d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
...
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
f586aa2af2
Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-03-20 14:45:27 +00:00
5d1f29e700
ssl_tls: fix guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-20 14:02:07 +01:00
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
...
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
14c194aae9
Merge pull request #7271 from mpg/use-md-light
...
Use md light
2023-03-20 09:01:16 +01:00
f918d42332
Tidy up ARMCE terminology
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-17 17:52:23 +00:00
d41684e8bc
rsa.c: rename getter function of hash_id
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-03-17 18:57:42 +08:00
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
...
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
...
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
b33ef74d44
Use MD_LIGHT, not sha1.h, in RSA selftest
...
Same note as previous commit regarding guards.
Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-17 09:43:28 +01:00
8316209c02
Use MD_LIGHT rather than md5.h in pem.c
...
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-17 09:43:27 +01:00
d855b4680d
Add space to appease doxygen bug
...
See doxygen/doxygen#8706
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-03-16 18:00:36 +00:00
0bfccfa537
Document the new state of AESNI support
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-03-16 17:49:44 +01:00
dd6021caf1
Remove the dependency of MBEDTLS_AESNI_C on MBEDTLS_HAVE_ASM
...
AESNI can now be implemented with intrinsics.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-03-16 16:51:40 +01:00
9d698df4f4
Further clarify a comment
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:48:20 +01:00
a9ab4a2d60
Clarify a comment
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:48:20 +01:00
39a376a417
Finish removing HMAC from MD-light
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:46:51 +01:00
9b14639342
Dispatch according to init status.
...
We shouldn't dispatch to PSA when drivers have not been initialized yet.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:46:51 +01:00
d8ea37f1a3
Add engine field to context structure
...
For multi-part operations, we want to make the decision to use PSA or
not only once, during setup(), and remember it afterwards. This supports
the introduction, in the next few commits, of a dynamic component to
that decision: has the PSA driver sub-system been initialized yet?
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:46:50 +01:00
83d9e09b15
Switch metadata functions to the PSA-aware availability symbols
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:46:50 +01:00
416d0e2b01
Introduce preprocessor symbols for MD algorithm support via PSA
...
These new symbols will allow code to call the md module and benefit from PSA
accelerator drivers. Code must use MBEDTLS_MD_CAN_xxx instead of
MBEDTLS_xxx_C to check for support for a particular algorithm.
This commit only defines the symbols. Subsequent commits will implement
those symbols in the md module, and in users of the md module.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-16 09:46:50 +01:00
82b484ecbc
ecjpake: fix guards for driver only builds
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-16 08:21:44 +01:00
b1895899f1
ssl_cache: Improve some comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-16 14:33:28 +08:00
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
a0589e75a0
Changes from review
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-03-15 11:04:45 +01:00
b599562033
Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234
...
Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems
2023-03-15 09:04:44 +00:00
83548b5c10
fix inappropriate description for function in RSA
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-03-15 16:49:52 +08:00
12cb39661c
rsa.c: provide interface to get hash_id of RSA context
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-03-15 16:42:48 +08:00
a730df6f86
rsa.c: provide interface to get padding mode of RSA context
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-03-15 16:42:26 +08:00
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
...
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
0b9c012f21
ssl_cache: return the error code for mutex failure
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-15 14:37:32 +08:00
023c8853ac
Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce
...
Add CPU modifier for AESCE
2023-03-14 15:58:57 +00:00
c0e6250ff9
Fix documentation and tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-14 11:49:36 +01:00
151f64283f
Add parsing for Record Size Limit extension in TLS 1.3
...
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-03-14 08:41:25 +01:00
cdaaef52f4
Update include/mbedtls/pkcs7.h
...
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-14 07:13:50 +00:00
bcc92d4f03
Update include/mbedtls/pkcs7.h
...
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-14 07:13:44 +00:00
fbf9523449
Revert "Add experimental warning"
...
This reverts commit be510fe470jerry.h.yu@arm.com >
2023-03-14 10:33:32 +08:00
e4622a3436
Merge remote-tracking branch 'development/development' into development-restricted
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-13 17:49:32 +00:00
fde112830f
Code optimizations and documentation fixes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-13 16:28:27 +01:00
efbc5f7322
Update wording in comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-13 12:15:49 +00:00
be510fe470
Add experimental warning
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-03-13 11:26:35 +08:00
be78386681
Remove documents about command line options.
...
After this PR, the issue has been fixed.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-03-13 10:58:41 +08:00
18cd6c908c
Use local macros for j-pake slient/server strings
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-12 16:59:28 +01:00
d7f6ad7bc8
Minor fixes (comments, cleanup)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-12 16:59:28 +01:00
25b2dfa6da
Fix comment typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-12 08:50:58 +00:00
957cc36be9
Improve wording; use PKCS #7 not PKCS7
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-12 08:50:58 +00:00
3fe2abf306
Apply suggestions from code review
...
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-12 08:50:58 +00:00
7c33b0cac6
Remove pre-production warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-03-12 08:50:58 +00:00
439dbc5c60
Fix dependency for TLS 1.3 as well
...
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.
Also update docs/use-psa-crypto.md accordingly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-10 12:37:15 +01:00
45bcb6aac8
Fix dependencies of 1.2 ECDSA key exchanges
...
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...
Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-10 12:37:15 +01:00
