mbedtls

Author	SHA1	Message	Date
BrianX7c	5c7ab6fe86	[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT) Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>	2023-11-18 11:07:37 +01:00
Paul Elliott	9e25936241	Rename mutex->is_valid to mutex->state Rename struct member to make it more representative of its current use. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:14:16 +00:00
Paul Elliott	3774637518	Make threading helpers tests thread safe Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:13:49 +00:00
Paul Elliott	5fa986c8cb	Move handling of mutex->is_valid into threading_helpers.c This is now a field only used for testing. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-11-16 15:13:05 +00:00
Valerio Setti	9b7a8b2a0c	ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 11:48:00 +01:00
Valerio Setti	8db46e4ee1	check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C or BLOCK_CIPHER_C and the latter is auto-enabled in case the former is not enabled. As a consequence there is no need to enforce the dependency on CIPHER_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 10:58:27 +01:00
Valerio Setti	dbfd6a9f62	adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-16 10:56:00 +01:00
Yanray Wang	4ed8691f6d	ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-16 15:20:57 +08:00
Manuel Pégourié-Gonnard	dc848955d6	Merge pull request #8519 from mpg/block-cipher [G2] Add internal module block_cipher	2023-11-15 11:53:22 +00:00
Manuel Pégourié-Gonnard	9e80a91f27	Merge pull request #8164 from yanrayw/adjust_tfm_configs Adjust how we handle TF-M config files	2023-11-15 08:21:27 +00:00
Valerio Setti	a56eb46ce6	adjust_legacy_from_psa: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:18:14 +01:00
Valerio Setti	c2d68f5611	adjust_legacy_from_psa: treat CCM and CCM* separately Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:16:37 +01:00
Valerio Setti	cab5eff98c	adjust_config_synonyms: make CCM and CCM* indipendent Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:16:37 +01:00
Jerry Yu	fedaeb21b3	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-15 13:59:07 +08:00
Jerry Yu	6c485dad44	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-15 10:18:47 +08:00
Manuel Pégourié-Gonnard	752dd39a69	Merge pull request #8508 from valeriosetti/issue6323 [G3] Driver-only cipher+aead: TLS: ssl-opt.sh	2023-11-14 11:39:06 +00:00
Jerry Yu	1b23bce4a2	improve brief description of conf_sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-13 13:45:14 +08:00
Tom Cosgrove	08ea9bfa1f	Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data TLS 1.3: Rename early_data and max_early_data_size configuration function	2023-11-10 19:35:46 +00:00
Manuel Pégourié-Gonnard	5f3361c0c6	Temporary hack to pacify check_names.py Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-11-10 12:24:11 +01:00
Manuel Pégourié-Gonnard	21718769d1	Start adding internal module block_cipher.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-11-10 11:21:17 +01:00
Valerio Setti	01c4fa3e88	ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-10 08:12:07 +01:00
Yanray Wang	111159b89c	BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-10 15:03:23 +08:00
Matthias Schulz	5a39c4ecf2	Fixes https://github.com/Mbed-TLS/mbedtls/issues/6910 as proposed in https://github.com/Mbed-TLS/mbedtls/issues/6910#issuecomment-1573301661 Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-09 15:53:01 +01:00
Jerry Yu	53c4a0da07	Improve documents Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-09 10:38:17 +08:00
Gilles Peskine	4dec9ebdc2	Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 Fixes "CSR parsing with critical fields fails"	2023-11-08 18:07:04 +00:00
Dave Rodgman	9eb2abd1e0	Add docs re Everest license Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:17 +00:00
Dave Rodgman	28d40930ae	Restore bump version Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-08 11:40:08 +00:00
Yanray Wang	d137da5a93	check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-08 19:17:44 +08:00
Yanray Wang	30769696e7	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-11-08 10:00:24 +08:00
Matthias Schulz	c55b500343	Changed notes in x509_csr.h to better describe the behavior of mbedtls_x509_csr_parse_der and mbedtls_x509_csr_parse_der_with_ext_cb. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-07 16:47:37 +01:00
Yanray Wang	0751761b49	max_early_data_size: rename configuration function Rename mbedtls_ssl_tls13_conf_max_early_data_size as mbedtls_ssl_conf_max_early_data_size since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:34 +08:00
Yanray Wang	d5ed36ff24	early data: rename configuration function Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:24 +08:00
Yanray Wang	0d76b6ef76	Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Yanray Wang	956aa00202	check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT with PSA Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Gilles Peskine	8b6b41f6cd	Merge pull request #8434 from valeriosetti/issue8407 [G2] Make TLS work without Cipher	2023-11-04 15:05:00 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Yanray Wang	b799eea123	check_config: add checks for MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-02 12:38:01 +08:00
Yanray Wang	e367e47be0	mbedtls_config: add new config option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT With the introduction of negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we don't need to implicitly enable it through PSA. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-02 12:36:41 +08:00
Dave Rodgman	b351d60e99	Merge remote-tracking branch 'origin/development' into msft-aarch64	2023-11-01 13:20:53 +00:00
Yanray Wang	b67b47425e	Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-31 17:22:06 +08:00
Yanray Wang	5779096753	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-10-31 13:39:07 +08:00
Valerio Setti	d531dab4f6	check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO TLS code already implements proper dispatching to either builtin or PSA implementations based on USE_PSA guards, so we can improve the check_config guards to reflect this. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:36:32 +01:00
Jerry Yu	2c46ca3474	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 17:32:20 +08:00
Jerry Yu	83536c23f3	Add translation ruler into document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-30 16:18:21 +08:00
Jerry Yu	01c7356944	Add deprecated flag in document for sig_hashes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-27 17:03:20 +08:00
Valerio Setti	c5d9dd262b	adjust_psa_from_legacy: enable ALG_STREAM_CIPHER on when CIPHER_C is defined Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-27 09:12:06 +02:00
Valerio Setti	c1d50b6314	check_config: fix dependency of PSA_CRYPTO_C on CIPHER_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-27 09:12:06 +02:00
Ronald Cron	95b735530c	Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello TLS 1.3: EarlyData SRV: Add early data extension parser.	2023-10-26 08:31:53 +00:00
Dave Rodgman	6e51abf11d	Merge remote-tracking branch 'origin/development' into msft-aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 15:17:11 +01:00
Dave Rodgman	48b965d941	Update clang version requirements Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	4b8e8dc043	Improve compiler version checking + docs + testing for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	18838f6c1a	Fix docs for MBEDTLS_AESCE_C Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-25 09:06:24 +01:00
Dave Rodgman	d69d3cda34	Merge pull request #8298 from daverodgman/sha-armce-thumb2 Support SHA256 acceleration on Armv8 thumb2 and arm	2023-10-24 21:23:15 +00:00
Dave Rodgman	514590210b	Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-23 15:35:07 +01:00
Valerio Setti	bd24d95c27	legacy_from_psa: fix support for PSA_ACCEL_ALG_[STREAM_CIPHER/ECB_NO_PADDING] Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-23 15:01:52 +02:00
Matthias Schulz	edc32eaf1a	Uncrustified Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-19 16:09:08 +02:00
Yanray Wang	08e9423f14	Merge remote-tracking branch 'origin/development' into adjust_tfm_configs	2023-10-19 17:44:47 +08:00
Yanray Wang	893623fb28	PBKDF2-AES-CMAC: remove not needed preprocessor directive PBKDF2-AES-CMAC works if we provide the driver of AES-CMAC or KEY-TYPE-AES or both. So if PBKDF2-AES-CMAC is requested via PSA, we don't need to additionally enable builtin AES-CMAC or builtin KEY-TYPE-AES. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-19 16:13:34 +08:00
Gilles Peskine	6407f8fc54	Merge pull request #8322 from valeriosetti/issue8257 Improve location of MD_CAN macros	2023-10-18 14:31:28 +00:00
Matthias Schulz	ab4082290e	Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-10-18 13:20:59 +02:00
Manuel Pégourié-Gonnard	c6d633ffbc	Merge pull request #8297 from valeriosetti/issue8064 Change accel_aead component to full config	2023-10-18 07:15:59 +00:00
Valerio Setti	2f00b7a5da	cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard	6d42921633	Require at least on curve for ECP_LIGHT ECP_LIGHT is not usable without any curve, just the same as ECP_C. We forgot to update this check when introducing the ECP_LIGHT subset. Note: the message doesn't mention ECP_LIGHT as that's not a public config knob, hence the message with "ECP_C or a subset" (that's how it's referred to in user-facing documentation such as docs/driver-only-builds.md). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-17 10:01:33 +02:00
Valerio Setti	9fc1f24331	md: restore md.h includes in source files directly using its elements Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 14:39:38 +02:00
Yanray Wang	aa01ee303a	Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only	2023-10-16 17:38:32 +08:00
Valerio Setti	596ef6c0b1	cipher: reset MBEDTLS_CIPHER_HAVE_AEAD_LEGACY to previous naming Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-16 11:26:08 +02:00
Dave Rodgman	3e52184923	Make macro definition more consistent with similar defns Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Dave Rodgman	0a48717b83	Simplify Windows-on-Arm macros Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-16 09:25:59 +01:00
Valerio Setti	5f5573fa90	cipher: reintroduce symbol for legacy AEAD support Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-13 17:29:27 +02:00
Dave Rodgman	7821df3e8b	Adjust use of deprecated in Doxygen Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-13 09:39:11 +01:00
Dave Rodgman	d85277c62e	Doxygen fixes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-13 09:22:54 +01:00
Valerio Setti	193e383686	check_config: fix typo causing build issues with only CCM enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-13 09:37:24 +02:00
Valerio Setti	db1ca8fc33	cipher: keep MBEDTLS_CIPHER_HAVE symbols private This commit also improve the usage of these new symbols in cipher_wrap code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:54 +02:00
Valerio Setti	e570704f1f	ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:37 +02:00
Jerry Yu	7a799ccacd	Share `early_data_status` between server and client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:02:01 +08:00
Jerry Yu	02e3a074a3	Add max_early_data_size into ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:00:26 +08:00
Bence Szépkúti	9b0c8164eb	Merge pull request #8330 from KloolK/extern-c Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled	2023-10-11 16:19:39 +00:00
Dave Rodgman	b0d9830373	Merge branch 'development' into sha-armce-thumb2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-11 13:53:41 +01:00
Valerio Setti	02a634decd	md: remove unnecessary inclusions of mbedtls/md.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:15:58 +02:00
Valerio Setti	6bd3d9b166	cipher: fix missing spaces Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Valerio Setti	d0411defa2	cipher: add internal symbols for AEAD capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Valerio Setti	e7bac17b5d	test: keep SSL_TICKET_C and SSL_CONTEXT_SERIALIZATION enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Dave Rodgman	be7915aa6c	Revert renaming of SHA512 options Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-11 10:59:05 +01:00
Bence Szépkúti	cffd7135c6	Merge pull request #8328 from yanrayw/sha256_context_guard sha256_context: guard is224 by MBEDTLS_SHA224_C	2023-10-11 09:13:33 +00:00
Ronald Cron	a89d2ba132	Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name Adapt to new PSA Crypto repo name	2023-10-11 06:45:30 +00:00
Dave Rodgman	5b89c55bb8	Rename MBEDTLS_SHAxxx_USE_ARMV8_yyy to MBEDTLS_SHAxxx_USE_ARMV8_A_yyy Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:57 +01:00
Dave Rodgman	fe9fda81aa	Rename MBEDTLS_ARCH_IS_ARMV8 to MBEDTLS_ARCH_IS_ARMV8_A Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:56 +01:00
Dave Rodgman	f097bef6ea	Refer to Armv8-A (not Armv8) in docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 15:14:30 +01:00
Dave Rodgman	c5861d5bf2	Code style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 14:01:54 +01:00
Dave Rodgman	6ab314f71d	More config option renaming Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 14:00:17 +01:00
Dave Rodgman	94a634db96	Rename A64 config options Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-10 12:59:29 +01:00
Ronald Cron	7871cb14a7	Include psa/build_info.h instead of mbedtls/build_info.h In PSA headers include psa/build_info.h instead of mbedtls/build_info.h. In Mbed TLS, both are equivalent but not in TF-PSA-Crypto where psa/build_info.h is the correct one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-10-10 09:35:22 +02:00
Jan Bruckner	946720aac5	Fix C++ build issue when MBEDTLS_ASN1_PARSE_C is not enabled Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-10-09 16:53:41 +02:00
Yanray Wang	29db8b061d	sha256.h: add guard for is224 in sha256 context Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-10-09 18:09:47 +08:00
Ronald Cron	070e8652d5	Adapt to new PSA Crypto repo name Patterns I looked for: grep -i "psa-crypto" grep -i "psa.crypto.repo" grep -i "psa.crypto.root" Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-10-09 10:26:18 +02:00
Thomas Daubney	540324cd21	Correct styling of Mbed TLS in documentation Several bits of documentation were incorrectly styling Mbed TLS as MbedTLS. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-10-06 17:07:24 +01:00
Valerio Setti	85d2a98549	md: move definitions of MBEDTLS_MD_CAN to config_adjust_legacy_crypto.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-06 16:04:49 +02:00
Dave Rodgman	7ed619d3fa	Enable run-time detection for Thumb and Arm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 09:39:56 +01:00
Dave Rodgman	bfe6021e85	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 08:31:22 +01:00
Dave Rodgman	ca92f50e12	Update docs for MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 08:24:55 +01:00
Dave Rodgman	8690859097	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-04 17:40:25 +01:00
Minos Galanakis	31ca313efa	Bump version to 3.5.0 ``` ./scripts/bump_version.sh --version 3.5.0 ``` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-03 22:02:18 +01:00
Minos Galanakis	1a3ad265cc	Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-10-03 21:57:51 +01:00
Dave Rodgman	cc5bf4946f	Make SHA256 depend on Armv8, not aarch64 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-03 18:02:56 +01:00
Dave Rodgman	5ed7b2dec2	Introduce MBEDTLS_ARCH_IS_ARMV8 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-03 18:02:31 +01:00
Dave Rodgman	b51f3da354	Merge pull request #8264 from mpg/follow-up-8075 Follow up to 8075	2023-09-28 17:32:12 +00:00
Manuel Pégourié-Gonnard	140c08e325	Minor clarifications. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 11:02:37 +02:00
Manuel Pégourié-Gonnard	7f22f3478d	Add check for unsupported partial curves acceleration Manual test: run test_psa_crypto_config_accel_ecc_non_weierstrass_curves or test_psa_crypto_config_accel_ecc_weierstrass_curves as they are now, observe it failing with the expected #error. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:18 +02:00
Manuel Pégourié-Gonnard	842d3552b6	Add check for unsupported partial key type acceleration Tested manually as follows: in component_test_psa_crypto_config_accel_ecc_some_key_types, modify loc_accel_list to remove one of the key types between helper_libtestdriver1_make_drivers and helper_libtestdriver1_make_main, and observe that the 2nd build fails with the expected #error. Note: removing one of the key types before helper_libtestdriver1_make_drivers causes the build of libtestdriver1 to fail, which is quite acceptable, just not what we're trying to observe. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:16 +02:00
Manuel Pégourié-Gonnard	822870bd5d	Adjust handling of special case for DERIVE Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:15 +02:00
Manuel Pégourié-Gonnard	e662736f4c	Rename macros for consistency It's spelled KEY_TYPE everywhere else. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 10:19:14 +02:00
Manuel Pégourié-Gonnard	dfa42b34ab	Improve documentation about driver-only p256-m. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard	eda7086bdd	Auto-enable ACCEL macros for p256-m driver Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:53:05 +02:00
Manuel Pégourié-Gonnard	f07ce3b8ff	Don't extend support for deprecated functions Restore guards from the previous release, instead of the new, more permissive guards. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-28 08:51:51 +02:00
Gilles Peskine	7f288566c3	Merge pull request #8260 from gilles-peskine-arm/crypto_spe-include-fix Fix include path to psa/crypto_spe.h	2023-09-27 18:10:16 +00:00
Dave Rodgman	0fc86b2ddf	Merge pull request #8075 from valeriosetti/issue8016 driver-only ECC: curve acceleration macros	2023-09-27 14:39:02 +00:00
Gilles Peskine	7a6836b9f2	Document that MBEDTLS_PSA_CRYPTO_SPM needs crypto_spe.h Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-27 15:48:47 +02:00
Gilles Peskine	3529285308	Fix include path to psa/crypto_spe.h We can't have a public header or library file reference our test environment (except possibly under test-only options, and even so, it would be with great reluctance). This breaks the build for other people. Fix #8259. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-27 15:45:16 +02:00
Manuel Pégourié-Gonnard	561bce6b16	Add build with some curves accelerated but not all I chose to divide along the lines of Weierstrass vs other curve shapes (currently just Montgomery), mainly because it's the first thing that came to mind. It happened to reveal an issue in the logic for when (deterministic) ECDSA and ECJPAKE are built-in, which this commit is also fixing. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-26 11:36:13 +02:00
Yanray Wang	145bb2946e	check_config: add check of ASN1_[WRITE/PARSE]_C This commit adds dependency check when PK_CAN_ECDSA_SIGN or PK_CAN_ECDSA_VERIFY is enabled but no corresponding ASN1_WRITE_C or ASN1_PARSE_C is enabled under PSA. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-09-26 17:15:52 +08:00
Xiaokang Qian	845693c513	Change comments to psa_crypto_driver_wrappers.h Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-09-26 09:09:20 +00:00
Dave Rodgman	6da7872aa2	Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 Merge development into development-restricted	2023-09-25 18:16:01 +01:00
Manuel Pégourié-Gonnard	702b645dce	Rename new header file Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	8e82654ec4	Be more subtle about key_type -> alg interaction Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	3bc4d26f20	Special-case KEYPAIR_DERIVE (no driver support yet) Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	c2b12b17a4	Fix dependencies of built-in ECC keypair types More key management operations only require ECP_LIGHT, except: - generate (scalar multiplication) - export (exporting public from private also needs scalar multiplication). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	b4b13ccff4	Fix deterministic ECDSA built-in dependencies They're a superset of the dependencies for randomized ECDSA. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	3ccda15d8f	Use consistent ordering for built-in activation The usual order is: - MBEDTLS_PSA_BUILTIN_xxx macro - MBEDTLS_xxx legacy macros But curves had it the other way round for some reason. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	2d04d78561	Fix logic of ECC built-in activation again The previous fix was enabling more than needed in some circumstances, for example: - requested: (`PSA_WANT`): all ECC algs, all ECC key types, all curves; - we have acceleration (`MBEDTLS_PSA_ACCEL`) for: ECDH, all ECC key types, all curves; - as a consequence, we need built-in: all algs except ECDH, all ECC key types, all curves. This is what's happening in test_psa_crypto_config_accel_ecdh which, before this commit, was failing as built-in ECDH was enabled contrary to the component's (rightful) expectations. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	1db44dd68d	Remove useless instances of MBEDTLS_SOME_BUILTIN_EC Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	1a0a4d60d9	Implement new strategy for ECC accel/built-in Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	0d99271d14	Group all ECC-related things in legacy_from_psa.h Just moving things, no change. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	bfc6ef7a5c	Improve PSA config adjustment relate to keypair types Centralize it in a new file psa/config_adjust_keypair_types.h. I think this file indeed belongs in include/psa (as opposed to include/mbedtls) because it only touches PSA_WANT symbols (no MBEDTLS_PSA symbols), and implements things that are described in psa-conditional-inclusion.md. The code is not new, just moved from config_psa.h and config_adjust_legacy_from_psa.h where is was intermingled with handling of ACCEL/BUILTIN symbols. (git's --color-moved option will hardly help in checking that assertion, due to the way things were intermixed.) Note: the parts about BUILTIN in config_psa.h were not moved, just removed for now. They belong to include/mbedtls/config_adjust_legacy_from_psa.h and will be re-added there in a future commit which will completely re-organize the handling or ACCEL/BUILTIN for ECC. See comments inside the commit about placement of this file relative to others. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Manuel Pégourié-Gonnard	7af9d07c05	Remove unnecessary block Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-09-25 17:39:41 +02:00
Valerio Setti	bf206b8f41	adjust_legacy_from_psa: undef SOME_BUILTIN_EC when builtin curves are used Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	19d92108c1	config_psa: resolve symbol redefinition issue Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	ea167c39d0	check_config: remove unnecessary check about builtin curve usage Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	db6b4db7a0	Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	b2219f633d	config_psa: moving PSA_WANT auto-enabling code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	e6f65a951f	config_psa: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	67d82e742b	build_info: add helpers to signal some support for a specific curve Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:41 +02:00
Valerio Setti	4b75a764c7	check_config: include also ECJPAKE_C as usage for builtin curves Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	dca8492043	check_config: request at least 1 builtin EC alg if there is at least 1 builtin curve This slightly changes the previous requirement. Instead of enabling ALL builtin EC algs when there is at least 1 built in curve, we ask for at least one built alg if there is at least one builtin curve. This relaxes the previous check while still keeping the base idea: there must be a reason for which builtin curves are included into the build. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	29837c7301	config_psa: include builtin algs if there is at least 1 builtin curve Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	9aed893fb0	config_psa: check curves' support before EC ALGs Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	d6b473adcd	config_psa: add internal helper to signal that some curve is builtin Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	87076abbfb	config_psa: ensure PSA_WANT_ECC is enabled for each MBEDTLS_ECP_DP Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	8ec212098e	check_config: fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	8600de818c	check_config: perform checks only when config_psa.h is evaluated Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00
Valerio Setti	3b69e3ed12	check_config: skip check on SECP224K1 because the PSA is never enabled Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-09-25 17:39:40 +02:00

1 2 3 4 5 ...

6622 commits