Modeled after the include chain of the primitive operation contexts.
Also moved the HMAC context structure to the builtin composites file,
since that is where it conceptually belongs. This is a preparatory
step for implementing driver dispatch of MAC multipart operations.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This was probably included by mistake, because the file itself is part
of the inclusion chain starting with crypto.h.
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This is a preparatory step in order to be able to organize the include
chain from crypto_struct in such a way that the MAC operation structure
for the PSA 'software' driver can make use of the hash operation structure.
Conceptually:
* Primitives:
* Hash
* Cipher
* Composites:
* AEAD (can use cipher)
* MAC (can use cipher and/or hash)
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
This algorithm is used for example by the Thread 1.1.1 specification,
which is not public but can be obtained free of charge at
https://www.threadgroup.org/ThreadSpec
Here it doesn't really make sense to define a parametrised family, as
this really seems to be the only use of PBKDF2 with a CMAC-based PRF (or
with any PRF other than HMAC with SHA1 or SHA2, for that matter).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Might make the implementer's life a bit simpler, and is not a big
constraint on applications.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
No change of behaviour, encoding or naming intended in this commit: just
describe the same behaviour, but in a way that's hopefully clearer and
more complete.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit removes the unused error code
```
MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH
```
from the public API for Mbed TLS 3.0.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
This error is used when the output buffer isn't large enough
to hold our own certificate.
In the interest of cleaning up the error space for 3.0, this commit
removes MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE and replaces its single
use by MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The SSL error code MBEDTLS_ERR_SSL_PEER_VERIFY_FAILED is unused.
Remove it for Mbed TLS 3.0.
The code being unused comes as a surprise, at is seems to be
reasonable to report it to the user upon peer CRT verification
failure. However, this study (can potentially re-introduction
of the code) can be left for 3.x, while the error code removal
can only happen in 3.0.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
The SSL error code MBEDTLS_ERR_SSL_UNKNOWN_CIPHER is unused.
Remove it for Mbed TLS 3.0 and leave a comment indicating the
gap in the error code space it creates.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Although SHA512 is currently required to enable SHA384, this
is expected to change in the future. This commit is an
intermediate step towards fully separating SHA384 and SHA512.
check_config is the only module which enforces that SHA512 is
enabled together with SHA384.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
