mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 03:40:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,239 Commits 170 Branches 263 Tags
Commit Graph

30239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Valerio Setti
f9f63edbe4 pk: fix typos in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-25 09:38:05 +01:00
Valerio Setti
ac81e23c33 pk: add check_pair info to mbedtls_pk_setup_opaque() documentation 
This also updates use-psa-crypto.md accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:41 +01:00
Valerio Setti
f0d4c9a7e2 test_suite_pk: add failing check for sign_ext() in pk_psa_wrap_sign_ext() 
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:41 +01:00
Valerio Setti
afa6d51442 pk: simplify mbedtls_pk_sign_ext() 
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-22 14:36:38 +01:00
Valerio Setti
42a3954cd3 pk: fix description of mbedtls_pk_setup_opaque for sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
fc6b22c95c pk: fix indentation in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
80cd479fe0 pk: fix description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
18702d980f pk: update documentation of mbedtls_pk_setup_opaque() based on #8951 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
55ed91e0aa pk: fix documentation for mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
622f90597e pk: improve documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
Valerio Setti
f5a6e22032 pk: fix documentation for mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 16:55:24 +01:00
minosgalanakis
5a9020f5d4
Merge pull request #8941 from daverodgman/branches-3.6lts 
Update BRANCHES for 3.6
 2024-03-21 13:56:34 +00:00
Manuel Pégourié-Gonnard
32a96d656b
Merge pull request #8951 from valeriosetti/issue8938 
mbedtls_pk_setup_opaque always uses PKCS#1v1.5 for RSA keys
 2024-03-21 09:08:34 +00:00
Valerio Setti
2833050bb6 test_suite_pk: fix guards in pk_psa_sign() 
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 05:24:12 +01:00
Valerio Setti
ea01efa589 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:19:08 +01:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
027796c0cc test_suite_pk: uniformly generate RSA and EC keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:35 +01:00
Valerio Setti
6fb2586dfd test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:14 +01:00
Valerio Setti
1b533ab205 test_suite_pk: test also RSA OAEP in pk_wrap_rsa_decrypt_test_vec() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:43:33 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Valerio Setti
480dfc7ad7 test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:24:29 +01:00
Valerio Setti
f71c060cb2 test_suite_pk: properly size buffers for public keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:35:37 +01:00
Valerio Setti
aa9cc49879 test_suite_pk: test also RSA keys with PKCS1 v2.1 padding mode in pk_psa_sign() 
Previously only only PKCS1 v1.5 was tested.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:03:55 +01:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
d971b7834b test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are defined 
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
  so it was not executed in that component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
c262561424 test_suite_pk: rename some variables in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
d38480b0e0 test_suite_pk: reshape pk_psa_sign() 
The behavior of the functions is kept intact. Changes concern:
- generate the initial PK context using PSA parameters only; this
  allows to remove 1 input parameter for the test function.
- add/fix comments.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Gilles Peskine
b2b9068264
Merge pull request #8942 from valeriosetti/fix-null-dereference 
[Bugfix] Fix null dereference in `mbedtls_pk_verify_ext()`
 2024-03-19 10:47:29 +00:00
Manuel Pégourié-Gonnard
af14b89824
Merge pull request #8932 from ronald-cron-arm/enable-tls13-by-default 
Enable TLS 1.3 by default
 2024-03-19 09:51:49 +00:00
Valerio Setti
da47518554 test_suite_pk: always test verify_ext with opaque keys in pk_psa_wrap_sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 09:54:46 +01:00
Valerio Setti
8ad5be0e5d add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 17:22:52 +01:00
Paul Elliott
92152dc746
Merge pull request #8940 from paul-elliott-arm/add_fixes_to_threading_changelog 
Add issues fixed to threading MVP changelog entry
 2024-03-18 15:30:11 +00:00
Dave Rodgman
0da8c514c3 Replace reference to master 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 15:25:53 +00:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00
Valerio Setti
d59caf4e51 test_suite_pk: extend pk_psa_wrap_sign_ext() 
Try to perform verify_ext() using the opaque context when the
key type is MBEDTLS_PK_RSASSA_PSS. This currently leads to a
crash while running the test suite and this will be fixed by
the next commit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:20:14 +01:00
Dave Rodgman
1fdf9d0a21 Update BRANCHES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 14:37:24 +00:00
Dave Rodgman
374704255d
Merge pull request #8939 from daverodgman/codestyle-autogen 
Codestyle autogen fix
 2024-03-18 14:26:59 +00:00
Paul Elliott
f5f48549e2 Add issues fixed to changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-18 13:52:25 +00:00
Dave Rodgman
1bd787a3e0 Minor relaxation to auto-gen regex 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 12:32:49 +00:00
Ronald Cron
d2cb7f4268 all.sh: Add TLS 1.2 only component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:07:00 +01:00
Ronald Cron
46ac0658cf all.sh: Adapt/Fix some components 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Ronald Cron
a3f385d1a8 all.sh: Disable TLS 1.3 when pre-requisites are not meet 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Ronald Cron
27eb68d295 Enable TLS 1.3 by default 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Dave Rodgman
5ce1577629
Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs 
Update psa-thread-safety.md to reflect version 3.6 changes
 2024-03-18 12:06:39 +00:00
Dave Rodgman
4e4540d8e0 line length fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 11:55:39 +00:00
Dave Rodgman
2a9eb22107 Check file content to see if it looks auto-generated 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 11:16:05 +00:00
Manuel Pégourié-Gonnard
47f8d0e840
Merge pull request #8934 from paul-elliott-arm/add_threading_changelog 
Add changelog entry for threading MVP
 2024-03-18 10:25:14 +00:00
Ryan Everett
765b75f2f8
Update docs/architecture/psa-thread-safety/psa-thread-safety.md 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-18 10:20:43 +00:00
Manuel Pégourié-Gonnard
1053da8bf0
Merge pull request #8921 from gilles-peskine-arm/pk_import_into_psa-test-lifetime 
pk_import_into_psa: test persistent keys
 2024-03-18 10:00:00 +00:00
Paul Elliott
7d8fd3fafe Add changelog entry for threading MVP 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-17 16:18:23 +00:00