yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
26730 commits 1 branch 0 tags 94 MiB
Commit graph

11797 commits

Author SHA1 Message Date
Agathiyan Bragadeesh
271a95331e Remove tautology in mbedtls_mpi_core_clz 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-14 14:07:18 +01:00
Dave Rodgman
fba559822f Ensure constant values not known to compiler 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-14 13:44:22 +01:00
Dave Rodgman
a02b36886c Fix gcc warnings when -Wredundant-decls set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-14 13:43:39 +01:00
Gabor Mezei
66bbecb7ff
Fix comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-14 14:43:27 +02:00
Dave Rodgman
8f6094ce47
Merge pull request #7792 from robUx4/win32_winnt 2023-07-13 19:34:24 +01:00
Dave Rodgman
63a21f4cda
Merge pull request #7920 from daverodgman/gcm-size 2023-07-13 19:32:07 +01:00
Dave Rodgman
5ff02450ee Reduce size of static data in gcm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-13 15:57:20 +01:00
Steve Lhomme
551b3bf4bb Don't force the _WIN32_WINT version 
If the user has set a value in the build environment, it will be used.
Otherwise, if SDK has a default value, it will be picked.

If either of these values are lower than 0x0501 (XP) we should not force
some calls that will not work on the minimum target OS. We should use
dynamic loading of these API's to support them in higher versions of the
OS.

winsock2.h needs to be included before windows.h and will pick the
default _WIN32_WINNT from the SDK or use the one from the user, by
setting _WIN32_WINNT in the CFLAGS.

Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
 2023-07-13 16:11:34 +02:00
Steve Lhomme
4000b6ec0e Don't force the default windows version down 
The _WIN32_WINNT value will pick the default value for the SDK when
including windows.h. Depending on its value some calls will be possible or not.

Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
 2023-07-13 16:11:34 +02:00
Steve Lhomme
369d7c7148 Don't use FindFirstFileW() before Windows XP 
On runtime it will attempt to get FindFirstFileW() from kernel32.dll
but it's not there and the DLL/program containing mbedtls will not load.

Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
 2023-07-13 16:11:34 +02:00
Jerry Yu
893be8d10f Replace cpu modifier flags 
`crypto` should be replace with `aes`.

See https://arm-software.github.io/acle/main/acle.html#cryptographic-extensions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 17:32:11 +08:00
Jerry Yu
b1d06bb29e Add error message for old armclang 
when armclang<6.10, cpu modifiers MUST be
specified on command line.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:29 +08:00
Jerry Yu
8e96e78dbe update document and error message 
Chang the spell of armclang

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Jerry Yu
6b00f5a135 Add guards for arm_neon.h 
See: https://arm-software.github.io/acle/main/acle.html#arm_neonh



Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Jerry Yu
22a4d3e2b4 fix armclang build fail for sha512. 
`sha3` support is start from armclang6.10

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:28 +08:00
Jerry Yu
580e06fb07 fix armclang compile fail 
`__ARM_FEATURE_AES` is not defined with `armclang < 6.10`.
And it raise error on `target("crypto,aes")

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:27 +08:00
Jerry Yu
08933d3dbb fix compile fail for armclang 
when target flags are not set at command line, armclang
will reports required feature not set error.

This is found and verified at 6.20.1. And it does not work
for 6.6

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-07-13 10:40:08 +08:00
Paul Elliott
3c22366695
Merge pull request #7863 from valeriosetti/issue7790 
PK: parse: fix disparity with private Montgomery keys
 2023-07-11 18:02:12 +01:00
Dave Rodgman
a824e40749
Merge pull request #7500 from tom-cosgrove-arm/fix-armclang-bswap32 
Fix MBEDTLS_BSWAP32 on armcc 5
 2023-07-11 16:48:42 +01:00
Dave Rodgman
84eaefa43e Use designated initializers for mbedtls_mpi 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-11 16:02:46 +01:00
Valerio Setti
7e6aaa1ea5 psa: fix missed LEGACY symbols caused by the rebase 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 16:59:21 +02:00
Paul Elliott
88f34e3348
Merge pull request #7703 from gabor-mezei-arm/7598_clone_the_eco_module 
[Bignum] Clone the ECP module
 2023-07-11 15:00:01 +01:00
Tom Cosgrove
f2b5a13d02 Fix MBEDTLS_BSWAP32 on armcc 5 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-07-11 14:06:37 +01:00
Valerio Setti
76df8c1900 psa: remove redundant GENPRIME when RSA_KEY_PAIR_GENERATE is defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:11:28 +02:00
Valerio Setti
b2bcedbf9a library: replace MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_LEGACY 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Valerio Setti
f6d4dfb745 library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 14:06:00 +02:00
Dave Rodgman
4999f15d98
Merge pull request #7878 from beni-sandu/development 
aesce: use correct target attribute when building with clang
 2023-07-11 10:54:14 +01:00
Yanray Wang
ffc3c48e4e Remove getter functions of PAKE if no PAKE algorithms are required 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-07-11 17:33:22 +08:00
Valerio Setti
41b0818bcb ecp: rearrange code in ecp_read_key() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti
21d42417f9 pkparse: always check all private keys on import 
This allows to remove explicit calls to mbedtls_ecp_check_privkey()
in pkparse.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti
6b062eeed0 pkparse: parse also Weierstrass private keys using ecp_read_key() 
This is to hanlde more uniformly Weierstrass and Montgomery curves.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Valerio Setti
805e4a0378 pkparse: use ecp_read_key() for parsing private key of Montgomery curves 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-11 11:28:22 +02:00
Gilles Peskine
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal 
Split psa_util.h between internal and public
 2023-07-10 18:33:23 +02:00
Valerio Setti
da403b749e tls: use already existing symbols to size the buffer for XXDḦ peer key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 16:19:05 +02:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Valerio Setti
54e23792c8 tls: replace numeric values with proper TLS IANA symbols 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Valerio Setti
6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Valerio Setti
acd32c005f programs: add helper functions for supported EC curves 
- get full list, or
- get TLS ID from name

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Valerio Setti
49e6907b5b tls: replace ECP_LIGHT occurrencies with PK_HAVE_ECC_KEYS 
Up to this point "make test" runs successfully. "ssl-opt" has
not been tested yet.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:10:20 +02:00
Valerio Setti
6eb005435c tls: fix guards for legacy ECDH contexts 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:23 +02:00
Valerio Setti
3d237b5ff1 ssl_misc: fix guards for PSA data used in XXDH key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:16 +02:00
Paul Elliott
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines 
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
 2023-07-07 17:01:57 +01:00
Tom Cosgrove
c5f41bfeb8
Merge pull request #7212 from sergio-nsk/patch-4 
Fix error: comparison of integers of different signs: 'SOCKET' and 'int'
 2023-07-07 16:45:55 +01:00
Valerio Setti
b302efc8d9 debug: replace ECDH_C symbol with key exchange one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
c2232eadfb tls: replace PK_CAN_ECDH guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
7aeec54094 tls: replace ECDH_C guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Dave Rodgman
602a0919f3
Merge pull request #7464 from yuhaoth/pr/Change-clock-source-to-bootime-for-ms-time 
Replace CLOCK_MONOTONIC with CLOCK_BOOTTIME for `mbedtls_ms_time` on linux
 2023-07-07 15:42:17 +01:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f 
Make use of FFDH keys in TLS 1.3 - follow-up
 2023-07-07 16:19:35 +02:00
Ronald Cron
8a74f07c2a tls13: server: Fix spurious HRR 
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:12 +02:00
Andrzej Kurek
c508dc29f6 Unify csr and crt san writing functions 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 09:05:30 -04:00
Gabor Mezei
f05ca737da
Update comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-07 12:59:22 +02:00
Andrzej Kurek
1c8ecbef64 Add support for x509 SAN RCF822 and DirectoryName for csr generation 
Unify the code with the x509 crt counterpart.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-07 05:12:52 -04:00
Manuel Pégourié-Gonnard
9967f11066
Merge pull request #7810 from valeriosetti/issue7771 
Define PSA_WANT_xxx_KEY_PAIR_yyy step 2/ECC
 2023-07-07 10:22:47 +02:00
Przemek Stekiel
46b2d2b643 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-07 09:34:17 +02:00
Agathiyan Bragadeesh
77b0d645f5 Add gitignore anchors to denote generated files 
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.

Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
 2023-07-06 17:58:18 +01:00
Manuel Pégourié-Gonnard
d55d66f5ec Fix missing includes 
Some files relied on psa_util.h to provide the includes they need.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:28 +02:00
Manuel Pégourié-Gonnard
abfe640864 Rationalize includes in psa_util 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:27 +02:00
Manuel Pégourié-Gonnard
b7e8939198 Move error functions to internal header 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:26 +02:00
Manuel Pégourié-Gonnard
a5a8f29d7e Move ECC and FFDH macros to internal header 
ECC macros used in the following files:

library/pk.c
library/pk_wrap.c
library/pkparse.c
library/pkwrite.c
library/ssl_misc.h
library/ssl_tls12_client.c

FFDH macro use only in library/ssl_misc.h so could possibly be moved
there, but it seems cleaner to keep it close to the ECC macros are they
are very similar in nature.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:45:54 +02:00
Manuel Pégourié-Gonnard
5c731b0afb Use consistent guards for deprecated feature 
Fixes an "unused static function" warning in builds with
DEPRECATED_REMOVED.

While at it, remove an include that's now useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
57fa72fdf8 Remove unused function in cipher.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
efcc1f21c8 Make cipher functions static in cipher.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Manuel Pégourié-Gonnard
2be8c63af7 Create psa_util_internal.h 
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Przemek Stekiel
408569f91a Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:44 +02:00
Przemek Stekiel
615cbcdbdf Provide additional comments for claryfication 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:39 +02:00
Yanray Wang
5adfdbdaed AES: fix mismatch comment in #endif 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-07-06 17:10:44 +08:00
Gabor Mezei
c97a407dba
Remove value assignment for enum entries 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-06 10:54:41 +02:00
Gabor Mezei
2a7bcaf8af
Use only MBEDTLS_ECP_WITH_MPI_UINT to switch between the ecp variants 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-06 10:37:51 +02:00
Tom Cosgrove
836aed7cf8
Merge pull request #6003 from gstrauss/x509_time 
mbedtls_x509_time performance and reduce memory use
 2023-07-06 09:28:14 +01:00
Dave Rodgman
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size 
Cipher wrap size improvement
 2023-07-05 15:45:48 +01:00
Gabor Mezei
1a729dcece
Fix comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-05 16:13:46 +02:00
Gabor Mezei
d6789f1e2e
Used preferred macro definition check 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-07-05 16:13:45 +02:00
David Horstmann
0f1dd57214 Use emptiness-checks rather than DEFINED checks 
For the MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE variables,
check that they are non-empty and defined. This means they can be
unconditionally created in the cache, simplifying the CMakeLists.txt

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:12:13 +01:00
David Horstmann
ae33ab85a5 Pass config file options to mbedtls_test(_helpers) 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:11:51 +01:00
David Horstmann
82f11ff6ac Pass MBEDTLS_CONFIG_FILE defines through cmake 
When -DMBEDTLS_CONFIG_FILE or -DMBEDTLS_USER_CONFIG_FILE are passed to
cmake, pass them through as compile definitions. This allows different
mbedtls configs to be passed at configure time without modifying any
cmake files.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 14:09:58 +01:00
David Horstmann
3ae1c4c0f7 Fix formatting of explanatory commented code 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 11:15:08 +01:00
David Horstmann
b1d27bcd69 Improve comment formatting 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 10:00:31 +01:00
David Horstmann
cdf5283dad Rename variables to more descriptive names 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-07-05 09:58:03 +01:00
Przemek Stekiel
e80bbf4dbf Fix function name after rebase 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 10:34:40 +02:00
Manuel Pégourié-Gonnard
db084d16ea
Merge pull request #7862 from ronald-cron-arm/improve-write-supported-group-ext 
Improve write supported group ext
 2023-07-05 09:55:33 +02:00
Przemek Stekiel
7ac93bea8c Adapt names: dh -> xxdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
d5f79e7297 Adapt functions names for ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6 Adapt handshake fields to ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:25:00 +02:00
Przemek Stekiel
e03ddbb497 Use valid size of peerkey buffer (EC vs FF) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:25:00 +02:00
Beniamin Sandu
aa4f621901 aesce: use correct target attribute when building with clang 
Seems clang has its own issues when it comes to crypto extensions,
and right now the best way to avoid them is to accurately enable
the needed instructions instead of the broad crypto feature.

E.g.: https://github.com/llvm/llvm-project/issues/61645

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
 2023-07-04 21:15:52 +03:00
Dave Rodgman
c8d81ad54d
Merge pull request #7784 from daverodgman/aesce-unroll 2023-07-04 18:41:13 +01:00
Tom Cosgrove
e939464eb7
Merge pull request #7829 from mpg/deduplicate-tls-hashing 
De-duplicate TLS hashing functions
 2023-07-04 16:06:00 +01:00
Tom Cosgrove
b7af7eac05
Merge pull request #7834 from beni-sandu/development 
aesce: do not specify an arch version when enabling crypto instructions
 2023-07-04 13:32:04 +01:00
Ronald Cron
1ffa450882 tls: client: Improve writing of supported_groups ext 
Align the TLS 1.3 specific and TLS 1.2 specific
tests done before to call
ssl_write_supported_groups_ext() and inside
thsi function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-04 12:16:25 +02:00
Kusumit Ghoderao
3fde8feaa9 FIx name of macro 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:02 +05:30
Kusumit Ghoderao
4536bb6f2b Change mac_size parameter in driver_mac_compute to output length 
See #7801 for reference

Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:01 +05:30
Kusumit Ghoderao
a2520a5b7e Add pbkdf2 cmac to key derivation output_bytes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
3d5edb8eef Add input password function for pbkdf2 cmac 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
2cd649684a Add pbkdf2_cmac to key derivation setup 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:17:00 +05:30
Kusumit Ghoderao
3ab146f99e Add builtin pbkdf2 cmac guard for all the pbkdf2 functions 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-07-04 15:16:59 +05:30
Manuel Pégourié-Gonnard
aaad2b6bfc Rename some local variables 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-04 11:35:16 +02:00
Manuel Pégourié-Gonnard
443589ac53
Merge pull request #7870 from valeriosetti/fix-tls13-guards 
tls13: fix guards for PSA error translating function
 2023-07-04 11:21:14 +02:00
Tom Cosgrove
9b20c6fcc1
Merge pull request #7840 from yanrayw/7381_aes_gen_table 
AES: use uint8_t for array of pow and log to save RAM usage
 2023-07-04 08:34:12 +01:00
Valerio Setti
dbd01cb677 tls13: fix guards for PSA error translating function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-04 09:18:52 +02:00
Dave Rodgman
9cf17dad9d
Merge pull request #7851 from daverodgman/fix-unused-aes 
Fix AES dependencies - build TF-M config cleanly
 2023-07-03 16:49:00 +01:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Manuel Pégourié-Gonnard
45e009aa97
Merge pull request #7814 from valeriosetti/issue7746 
PK: refactor wrappers in the USE_PSA case
 2023-07-03 09:32:31 +02:00
Valerio Setti
f7cd419ade pk: ignore opaque EC keys in pk_setup when they are not supported 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:11:29 +02:00
Valerio Setti
35d1dacd82 pk_wrap: fix: always clear buffer holding private key in eckey_check_pair_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 18:04:16 +02:00
Gabor Mezei
f4aab6f666
Add comments and remove unneeded defines 
For `check_names.py` it is enough to appear a macro definition in
a comment to validate it.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 16:54:55 +02:00
Valerio Setti
38913c16b0 pk_wrap: do not support opaque EC keys when !PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 16:18:33 +02:00
Tom Cosgrove
c4a760c538
Merge pull request #7849 from davidhorstmann-arm/fix-string-to-names-retcode 
Fix false success return code in `mbedtls_x509_string_to_names()`
 2023-06-30 14:28:29 +01:00
Dave Rodgman
a2c1a387e4
Merge pull request #7630 from daverodgman/prefer-intrinsics 
Prefer intrinsics over asm for AES-NI
 2023-06-30 11:39:38 +01:00
Gabor Mezei
c810707980
Add check for the ecp module variants 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 11:39:21 +02:00
Gabor Mezei
1df4c6435f
Enable build of the new ecp_new.c file 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 11:39:20 +02:00
Gabor Mezei
a306d20766
Clone the ecp.c file as ecp_new.c 
Add macro guard for each file defaults to enable the ecp.c file content.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-06-30 11:38:55 +02:00
Valerio Setti
27c501a10c lib/test: replace BASIC_IMPORT_EXPORT internal symbol with BASIC,IMPORT,EXPORT 
Also the python script for automatic test generation is fixed accordingly

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
86587abde4 psa: fix guards for EC key derivation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
dd24f29105 psa: fix wrong naming for ECC derive symbols in code 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
4c0174de2e psa: replace remaining ECC_KEY_PAIR_LEGACY symbols with proper ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
5dad7051b4 psa_crypto_ecp: fix wrong comment in #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:22 +02:00
Valerio Setti
2a63460248 psa: fix guards for EC key derivation 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti
6a9d0ee373 library/test: replace LEGACY symbol with BASIC_IMPORT_EXPORT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti
bfeaf5b4f6 library: replace ECC_KEY_PAIR_LEGACY with GENERATE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:16:21 +02:00
Valerio Setti
8ffdb5df7d library: replace ECC_KEY_PAIR_LEGACY with DERIVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-30 10:12:19 +02:00
Gilles Peskine
053022fe24 Reduce the size of mbedtls_mpi 
Reduce the size of mbedtls_mpi from 3 words to 2 on most architectures.

This also reduces the code size significantly in bignum.o and ecp_curves.o,
with negligible variations in other modules.

This removes the ability to set MBEDTLS_MPI_MAX_LIMBS to a value >=65536,
but we don't support customizing this value anyway (it's always 10000).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-29 19:33:44 +02:00
Valerio Setti
88a3aeed9f pk_wrap: use PK_HAVE_ECC_KEYS as guard for ecdsa_opaque_check_pair_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 15:01:10 +02:00
Valerio Setti
d9d74c285b pk_wrap: guard all ECDSA function with MBEDTLS_PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 15:00:02 +02:00
Valerio Setti
4d1daf8f8d pk_wrap: minor fixes for guards 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
97976e3e4c pk_wrap: always fill all the fields of the pk_info structures 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
76d0f9637c pk: uniform naming of functions and structures in pk/pk_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
884c1ec1f5 pk_wrap: share code for selecting the psa_alg in ECDSA sign 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:27 +02:00
Valerio Setti
574a00b576 pk_wrap: minor reorganization for opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
5c26b30d9e pk_wrap: add missing labels to #else and #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
bb7603a28f pk_wrap: optimize eckey_check_pair() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
f69514a7d8 pk_wrap: name all the fields of the pk_info structs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
e77307738d pk_wrap: add support for ECDSA verify for opaque keys 
This commit also add tests to verify the functionality

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
ed7d6af670 pk_wrap: optimize code for ECDSA verify 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Valerio Setti
4657f10bdb pk_wrap: optimize code for ECDSA sign 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-29 14:33:26 +02:00
Dave Rodgman
f032c9842d Improve #endif comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-29 12:09:27 +01:00
Dave Rodgman
afe85db42b Improve #endif comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-29 12:07:11 +01:00
Dave Rodgman
1be2463d76 Correct #endif comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-29 12:01:24 +01:00
Dave Rodgman
710e3c650f Correct comments on #endif's 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-29 12:00:14 +01:00
Dave Rodgman
9fbb0cf08e Merge remote-tracking branch 'origin/development' into safer-ct5 2023-06-28 18:52:02 +01:00
Paul Elliott
92a55bf5ea
Merge pull request #7793 from minosgalanakis/ecp/6025_fast_reduction_dispatch 
[Bignum] Fast reduction dispatch
 2023-06-28 17:38:37 +01:00
Dave Rodgman
ffabb7b7da Fix unused function warning in x509.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 16:22:50 +01:00
Janos Follath
c439c678e3
Merge pull request #7719 from davidhorstmann-arm/second-jpake-state-machine-rework 
Change J-PAKE internal state machine
 2023-06-28 08:59:23 +01:00
Przemek Stekiel
7dda271c1d Fix description of functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-28 09:16:08 +02:00
Tom Cosgrove
db041cc82f
Merge pull request #7665 from AndrzejKurek/optimize-error-translation-code-size 
Optimize error translation code size
 2023-06-28 08:09:00 +01:00
Dave Rodgman
2fd8c2c708 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 21:03:31 +01:00
Dave Rodgman
160088d769 Fix comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 20:41:51 +01:00
Dave Rodgman
ad4e76be57 More dependency fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 19:23:14 +01:00
Dave Rodgman
34152a48d4 Fix unused variable 
Fix when MBEDTLS_AES_SETKEY_ENC_ALT, MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ROM_TABLE set.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 19:23:09 +01:00
Dave Rodgman
15cd28a264 Fix unused variable if MBEDTLS_AES_SETKEY_ENC_ALT and MBEDTLS_AES_DECRYPT_ALT set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 19:23:06 +01:00
Dave Rodgman
28a539a549 Fix unused fn when MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_SETKEY_ENC_ALT set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 19:23:01 +01:00
Dave Rodgman
8c753f99cb Fix unused function when MBEDTLS_AES_SETKEY_ENC_ALT set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 19:22:56 +01:00
David Horstmann
8fd98d6e62 Return an error when no name is parsed 
When less than 1 RDN is successfully parsed in
mbedtls_x509_string_to_names(), return an error. Previously this
returned success when a string containing neither '=' or ',' was
supplied.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 15:31:40 +01:00
Dave Rodgman
28e2ca51a9 Docs improvement 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 15:25:38 +01:00
Dave Rodgman
9f4fd28eff
Merge pull request #7808 from daverodgman/fix-ct-compile-warning 
Fix for arm64_32 (aka ILP32) on Clang
 2023-06-27 15:23:14 +01:00
Minos Galanakis
c4e4958326 ecp_curves: Adjusted expected_width inputs to use BITS_TO_LIMBS macro. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-27 14:07:07 +01:00
Yanray Wang
fe944ce2d8 aes.c: use uint8_t for local x, y, z in aes_gen_tables to save RAM 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-06-27 18:18:06 +08:00
Yanray Wang
5c86b1775a aes.c: use uint8_t for array of pow and log to save RAM 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-06-27 18:18:06 +08:00
David Horstmann
246ec5a35e Replace unnecessary '>=' with '==' 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 10:33:06 +01:00
Dave Rodgman
8c5fae2610 Add explanatory comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 09:43:55 +01:00
Dave Rodgman
9e868be13a Fix clang warning from -Wasm-operand-widths 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-27 09:27:27 +01:00
Minos Galanakis
53a16b3fb5 bignum_mod_raw: Updated documentation for mpi_mod_raw_mul 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-26 20:06:36 +01:00
Przemek Stekiel
76669458af Adapt guards in ssl_write_client_hello_body 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-26 17:34:36 +02:00
Przemek Stekiel
98d79335d1 Update guards for supported groups 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-26 16:28:45 +02:00
Valerio Setti
8c3404f3e0 x509: update ECP_LIGHT dependencies to PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-26 15:49:48 +02:00
Minos Galanakis
8eb6104256 bignum_mod_raw: Fixed a documentation typo. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-26 10:03:19 +01:00
Minos Galanakis
c7408a432e bignum_mod_raw: Adjusted OPT_RED limb size requirements for mod_raw_mul(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-25 21:14:44 +01:00
Minos Galanakis
25d998b3b9 ecp_curves: Fixed modp pointers on mbedtls_ecp_modulus_setup. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-25 21:08:58 +01:00
Beniamin Sandu
471a975942 aesce: do not specify an arch version when enabling crypto instructions 
Building mbedtls with different aarch64 tuning variations revealed
that we should use the crypto extensions without forcing a particular
architecture version or core, as that can create issues.

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
 2023-06-25 21:10:53 +03:00
Dave Rodgman
25d77cb9a7 Drop not-used items from the base look-up table 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 22:58:51 +01:00
Dave Rodgman
d30eed4d55 More struct re-ordering 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 18:35:42 +01:00
Dave Rodgman
92cf6e52d3 Adjust stuct order for better packing / smaller accessor code size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 18:21:11 +01:00
Dave Rodgman
1b8a3b16c4 Add casts for enums in cipher.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 17:33:14 +01:00
Dave Rodgman
2e8f6aabc2 Fix direct use of cipher_info->type 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 17:32:18 +01:00
Dave Rodgman
ef2f3697ec Fix direct reference to cipher_info->key_bitlen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 17:31:08 +01:00
Dave Rodgman
e59b9d44b1 Fix some compiler type warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 16:53:13 +01:00
Dave Rodgman
77049b8b6c Dependency fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 14:39:47 +01:00
Dave Rodgman
85a88133aa Use fewer bits for block_size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 13:37:28 +01:00
Dave Rodgman
3b46b77cf1 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 13:37:28 +01:00
Dave Rodgman
de3de773e6 Use look-up table for base 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 12:59:31 +01:00
Dave Rodgman
0ffb68ee3f Use fewer bits for iv_size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 12:59:31 +01:00
Dave Rodgman
bb521fdbc9 Don't directly access iv_size 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 12:59:31 +01:00
Dave Rodgman
6c6c84212e Use fewer bits for key_bitlen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 11:14:34 +01:00
Dave Rodgman
9282d4f13a Don't directly access key_bitlen 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 11:07:40 +01:00
Dave Rodgman
3319ae9679 Re-order mbedtls_cipher_info_t 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-24 10:55:04 +01:00
Manuel Pégourié-Gonnard
de33278e43 Unify ssl_calc_finished_tls_sha{256,384} 
Saves about 50-60 bytes on m0+ depending on whether USE_PSA is set.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-24 10:13:41 +02:00
Manuel Pégourié-Gonnard
74970664a9 Unify ssl_calc_verify_sha{256,384} 
Saves about 40 bytes of code size on m0plus with baremetal_size.

Note: the debug messages are change to no longer include the hash name.
That's not a problem as we already know which alg is used from previous
output, and we can also know it form the size of the printed buffer.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-24 09:43:26 +02:00
Dave Rodgman
4e5c63d652
Improve documentation in bn_mul.h 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-23 15:17:37 +01:00
Minos Galanakis
7b1093240c bignum_mod_raw: Updated documentation for mbedtls_mpi_mod_raw_mul 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-22 16:52:20 +01:00
Minos Galanakis
2ed8fb7e4f ecp_mod_raw: Enabled fast reduction. 
This patch modifies `mbedtls_mpi_mod_raw_mul`
to utilise fast-reduction when available.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-22 16:35:30 +01:00
Paul Elliott
3048c8c906
Merge pull request #7725 from minosgalanakis/ecp/7268_add_optimised_reduction_setup_3 
[Bignum] Add optimised reduction setup
 2023-06-22 16:30:39 +01:00
David Horstmann
57727cd3fc Explain the sequence of mbedtls_psa_pake_ calls 
Add a comment showing the order in which the mbedtls_psa_pake_xyz()
functions may be called.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
88d25f0075 Remove unnecessary checks in psa_jpake_prologue() 
These checks are not needed as long as the state is intact.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
e5b374adaf Remove comment explaining the state machine 
The explanation of the dispatch layer's state machine should not be in
the file containing the software implementation and a better
understanding can be had by reading the dispatch layer's code.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
74a3d8c99c Simplify logic of driver step conversion 
Take advantage of the contiguous nature of XYZ_KEY_SHARE, XYZ_ZK_PUBLIC
and XYZ_ZK_PROOF to simplify the conversion code.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
5d878f6c5f Tweak wording for clarity 
"inputs this round" -> "inputs for this round"

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
1b54faed67 Remove unnecessary initialization of state 
The psa_jpake_computation_stage_t is already initialized in
psa_pake_setup(), so does not need initializing again in
psa_pake_complete_inputs().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
16f0151887 Use memset for initialization 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
024e5c5f2e Rename struct member mode to io_mode 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
00ad6bfabe Rename function_mode to io_mode 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
5da9560178 Properly namespace enum values within PSA_JPAKE_ 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
David Horstmann
e7f21e65b6 Change J-PAKE internal state machine 
Keep track of the J-PAKE internal state in a more intuitive way.
Specifically, replace the current state with a struct of 5 fields:

* The round of J-PAKE we are currently in, FIRST or SECOND
* The 'mode' we are currently working in, INPUT or OUTPUT
* The number of inputs so far this round
* The number of outputs so far this round
* The PAKE step we are expecting, KEY_SHARE, ZK_PUBLIC or ZK_PROOF

This should improve the readability of the state-transformation code.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-22 15:22:35 +01:00
Manuel Pégourié-Gonnard
e25c43bd66
Merge pull request #7791 from valeriosetti/issue7406 
driver-only ECC: TLS: avoid use of mbedtls_ecp_write_key() (with USE_PSA)
 2023-06-22 11:13:44 +02:00
Minos Galanakis
2a03fd3b7b bignum_mod: Added a typedef for OPT_RED function pointer. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-22 09:14:28 +01:00
Manuel Pégourié-Gonnard
2fb9d00f6d
Merge pull request #7682 from valeriosetti/issue7453 
driver-only ECC: ECPf.PK testing
 2023-06-22 09:45:57 +02:00
Valerio Setti
6835b4a6ed tls: always zeroize buffer on exit 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-22 09:06:31 +02:00
Valerio Setti
3589a4c644 tls: keep buffer declaration in a single line 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-22 09:02:44 +02:00
Dave Rodgman
e6c9996d04 Work around updating pointers from ILP32 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 21:16:23 +01:00
Dave Rodgman
5b5dd011d1 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 16:36:47 +01:00
Dave Rodgman
b5b6939fc2 Remove redundant checks in constant_time.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 16:36:42 +01:00
Dave Rodgman
0400ae2f9b Fix pointer constraint in bn_mul.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 16:31:52 +01:00
Dave Rodgman
c54f25e26c code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 13:39:30 +01:00
Dave Rodgman
63e89b46f8 Use UINTPTR_MAX not SIZE_MAX 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 11:58:54 +01:00
Dave Rodgman
85842b8edb Be strict about pointer size in mbedtls_get_unaligned_volatile_uint32 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 11:22:09 +01:00
Manuel Pégourié-Gonnard
a36ef6b410 Omit block_size when MD_C is not enabled 
It's only used by our HMAC implementation

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-21 12:02:07 +02:00
Bence Szépkúti
f2154a6e10
Merge pull request #7686 from DemiMarie/do-while 
Add a do-while loop around macros.
 2023-06-21 11:31:41 +02:00
Dave Rodgman
b67db9140e Separate ILP32 and normal-aarch64 code paths 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 09:15:27 +01:00
Manuel Pégourié-Gonnard
9e97e6daed Remove useless extern declarations and includes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-21 09:45:36 +02:00
Dave Rodgman
c882adf0ca Docs improvement 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 07:37:56 +01:00
Dave Rodgman
04cb9ac59e Fix for arm64_32 (aka ILP32) on Clang (attempt 2) 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-21 07:32:22 +01:00
Dave Rodgman
b19f584f2c Fix for arm64_32 (aka ILP32) on Clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-20 23:01:43 +01:00
Gilles Peskine
a3a0025e18
Merge pull request #7806 from paul-elliott-arm/fix_32bit_builds 
[Bignum] Fix 32 bit unreachable code build failure
 2023-06-20 22:13:06 +02:00
Gilles Peskine
5faccf038b
Merge pull request #7805 from paul-elliott-arm/fix_retval 
Pacify clang15 warnings about empty \retval
 2023-06-20 22:12:51 +02:00
Paul Elliott
215ed131cf Fix 32 bit unreachable code build failure 
Given the size of ciL is set dependant on MBEDTLS_HAVE_INT32 /
MBEDTLS_HAVE_INT64, clang rightfully reports this as unreachable code in
32 bit builds. Fix this by using #define guards instead.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-20 17:55:15 +01:00
Paul Elliott
458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips 
Use better IP parsing in x509 apps
 2023-06-20 17:21:04 +01:00
Demi Marie Obenour
690b8c9ca7 Add a do-while loop around macros 
This is good practice in C.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-06-20 11:48:04 -04:00
Dave Rodgman
b70ea9fb64 Merge remote-tracking branch 'origin/development' into safer-ct5 2023-06-20 16:12:00 +01:00
Paul Elliott
24f4b73ee5 Pacify clang15 warnings about empty /retval 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-20 15:51:46 +01:00
Manuel Pégourié-Gonnard
ee7a758b85 MD: isolate strings to separate table 
In the long term, we don't really want those strings in the library.
Start with isolating them in a separate table rather than having them in
the main md_info structure.

This way, the table can easily be garbage-collected by the linker if
none of the two functions using it are called.

Also, simplify the implementation of mbedtls_md_info_from_string().

This saves 151 bytes with MD_C, and 141 with MD_LIGHT only.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-20 12:12:22 +02:00
Valerio Setti
e1651360c0 pkwrite: fix wrong guard position for pk_get_opaque_ec_family() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti
a9aab1a85b pk/psa: use PSA guard for mbedtls_ecc_group_to_psa() and mbedtls_ecc_group_of_psa() 
This allows also to:
- removing the dependency on ECP_C for these functions and only rely
  on PSA symbols
- removing extra header inclusing from crypto_extra.h
- return MBEDTLS_PK_USE_PSA_EC_DATA and MBEDTLS_PK_HAVE_ECC_KEYS to
  their original position in pk.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti
bc2b1d3288 psa: move mbedtls_ecc_group_to_psa() from inline function to standard one 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti
30fdc03819 pk: remove useless internal function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Valerio Setti
81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Marek Jansta
8bde649c0b Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-06-19 12:49:27 +02:00
Dave Rodgman
086e137dc4 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 20:21:39 +01:00
Dave Rodgman
96a9e6a9dd Address test review comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 20:18:36 +01:00
Dave Rodgman
e1dd6e9e8f Merge remote-tracking branch 'origin/development' into prefer-intrinsics 2023-06-16 17:46:16 +01:00
Dave Rodgman
4ad81ccdae Only force O2 when hw acceleration available 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 15:04:04 +01:00
Valerio Setti
addeee4531 mbedtls_config: add new MBEDTLS_PK_PARSE_EC_COMPRESSED symbol 
This includes also:
- auto enabling ECP_LIGHT when MBEDTLS_PK_PARSE_EC_COMPRESSED is
  defined
- replacing ECP_LIGHT guards with PK_PARSE_EC_COMPRESSED in pkparse
- disabling PK_PARSE_EC_COMPRESSED in tests with accelarated EC curves
  (it get disabled also in the reference components because we want
  to achieve test parity)
- remove skipped checks in analyze_outcomes.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 16:03:46 +02:00
Gilles Peskine
5760bf77c7
Merge pull request #7641 from valeriosetti/issue7614 
Define PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy (step 1)
 2023-06-16 16:00:17 +02:00
Dave Rodgman
b2814bd089 Only enable gcc -Os fix if we have AES hw support 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 14:50:33 +01:00
Dave Rodgman
73b0c0b051 Improve comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 14:48:14 +01:00
Przemek Stekiel
f595c5b69a Use valid guard for filling group list with EC groups 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-16 15:45:37 +02:00
Dave Rodgman
bd1add94c0 Respect -Os for everything except XTS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-16 13:50:14 +01:00
Minos Galanakis
de87461c23 ecp_curves: Updated the optimised reduction function pointer. 
This patch modifies the `mbedtls_mpi_opt_red_struct` to use an
mpi_uint * pointer and size_t limps arguments.

The methods interacting with this pointer have been updated
accordingly:

- mbedtls_mpi_mod_optred_modulus_setup
- mbedtls_ecp_modulus_setup

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis
5c238d80cd bignum_mod: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis
65210952ec ecp_curves: Updated mbedtls_ecp_modulus_setup to use optimised reduction. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis
1d3e332986 ecp_curves: Updated input argument for mbedtls_ecp_modulus_setup. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis
be1bf15f76 bignum_mod: Updated optred_modulus_setup to use function input. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00
Minos Galanakis
c6e68ed85d bignum_mod: Added mbedtls_mpi_opt_red_struct structure. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-06-16 13:48:47 +01:00