mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-12 03:40:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,854 Commits 170 Branches 263 Tags
Commit Graph

6806 Commits

Author SHA1 Message Date
Gilles Peskine
6e2069661e Note unusual curve size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-03 20:59:03 +01:00
Gilles Peskine
2a22dac694 Fix typo in curve name 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-03 20:58:55 +01:00
Gilles Peskine
39b7bba8a0 Make input parameter const 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-02 17:56:54 +01:00
Dave Rodgman
1cc90a1003
Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910 
Fixes redundant declarations for psa_set_key_domain_parameters
 2024-01-02 16:34:40 +00:00
Valerio Setti
6315441be7 adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling 
CCM/GCM can be either fully accelerated or rely on just the key type
being accelerated. This means that ultimately it is just the key
type which determines if the legacy block cipher modes need to
be auto-enabled or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 17:21:01 +01:00
Valerio Setti
3d2e0f5f42 psa_util: add algorithm's availability checks for MD conversion functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 14:57:47 +01:00
Valerio Setti
45c3cae8a5 md: move PSA conversion functions from md_psa.h to psa_util.h 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 13:26:04 +01:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C 
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 16:35:58 +01:00
Valerio Setti
1994e72e18 check_config/block_cipher: minor improvements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:04 +01:00
Valerio Setti
e98ad5931a mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 10:42:12 +01:00
Benson Liou
6d0a093582 use mbedtls_ssl_session_init() to init session variable 
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
 2023-12-27 22:03:24 +08:00
Gilles Peskine
62e33bcc64 New function mbedtls_ecp_write_public_key 
Directly export the public part of a key pair without having to go through
intermediate objects (using mbedtls_ecp_point_write_binary would require a
group object and a point object).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-24 15:23:19 +01:00
Gilles Peskine
ad5e437c8e mbedtls_ecp_read_key: explain how to set the public key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-24 15:23:19 +01:00
Gilles Peskine
7ea72026cd New function mbedtls_ecp_keypair_calc_public 
For when you calculate or import a private key, and then need to calculate
the public key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
28240323d3 New function mbedtls_ecp_set_public_key 
Set the public key in a key pair. This complements mbedtls_ecp_read_key and
the functions can be used in either order.

Document the need to call check functions separately.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
091a85a762 Promise mbedtls_ecp_read_key doesn't overwrite the public key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
ba5b5d67aa Support partial export from mbedtls_ecp_keypair 
Sometimes you don't need to have all the parts of a key pair object. Relax
the behavior of mbedtls_ecp_keypair so that you can extract just the parts
that you need.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Gilles Peskine
e6886102ef New function mbedtls_ecp_keypair_get_group_id 
Add a simple function to get the group id from a key object.

This information is available via mbedtls_ecp_export, but that function
consumes a lot of memory, which is a waste if all you need is to identify
the curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-22 21:30:03 +01:00
Valerio Setti
6d3a68162c check_config: remove CIPHER_C requirement for PKCS[5/12] 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:40:03 +01:00
Valerio Setti
a69e872001 pkcs[5/12]: add CIPHER_C for [en/de]crypting functions 
This commit also updates corresponding test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:39:04 +01:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Tomi Fontanilles
851d8df58d fix/work around dependency issues when !MBEDTLS_ECP_C 
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
 2023-12-20 13:09:27 +02:00
Tomi Fontanilles
bad170e159 pk: remove last references to MBEDTLS_PSA_CRYPTO_C 
They are replaced by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles
8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles
a70b3c24f6 rsa: minor comment/guard improvements 
This brings some improvements to comments/
function prototypes that relate to PKCS#1.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti
689c0f71cb tests: use new CCM/GCM capability macros in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:18 +01:00
Valerio Setti
bfa675fe48 adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:52:08 +01:00
Gilles Peskine
1a9e05bf08 Note that domain parameters are not supported with drivers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-19 12:23:22 +01:00
Gilles Peskine
5ad9539363 Remove DSA and DH domain parameters from the documentation 
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-19 12:22:46 +01:00
Gilles Peskine
9deb54900e Document the domain_parameters_size==SIZE_MAX hack 
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-18 21:01:18 +01:00
Bence Szépkúti
a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len 
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
 2023-12-18 02:03:17 +00:00
Valerio Setti
4ff405cf80 block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t 
This information was redundant with the already existing mbedtls_block_cipher_id_t.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-15 16:10:52 +01:00
Valerio Setti
bd7528a592 ccm/gcm: use BLOCK_CIPHER whenever possible 
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
4a5d57d225 adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available 
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
2684e3f2e3 config_adjust_legacy_crypto: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
291571b447 block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
849a1abfdd block_cipher: remove useless use of psa_cipher_operation_t 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
4bc7fac99a crypto_builtin_composites: add missing guards for includes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
c0f9bbca2c check_config: use new helpers for legacy GCM_C/CCM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
8bba087fe1 adjust_legacy_crypto: add helpers for block ciphers capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti
c1db99d3f5 block_cipher: add PSA dispatch if possible 
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Joakim Andersson
b349108b99 library: Move mbedtls_ecc helper functions to psa_util 
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
 2023-12-14 13:55:11 +01:00
Tom Cosgrove
656d4b3c74 Avoid use of ip_len as it clashes with a macro in AIX system headers 
Fixes #8624

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-12-08 21:51:15 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441 
[G4] Make CTR-DRBG fall back on PSA when AES not built in
 2023-12-06 18:25:44 +00:00
Waleed Elmelegy
9aec1c71f2 Add record size checking during handshake 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension 
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-12-06 15:18:08 +00:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data 
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
 2023-12-06 06:47:32 +00:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
7ab90723c4 mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc psa: free RNG implementation before checking for remaining open key slots 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00