Commit graph

25544 commits

Author SHA1 Message Date
Valerio Setti
ddb577626d config_psa: add missing BUILTIN symbols when ECP_C is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
89cb1444a5 config_psa: fix comment for LEGACY symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
602ee2ed98 config_psa: remove support for PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
a801b56600 config_psa: remove GENPRIME from enabled symbols of PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_USE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
valerio
36befce51a config_psa: remove leftover comment on ECC derivation
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
323ad1c416 psa: fixing psa_crypto_generate_key.generated
This is a temporary fix for not excluding tests which depend on
MBEDTLS_PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_LEGACY. This fix
can be reverted as soon as those _LEGACY symbols will be removed
from the code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
64f790f662 test: fix python script for PSA test generation
This is a temporary fix for replacing
PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR
with the temporary symbols
MBEDTLS_PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_LEGACY.

Once new PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_yyy will be used
both in library's code and tests, then this fix will be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
ff7f861761 tests: replace deprecated symbols with temporary _LEGACY ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
8bb5763a85 library: replace deprecated symbols with temporary _LEGACY ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Valerio Setti
f87b505511 config_psa: replace legacy symbols with new ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Valerio Setti
8d6e98c170 psa: add support for legacy symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Valerio Setti
67a3e3eb7b crypto_config: introducing new definitions for PSA_WANT KEY_PAIRs
- deprecate legacy PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- introduce new PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy where
   - xxx is either RSA, DH or ECC
   - yyy can be USE, IMPORT, EXPORT, GENERATE, DERIVE

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:23:55 +02:00
Janos Follath
a426dc31cc
Merge pull request #7782 from gilles-peskine-arm/mbedtls_ecp_modulus_type-move
Move mbedtls_ecp_modulus_type out of the public headers
2023-06-16 11:12:57 +01:00
Manuel Pégourié-Gonnard
24f467668e
Merge pull request #7672 from mpg/libtestdriver1-helpers
Libtestdriver1 helpers
2023-06-16 11:43:40 +02:00
Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes
PBKDF2: Output bytes
2023-06-16 10:08:02 +02:00
Gilles Peskine
8c2f18dac2
Merge pull request #7738 from davidhorstmann-arm/fix-iar-typo
Fix typo in CMakeList.txt in IAR compiler flags
2023-06-15 19:24:00 +02:00
Gilles Peskine
637c049349 Move mbedtls_ecp_modulus_type out of the public headers
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests

Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 19:07:41 +02:00
Kusumit Ghoderao
246e51fd0b Add cleanup for intermediate buffer
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-15 22:15:43 +05:30
Paul Elliott
b4df176610
Merge pull request #7637 from paul-elliott-arm/fixed_ecp_mod_p448
[Bignum] Fixed width for ecp mod p448
2023-06-15 17:12:02 +01:00
David Horstmann
ff4b6a8d18 Reword changelog entry
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-15 14:08:19 +01:00
Gilles Peskine
0fe0c0cf10
Merge pull request #7775 from daverodgman/version_features_codesize
Shorten encoding of version features
2023-06-15 14:56:00 +02:00
Dave Rodgman
7c5e567813
Merge pull request #7778 from daverodgman/p256-m-copyright 2023-06-15 13:37:00 +01:00
Dave Rodgman
2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf
AES perf improvements
2023-06-15 12:10:06 +01:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Dave Rodgman
9866df96c6 Add copyright (as agreed with Manuel)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-15 10:11:49 +01:00
Manuel Pégourié-Gonnard
8d645dcd77 Fix unintentional config reduction in prev commit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-15 09:07:10 +02:00
Kusumit Ghoderao
d07761c19c add return statement
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-15 12:11:15 +05:30
Yanray Wang
55ef22c2cb mbedtls_config.h: add description for CTR_DRBG about AES-128 only
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-15 10:05:27 +08:00
Dave Rodgman
28a97acb3c code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 20:15:15 +01:00
Dave Rodgman
b28d1c3484 fix check-names failure
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 20:06:43 +01:00
Paul Elliott
bed9ac7b2d Optimise final 2 rounds
Final two rounds logic could be significantly simplified.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-06-14 19:20:33 +01:00
Dave Rodgman
d05e7f1ab3 Do not use NEON for AES-CBC on aarch64
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 18:58:48 +01:00
Gilles Peskine
f75903503b
Merge pull request #7770 from valeriosetti/issue7341
gcc 11.3 fails when compiling ecjpake drivers
2023-06-14 19:22:46 +02:00
Gilles Peskine
f22983bd1c
Merge pull request #7411 from mprse/extract-key-ids-test
Improve tests for parsing x509 SubjectKeyId and AuthorityKeyId
2023-06-14 19:16:29 +02:00
Dave Rodgman
906c63cf35 Revert "improve cbc encrypt perf"
This reverts commit f1e396c427.

Performance is slightly better with this reverted, especially
for AES-CBC 192.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 17:55:41 +01:00
Paul Elliott
b8f7305b02 Replace sizeof(mbedtls_mpi_uint) with ciL define
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-06-14 17:52:42 +01:00
Dave Rodgman
90dfc21f6b Shorten encoding of version features
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-14 17:06:53 +01:00
Przemek Stekiel
b3eaf8c2ed Use predefined serial numer in certificates
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 14:25:21 +02:00
Kusumit Ghoderao
257ea00199 Use output block as U_accumulator
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-14 15:55:11 +05:30
Yanray Wang
4292441a42 all.sh: use clang for one test of AES_ONLY_128_BIT_KEY_LENGTH
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-14 17:10:15 +08:00
Valerio Setti
6ff271e3e9 pake: fixed warning for casting between different types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-14 10:26:51 +02:00
Paul Elliott
3646dc78bc Fix coding style issue
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-06-14 08:51:08 +01:00
Paul Elliott
b727042501 Move corner test case into python framework
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-06-13 17:42:01 +01:00
Paul Elliott
436f2ad37c Three round solution
Attempt to fix failing test by dealing with overflow with three rounds,
instead of previous subtract modulus solution. Also optimise out shifts
by using memcpy / memmove instead. Remove final sub to return canonical
result, as this is not required here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-06-13 17:39:44 +01:00
Bence Szépkúti
b02f006685
Merge pull request #7750 from davidhorstmann-arm/build-docs-realfull
Build the docs in realfull config
2023-06-13 15:04:31 +02:00
David Horstmann
84fccd4da2 Build the docs in realfull config
Ensure that all possible config options are documented by building the
docs in the realfull config on Read The Docs.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-13 10:27:42 +01:00
Manuel Pégourié-Gonnard
f8930e2c80 Fix special-case with all curves except one.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-13 09:51:32 +02:00
Manuel Pégourié-Gonnard
aed1d7875a Remove references to non-existing options
We no longer support TLS 1.0, TLS 1.1 or CBC record splitting since 3.0,
but those where still referenced here.

While at it, group things in a more logical way in this component.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:22:24 +02:00
Manuel Pégourié-Gonnard
2336c8e929 Make -SE_C part of adjust_config
Several components needed to remove it, with the same comment every
time. It's probably just chance that other components happened to work
despite it being enabled.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:17:54 +02:00
Manuel Pégourié-Gonnard
8df87bf052 Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.

Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.

It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)

Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00