bd7528a592
ccm/gcm: use BLOCK_CIPHER whenever possible
...
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
4a5d57d225
adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available
...
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
2684e3f2e3
config_adjust_legacy_crypto: fix typo
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
291571b447
block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
849a1abfdd
block_cipher: remove useless use of psa_cipher_operation_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
4bc7fac99a
crypto_builtin_composites: add missing guards for includes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
c0f9bbca2c
check_config: use new helpers for legacy GCM_C/CCM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
8bba087fe1
adjust_legacy_crypto: add helpers for block ciphers capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
c1db99d3f5
block_cipher: add PSA dispatch if possible
...
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
0d405d8bb9
Add note about support for buffer overlap
...
Note that enabling MBEDTLS_PSA_COPY_CALLER_BUFFERS allows full buffer
overlap support, whereas without it, overlap support is reduced to that
documented in the function descriptions.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-12-14 16:20:18 +00:00
b349108b99
library: Move mbedtls_ecc helper functions to psa_util
...
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no >
2023-12-14 13:55:11 +01:00
513101b00f
Add MBEDTLS_PSA_COPY_CALLER_BUFFERS config option
...
This allows us to entirely remove copying code, where the convenience
macros are used for copying.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-12-11 17:58:56 +00:00
656d4b3c74
Avoid use of ip_len as it clashes with a macro in AIX system headers
...
Fixes #8624
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-12-08 21:51:15 +00:00
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
...
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-06 15:18:15 +00:00
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-12-06 15:18:08 +00:00
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
...
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:42 +01:00
7ab90723c4
mbedtls_config: update descriptions of MBEDTLS_CTR_DRBG_C and MBEDTLS_PSA_CRYPTO_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:42 +01:00
402cfba4dc
psa: free RNG implementation before checking for remaining open key slots
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:41 +01:00
5f4b28defc
ctr_drbg: add alternative PSA implementation when AES_C is not defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:41 +01:00
fbefe04bf3
check_config: fix requirements for CTR_DRBG
...
The module now depends on either:
- AES_C, which is the default and the preferred solution for
backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
new solution when AES_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:41 +01:00
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12
...
pkcs[5/12]: use cipher enums for encrypt and decrypt
2023-12-04 10:03:02 +00:00
4577bda6d5
pkcs[5|12]: use cipher enums for encrypt and decrypt
...
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-01 16:51:24 +01:00
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:25:16 +08:00
59059ec503
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-30 09:34:41 +00:00
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
...
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
6b5cedf51f
Merge pull request #8547 from valeriosetti/issue8483
...
[G2] Make PSA-AEAD work with cipher-light
2023-11-29 08:53:42 +00:00
919e3fa729
check_config: fix guards for PSA builtin implementation of cipher/AEAD
...
While the PSA builtin implementation of cipher still depends on
CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not
defined, BLOCK_CIPHER_C is used instead, thus making it possible
to support AEADs without CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-11-28 11:45:38 +01:00
b1cf8aeda4
adjust_psa_from_legacy: add required CIPHER_C dependencies
...
Some PSA_WANT symbols do not have a 1:1 matching with legacy ones.
For example, previous to this commit:
- CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG
even thought the two are not equivalent (authenticated VS
non-authenticated).
- there was no legacy equivalent for ECB_NO_PADDING
What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and
PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation
depends on CIPHER_C. Therefore this commits adds this guards to
select whether or not to enable the above mentioned PSA_WANT symbols.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-11-28 11:45:38 +01:00
11c3fd1f73
Merge pull request #8568 from yanrayw/issue/8356/block_cipher_no_decrypt_cleanup
...
Driver-only: G1: clean up for BLOCK_CIPHER_NO_DECRYPT
2023-11-28 08:49:48 +00:00
294f5d7ea9
Merge pull request #8540 from valeriosetti/issue8060
...
[G2] Make CCM and GCM work with the new block_cipher module
2023-11-28 08:18:45 +00:00
9fbac381e6
Merge pull request #8326 from daverodgman/aesce-thumb2
...
Support hw-accelerated AES on Thumb and Arm
2023-11-27 09:58:58 +00:00
16b00f9522
mbedtls_config: improve documentation for BLOCK_CIPHER_NO_DECRYPT
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-27 15:52:28 +08:00
690ee81533
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
2e342f6938
Merge pull request #8546 from BrianX7c/development
...
[cipher.h] Arithmetic overflow in binary left shift operation
2023-11-22 19:36:25 +00:00
7d8c3fe12c
Add wait flight2 state.
...
The state is come from RFC8446 section A.2
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-22 16:48:39 +08:00
55933a3e9c
tls13: fix a wrong RFC reference section
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-22 16:34:16 +08:00
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard
...
ssl_tls: add missing macro guard
2023-11-21 14:57:47 +00:00
04fceb782b
Add freshness check information into document
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
25ba4d40ef
rename ticket_creation to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
034a8b77d1
Update document of ticket age tolerance
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
8cf44953b2
guards ticket creation field
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
702fc590ed
Add ticket_creation field
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
03511b00aa
Replace c99 fmt macro
...
For c99 compatible compilers, we use PRI64d
and others use official fix.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:18 +08:00
473ff34d59
Merge pull request #8489 from valeriosetti/issue8482
...
Make CCM* and CCM independent
2023-11-20 14:07:14 +00:00
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
