6154 Commits

Author SHA1 Message Date
Gilles Peskine
f45a5a0ddd
Merge pull request from silabs-Kusumit/PBKDF2_output_bytes
PBKDF2: Output bytes
2023-06-16 10:08:02 +02:00
Gilles Peskine
637c049349 Move mbedtls_ecp_modulus_type out of the public headers
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests

Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 19:07:41 +02:00
Przemek Stekiel
ce05f54283 Properly disable ECDH in only (psk) ephemeral ffdh key exchange components
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 16:44:08 +02:00
Andrzej Kurek
c6beb3a741 Rename NUL to null in x509 IP parsing description
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-15 09:54:37 -04:00
Tom Cosgrove
6edf8b8c7b
Merge pull request from yanrayw/7376_aes_128bit_only
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Yanray Wang
55ef22c2cb mbedtls_config.h: add description for CTR_DRBG about AES-128 only
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-15 10:05:27 +08:00
Przemek Stekiel
7d42c0d0e5 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Przemek Stekiel
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Dave Rodgman
f956312174 Fix typo in MBEDTLS_MD_CAN macros
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-11 16:04:29 +01:00
Glenn Strauss
61d99304da mbedtls_x509_time_gmtime() to fill struct w/ time
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-06-09 17:01:03 +01:00
Glenn Strauss
416dc03467 mbedtls_x509_time_cmp() compare mbedtls_x509_time
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-06-09 17:01:03 +01:00
Dave Rodgman
0442e1b561 Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 16:03:33 +01:00
Manuel Pégourié-Gonnard
1f6d2e352d Simplify implementation of MD<->PSA translation
Also, add tests and comments due from previous commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 12:09:20 +02:00
Manuel Pégourié-Gonnard
9b76318138 Change values of md_type enum
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 11:48:53 +02:00
Dave Rodgman
9304186ae9 Restore accidentally removed comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 10:13:22 +01:00
Dave Rodgman
ff45d44c02 Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 10:11:34 +01:00
Dave Rodgman
b61cd1042a Correct minor merge mistakes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 18:14:45 +01:00
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Dave Rodgman
f9d8f4cd68 Remove reference to SHAKE
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:29 +01:00
Dave Rodgman
a35551ef01 Use MBEDTLS_PRIVATE
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:19 +01:00
Dave Rodgman
cf4d2bdc09 Spell as SHA-3 not SHA3
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:09 +01:00
Dave Rodgman
c3048b3eea Tidy-up definition of mbedtls_sha3_context
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
9d7fa93e6c move mbedtls_sha3_family_functions out of public interface
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
e627bef2f8 Use faster type for state index
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
1789d84282 remove not-needed fields from SHA-3 context
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Andrzej Kurek
5d9aeba899 Fix param documentation for mbedtls_x509_crt_parse_cn_inet_pton
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85 Use better IP parsing in x509 programs
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:50:05 -04:00
Gilles Peskine
13230a4ad3
Merge pull request from mpg/rm-hash-info
Remove `hash_info` module
2023-06-06 21:05:13 +02:00
Gilles Peskine
d598eaf212
Merge pull request from davidhorstmann-arm/parse-oid-from-string
Parse an OID from a string
2023-06-06 20:57:17 +02:00
Przemek Stekiel
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
Przemek Stekiel
e7db09bede Move FFDH helper functions and macros to more suitable locations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
cceb933e30 Add FFDH definitions and translation functions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:07 +02:00
Kusumit Ghoderao
85e6bdb7ad Add additional members to pbkdf2 struct
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-06 15:05:39 +05:30
Manuel Pégourié-Gonnard
c9d9829533 Add comment on macros that should be kept in sync
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
f76c2208f6 Remove mbedtls_psa_translate_md().
The header clearly states all functions here are internal, so we're free
to remove them at any time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
45b34517fb Keep MD and PSA max size in sync
Some TLS code is using MD_MAX_SIZE in parts that are common to USE_PSA
and non-USE_PSA, then using PSA_HASH_MAX_SIZE in parts specific to
USE_PSA, and having different values causes trouble.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
725d2e24aa Fix guard for PSA->MD error conversion
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1c32e37b0c Formally deprecate mbedtls_psa_translate_md()
The previous informal comment was not enough to prevent it from being
used in several places in the library. This should have more effect,
considering with have builds with DEPRECATED_REMOVED.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
6076f4124a Remove hash_info.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
2d6d993662 Use MD<->PSA functions from MD light
As usual, just a search-and-replace plus:

1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
9b41eb8533 Replace hash_info_get_type with MD function
Mostly a search and replace with just two manual changes:

1. Now PK and TLS need MD light, so auto-enable it.
2. Remove the old function in hash_info.[ch]

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1ef26e285e Add convenience inline function to md.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Gilles Peskine
5c3d6e277c
Merge pull request from AndrzejKurek/URI-SAN-verification
Add partial support for URI SubjectAltNames verification
2023-06-05 16:46:47 +02:00
Gilles Peskine
975d9c0faf
Merge pull request from AndrzejKurek/misc-subjectaltname-fixes
Miscellaneous fixes for SubjectAltName code / docs
2023-06-05 15:38:53 +02:00
Gilles Peskine
84b547b5ee
Merge pull request from AndrzejKurek/cert-write-sans
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00
Manuel Pégourié-Gonnard
f37b94b5bf
Merge pull request from valeriosetti/issue7484
PK: add support for private key writing with "opaque" EC keys
2023-06-05 10:53:53 +02:00
Tom Cosgrove
32b06f50df
Merge pull request from yanrayw/7360-code-size-tfm-medium
code size measurement support for tfm-medium
2023-06-02 13:25:26 +01:00
Andrzej Kurek
1747304a7a Update the descriptions of SANs
All of them are listed, so the previous description was wrong.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-01 18:20:24 +01:00
David Horstmann
bf95e9a058 Reword description and change NUL to null
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:33:15 +01:00
David Horstmann
017139751a Change behaviour away from NUL-terminated strings
Instead, require the length of the string to be passed. This is more
useful for our use-case, as it is likely we will parse OIDs from the
middle of strings.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:04:20 +01:00