Commit Graph

6707 Commits

Author SHA1 Message Date
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
Valerio Setti
affba30833 psa_util: update documentation for mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 15:03:33 +01:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
Gilles Peskine
8bdd8cdc4f
Merge pull request #8729 from adeaarm/crypto_struct_client_view
Add a client view of the multipart contexts
2024-02-06 17:29:55 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
Dave Rodgman
91d5fde944
Merge pull request #8745 from adeaarm/trail_key_id_field
Put the id field at the end of the psa_key_attributes_s structure
2024-02-06 15:55:56 +00:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
This reverts commit d4fc5d9d1c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Valerio Setti
c213a2e1e5 adjust_legacy_from_psa: use groups instead of curves for DH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 10:49:14 +01:00
Gilles Peskine
8a85673a39 Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage 2024-02-06 10:14:17 +01:00
Valerio Setti
d4fc5d9d1c psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.

Note = trying to impose a strict sizing on the raw buffer causes
       several failures in test suites. This suggests that it is
       quite common to use larger buffer to store raw signatures.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:42:42 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
Valerio Setti
8334d00772 psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:35:26 +01:00
Valerio Setti
e01a2b03c6 psa_util: update documentation for mbedtls_ecdsa_der_to_raw()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:16:36 +01:00
Valerio Setti
954ef4bbd5 psa_util: improve convert_raw_to_der_single_int()
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 12:06:46 +01:00
Antonio de Angelis
6932e29057 Correct the ENCODES_OWNER macro name in comment
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-05 09:49:45 +00:00
Valerio Setti
315e4afc0a psa_util: change parameters order in ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 10:09:15 +01:00
Valerio Setti
8645197937 psa_util: fix documentation of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 09:50:20 +01:00
Jerry Yu
4caf3ca08c tls13: srv: Add discard_early_data_record SSL field
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Antonio de Angelis
4380a33bd3 Add a client view layout for interruptible hash and pake
Add a client view layout (and update related initializers)
for PSA sign/verify hash interruptible operation struct and
PAKE operation struct

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-02 14:21:27 +00:00
Antonio de Angelis
6fb1be6cb1 Add comments in psa/crypto_struct.h for id layout
Make sure the layout of psa_key_attributes_s is commented
enough so that it does not accidentally get reorganized
by mistake in the future.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2024-02-02 14:05:34 +00:00
Gilles Peskine
cb3b4cae0a Fix handling of ECC public keys under MBEDTLS_PK_USE_PSA_EC_DATA
The test code to construct test keys and the implementation had matching
errors: both assumed that there was a PSA public key object. Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-02 13:22:23 +01:00
Gilles Peskine
793920c1ff mbedtls_pk_get_psa_attributes: opaque: require specified usage
In the MBEDTLS_PK_OPAQUE, have mbedtls_pk_get_psa_attributes() require the
specified usage to be enabled for the specified key. Otherwise the following
call to mbedtls_pk_import_into_psa() is unlikely to result in a key with a
useful policy, so the call to mbedtls_pk_get_psa_attributes() was probably
an error.

Adjust the existing test cases accordingly and add a few negative test
cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 21:31:27 +01:00
Gilles Peskine
e208b25b79 Minor documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-01 20:42:21 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6 tls13: early data: Improve, add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
Ronald Cron
ed7d4bfda5 tls13: srv: Simplify mbedtls_ssl_read_early_data() API
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
44d70a5f23 tls13: early data: Improve documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
2c4308958d ssl.h: Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7d21cded3f ssl.h: Simplify guard
MBEDTLS_SSL_EARLY_DATA implies
MBEDTLS_SSL_PROTO_TLS1_3 thus
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA
is equivalent to MBEDTLS_SSL_EARLY_DATA.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:48 +01:00
Ronald Cron
3a04562ace Update mbedtls_ssl_read_early_data() definition
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
032985c351 Add MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA error code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
149b0e7ca2 ssl.h: Fix comment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Valerio Setti
a45a399a6b lib: remove NULL pointer checks performed with MBEDTLS_INTERNAL_VALIDATE[_RET]
Symbols defined starting from MBEDTLS_INTERNAL_VALIDATE[_RET]
are removed as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 12:00:15 +01:00
Valerio Setti
cc0fd47531 platform_util: remove declarations of MBEDTLS_INTERNAL_VALIDATE[_RET]()
These macros end up as being always "empty", so they
can be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-29 10:19:52 +01:00
Valerio Setti
0a6acf8db4 adjust_legacy_from_psa: use EC pattern for enabling builtin elements of DH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:09 +01:00
Valerio Setti
c22bb7a0a4 adjust_legacy_from_psa: optimize legacy enablement also for EC key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 17:58:06 +01:00
Valerio Setti
bcf0fc5119 adjust_legacy_crypto: add parenthesis to improve clarity
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 14:53:28 +01:00
Valerio Setti
48e4167ced adjust_legacy_from_psa: improve pattern for enabling internal symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-26 10:34:32 +01:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc
Mbedtls 3.5.2rc
2024-01-25 12:22:54 +00:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen
Improve codegen of unaligned access for IAR and gcc
2024-01-25 08:31:45 +00:00
Gilles Peskine
9cd2e9ad1b mbedtls_pk_get_psa_attributes: require MBEDTLS_PSA_CRYPTO_C
Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-24 22:10:50 +01:00
Valerio Setti
688f795cb3 asn1: use the new symbol to guard dependencies of ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00
Valerio Setti
f4d2dc2d77 psa_util: guard ECDSA conversion functions with proper (internal) symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-24 16:26:35 +01:00