Commit graph

6744 commits

Author SHA1 Message Date
Valerio Setti
8334d00772 psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:35:26 +01:00
Valerio Setti
e01a2b03c6 psa_util: update documentation for mbedtls_ecdsa_der_to_raw()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:16:36 +01:00
Valerio Setti
954ef4bbd5 psa_util: improve convert_raw_to_der_single_int()
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 12:06:46 +01:00
Antonio de Angelis
6932e29057 Correct the ENCODES_OWNER macro name in comment
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-05 09:49:45 +00:00
Valerio Setti
315e4afc0a psa_util: change parameters order in ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 10:09:15 +01:00
Valerio Setti
8645197937 psa_util: fix documentation of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 09:50:20 +01:00
Jerry Yu
4caf3ca08c tls13: srv: Add discard_early_data_record SSL field
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Antonio de Angelis
4380a33bd3 Add a client view layout for interruptible hash and pake
Add a client view layout (and update related initializers)
for PSA sign/verify hash interruptible operation struct and
PAKE operation struct

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-02 14:21:27 +00:00
Antonio de Angelis
6fb1be6cb1 Add comments in psa/crypto_struct.h for id layout
Make sure the layout of psa_key_attributes_s is commented
enough so that it does not accidentally get reorganized
by mistake in the future.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-02 14:05:34 +00:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e208b25b79 Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:21 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6 tls13: early data: Improve, add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
Ronald Cron
ed7d4bfda5 tls13: srv: Simplify mbedtls_ssl_read_early_data() API
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
44d70a5f23 tls13: early data: Improve documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
2c4308958d ssl.h: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7d21cded3f ssl.h: Simplify guard
MBEDTLS_SSL_EARLY_DATA implies
MBEDTLS_SSL_PROTO_TLS1_3 thus
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA
is equivalent to MBEDTLS_SSL_EARLY_DATA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:48 +01:00
Ronald Cron
3a04562ace Update mbedtls_ssl_read_early_data() definition
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
032985c351 Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
149b0e7ca2 ssl.h: Fix comment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ryan Everett
16abd59a62 Update psa_wipe_all_key_slots and document non-thread safety
This function, and mbedtls_psa_crypto_free, are not thread safe as they wipe slots
regardless of state. They are not part of the PSA Crypto API, untrusted applications
cannot call these functions in a crypto service.
In a service intergration, mbedtls_psa_crypto_free on the client cuts the communication
with the crypto service.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-29 13:14:50 +00:00
Valerio Setti
a45a399a6b lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
Symbols defined starting from MBEDTLS_INTERNAL_VALIDATE[_RET]
are removed as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:15 +01:00
Valerio Setti
cc0fd47531 platform_util: remove declarations of MBEDTLS_INTERNAL_VALIDATE[_RET]()
These macros end up as being always "empty", so they
can be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 10:19:52 +01:00
Valerio Setti
0a6acf8db4 adjust_legacy_from_psa: use EC pattern for enabling builtin elements of DH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:09 +01:00
Valerio Setti
c22bb7a0a4 adjust_legacy_from_psa: optimize legacy enablement also for EC key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:06 +01:00
Valerio Setti
bcf0fc5119 adjust_legacy_crypto: add parenthesis to improve clarity
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:53:28 +01:00
Valerio Setti
48e4167ced adjust_legacy_from_psa: improve pattern for enabling internal symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 10:34:32 +01:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc
Mbedtls 3.5.2rc
2024-01-25 12:22:54 +00:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen
Improve codegen of unaligned access for IAR and gcc
2024-01-25 08:31:45 +00:00
Gilles Peskine
9cd2e9ad1b mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C
Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:10:50 +01:00
Valerio Setti
688f795cb3 asn1: use the new symbol to guard dependencies of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
f4d2dc2d77 psa_util: guard ECDSA conversion functions with proper (internal) symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
c22e3ce8ef psa_util: remove CRYPTO_C guard from ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:31 +01:00
Valerio Setti
99c0369d31 psa_util: add include asn1write.h in public header
This is mandatory to have support for the error codes defined
in the asn1write.h header file.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
84890c9be2 psa_util: improve description for ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
75501f5ede psa_util: add raw<->DER ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:14:37 +01:00
Valerio Setti
b0498ef995 adjust_legacy_from_psa: use intermediate symbol to enable builtin support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 15:55:33 +01:00
Antonio de Angelis
667cad5b81 Put the id field at the end of the psa_key_attributes_s structure
Putting the id at the of the psa_key_attributes_s structure allows
for a more efficient marshalling of the parameters around a transport
channel which provides separation between a client view and a service
view of the key parameters.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-24 13:34:48 +00:00
Valerio Setti
2ddabb34d6 config_adjust_legacy: do not auto-enable PK when RSA is enabled in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 12:36:37 +01:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Gilles Peskine
0b17255da1 Introduce mbedtls_pk_get_psa_attributes
Follow the specification in https://github.com/Mbed-TLS/mbedtls/pull/8657
as of dd77343381, i.e.
dd77343381/docs/architecture/psa-migration/psa-legacy-bridges.md (api-to-create-a-psa-key-from-a-pk-context)

This commit introduces the function declaration, its documentation, the
definition without the interesting parts and a negative unit test function.
Subsequent commits will add RSA, ECC and PK_OPAQUE support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-23 20:09:38 +01:00
Dave Rodgman
e23d6479cc Bump version
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Janos Follath
393df9c995 Add warning for PKCS 1.5 decryption
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.

In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.

They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.

This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.

Add a warning to PKCS 1.5 decryption to warn users about this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00
Antonio de Angelis
90d18343ce Update the initialization macros
The initializatio macros need to be updated to support the case
where the crypto client view of the structures is being initialized

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-22 13:15:39 +00:00
Antonio de Angelis
6425a188df Add a client view of the multipart contexts
In case MBEDTLS_PSA_CRYPTO_CLIENT is defined and MBEDTLS_PSA_CRYPTO_C
is not, a client view of the multipart operation contexts is provided
through an handle object that allows mapping to the corresponding
service side data structures.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-01-22 11:39:36 +00:00
Janos Follath
fb12d9204d
Merge pull request #8693 from Ryan-Everett-arm/implement-key-slot-mutex
Implement the key slot mutex
2024-01-19 20:49:18 +00:00
Dave Rodgman
336efeec50 Move MBEDTLS_COMPILER_IS_GCC & MBEDTLS_GCC_VERSION into build_info
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-19 16:38:53 +00:00
Ryan Everett
558da2ffd3 Move key_slot_mutex to threading.h
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-19 12:59:28 +00:00
Valerio Setti
639d5678b5 pk: move mbedtls_pk_load_file to pk_internal
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-19 09:07:39 +01:00
Valerio Setti
25b282ebfe x509: move internal functions declarations to a private header
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-19 09:07:35 +01:00
Valerio Setti
b4f5076270 debug: move internal functions declarations to an internal header file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:30:46 +01:00
Valerio Setti
d929106f36 ssl_ciphersuites: move internal functions declarations to a private header
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:08:28 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Ryan Everett
0e3b677cf4 Support PSA_ERROR_SERVICE_FAILURE
To be returned in the case where mbedtls_mutex_lock and
mbedtls_mutex_unlock fail.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-18 10:47:29 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial
ECP keypair utility functions
2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764
Conversion function from ecp group to PSA curve
2024-01-18 10:28:55 +00:00
Valerio Setti
de50413009 crypto_sizes: adjust PSA_VENDOR_FFDH_MAX_KEY_BITS based on the supported groups
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 15:56:30 +01:00
Valerio Setti
fecef8bc8e config_adjust: fix adjustments between legacy and PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 15:56:26 +01:00
Valerio Setti
bbff303fe1 crypto_config: define feature macros for DH keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-17 11:47:44 +01:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Manuel Pégourié-Gonnard
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api
Add deprecated flag in document for sig_hashes
2024-01-11 09:33:10 +00:00
Ryan Everett
ae0b4bd04c Add more details to comments
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-10 19:19:10 +00:00
Waleed Elmelegy
09561a7575 Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Valerio Setti
39faa9cad4 psa_util: rename parameter of mbedtls_ecc_group_from_psa
The new name better reflects the fact that the 1st parameter
is just the EC family and not the curve.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:53 +01:00
Valerio Setti
d0aa9c1316 psa_util: update documentation for PSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:53 +01:00
Valerio Setti
eca07140f3 psa_util: update documentation of EC conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
0e608807e3 psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
3b7663de29 psa_util: update the documentation of ECC conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
d36c313b53 psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Valerio Setti
ddba51e6c9 psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 13:41:52 +01:00
Manuel Pégourié-Gonnard
454ab28be5
Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1
Fix incorrect test data for SECP_R1 in automatically generated tests
2024-01-09 09:21:14 +00:00
Valerio Setti
dd2afcd881 Revert "psa_util: add algorithm's availability checks for MD conversion functions"
This reverts commit 3d2e0f5f42.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 08:41:29 +01:00
Valerio Setti
cd38f27206 Revert "psa_util: fix typo in comment"
This reverts commit 98f5db9fca.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 08:41:03 +01:00
Valerio Setti
d5cab81405 mbedtls_config: update documentation for CIPHER_C and CRYPTO_C
Adding auto-enablement sections.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 07:23:33 +01:00
Valerio Setti
9772642b8c adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-09 07:23:33 +01:00
Valerio Setti
1aaffec7cf Revert "check_config: add check for PSA builtin unauthenticated ciphers"
This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-08 16:57:18 +01:00
Valerio Setti
c95ab2a1a0 mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-08 16:57:18 +01:00
Valerio Setti
95c32973f9 check_config: add check for PSA builtin unauthenticated ciphers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-08 16:57:18 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Valerio Setti
98f5db9fca psa_util: fix typo in comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-05 18:17:38 +01:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Gilles Peskine
44d557c52d Indicate which curves Mbed TLS supports
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:59:38 +01:00
Gilles Peskine
6e2069661e Note unusual curve size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:59:03 +01:00
Gilles Peskine
2a22dac694 Fix typo in curve name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-03 20:58:55 +01:00
Gilles Peskine
39b7bba8a0 Make input parameter const
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 17:56:54 +01:00
Dave Rodgman
1cc90a1003
Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910
Fixes redundant declarations for psa_set_key_domain_parameters
2024-01-02 16:34:40 +00:00
Valerio Setti
6315441be7 adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling
CCM/GCM can be either fully accelerated or rely on just the key type
being accelerated. This means that ultimately it is just the key
type which determines if the legacy block cipher modes need to
be auto-enabled or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 17:21:01 +01:00
Valerio Setti
3d2e0f5f42 psa_util: add algorithm's availability checks for MD conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 14:57:47 +01:00
Valerio Setti
45c3cae8a5 md: move PSA conversion functions from md_psa.h to psa_util.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:26:04 +01:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Valerio Setti
1994e72e18 check_config/block_cipher: minor improvements
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:04 +01:00
Valerio Setti
e98ad5931a mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 10:42:12 +01:00
Benson Liou
6d0a093582 use mbedtls_ssl_session_init() to init session variable
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
2023-12-27 22:03:24 +08:00
Gilles Peskine
62e33bcc64 New function mbedtls_ecp_write_public_key
Directly export the public part of a key pair without having to go through
intermediate objects (using mbedtls_ecp_point_write_binary would require a
group object and a point object).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-24 15:23:19 +01:00