Ideally this and other pk functions would work with
MBEDTLS_PSA_CRYPTO_CLIENT (i.e. whether PSA API functions are implemented
locally or via client-server communication). However, at the moment, some
helper functions are missing when MBEDTLS_PSA_CRYPTO_C is disabled, at least
mbedtls_ecc_group_to_psa(). For the time being, don't provide
mbedtls_pk_get_psa_attributes() when MBEDTLS_PSA_CRYPTO_C is disabled. We
can improve later, looking generally at a group of functions to generalize,
not mixed with delivering new APIs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is mandatory to have support for the error codes defined
in the asn1write.h header file.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Putting the id at the of the psa_key_attributes_s structure allows
for a more efficient marshalling of the parameters around a transport
channel which provides separation between a client view and a service
view of the key parameters.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Any timing variance dependant on the output of this function enables a
Bleichenbacher attack. It is extremely difficult to use safely.
In the Marvin attack paper
(https://people.redhat.com/~hkario/marvin/marvin-attack-paper.pdf) the
author suggests that implementations of PKCS 1.5 decryption that don't
include a countermeasure should be considered inherently dangerous.
They suggest that all libraries implement the same countermeasure, as
implementing different countermeasures across libraries enables the
Bleichenbacher attack as well.
This is extremely fragile and therefore we don't implement it. The use
of PKCS 1.5 in Mbed TLS implements the countermeasures recommended in
the TLS standard (7.4.7.1 of RFC 5246) and is not vulnerable.
Add a warning to PKCS 1.5 decryption to warn users about this.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The initializatio macros need to be updated to support the case
where the crypto client view of the structures is being initialized
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
In case MBEDTLS_PSA_CRYPTO_CLIENT is defined and MBEDTLS_PSA_CRYPTO_C
is not, a client view of the multipart operation contexts is provided
through an handle object that allows mapping to the corresponding
service side data structures.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Make this a global mutex so that we don't have to init and free it.
Also rename the mutex to follow the convention
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Take into account that the lifetime of
tickets can be changed through the
mbedtls_ssl_ticket_rotate() API.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Disable ticket module if either the TLS
server or the support for session tickets
is not enabled at build time as in that
case the ticket module is not used by the
TLS library.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The new name better reflects the fact that the 1st parameter
is just the EC family and not the curve.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
