mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-28 18:32:56 +00:00

Author	SHA1	Message	Date
Raef Coles	285d44b180	Capitalize "Merkle" in LMS and LMOTS code As it is a proper noun Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:43 +01:00
Raef Coles	9b0daf60fb	Improve LMS private function warning Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:38 +01:00
Raef Coles	370cc43630	Make LMS public key export part of public key api Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:28 +01:00
Raef Coles	be3bdd8240	Rename LMS and LMOTS init/free functions To match convention Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:18 +01:00
Raef Coles	2ac352a322	Make LMS functions args const where required Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:14 +01:00
Raef Coles	f6ddd51bfd	Sanitize LMS and LMOTS macros Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:13 +01:00
Raef Coles	5127e859d7	Update LMS and LMOTS dependency macros Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:11 +01:00
Raef Coles	56fe20a473	Move MBEDTLS_PRIVATE required defines into lms.h From lmots.h, as it is a private header Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:10 +01:00
Raef Coles	ab300f15e8	Move public header content from lmots.h to lms.h Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:08 +01:00
Raef Coles	403558c1c9	Fix LMS function documentation Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:57 +01:00
Raef Coles	9b88ee5d5d	Fix LMS and LMOTS coding style violations Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:40 +01:00
Raef Coles	366d67d9af	Shorted LMS and LMOTS line-lengths To attempt to comply with the 80-char suggestion Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:38 +01:00
Raef Coles	e9479a0264	Update LMS API to support multiple parameter sets Parameterise macros to allow variation of sizes Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:36 +01:00
Raef Coles	ab4f87413a	Add MBEDTLS_LMS_PRIVATE define To enable private key operations Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:35 +01:00
Raef Coles	01c71a17b3	Update LMS and LMOTS api Fix function names and parameters. Move macros to be more private. Update implementation. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:25 +01:00
Raef Coles	c8f9604d7b	Use PSA hashing for LMS and LMOTS Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:23 +01:00
Raef Coles	7dce69a27a	Make LMOTS a private api Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:22 +01:00
Raef Coles	2ad6e611f0	Update LMS/LMOTS documentation Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:20 +01:00
Raef Coles	0aa18e041f	Note that LMS sign function is for testing only Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:18 +01:00
Raef Coles	c464746d45	Document LMS and LMOTS contexts And add some comments about the source of their type IDs Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:17 +01:00
Raef Coles	8ff6df538c	Add LMS implementation Also an LM-OTS implementation as one is required for LMS. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:15 +01:00
Gilles Peskine	0fe6631486	Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 Include platform.h unconditionally	2022-10-13 10:19:22 +02:00
Dave Rodgman	b319684bca	Additional updates to docs links Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-12 16:47:08 +01:00
Xiaokang Qian	baa4764d77	Fix typo issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	ed3afcd6c3	Fix various typo and macro guards issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	03409290d2	Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	2f9efd3038	Address comments base on review Change function name to ssl_session_set_hostname() Remove hostname_len Change hostname to c_string Update test cases to multi session tickets Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:49 +00:00
Xiaokang Qian	bc663a0461	Refine code based on commnets Change code layout Change hostname_len type to size_t Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:01 +00:00
Xiaokang Qian	adf84a4a8c	Remove public api mbedtls_ssl_reset_hostname() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:05:11 +00:00
Xiaokang Qian	281fd1bdd8	Add server name check when proposeing pre-share key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:41 +00:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Ronald Cron	78317c832b	Merge pull request #6327 from yuhaoth/pr/tls13-psk-after-session-tickets TLS 1.3: PSK and NewSessionTicket: Add support for sending PSK and Ticket together.	2022-10-12 12:39:51 +02:00
Gilles Peskine	fcee740b83	Automatically enable PK_PARSE for RSA in PSA PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost anything with them (import, get attributes, export public from private, any cryptographic operations). Force it on, for symmetry with what we're doing for MBEDTLS_PK_WRITE_C. Fixes #6409. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 21:15:24 +02:00
Gilles Peskine	fd94304f9d	PSA RSA needs pk_write The PSA crypto code needs mbedtls_pk_write_key_der() and mbedtls_pk_write_pubkey() when using RSA without drivers. We were already forcing MBEDTLS_PK_WRITE_C when MBEDTLS_USE_PSA_CRYPTO is enabled. Do so also when MBEDTLS_PSA_CRYPTO_C is enabled as well as MBEDTLS_RSA_C, even without MBEDTLS_USE_PSA_CRYPTO. Fixes #6408. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-11 21:09:12 +02:00
Przemek Stekiel	d61a4d3d1a	Fix missing guard and double-space Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-11 09:40:40 +02:00
Przemek Stekiel	52a428b824	Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 11:23:18 +02:00
Jerry Yu	8897c07075	Add server only guards for psk callback Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jan Bruckner	b33f6e5ee2	Fix typo Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2022-10-06 11:23:49 +02:00
Manuel Pégourié-Gonnard	79617d99ae	Fix namespacing issue This macro is specific to the Mbed TLS implementation and not part of the public API, so it shouldn't used the PSA_ namespace. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard	ec7012dbc7	Fix I/O format of PSA EC J-PAKE for compliance The format used by the mbedtls_ecjpake_xxx() APIs and that defined by the PSA Crypto PAKE extension are quite different; the former is tailored to the needs of TLS while the later is quite generic and plain. Previously we only addressed some part of this impedance mismatch: the different number of I/O rounds, but failed to address the part where the legacy API adds some extras (length bytes, ECParameters) that shouldn't be present in the PSA Crypto version. See comments in the code. Add some length testing as well; would have caught the issue. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:52:48 +02:00
Przemek Stekiel	0957e7bfc5	Rmove MBEDTLS_NIST_KW_C dependency from MBEDTLS_SSL_TICKET_C Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-03 11:39:02 +02:00
Przemek Stekiel	460192ee19	Fix and sync configuration file and configuration verifiation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-03 08:55:29 +02:00
Przemek Stekiel	ce5b68c7a3	Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions" This reverts commit a82290b7271a3cd489e62a0f98d24622dbbf4bbe. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 15:29:18 +02:00
Manuel Pégourié-Gonnard	f3f9e450b6	Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 Ad-hoc KDF for EC J-PAKE in TLS 1.2	2022-09-28 09:47:32 +02:00
Przemek Stekiel	e31ba83675	Use basic symbols instead MBEDTLS_CIPHER_MODE_AEAD in check config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 09:44:58 +02:00
Przemek Stekiel	d582a01073	Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-28 07:59:01 +02:00
Przemek Stekiel	a82290b727	Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C flags - make it consistent. As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available). Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD \|\| MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Andrzej Kurek	e09aff8f5a	Add information about ECJPAKE_TO_PMS output size expectations Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:59:31 -04:00
Andrzej Kurek	96b9f23853	Adjust ECJPAKE_TO_PMS macro value This way the low 8 bits of the identifier indicate that this algorithm is used with SHA-256. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:30:46 -04:00
Paul Elliott	2c282c9bd0	Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.	2022-09-23 15:48:33 +01:00

1 2 3 4 5 ...

5485 Commits