Valerio Setti	dd2afcd881	Revert "psa_util: add algorithm's availability checks for MD conversion functions" This reverts commit `3d2e0f5f42`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 08:41:29 +01:00
Valerio Setti	cd38f27206	Revert "psa_util: fix typo in comment" This reverts commit `98f5db9fca`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 08:41:03 +01:00
Valerio Setti	d5cab81405	mbedtls_config: update documentation for CIPHER_C and CRYPTO_C Adding auto-enablement sections. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 07:23:33 +01:00
Valerio Setti	9772642b8c	adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 07:23:33 +01:00
Valerio Setti	1aaffec7cf	Revert "check_config: add check for PSA builtin unauthenticated ciphers" This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Valerio Setti	c95ab2a1a0	mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Valerio Setti	95c32973f9	check_config: add check for PSA builtin unauthenticated ciphers Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-08 16:57:18 +01:00
Manuel Pégourié-Gonnard	4aad0ff510	Merge pull request #8632 from valeriosetti/issue8598 [G5] Make block_cipher work with PSA	2024-01-08 08:07:53 +00:00
Valerio Setti	98f5db9fca	psa_util: fix typo in comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-05 18:17:38 +01:00
Manuel Pégourié-Gonnard	5bad043c06	Merge pull request #8641 from valeriosetti/issue8358 G3-G4 wrap-up	2024-01-04 10:48:00 +00:00
Gilles Peskine	44d557c52d	Indicate which curves Mbed TLS supports Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:59:38 +01:00
Gilles Peskine	6e2069661e	Note unusual curve size Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:59:03 +01:00
Gilles Peskine	2a22dac694	Fix typo in curve name Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-03 20:58:55 +01:00
Gilles Peskine	39b7bba8a0	Make input parameter const Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-01-02 17:56:54 +01:00
Dave Rodgman	1cc90a1003	Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910 Fixes redundant declarations for psa_set_key_domain_parameters	2024-01-02 16:34:40 +00:00
Valerio Setti	6315441be7	adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling CCM/GCM can be either fully accelerated or rely on just the key type being accelerated. This means that ultimately it is just the key type which determines if the legacy block cipher modes need to be auto-enabled or not. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 17:21:01 +01:00
Valerio Setti	3d2e0f5f42	psa_util: add algorithm's availability checks for MD conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 14:57:47 +01:00
Valerio Setti	45c3cae8a5	md: move PSA conversion functions from md_psa.h to psa_util.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 13:26:04 +01:00
Valerio Setti	e581e140cc	oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C This commit also updates test_suite_pkparse.data file adding MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-29 16:35:58 +01:00
Valerio Setti	1994e72e18	check_config/block_cipher: minor improvements Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-28 18:33:04 +01:00
Valerio Setti	e98ad5931a	mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-28 10:42:12 +01:00
Gilles Peskine	62e33bcc64	New function mbedtls_ecp_write_public_key Directly export the public part of a key pair without having to go through intermediate objects (using mbedtls_ecp_point_write_binary would require a group object and a point object). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-24 15:23:19 +01:00
Gilles Peskine	ad5e437c8e	mbedtls_ecp_read_key: explain how to set the public key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-24 15:23:19 +01:00
Gilles Peskine	7ea72026cd	New function mbedtls_ecp_keypair_calc_public For when you calculate or import a private key, and then need to calculate the public key. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Gilles Peskine	28240323d3	New function mbedtls_ecp_set_public_key Set the public key in a key pair. This complements mbedtls_ecp_read_key and the functions can be used in either order. Document the need to call check functions separately. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Gilles Peskine	091a85a762	Promise mbedtls_ecp_read_key doesn't overwrite the public key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Gilles Peskine	ba5b5d67aa	Support partial export from mbedtls_ecp_keypair Sometimes you don't need to have all the parts of a key pair object. Relax the behavior of mbedtls_ecp_keypair so that you can extract just the parts that you need. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Gilles Peskine	e6886102ef	New function mbedtls_ecp_keypair_get_group_id Add a simple function to get the group id from a key object. This information is available via mbedtls_ecp_export, but that function consumes a lot of memory, which is a waste if all you need is to identify the curve. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-22 21:30:03 +01:00
Valerio Setti	6d3a68162c	check_config: remove CIPHER_C requirement for PKCS[5/12] Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-21 16:40:03 +01:00
Valerio Setti	a69e872001	pkcs[5/12]: add CIPHER_C for [en/de]crypting functions This commit also updates corresponding test suites. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-21 16:39:04 +01:00
Waleed Elmelegy	049cd302ed	Refactor record size limit extension handling Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-20 17:28:31 +00:00
Tomi Fontanilles	851d8df58d	fix/work around dependency issues when !MBEDTLS_ECP_C Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>	2023-12-20 13:09:27 +02:00
Tomi Fontanilles	bad170e159	pk: remove last references to MBEDTLS_PSA_CRYPTO_C They are replaced by MBEDTLS_USE_PSA_CRYPTO. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>	2023-12-20 12:59:57 +02:00
Tomi Fontanilles	8174662b64	pk: implement non-PSA mbedtls_pk_sign_ext() This makes the function always available with its its implementation depending on MBEDTLS_USE_PSA_CRYPTO. Related dependencies and tests are updated as well. Fixes #7583. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>	2023-12-20 12:59:57 +02:00
Tomi Fontanilles	a70b3c24f6	rsa: minor comment/guard improvements This brings some improvements to comments/ function prototypes that relate to PKCS#1. Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>	2023-12-20 12:59:57 +02:00
Valerio Setti	689c0f71cb	tests: use new CCM/GCM capability macros in tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-20 09:54:18 +01:00
Valerio Setti	bfa675fe48	adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-20 09:52:08 +01:00
Gilles Peskine	1a9e05bf08	Note that domain parameters are not supported with drivers Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-19 12:23:22 +01:00
Gilles Peskine	5ad9539363	Remove DSA and DH domain parameters from the documentation Mbed TLS doesn't support DSA at all, and doesn't support domain parameters for FFDH (only predefined groups). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-19 12:22:46 +01:00
Gilles Peskine	9deb54900e	Document the domain_parameters_size==SIZE_MAX hack It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not documented. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-12-18 21:01:18 +01:00
Bence Szépkúti	a085fa8ccf	Merge pull request #8627 from tom-cosgrove-arm/ip_len Avoid use of `ip_len` as it clashes with a macro in AIX system headers	2023-12-18 02:03:17 +00:00
Valerio Setti	4ff405cf80	block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t This information was redundant with the already existing mbedtls_block_cipher_id_t. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-15 16:10:52 +01:00
Valerio Setti	bd7528a592	ccm/gcm: use BLOCK_CIPHER whenever possible Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	4a5d57d225	adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available As a consequence BLOCK_CIPHER will be enabled when: - CIPHER_C is not defined - a proper driver is present for one of AES, ARIA and/or Camellia key types Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	2684e3f2e3	config_adjust_legacy_crypto: fix typo Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	291571b447	block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	849a1abfdd	block_cipher: remove useless use of psa_cipher_operation_t Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	4bc7fac99a	crypto_builtin_composites: add missing guards for includes Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	c0f9bbca2c	check_config: use new helpers for legacy GCM_C/CCM_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	8bba087fe1	adjust_legacy_crypto: add helpers for block ciphers capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Valerio Setti	c1db99d3f5	block_cipher: add PSA dispatch if possible "if possible" means: - PSA has been initialized - requested key type is available in PSA Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-14 18:08:14 +01:00
Joakim Andersson	b349108b99	library: Move mbedtls_ecc helper functions to psa_util Move the mbedtls_ecc helper functions from psa_core to psa_util. These files are not implemented as part of the PSA API and should not be part of the PSA crypto implementation. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>	2023-12-14 13:55:11 +01:00
Tom Cosgrove	656d4b3c74	Avoid use of `ip_len` as it clashes with a macro in AIX system headers Fixes #8624 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-12-08 21:51:15 +00:00
Gilles Peskine	57e401b39f	Merge pull request #8521 from valeriosetti/issue8441 [G4] Make CTR-DRBG fall back on PSA when AES not built in	2023-12-06 18:25:44 +00:00
Waleed Elmelegy	9aec1c71f2	Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-06 15:18:15 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Ronald Cron	40f3f1c36f	Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data TLS 1.3 EarlyData SRV: Parsing 0-RTT data	2023-12-06 06:47:32 +00:00
Valerio Setti	83e0de8481	crypto_extra: revert changes to mbedtls_psa_random_free() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:42 +01:00
Valerio Setti	7ab90723c4	mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:42 +01:00
Valerio Setti	402cfba4dc	psa: free RNG implementation before checking for remaining open key slots Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:41 +01:00
Valerio Setti	5f4b28defc	ctr_drbg: add alternative PSA implementation when AES_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:41 +01:00
Valerio Setti	fbefe04bf3	check_config: fix requirements for CTR_DRBG The module now depends on either: - AES_C, which is the default and the preferred solution for backward compatibility - CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the new solution when AES_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-04 11:04:41 +01:00
Manuel Pégourié-Gonnard	3d12d65946	Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12 pkcs[5/12]: use cipher enums for encrypt and decrypt	2023-12-04 10:03:02 +00:00
Valerio Setti	4577bda6d5	pkcs[5\|12]: use cipher enums for encrypt and decrypt Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values are to be used with the mbedtls_cipher_setkey() function, ensure that their value matches with enums in cipher.h. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-01 16:51:24 +01:00
Jerry Yu	e32fac3d23	remove wait_flight2 state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:25:16 +08:00
Dave Rodgman	59059ec503	Merge remote-tracking branch 'origin/development' into msft-aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-30 09:34:41 +00:00
Janos Follath	c6f1637f8c	Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction Make mutex abstraction and tests thread safe	2023-11-29 13:26:23 +00:00
Manuel Pégourié-Gonnard	6b5cedf51f	Merge pull request #8547 from valeriosetti/issue8483 [G2] Make PSA-AEAD work with cipher-light	2023-11-29 08:53:42 +00:00
Valerio Setti	919e3fa729	check_config: fix guards for PSA builtin implementation of cipher/AEAD While the PSA builtin implementation of cipher still depends on CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not defined, BLOCK_CIPHER_C is used instead, thus making it possible to support AEADs without CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-28 11:45:38 +01:00
Valerio Setti	b1cf8aeda4	adjust_psa_from_legacy: add required CIPHER_C dependencies Some PSA_WANT symbols do not have a 1:1 matching with legacy ones. For example, previous to this commit: - CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG even thought the two are not equivalent (authenticated VS non-authenticated). - there was no legacy equivalent for ECB_NO_PADDING What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation depends on CIPHER_C. Therefore this commits adds this guards to select whether or not to enable the above mentioned PSA_WANT symbols. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-28 11:45:38 +01:00
Manuel Pégourié-Gonnard	11c3fd1f73	Merge pull request #8568 from yanrayw/issue/8356/block_cipher_no_decrypt_cleanup Driver-only: G1: clean up for BLOCK_CIPHER_NO_DECRYPT	2023-11-28 08:49:48 +00:00
Manuel Pégourié-Gonnard	294f5d7ea9	Merge pull request #8540 from valeriosetti/issue8060 [G2] Make CCM and GCM work with the new block_cipher module	2023-11-28 08:18:45 +00:00
Dave Rodgman	9fbac381e6	Merge pull request #8326 from daverodgman/aesce-thumb2 Support hw-accelerated AES on Thumb and Arm	2023-11-27 09:58:58 +00:00
Yanray Wang	16b00f9522	mbedtls_config: improve documentation for BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-27 15:52:28 +08:00
Yanray Wang	690ee81533	Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only	2023-11-23 10:31:26 +08:00
Dave Rodgman	2e342f6938	Merge pull request #8546 from BrianX7c/development [cipher.h] Arithmetic overflow in binary left shift operation	2023-11-22 19:36:25 +00:00
Jerry Yu	7d8c3fe12c	Add wait flight2 state. The state is come from RFC8446 section A.2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-22 16:48:39 +08:00
Yanray Wang	55933a3e9c	tls13: fix a wrong RFC reference section Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 16:34:16 +08:00
Manuel Pégourié-Gonnard	d4dc354185	Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard ssl_tls: add missing macro guard	2023-11-21 14:57:47 +00:00
Jerry Yu	04fceb782b	Add freshness check information into document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	342a555eef	rename ticket received Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	25ba4d40ef	rename `ticket_creation` to `ticket_creation_time` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	034a8b77d1	Update document of ticket age tolerance Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	8cf44953b2	guards ticket creation field Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	702fc590ed	Add ticket_creation field Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	03511b00aa	Replace c99 fmt macro For c99 compatible compilers, we use PRI64d and others use official fix. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	cebffc3446	change time unit of ticket to milliseconds Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Gilles Peskine	473ff34d59	Merge pull request #8489 from valeriosetti/issue8482 Make CCM* and CCM independent	2023-11-20 14:07:14 +00:00
Ronald Cron	97137f91b6	Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field TLS 1.3 EarlyData: add `max_early_data_size` field for ticket	2023-11-20 08:04:57 +00:00
BrianX7c	5c7ab6fe86	[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT) Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>	2023-11-18 11:07:37 +01:00
Paul Elliott	9e25936241	Rename mutex->is_valid to mutex->state Rename struct member to make it more representative of its current use. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:14:16 +00:00
Paul Elliott	3774637518	Make threading helpers tests thread safe Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:13:49 +00:00
Paul Elliott	5fa986c8cb	Move handling of mutex->is_valid into threading_helpers.c This is now a field only used for testing. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:13:05 +00:00
Valerio Setti	9b7a8b2a0c	ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 11:48:00 +01:00
Valerio Setti	8db46e4ee1	check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C or BLOCK_CIPHER_C and the latter is auto-enabled in case the former is not enabled. As a consequence there is no need to enforce the dependency on CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 10:58:27 +01:00
Valerio Setti	dbfd6a9f62	adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 10:56:00 +01:00
Yanray Wang	4ed8691f6d	ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-16 15:20:57 +08:00
Manuel Pégourié-Gonnard	dc848955d6	Merge pull request #8519 from mpg/block-cipher [G2] Add internal module block_cipher	2023-11-15 11:53:22 +00:00
Manuel Pégourié-Gonnard	9e80a91f27	Merge pull request #8164 from yanrayw/adjust_tfm_configs Adjust how we handle TF-M config files	2023-11-15 08:21:27 +00:00
Valerio Setti	a56eb46ce6	adjust_legacy_from_psa: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:18:14 +01:00
Valerio Setti	c2d68f5611	adjust_legacy_from_psa: treat CCM and CCM* separately Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:16:37 +01:00
Valerio Setti	cab5eff98c	adjust_config_synonyms: make CCM and CCM* indipendent Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:16:37 +01:00
Jerry Yu	fedaeb21b3	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-15 13:59:07 +08:00
Jerry Yu	6c485dad44	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-15 10:18:47 +08:00
Manuel Pégourié-Gonnard	752dd39a69	Merge pull request #8508 from valeriosetti/issue6323 [G3] Driver-only cipher+aead: TLS: ssl-opt.sh	2023-11-14 11:39:06 +00:00
Jerry Yu	1b23bce4a2	improve brief description of conf_sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-13 13:45:14 +08:00
Tom Cosgrove	08ea9bfa1f	Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data TLS 1.3: Rename early_data and max_early_data_size configuration function	2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard	5f3361c0c6	Temporary hack to pacify check_names.py Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-11-10 12:24:11 +01:00
Manuel Pégourié-Gonnard	21718769d1	Start adding internal module block_cipher.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-11-10 11:21:17 +01:00
Valerio Setti	01c4fa3e88	ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-10 08:12:07 +01:00
Yanray Wang	111159b89c	BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-10 15:03:23 +08:00
Matthias Schulz	5a39c4ecf2	Fixes https://github.com/Mbed-TLS/mbedtls/issues/6910 as proposed in https://github.com/Mbed-TLS/mbedtls/issues/6910#issuecomment-1573301661 Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-09 15:53:01 +01:00
Jerry Yu	53c4a0da07	Improve documents Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-09 10:38:17 +08:00
Gilles Peskine	4dec9ebdc2	Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 Fixes "CSR parsing with critical fields fails"	2023-11-08 18:07:04 +00:00
Dave Rodgman	9eb2abd1e0	Add docs re Everest license Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:17 +00:00
Dave Rodgman	28d40930ae	Restore bump version Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:08 +00:00
Dave Rodgman	edb8fec988	Add docs re Everest license Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:36:00 +00:00
Yanray Wang	d137da5a93	check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-08 19:17:44 +08:00
Yanray Wang	30769696e7	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-11-08 10:00:24 +08:00
Matthias Schulz	c55b500343	Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-07 16:47:37 +01:00
Yanray Wang	0751761b49	max_early_data_size: rename configuration function Rename mbedtls_ssl_tls13_conf_max_early_data_size as mbedtls_ssl_conf_max_early_data_size since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:34 +08:00
Yanray Wang	d5ed36ff24	early data: rename configuration function Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:24 +08:00
Yanray Wang	0d76b6ef76	Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Yanray Wang	956aa00202	check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Gilles Peskine	8b6b41f6cd	Merge pull request #8434 from valeriosetti/issue8407 [G2] Make TLS work without Cipher	2023-11-04 15:05:00 +00:00
Dave Rodgman	bb5a18344a	Bump version ./scripts/bump_version.sh --version 3.5.1 --so-crypto 15 --so-x509 6 --so-tls 20 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:31:30 +00:00
Dave Rodgman	e3c05853d6	Header updates Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:21:36 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Yanray Wang	b799eea123	check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-02 12:38:01 +08:00
Yanray Wang	e367e47be0	mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT With the introduction of negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable it through PSA. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-02 12:36:41 +08:00
Dave Rodgman	b351d60e99	Merge remote-tracking branch 'origin/development' into msft-aarch64	2023-11-01 13:20:53 +00:00
Yanray Wang	b67b47425e	Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-31 17:22:06 +08:00
Yanray Wang	5779096753	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-10-31 13:39:07 +08:00
Valerio Setti	d531dab4f6	check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO TLS code already implements proper dispatching to either builtin or PSA implementations based on USE_PSA guards, so we can improve the check_config guards to reflect this. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:36:32 +01:00
Jerry Yu	2c46ca3474	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 17:32:20 +08:00
Jerry Yu	83536c23f3	Add translation ruler into document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 16:18:21 +08:00
Jerry Yu	01c7356944	Add deprecated flag in document for sig_hashes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-27 17:03:20 +08:00
Valerio Setti	c5d9dd262b	adjust_psa_from_legacy: enable ALG_STREAM_CIPHER on when CIPHER_C is defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-27 09:12:06 +02:00
Valerio Setti	c1d50b6314	check_config: fix dependency of PSA_CRYPTO_C on CIPHER_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-27 09:12:06 +02:00
Ronald Cron	95b735530c	Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello TLS 1.3: EarlyData SRV: Add early data extension parser.	2023-10-26 08:31:53 +00:00
Dave Rodgman	6e51abf11d	Merge remote-tracking branch 'origin/development' into msft-aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 15:17:11 +01:00
Dave Rodgman	48b965d941	Update clang version requirements Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	4b8e8dc043	Improve compiler version checking + docs + testing for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	18838f6c1a	Fix docs for MBEDTLS_AESCE_C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	d69d3cda34	Merge pull request #8298 from daverodgman/sha-armce-thumb2 Support SHA256 acceleration on Armv8 thumb2 and arm	2023-10-24 21:23:15 +00:00
Dave Rodgman	514590210b	Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-23 15:35:07 +01:00
Valerio Setti	bd24d95c27	legacy_from_psa: fix support for PSA_ACCEL_ALG_[STREAM_CIPHER/ECB_NO_PADDING] Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-23 15:01:52 +02:00

1 2 3 4 5 ...

6718 commits