Minos Galanakis
31f0b452c7
ecp_curves: Reintroduced input checking for
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-23 09:57:09 +01:00
Minos Galanakis
65c386ee3d
ecp_curves: Switched to dynamic memory for
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-23 09:57:09 +01:00
Minos Galanakis
2daa374ea8
ecp_curves: Minor refactoring of mbedtls_ecp_mod_p255_raw()
...
* Fixed whitespace issues.
* Renamed variables to align with bignum conventions.
* Updated alignment on test input data.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-23 09:57:09 +01:00
Dave Rodgman
7613b3d6b8
Fix xor fail for large block size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-23 08:16:01 +01:00
Dave Rodgman
262d8ced79
Fix AES-CBC for in-place operation
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 23:13:45 +01:00
Minos Galanakis
d0292c2aca
ecp_curves: Refactored mbedtls_ecp_mod_p255
.
...
This patch introduces following methods, as implemented in the
design prototype, and updates them to utilise the _core methods
available for multiplication and addition.
* `mbedtls_ecp_mod_p255()`
* `mbedtls_ecp_mod_p255_raw()`
An entry has been exposed in the `ecp_invasive.h` header
to facilitate testing.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-22 22:22:32 +01:00
YxC
da609130f3
fix: correct calling to time function in tls13 client&server
...
Call `mbedtls_time` to handle the case when MBEDTLS_PLATFORM_TIME_MACRO is defined
Signed-off-by: Yuxiang Cao <yuxiang.cao@fortanix.com>
2023-05-22 13:22:00 -07:00
Dave Rodgman
797c4ff365
Make AES-CBC more efficient
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 19:42:22 +01:00
Dave Rodgman
6f40f8bf01
Add NEON to mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-22 18:22:07 +01:00
Valerio Setti
016264b6cb
pk: fix a return value and a typo in comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-22 18:40:35 +02:00
Valerio Setti
a7cb845705
pk: add checks for the returned ECC family
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-22 18:39:43 +02:00
Paul Elliott
26070670d6
Merge pull request #7565 from gabor-mezei-arm/7263_split_out_Koblitz_raw_functions
...
[Bignum] Split out _raw Koblitz reduction functions
2023-05-22 16:03:17 +01:00
Thomas Daubney
850a0797ca
Remove extraneous check in for loop condition
...
Issue 7529 uncovered an unrequired check in a for loop
condition in ssl_tls.c. This commit removes said check.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-05-22 12:05:03 +01:00
Valerio Setti
f57007dd1e
pk: fixing and improving comments
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-19 13:54:39 +02:00
Dave Rodgman
0805ad10b2
XOR perf improvements
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-19 11:48:10 +01:00
Dave Rodgman
68ef1d6ee6
Remove DIY SIZE_MAX definitions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-18 20:49:03 +01:00
Paul Elliott
9a11f8a122
Merge pull request #7573 from tom-cosgrove-arm/add-psa_want_alg_some_pake
...
Only include psa_pake_setup() and friends if some PAKE algorithms are required
2023-05-18 09:59:52 +01:00
Paul Elliott
aa266f29e6
Merge pull request #7602 from mprse/AuthorityKeyId_leak_fix
...
Fix for memory leak while parsing AuthorityKeyId ext
2023-05-18 09:57:56 +01:00
Andrzej Kurek
63a6a267a4
Check for overflows when writing x509 SANs
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
908716f097
Add missing RFC822_NAME case to SAN setting
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
e488c454ea
Remove unnecessary zeroization
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
dc22090671
Return an error on an unsupported SubjectAltName
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
c6215b0ce1
Add braces to a switch case
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Andrzej Kurek
1bc7df2540
Add documentation and a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 15:23:56 -04:00
Dave Rodgman
e4cbab6945
Merge pull request #7607 from daverodgman/pr6511
2023-05-17 19:11:56 +01:00
Paul Elliott
8203f2d89f
Merge pull request #7535 from minosgalanakis/ecp/7264_enable_core_shift_l
...
[Bignum] Adjust mbedtls_mpi_core_shift_l to use the core function
2023-05-17 18:45:44 +01:00
Valerio Setti
c1541cb3c7
pk: minor fixes (guards and a wrong assignment)
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 19:23:02 +02:00
Gabor Mezei
d56e6e008b
Add input parameter length check for the Koblitz reduction
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-17 17:51:19 +02:00
Andrzej Kurek
67fdb3307d
Add a possibility to write subject alt names in a certificate
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-17 11:45:36 -04:00
Gabor Mezei
fa3f74145b
Add documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-17 17:35:47 +02:00
Valerio Setti
483738ed67
tests: fixes for using the new public key raw format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:38:39 +02:00
Valerio Setti
d7ca39511f
tls12: use the the raw format for the public key when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:36:18 +02:00
Valerio Setti
7ca7b90bc7
debug: add support for printing the new EC raw format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:35:46 +02:00
Valerio Setti
a1b8af6869
pkwrap: update ECDSA verify and EC pair check to use the new public key
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:34:57 +02:00
Valerio Setti
4064dbbdb2
pk: update pkparse and pkwrite to use the new public key storing solution
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:33:07 +02:00
Valerio Setti
722f8f7472
pk: adding a new field to store the public key in raw format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 15:31:21 +02:00
Paul Elliott
c05f51ded9
Convert comments over to X rather than N
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-05-17 14:29:44 +01:00
Valerio Setti
4ac9d44d83
pk: fix typos in description of mbedtls_pk_ec_[ro/rw]
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-17 12:32:13 +02:00
Manuel Pégourié-Gonnard
b1c0afe484
Merge pull request #7595 from valeriosetti/deprecate_pk_ec
...
Set mbedtls_pk_ec() as internal function when ECP_C is not defined
2023-05-17 12:27:03 +02:00
Paul Elliott
6b1f7f101f
Use const where appropriate
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-05-16 17:51:48 +01:00
Paul Elliott
235c1947fb
Group memory allocations earlier
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-05-16 17:51:48 +01:00
Paul Elliott
34b08e5005
Convert over to using X, X_limbs
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-05-16 17:51:48 +01:00
Paul Elliott
4fa8334bae
Convert curve 448 to use ecp core functions
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-05-16 17:51:48 +01:00
Minos Galanakis
0144b35f7d
bignum: Updated mbedtls_mpi_shift_l
to use the core method.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-16 17:16:26 +01:00
Paul Elliott
f0806bee66
Merge pull request #7489 from minosgalanakis/ecp/7246_xtrack_core_shift_l
...
[Bignum]: Introduce left shift from prototype
2023-05-16 17:13:19 +01:00
Dave Rodgman
8508e50d3d
Make use of MBEDTLS_STATIC_ASSERT
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-16 16:43:48 +01:00
Dave Rodgman
ed59ea76a6
Document minimum size for DEBUG_BUF_SIZE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-16 16:42:40 +01:00
valord577
5bfcd1c63b
simplify code
...
Signed-off-by: valord577 <valord577@gmail.com>
2023-05-16 16:42:40 +01:00
valord577
176e92711c
code style
...
Signed-off-by: valord577 <valord577@gmail.com>
2023-05-16 16:42:40 +01:00
valord577
536893c22f
make code readable and change var name
...
Signed-off-by: valord577 <valord577@gmail.com>
2023-05-16 16:42:40 +01:00
valord577
24da0cd0f9
send debug msg if contains '\n'
...
Signed-off-by: valord577 <valord577@gmail.com>
2023-05-16 16:42:40 +01:00
Dave Rodgman
9ecf5f96df
Update library/debug.c
...
Fix trailing white-space
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-16 16:42:40 +01:00
valord577
25418ac734
Fix: no newline when debug msg over DEBUG_BUF_SIZE
...
Signed-off-by: valord577 <valord577@gmail.com>
2023-05-16 16:42:40 +01:00
Gabor Mezei
caac83c517
Fix comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-16 17:41:26 +02:00
Gabor Mezei
03558b847e
Add _raw
function to P256K1
...
Modified the testing to use the generic fast reduction test function.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-16 17:30:03 +02:00
Gabor Mezei
e42bb6294e
Add _raw
function to P224K1
...
Modified the testing to use the generic fast reduction test function.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-16 17:30:03 +02:00
Gabor Mezei
dacfe56370
Add _raw
function to P192K1
...
Modified the testing to use the generic fast reduction test function.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-16 17:29:57 +02:00
Paul Elliott
55a701afec
Merge pull request #7564 from gabor-mezei-arm/7262_fix_ouput_width_in_ecc_mod_koblitz
...
[Bignum] Fix output width in ecp_mod_koblitz()
2023-05-16 15:24:31 +01:00
Przemek Stekiel
0b11ee0888
Fix compilation errors(unused variables, guards)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-16 13:26:06 +02:00
Przemek Stekiel
690ff698f7
mbedtls_x509_crt_free: release authorityCertIssuer sequence
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-16 11:08:30 +02:00
Paul Elliott
926bcb04fe
Merge pull request #7532 from AndrzejKurek/remove-leading-zeroes-ip-parsing
...
Disallow leading zeroes when parsing IPv4 addresses
2023-05-15 13:59:10 +01:00
Paul Elliott
aba165b58c
Merge pull request #7586 from gilles-peskine-arm/gitignore-objects-at-root
...
Ignore *.o everywhere
2023-05-15 13:57:24 +01:00
Gabor Mezei
a274041190
Fix comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-15 14:50:17 +02:00
Valerio Setti
f70b3e08b1
pk: fix: explicilty set const in casted value in mbedtls_pk_ec_ro
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 12:57:40 +02:00
Valerio Setti
3f00b84dd1
pk: fix build issues
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 12:57:06 +02:00
Valerio Setti
77a75685ed
pk: align library and tests code to the new internal functions
...
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
the legacy version of that function is available in that
case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:18:46 +02:00
Valerio Setti
229bf1031f
pk: make mbedtls_pk_ec internal when !ECP_C
...
mbedtls_pk_ec() is not an ideal function because:
- it provides direct access to the ecp_keypair structure wrapped
by the pk_context and
- this bypasses the PK module's control
However, since for backward compatibility, it cannot be deprecated
immediately, 2 alternative internal functions are proposed.
As a consequence:
- when ECP_C is defined, then the legacy mbedtls_pk_ec is available
- when only ECP_LIGHT is defined, but ECP_C is not, then only the
new internal functions will be available
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-15 11:13:55 +02:00
Gilles Peskine
8075f76708
Ignore *.o everywhere
...
We don't commit *.o files anywhere, not even as test data. So ignore them
everywhere.
This resolves *.o files not being ignored under 3rdparty/p256-m.
Also remove a redundant ignore of *.exe in a subdirectory.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-05-12 13:58:05 +02:00
Tom Cosgrove
6d62faca8e
Only include psa_pake_setup() and friends if some PAKE algorithms are required
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-12 12:36:24 +01:00
Gabor Mezei
b6653f3e27
Update comments
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-12 12:34:12 +02:00
Gabor Mezei
dcaf99ebb8
Add another round in the Koblitz reduction
...
The addition can result in an overflow so another round is needed
in the reduction.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-12 12:34:05 +02:00
Yanray Wang
d896fcb0d5
nist_kw.c: remove non-128-bit data if aes_128bit_only enabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 18:09:42 +08:00
Przemek Stekiel
c80e7506a0
Handle simple copy import/export before driver dispatch
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-11 12:06:00 +02:00
Przemek Stekiel
a59255f04f
Adapt guards in ffdh driver
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-11 12:06:00 +02:00
Yanray Wang
93533b51a8
gcm.c: do not set length for some arrays in selftest
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 17:57:17 +08:00
Yanray Wang
d329c69fba
gcm selftest: remove non-128-bit data if aes_128bit_only enabled
...
This commit sets a loop_limit to omit AES-GCM-192 and AES-GCM-256
if MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 17:57:17 +08:00
Yanray Wang
dd56add42d
cmac selftest: add macro for non-128-bit data/test
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 17:57:17 +08:00
Yanray Wang
59c2dfa48c
aes selftest: determine selftest loop limit in runtime
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 17:56:21 +08:00
Yanray Wang
62c9991a5b
aes selftest: remove non-128-bit data if aes_128bit_only enabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-11 11:11:17 +08:00
Paul Elliott
481a6a8edb
Merge pull request #7482 from gabor-mezei-arm/6029_use_core_api_in_ecp_mod_koblitz
...
[Bignum] Use core API in ecp_mod_koblitz()
2023-05-10 17:24:46 +01:00
Andrzej Kurek
199eab97e7
Add partial support for URI SubjectAltNames
...
Only exact matching without normalization is supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-10 09:57:19 -04:00
Manuel Pégourié-Gonnard
1d046fa0dd
Merge pull request #6010 from mprse/ffdh_import_export
...
FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
2023-05-10 11:40:54 +02:00
Pol Henarejos
2d8076978a
Fix coding style.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-09 11:44:57 +02:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Kusumit Ghoderao
3fc4ca7272
Limit max input cost to 32bit
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-08 15:57:41 +05:30
Kusumit Ghoderao
d0422f30c5
Enable empty salt as input for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-08 15:56:19 +05:30
Kusumit Ghoderao
6731a2580c
Remove redundant code in key_derivation_abort()
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-08 15:54:54 +05:30
Przemek Stekiel
61aed064c5
Code optimization
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-08 11:15:59 +02:00
Przemek Stekiel
ed9fb78739
Fix parsing of KeyIdentifier (tag length error case) + test
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-08 11:15:54 +02:00
Yanray Wang
e2bc158b38
aesce.c: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-08 10:29:28 +08:00
Gabor Mezei
908f40014c
Determine special cases in-place in the common Koblitz function
...
Remove parameter used by the special cases and check for special cases in-place.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-05-05 16:31:19 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Tom Cosgrove
501fb3abf3
Merge pull request #5894 from Xeenych/patch-1
...
Reduce RAM - move some variables to .rodata
2023-05-05 14:54:32 +01:00
Przemek Stekiel
837d2d1c5e
mbedtls_psa_export_ffdh_public_key: return fixed key size
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-05 12:33:46 +02:00
Valerio Setti
fc90decb74
pkwrite: removing unused/duplicated variables
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 12:30:40 +02:00
Valerio Setti
4f387ef277
pk: use better naming for the new key ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
048cd44f77
pk: fix library code for using the new opaque key solution
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:59:32 +02:00
Valerio Setti
e00954d0ed
pk: store opaque key ID directly in the pk_context structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-05 10:57:26 +02:00
Przemek Stekiel
134cc2e7a8
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-05 10:13:47 +02:00
Manuel Pégourié-Gonnard
71f88ecc52
Merge pull request #6838 from jethrogb/jb/pkix-curdle
...
Read and write RFC8410 keys
2023-05-05 10:02:21 +02:00
Przemek Stekiel
e1621a460a
mbedtls_psa_ffdh_generate_key: optimize code and return fixed key size
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-05 09:53:37 +02:00
Arto Kinnunen
0f06618db0
AES: skip 192bit and 256bit key in selftest if 128bit_only enabled
...
This includes:
- aes.c
- cmac.c
- gcm.c
- nist_kw.c
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:59 +08:00
Arto Kinnunen
732ca3221d
AES: add macro of MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
...
Add configuration option to support 128-bit key length only
in AES calculation.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:20:38 +08:00
Minos Galanakis
b89440394f
bignum_core: Removed input checking for mbedtls_mpi_core_shift_l
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-05-04 14:40:40 +01:00
Dave Rodgman
6dc62e682a
Merge pull request #7544 from tom-cosgrove-arm/use-mbedtls_ct_uint_if-rather-than-mbedtls_ct_cond_select_sign
...
Use mbedtls_ct_uint_if() rather than mbedtls_ct_cond_select_sign()
2023-05-04 12:23:30 +01:00
Jethro Beekman
cb706ea308
Silence bad "maybe unitialized" warning for ec_grp_id
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
cf4545e396
Fix unsued variable in mbedtls_pk_write_pubkey_der in certain configurations
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
13d415c4ed
Only use mbedtls_ecc_group_of_psa if defined(MBEDTLS_ECP_LIGHT)
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
33a3ccd899
Fix bug in mbedtls_pk_wrap_as_opaque
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
8e59ebb2e4
Refactor EC SPKI serialization
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
2e662c6f97
Add comment about version 1 PKCS8 keys not containing a public key
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-04 13:01:47 +02:00
Jethro Beekman
0167244be4
Read and write X25519 and X448 private keys
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
2023-05-04 13:01:47 +02:00
Manuel Pégourié-Gonnard
e4072c00c8
Merge pull request #7548 from jethrogb/jb/mbedtls_pem_write_buffer
...
mbedtls_pem_write_buffer: Correctly report needed buffer size for all possible line lengths and counts
2023-05-04 12:54:56 +02:00
Paul Elliott
b6432832d0
Merge pull request #7490 from paul-elliott-arm/test_ecp_mod_p448
...
[Bignum] Add unit tests for ecp_mod_p448
2023-05-04 11:39:44 +01:00
Kusumit Ghoderao
b9410e89b4
Fix failing CI
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-04 13:17:51 +05:30
Przemek Stekiel
8194285cf1
Fix parsing of authorityCertSerialNumber (use valid tags)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-03 16:19:16 +02:00
Jethro Beekman
746df88e90
mbedtls_pem_write_buffer: Correctly report needed buffer size for all possible line lengths and counts
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
2023-05-03 15:30:49 +02:00
Kusumit Ghoderao
056f0c5047
Make output_byte return not_supported for pbkdf2
...
As output functionality is not added yet return PSA_SUCCESS for
now if inputs are passed correctly. If input validation fails
operation is aborted and output_bytes will return PSA_ERROR_BAD_STATE
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 17:33:27 +05:30
Manuel Pégourié-Gonnard
f57273c817
Merge pull request #7496 from valeriosetti/issue7480
...
Fix test gap in PK write: private (opaque) -> public
2023-05-03 12:39:49 +02:00
Andrzej Kurek
9c9880a63f
Explicitly exit IPv4 parsing on a fatal error
...
This makes the function flow more readable.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-03 05:06:47 -04:00
Kusumit Ghoderao
f5fedf1e0d
Add pbkdf2 to psa_key_derivation_abort
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:37 +05:30
Kusumit Ghoderao
3128c5d9ce
Enable can_output_key with PSA_KEY_DERIVATION_INPUT_PASSWORD
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:37 +05:30
Kusumit Ghoderao
24b3895dee
Add pbkdf2 input functions to psa_key_derivation_input_internal
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
f4fe3ee9e4
Add input password function for pbkdf2
...
Also adds PSA_KEY_DERIVATION_INPUT_PASSWORD case handling to
psa_key_derivation_check_input_type function
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
547a6c6fd1
add input salt function for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
944bba1e30
Add input cost function for pbkdf2
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:36 +05:30
Kusumit Ghoderao
d132cacb38
Add pbkdf2_hmac to is_kdf_alg_supported()
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:35 +05:30
Kusumit Ghoderao
af0b534256
Add pbkdf2 to ATLEAST_ONE_BUILTIN_KDF definition
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-05-03 14:20:35 +05:30
Tom Cosgrove
e22413c8df
Use mbedtls_ct_uint_if() rather than mbedtls_ct_cond_select_sign()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-05-03 09:44:01 +01:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1
...
Fix the JPAKE driver interface for user+peer
2023-05-02 20:42:25 +02:00
Gilles Peskine
c70d9eab8a
Merge pull request #7412 from silabs-Kusumit/PBKDF2_implementation
...
PBKDF2: Implement input_integer
2023-05-02 20:41:23 +02:00
Valerio Setti
2d81499026
pk: fix position for mbedtls_platform_zeroize
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-02 15:45:39 +02:00
Valerio Setti
2c50526476
pk: fix: clear buffer holding raw EC private key on exit
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-02 15:45:39 +02:00
Andrzej Kurek
6f400a376e
Disallow leading zeroes when parsing IPv4 addresses
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-05-01 06:23:42 -04:00
Aditya Deshpande
7b9934dcdd
Add support for building p256-m alongside Mbed TLS with CMake.
...
Also check if p256-m is enabled in the config before including the contents of p256-m.c
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:55 +01:00
Aditya Deshpande
e41f7e457f
Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example.
...
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-04-28 17:54:09 +01:00
Przemek Stekiel
75095cce74
mbedtls_psa_ffdh_set_prime_generator: use switch instead if-else
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 14:20:27 +02:00
Przemek Stekiel
534105044c
Add guards for psa_is_dh_key_size_valid
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 13:18:43 +02:00
Gilles Peskine
7351101704
Merge pull request #7502 from daverodgman/inline-clz
...
Fix VS2022 build error
2023-04-28 13:06:47 +02:00
Gilles Peskine
d2e1dd098c
Merge pull request #7499 from JonathanWitthoeft/development
...
Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
2023-04-28 12:45:32 +02:00
Przemek Stekiel
6d85afa0cc
Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-28 11:42:17 +02:00
Dave Rodgman
914347bfa3
Don't explicitly inline mbedtls_mpi_core_clz
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-27 14:20:30 +01:00
Kusumit Ghoderao
a5376954ce
Remove unrelated comment
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-27 16:57:24 +05:30
Przemek Stekiel
d1cf1bae5d
Add function to validate dh key size
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 12:04:21 +02:00
Przemek Stekiel
cf0156f3f3
mbedtls_psa_ffdh_generate_key: Fix random number generation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:12:39 +02:00
Przemek Stekiel
6fd72b687f
Optimize code (if-else format, action on error)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:04:12 +02:00
Przemek Stekiel
9275d5d685
mbedtls_psa_ffdh_set_prime_generator: check if key size is equal and use sizeof
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-27 11:03:51 +02:00
Paul Elliott
47a3c82118
Enable curve 448 to be tested
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-04-26 22:23:13 +01:00
JonathanWitthoeft
9b265180cc
Make mbedtls_ecdsa_can_do definition unconditional
...
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 16:09:28 -05:00
JonathanWitthoeft
405ec94ea2
Bug Fix: mbedtls_ecdsa_verify_restartable fails with ECDSA_SIGN_ALT
...
When ECDSA_SIGN_ALT but not ECDSA_VERIFY_ALT, mbedtls_ecdsa_can_do was not being defined causing mbedtls_ecdsa_verify_restartable to always fail
Signed-off-by: JonathanWitthoeft <jonw@gridconnect.com>
2023-04-26 16:09:28 -05:00
Dave Rodgman
3b29364d61
Fix VS2022 build error
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-26 21:53:30 +01:00
Dave Rodgman
98062a7c5d
Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module
...
Add msvc support for AESCE
2023-04-26 21:27:08 +01:00
Tom Cosgrove
09d23786f6
Merge pull request #7429 from xkqian/bignumber_update_comments
...
Update links to references in bignum
2023-04-26 16:21:56 +01:00
Gabor Mezei
19c6f47dbc
Allocate the right amount of memory
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 15:22:11 +02:00
Gabor Mezei
fead53311b
Remove unused macro
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 15:20:01 +02:00
Gabor Mezei
03367fe42d
Ignore carry since it can not be generated
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:08:45 +02:00
Gabor Mezei
d2c0ba172c
Fix value in comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:08:44 +02:00
Gabor Mezei
7097447b84
Ensure input parameter size for Koblitz reduction
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:08:35 +02:00
Gabor Mezei
8183c5dcc3
Use core API in ecp_mod_koblitz()
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-26 14:03:29 +02:00
David Horstmann
9643575d92
Limit OIDs to 128 components
...
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.
[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-26 11:50:14 +01:00
Jerry Yu
db368dea88
fix clang test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-26 16:55:37 +08:00
Janos Follath
91a618375a
Merge pull request #7427 from minosgalanakis/ecp/7258_ecp_mod_p256K1_add_test_cases
...
ECP: Add Unit Tests for secp256k1
2023-04-26 08:52:24 +01:00
Przemek Stekiel
654bef0be0
Fix typos, comments, style, optimize macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
c829816fb6
psa_export_public_key_internal: add missing check for FFDH key type
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
a9ca13136c
Move check of the key type to mbedtls_psa_key_agreement_ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
0dd746d998
Add psa_crypto_ffdh to build
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
359f4625a3
Move FFDH layer to separate file
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:07:20 +02:00
Przemek Stekiel
fedd134300
Add key generation for FFDH keys
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
fb3dd54b24
Add key agreement for FFDH keys
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
472b3f33b9
Add import/export of FFDH keys
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 09:04:32 +02:00
Przemek Stekiel
f5b8f78ad7
authorityCertIssuer and authorityCertSerialNumber MUST both be present or absent
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-26 08:57:32 +02:00
Tom Cosgrove
10f40916eb
Merge pull request #7462 from daverodgman/clz_size_opt
...
clz size/perf optimisation
2023-04-26 07:06:30 +01:00
Jerry Yu
61c4cfa2a7
Add compiler version checks.
...
When `MBEDTLS_AESCE_C` enabled and the compiler
is not expected, we should raise error to user.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-26 13:06:01 +08:00
Dave Rodgman
2e863ecde9
Remove unnecessary if to save 16 bytes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-25 17:40:49 +01:00
Paul Elliott
d3fbbe55f7
Merge pull request #7448 from gabor-mezei-arm/7261_roll_loop_in_ecp_mod_koblitz
...
Roll up the loop in ecp_mod_koblitz()
2023-04-25 15:27:21 +01:00
Minos Galanakis
9c2c81f996
ecp_curves: Renamed ecp_mod_p256k1
-> mbedtls_ecp_mod_p256k1
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 13:30:59 +01:00
Minos Galanakis
d6751dcd8b
ecp_curves: Added unit-tests for secp256k1
...
This patch introduces basic unit-testing for the `ecp_mod_p256k1()`.
The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 13:30:59 +01:00
Przemek Stekiel
aede2ad554
Optimize code (pake role type, freeing buffers)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 14:30:34 +02:00
Minos Galanakis
ec09e25251
bignum_core: Aligned xxx_core_shift_l
to xxx_core_shift_r
...
This patch modifies the left-shift implementation to closely
align in interface and behaviour to the existing right-shift
method.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 12:23:34 +01:00
Minos Galanakis
ad808dd5f1
bignum_core: Extracted mbedtls_mpi_shift_l from prototype
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-25 12:23:33 +01:00
Przemek Stekiel
6e628a4e7b
Add undfined role for ec j-pake
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-25 13:11:36 +02:00
Jerry Yu
f015a93f98
Add msvc version document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-25 10:38:03 +08:00
Jerry Yu
8f0e3d4c22
fix wrong compiler checks
...
- Add msc version check
- remove HAVE_ASM due to conflict with check_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-25 10:24:53 +08:00
Gilles Peskine
ad450d5a92
Merge pull request #7463 from valeriosetti/issue7460-part2
...
Pass pk_context pointer to PK wrappers instead of void pointer
2023-04-24 17:41:39 +02:00
Janos Follath
53c6553deb
Merge pull request #7450 from xkqian/bignumber_ecp_update
...
Update gen_prvkey_mx paras to align with comments and c code
2023-04-24 13:44:39 +01:00
Dave Rodgman
0f16d560aa
Fix documentation
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-24 12:53:45 +01:00
Przemek Stekiel
f4194944e8
Use do-while(0) format in macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 09:52:17 +02:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
...
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Gabor Mezei
f921f4d228
Use loop for two passes in the reduction
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-21 14:09:06 +02:00
Dave Rodgman
bbf881053d
Document undefined case. Clarify test code.
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-21 12:54:40 +01:00
Dave Rodgman
880a6b34c2
Further size optimisation
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-20 11:52:55 +01:00
valerio
38992cb833
pk: pass pk_context pointer to wrappers intead of void one
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-20 12:02:34 +02:00
Jerry Yu
8b6df3fd76
fix msvc fail on embed assembly code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:37 +08:00
Jerry Yu
9db4b1f455
fix msvc type cast fail.
...
GCC needs the `cast` due to incompatible type error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:36 +08:00
Jerry Yu
07d28d8598
Add msvc build for aesce module
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:32:36 +08:00
David Horstmann
861e5d2742
Change to using an alloc-realloc strategy
...
Allocate enough memory to guarantee we can store the OID, encode into
the buffer, then realloc and copy into a buffer of exactly the right
size.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-04-19 18:37:45 +01:00
Dave Rodgman
fe8a8cd100
Size/perf optimisation for mbedtls_mpi_core_clz
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-19 17:59:12 +01:00
Kusumit Ghoderao
a14ae5a0c9
Fix input_integer testing
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-19 14:16:26 +05:30
Xiaokang Qian
b92a2f6e7a
Remove trailing whitespace from ecdsa.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-19 02:59:15 +00:00
Andrzej Kurek
90117db5dc
Split a complex condition into separate ones
...
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 10:43:35 -04:00
Minos Galanakis
9d80879f90
ecp_curves: Introduced mbedtls_ecp_mod_p224k1()
...
This patch introduces a `MBEDTLS_STATIC_TESTABLE` helper
method which exposes `ecp_mod_p256k1()` to the test-framework
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-18 14:13:20 +01:00
Minos Galanakis
e5dab975c6
ecp_curves: Added unit-tests for secp224k1
...
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.
The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-18 14:13:20 +01:00
Andrzej Kurek
8bc2cc92b5
Refactor IPv6 parsing
...
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 07:26:27 -04:00
Janos Follath
3c3b94a31b
Merge pull request #7424 from gabor-mezei-arm/7256_unit_tests_for_p192k1
...
Add unit tests for ecp_mod_p192k1()
2023-04-18 12:19:40 +01:00
Andrzej Kurek
ea3e71fa37
Further refactor IPv4 parsing
...
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 05:54:50 -04:00
Xiaokang Qian
a089614cdf
Update gen_prvkey_mx paras to align with comments and c code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-18 06:49:55 +00:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
...
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Przemek Stekiel
9a7a725ee7
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 16:06:57 +02:00
Przemek Stekiel
7921a03425
Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 12:32:06 +02:00
Andrzej Kurek
6cbca6dd42
Rename a variable in ipv4 and ipv6 parsing
...
Character was too elaborate.
p is used in other x509 code to step through data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:25:00 -04:00
Andrzej Kurek
0d57896f7e
Refactor ipv6 parsing
...
Introduce new variables to make it more readable. Clarify the calculations a bit.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:31 -04:00
Andrzej Kurek
7f5a1a4525
Rename ipv6 parsing variables, introduce one new one
...
This way the names are more descriptive.
j was reused later on for calculation,
num_zero_groups is used instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:23 -04:00
Andrzej Kurek
06969fc3a0
Introduce a test for a sw implementation of inet_pton
...
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:15 -04:00
Andrzej Kurek
13b8b780fe
Improve x509_inet_pton_ipv4 readability
...
Introduce descriptive variable names.
Drop the table of tens.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:19:50 -04:00
Gabor Mezei
0a11ee6da8
Fix function declaration
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:48:06 +02:00
Gabor Mezei
1237a349ed
Use macro guard for function declaration
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:48:06 +02:00
Gabor Mezei
83669d910e
Add a testable function for ecp_mod_p192k1
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:44:37 +02:00
Xiaokang Qian
50fe36317a
Update links in ecp.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:08:45 +00:00
Xiaokang Qian
637a2fe62c
Update SEC1 link in ecdsa.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:07:51 +00:00
Xiaokang Qian
4704147717
Update SEC1 link in ecdh.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-12 06:07:23 +00:00
Glenn Strauss
b255e21e48
Handle endianness in x509_inet_pton_ipv6()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:43 -04:00
Glenn Strauss
6f545acfaf
Add mbedtls_x509_crt_parse_cn_inet_pton() tests
...
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Glenn Strauss
416c295078
x509 crt verify local implementation to parse IP
...
x509 crt verify local implementation to parse IP
if inet_pton() is not portably available
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Glenn Strauss
c26bd76020
x509 crt verify SAN iPAddress
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Valerio Setti
0c477d32e2
test: include also test_suite_ecp for the coverage analysis
...
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
6c496a1553
solve disparities for ECP_LIGHT between ref/accel
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
5278986d2d
psa: fix ECP guards for key derivation
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
3f8d23eaef
pk_wrap: fix guards in eckey_check_pair to only include 1 option at build time
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
d4a5d461de
library: add remaining changes for the new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
0d2980f117
pk: adapt to new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
fd122f4e95
ecp: introduce new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Dave Rodgman
22d9ff6d3c
Merge pull request #7353 from xkqian/tls13_fix_code_style
...
Improve code styles for tls13 related files
2023-04-11 09:18:22 +01:00
Gilles Peskine
5634f87d68
Merge pull request #7418 from xkqian/big_number_ecc_update_comment
...
Update SEC1 link in ecp.c
2023-04-11 09:34:07 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
Manuel Pégourié-Gonnard
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388
...
PK: use PSA to complete public key when USE_PSA is enabled
2023-04-11 09:09:06 +02:00
Xiaokang Qian
49f39c1e91
Fix the wrong debug _message function to _ret
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97
Update the todo comment of record size limits
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e
Update group ext debug message in ssl_tls13_server.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
91bb3f0665
Wrap lines in library/ssl_tls13_client.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f
Wrap lines which exceed 80 chars in ssl_tls13_server.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:29:14 +00:00
Xiaokang Qian
958b6ffe98
Wrap lines which exceed 80 chars in ssl_tls13_client.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:52 +00:00
Xiaokang Qian
7343738695
Wrap lines which exceed 80 chars in ssl_tls13_generic.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
Xiaokang Qian
123cde824c
Improve code styles(line numbers) for tls13_key.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 08:27:51 +00:00
Xiaokang Qian
669c7c35f0
Update SEC1 link in ecp.c
...
Old link doesn't work any more, update it to one
new link to refer version 2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-04-10 07:36:35 +00:00
Pengyu Lv
e3746d7ce6
ssl_cache: Error renaming and document improvement
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-10 14:40:03 +08:00
Kusumit Ghoderao
3a18dee1e8
Fix unused variable warning
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-07 16:16:27 +05:30
Valerio Setti
520c0384e7
pkparse: fix return value
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 11:38:09 +02:00
Valerio Setti
1df94f841b
pk: fix return codes' precedence and code style
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387
...
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
2023-04-07 10:17:18 +02:00
Valerio Setti
9d65f0ef12
pk_wrap: simplify prototype of eckey_check_pair_psa()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:53:17 +02:00
Valerio Setti
aad6306212
pkparse: fix guards position
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
4bf73ad83f
pkparse: use proper sizing for buffer
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34
pkparse: add new function for deriving public key from private using PSA
...
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
f286664069
pk_wrap: minor code optimizations
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:37:46 +02:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation
...
TLS: TLS 1.2 / 1.3 version negotiation on server side
2023-04-06 16:26:19 +01:00
Janos Follath
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input
...
Prevent mpi_mod_write from corrupting the input
2023-04-06 15:56:28 +01:00
Janos Follath
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing
...
Test unlikely cases of ECC modular reduction
2023-04-06 15:55:19 +01:00
Kusumit Ghoderao
50e0e11213
Add key_derivation_input_integer function
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-06 17:47:25 +05:30
Ronald Cron
dad02b2bec
tls13: srv: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
fe01ec2d57
tls12: srv: Use sizeof() instead of constant
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180
Add downgrade protection mechanism
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d
Use specific pointer to loop over proposed cipher suites
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:01 +02:00
Ronald Cron
eff5673e09
Improve and align variable names for supported versions data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3bd2b02486
Check for TLS 1.3 version first
...
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
b828c7d3de
Fix, improve and add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7
tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
...
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69
tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6291b23080
tls: Add logic in handshake step to enable server version negotiation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93
tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
5af4c7f0e2
tls13: srv: Add detection to negotiate TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
8c527d0be8
tls13: srv: Parse supported versions extension early
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
2f16b4ec66
tls13: srv: Postpone cipher suite selection
...
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
cada410365
tls13: srv: Postpone legacy session id copy
...
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d540d995b2
tls13: srv: Postpone client random copy
...
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6458239b36
tls13: srv: Move TLS version setting
...
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
47dce630f4
tls13: Add function to search for a supported_versions extension
...
Move in a dedicated function the search for the
supported_versions extension in a list of
extensions, to be able to use it on server side
as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Minos Galanakis
00bd8925a7
bignum: Removed merge scaffolding.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-05 16:13:11 +01:00
Przemek Stekiel
725688b143
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 22:49:44 +02:00
Przemek Stekiel
294ec1274d
Remove redundant memory relase for authorityCertIssuer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
21903ec860
Fix after rebase
...
Handle manually functions that have been moved to different locations.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
4f3e7b934e
Fix parsing of authorityCertIssuer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
75653b1df0
Add indication of extension error while parsing authority/subject key id
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
6ec839a1f9
x509_get_authority_key_id: add length check + test
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
3520fe6fda
Use MBEDTLS_ERROR_ADD() and tag macros
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
8a13866f65
Remove parsing of rfc822Name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
a2939e8728
Remove duplicated function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
9a511c5bdf
Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
db323aa241
Fix Subject Key Identifier, Authority Key Identifier entries in oid_x509_ext
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
62d8f84be2
Adapt mbedtls_x509_crt_free after rebase
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
toth92g
9232e0ad84
Adding some comments for easier understand
...
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
8d435a0c8b
Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.
...
Also updated the x509_get_general_names function to be able to parse rfc822Names
Test are also updated according these changes.
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
d96027acd2
Correcting documentation issues:
...
- Changelog entry is Feature instead of API Change
- Correcting whitespaces around braces
- Also adding defensive mechanism to x509_get_subject_key_id
to avoid malfunction in case of trailing garbage
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
a41954d0cf
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
...
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Janos Follath
13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul
...
Bignum: extract core_mul from the prototype
2023-04-04 13:36:22 +01:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
...
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Valerio Setti
98680fc2ed
ecp: revert changes to ECP module and test suite
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:22:59 +02:00
Valerio Setti
8eb552647f
pk_wrap: fix sizing for private key buffer
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:20:53 +02:00
Gabor Mezei
d62605126d
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-03 17:32:55 +02:00
Valerio Setti
0fe1ee27e5
pk: add an alternative function for checking private/public key pairs
...
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.
Tests were also fixed accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 15:00:21 +02:00
Gabor Mezei
6f182c33a8
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:17:06 +02:00