Commit graph

5063 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Jerry Yu
fb28b88e26 move client_auth to handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-28 11:05:58 +08:00
Jerry Yu
7ce0f2aa6b Wrap client_auth.
The variable is used for client side only

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-27 18:26:06 +08:00
XiaokangQian
647719a172 Add hello retry request in client side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:50:06 +00:00
Ronald Cron
f51b79c297
Merge pull request #5355 from yuhaoth/pr/remove-duplicate-sig-alg-ext
Remove duplicate write signature algorithms extension
The failure of ABI-API-checking is expected.
2022-01-26 10:05:26 +01:00
Gilles Peskine
cfb151889f
Merge pull request #5457 from AndrzejKurek/key-id-encodes-owner-psa-fixes-follow-up
Remove incorrect incompatibility information about `MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER` from mbedtls_config.h
2022-01-25 17:02:35 +01:00
Andrzej Kurek
cfc920a960 Remove incorrect incompatibility information from mbedtls_config.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-25 06:33:08 -05:00
Jerry Yu
7ddc38cedb fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
713013fa80 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
6106fdc085 fix build fail without TLS13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
f017ee4203 merge write sig_alg of tls12 and tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_misc.h
2022-01-25 12:46:17 +08:00
Gilles Peskine
a5c1bf0b8d
Merge pull request #5367 from AndrzejKurek/doxygen-closure-fixes
doxygen: add missing asterisk to group closures
2022-01-24 21:40:39 +01:00
Andrzej Kurek
cead70dbe5 doxygen: fix missing asterisk in ecp.h
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:48:10 -05:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Gilles Peskine
6249603e7c
Merge pull request #5438 from SebastianBoe/check_config
Add missing config check for PKCS5.
2022-01-22 00:52:07 +01:00
Andrzej Kurek
8d2864d6bc Force usage of MBEDTLS_PK_WRITE_C when PK_C and USE_PSA_CRYPTO is used
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:30 -05:00
Sebastian Bøe
24e88018d2 Add missing config check for PKCS5.
PKCS5 depends on MD, but is missing a config check resulting in
obscure errors on invalid configurations.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2022-01-19 12:04:35 +01:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-13 00:05:48 -05:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Andrzej Kurek
01404dfaa2 doxygen: remove empty platform_time configuration section
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-30 12:34:00 +01:00
Andrzej Kurek
a0defed667 doxygen: move addtogroup closures to include more elements
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-30 12:33:31 +01:00
Max Fillinger
62e5514b8b Remove extra newline
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-12-28 17:42:30 +01:00
Max Fillinger
0bb38336a5 Add function to get md info from md context
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-12-28 16:32:00 +01:00
Andrzej Kurek
38d4fddcd8 Add missing asterisk to doxygen closures
Clarify section names next to closing braces
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-28 16:22:52 +01:00
Ronald Cron
17b1e2f6c3 Bump version to 3.1.0
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Ronald Cron
bb27b43013 build: Fix TLS 1.3 prerequisites
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 14:22:52 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Ronald Cron
6b07916e40
Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client
Add initial support for "Middlebox Compatibility Mode"
2021-12-10 11:58:05 +01:00
Gilles Peskine
d31da1c673
Merge pull request #5270 from davidhorstmann-arm/improve-cmac-docs
Reword documentation of CMAC operations
2021-12-09 23:28:36 +01:00
Ronald Cron
49ad6197ca Add injection of dummy's ChangeCipherSpec for middlebox compatibility
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
ab65c52944 Add MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE config option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0
Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:09 +01:00
Gilles Peskine
b3ec69dba5 mbedtls_ssl_config: better document former bit-fields
Ensure that the documentation of fields affected by
"mbedtls_ssl_config: Replace bit-fields by separate bytes"
conveys information that may have been lost by removing the exact size of
the type. Extend the preexisting pattern "do this?" for formerly 1-bit
boolean fields. Indicate the possible values for non-boolean fields.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-08 18:32:12 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
David Horstmann
3d5dfa598b Reword documentation of CMAC operations
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-12-06 18:58:02 +00:00
Dave Rodgman
351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-06 17:50:53 +00:00
Ronald Cron
8c8cea25c7
Merge pull request #5166 from xffbai/code-align
Align the TLS 1.3 code with coding rules
2021-12-06 10:54:00 +01:00
Ronald Cron
d4c2c9bf94 psa: Fix some dependencies in config_psa.h
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
ef6ffe3033 psa: Fix Mbed TLS hash operation definition
Use PSA_BUILTIN macros instead of the Mbed TLS ones
as in the hash operation contexts the context for a
given hash is needed only if the support for it
through PSA is enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
7975fae6bd Move to separately compiled PSA test driver library
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
fcaba24697 psa: Fix hash max sizes
The PSA max hash size has to be 64 if SHA512 or
SHA384 is supported by the library or an
accelerator, not just in case of the library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Gilles Peskine
28de59c50a
Merge pull request #5246 from adeaarm/development
Align function parameter names for mbedtls_set_key_owner_id
2021-12-03 17:24:46 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters
Additional cipher_info getters
2021-12-03 17:21:51 +01:00
Paul Elliott
ad7e8a7092 Documentation fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 15:37:49 +00:00
Antonio de Angelis
e2b6866e0b Align function parameter names for mbedtls_set_key_owner_id in PSA headers
static function mbedtls_set_key_owner() is declared in psa/crypto.h
and defined in psa/crypto_struct.h with different parameter name for
the  mbedtls_key_owner_id_t parameter and that may trigger errors
from static code analysis tool as cppcheck.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2021-11-30 12:26:58 +00:00
Gilles Peskine
533a728392 mbedtls_ssl_config: Replace bit-fields by separate bytes
This slightly increases the RAM consumption per context, but saves code
size on architectures with an instruction for direct byte access (which is
most of them).

Although this is technically an API break, in practice, a realistic
application won't break: it would have had to bypass API functions and rely
on the field size (e.g. relying on -1 == 1 in a 1-bit field).

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19543 -> 19559 (diff: -16)
library/ssl_msg.o: 24726 -> 24690 (diff: 36)
library/ssl_srv.o: 20462 -> 20418 (diff: 44)
library/ssl_tls.o: 20707 -> 20555 (diff: 152)
library/ssl_tls13_client.o: 7252 -> 7244 (diff: 8)
library/ssl_tls13_generic.o: 4705 -> 4693 (diff: 12)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2876 -> 2864 (diff: 12)
library/ssl_msg.o: 3068 -> 3080 (diff: -12)
library/ssl_srv.o: 3372 -> 3340 (diff: 32)
library/ssl_tls.o: 6658 -> 6566 (diff: 92)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:44:49 +01:00
Gilles Peskine
8834d87ef6 mbedtls_ssl_config, mbedtls_ssl_session: reorder fields
Move small fields first so that more fields can be within the Arm Thumb
128-element direct access window.

Keep the int section after the pointer section: moving int fields first cost
a few bytes on the reference baremetal-m0plus build.

The ordering in this commit is not based on field access frequency.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19687 -> 19543 (diff: 144)
library/ssl_msg.o: 24834 -> 24726 (diff: 108)
library/ssl_srv.o: 20562 -> 20462 (diff: 100)
library/ssl_tls.o: 20907 -> 20707 (diff: 200)
library/ssl_tls13_client.o: 7272 -> 7252 (diff: 20)
library/ssl_tls13_generic.o: 4721 -> 4705 (diff: 16)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2936 -> 2876 (diff: 60)
library/ssl_msg.o: 3080 -> 3068 (diff: 12)
library/ssl_srv.o: 3400 -> 3372 (diff: 28)
library/ssl_tls.o: 6730 -> 6658 (diff: 72)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:39:29 +01:00
Max Fillinger
c3cffae420 Document return value for IV size getter on NULL
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:43 +01:00
Gilles Peskine
e3d9c9d99b PSA operation structures: move less-used fields to the end
Move fields around to have fewer accesses outside the 128-element Thumb
direct access window.

In psa_hkdf_key_derivation_t, move the large fields (output_block, prk,
hmac) after the state bit-fields. Experimentally, it's slightly better
to put hmac last.

Other operations structures don't go outside the window, at least when not
considering nested structures.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/psa_crypto.o: 16510 -> 16434 (diff: 76)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-26 12:44:08 +01:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
Gilles Peskine
09c02ee95f Make PSA headers more self-contained
Several files among include/psa/crypto_*.h are not meant to be included
directly, and are not guaranteed to be valid if included directly. This
makes it harder to perform some static analyses. So make these files more
self-contained so that at least, if included on their own, there is no
missing macro or type definition (excluding the deliberate use of forward
declarations of structs and unions).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:49:09 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
9264428266
Merge pull request #5105 from AaronErhardt/doc-fixes
doc improvements in aes and sha256 includes
2021-11-22 22:22:00 +01:00
Max Fillinger
e85bb7096f Fix documentation for block size getters
- Document unit (bytes)
- Explain what happens for stream ciphers

Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-21 16:33:44 +01:00
Max Fillinger
5fee208ff2 Make new IV and block size getters return size_t
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-21 16:33:35 +01:00
Paul Elliott
fb5fdb5007 Further documentation improvements
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-18 22:39:16 +00:00
Ronald Cron
28777db226
Merge pull request #4952 from xkqian/add_server_finished
Add server finished
2021-11-12 12:30:10 +01:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-11 19:26:37 +00:00
XiaokangQian
3306284776 Change code base on comments
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 03:37:45 +00:00
XiaokangQian
d6d234f698 Solve the ABI_API check issue for mbedtls_ssl_session
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 02:22:12 +00:00
Max Fillinger
f057893035 Allow checking variable IV/key size in cipher_info
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 14:20:50 +01:00
Max Fillinger
3a782a0fe4 Add IV and block size getters for cipher_info
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 14:20:38 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
XiaokangQian
c5c39d5800 Change code for styles and comments .etc
Remove useless code in union.
Rename functions and parameters.
Move definitions into othe files.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
1aef02ee20 Fix initialized issues and remove useless code
Fix the variable not inialized issue, remove the client
certificate related code, remove early data related code.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
f13c56032f Revert some changes about tls13 and macros
There is one PR #4988 to change it in the future

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
a763498490 Change code based on commetns
Focus on the code style, naming rule,etc.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
aa5f5c1f5d TLS1.3: Add server finish processing in client side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:22 +00:00
Gabor Mezei
642eeb2879
Fix documentation and comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-03 16:13:32 +01:00
Gilles Peskine
f2fe31ab4e Reorder macro definitions
Definition before mention

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:48:15 +01:00
Gilles Peskine
f7b4137e69 Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH
The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).

In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.

Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:48:15 +01:00
Mateusz Starzyk
c5c5b93611 Add missing PSA_KEY_ID_NULL macro.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Mateusz Starzyk
7d262dd1ee Add missing PSA_HASH_BLOCK_LENGTH macro.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Mateusz Starzyk
359b5ab6ea Add missing PSA_ALG_NONE macro.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Mateusz Starzyk
e6d3edaf32 Add missing PSA_ALG_IS_SIGN_HASH macro.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Manuel Pégourié-Gonnard
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Brett Warren
e0edc8407b Add mbedtls_ssl_conf_groups to API
mbedtls_ssl_conf_groups allows supported groups for key
sharing to be configured via their IANA NamedGroup ID.

This is added in anticipation of PQC and Hybrid key
sharing algorithms being integrated into Mbed TLS.

mbedtls_ssl_conf_curves is deprecated in favor of
mbedtls_ssl_conf_groups. handshake_init has been
modified to translate and copy curves configured
via conf_curves into a heap allocatied array of
NamedGroup IDs. This allows the refactoring of code
interacting with conf_curve related variables (such
as curve_list) to use NamedGroup IDs while retaining
the deprecated API.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 11:27:00 +01:00
Manuel Pégourié-Gonnard
136819fe6e
Merge pull request #4959 from gilles-peskine-arm/psa-add-aria
Add ARIA to the PSA API
2021-10-29 09:38:06 +02:00
Mateusz Starzyk
a706e5e317 Add missing cipher mode translations for PSA
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-28 17:59:06 +02:00
Brett Warren
36b70b2a4e Change MBEDTLS_ECP_DP_MAX to 14
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-28 16:00:13 +01:00
XiaokangQian
7b2d4efee8 Change the buffer boundary check and alert type
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-10-28 01:49:37 +00:00
XiaokangQian
2d5c72be0b TLS1.3: Add Encrypted Extensions
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-10-28 01:49:37 +00:00
Mateusz Starzyk
7de19ddaf5 Remove invalid comments in CCM API
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 11:25:08 +02:00
Mateusz Starzyk
4cb9739038 Use separate MBEDTLS_MODE for the CCM*.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 10:42:31 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
Aaron Erhardt
9bb56dc6be Add return info to sha256 docs
Signed-off-by: Aaron Erhardt <aaron.erhardt@t-online.de>
2021-10-22 22:05:10 +02:00
Aaron Erhardt
a5a2399cb0 Remove mode param from AES-CTR docs
Signed-off-by: Aaron Erhardt <aaron.erhardt@t-online.de>
2021-10-22 22:05:04 +02:00
Mateusz Starzyk
30bd7fa607 Change error code for MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-22 10:33:32 +02:00
Mateusz Starzyk
594215be6e Add support for CCM*-no-tag to PSA.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:41 +02:00
Mateusz Starzyk
bb2ced33dd Ignore plaintext length for CCM*-no-tag.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:37 +02:00
Brett Warren
9e98573ca2 fix build fail with MBEDTLS_DEPRECATED
When deprecated functions are allowed

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-20 23:33:15 +01:00
Brett Warren
3a96d09898 export MBEDTLS_DEPRECATED from platform_util.h
Since there are no longer any alternative
MBEDTLS_DEPRECATED definitions in the codebase,
MBEDTLS_DEPRECATED can now be exported without breaking
anything.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-20 23:33:15 +01:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gabor Mezei
53dd04c13b
Remove unneeded include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:19:16 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00