24e50d3dbd
Compile out length check to silent the compiler warning
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
c89f3ea9f2
Add support for FFDH in TLS 1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
cceb933e30
Add FFDH definitions and translation functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:07 +02:00
060012c5fd
ssl_write_supported_groups_ext(): add support for ffdh keys
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:07 +02:00
383f471bf4
Add the DHE groups to the default list of supported groups
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:07 +02:00
4d3fc216fc
Use safe snprintf
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 11:44:25 +02:00
01cb6eb251
Fix parsing of SAN IP (use mbedtls_snprintf, validate buffer length)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 11:44:25 +02:00
093c97d492
Add separate case for ip address
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 11:44:25 +02:00
0ab5b93922
Add support for parsing SAN IP address
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 11:44:25 +02:00
f6a0d57e4d
Add pbkdf2 function to key_derivation_output_bytes
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-06-06 15:05:41 +05:30
a4346cdc50
Add pbkdf2_generate_block function
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-06-06 15:05:39 +05:30
cf61a74209
Add static check for macros that should be in sync
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
28f504e892
Use PSA-neutral function for availability check
...
We just want to check if this hash is available, and the check is
present in builds both with PSA and without it. The function we were
using is only present in builds with PSA, so it wasn't appropriate.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
725d2e24aa
Fix guard for PSA->MD error conversion
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
b3b54abf8a
Fix duplicated definition of a function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
3761e9e8fd
Use function instead of macro for error conversion
...
tests/scripts/all.sh build_arm_none_eabi_gcc_m0plus | grep TOTALS
Before: 323003
After: 322883
Saved: 120 bytes
Not huge, but still nice to have.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
02b10d8266
Add missing include
...
Fix build failures with config full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
ddbf61a938
Use general framework for PSA status conversion
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
1f2a587cdf
Use actual function instead of static inline
...
Large static inline functions used from several translation units in the
library are bad for code size as we end up with multiple copies. Use the
actual function instead. There's already a comment that says so.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
6076f4124a
Remove hash_info.[ch]
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
2d6d993662
Use MD<->PSA functions from MD light
...
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
36fb12e7dd
Add MD <-> PSA translation functions to MD light
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
1b180bec40
Remove unused function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
8857984b2f
Replace hash_info macro with MD macro
...
Now the MD macro also accounts for PSA-only hashes.
Just a search-and-replace, plus manually removing the definition in
hash_info.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
9b41eb8533
Replace hash_info_get_type with MD function
...
Mostly a search and replace with just two manual changes:
1. Now PK and TLS need MD light, so auto-enable it.
2. Remove the old function in hash_info.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification
...
Add partial support for URI SubjectAltNames verification
2023-06-05 16:46:47 +02:00
b21f32eba6
Merge pull request #6257 from Laserdance100/development
...
Change macros in mps_common.h
2023-06-05 15:51:59 +02:00
b47fb4cdd8
Merge pull request #7676 from valeriosetti/issue7485
...
PK: add support for check_pair() with "opaque" EC keys
2023-06-05 15:51:03 +02:00
763c19afcb
Merge pull request #7639 from Taowyoo/yx/fix-time-tls13-client-server
...
Fix: correct calling to time function in tls13 client&server
2023-06-05 15:50:32 +02:00
975d9c0faf
Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes
...
Miscellaneous fixes for SubjectAltName code / docs
2023-06-05 15:38:53 +02:00
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans
...
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00
ede0c4676e
pk_internal: minor rearrangement in mbedtls_pk_get_group_id()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-06-05 11:08:28 +02:00
8cbef4d55e
pk: allow key pair checking for opaque keys
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no >
2023-06-05 11:05:40 +02:00
eab9a85f4c
pk_wrap: add support for key pair check for EC opaque keys
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no >
2023-06-05 11:05:40 +02:00
f37b94b5bf
Merge pull request #7533 from valeriosetti/issue7484
...
PK: add support for private key writing with "opaque" EC keys
2023-06-05 10:53:53 +02:00
9a676a7f98
Comment tidy-up
...
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com >
2023-06-04 20:43:05 -04:00
b6e06549f5
Rename MULADDC_PRESERVE_R1 etc to MULADDC_PRESERVE_SCRATCH etc
...
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com >
2023-06-04 20:42:17 -04:00
f89e3c5fbd
Improve docs & check for non-gcc compilers
...
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com >
2023-06-04 20:41:52 -04:00
e0bd2c2375
Merge branch 'development' into development
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-06-04 14:57:19 -04:00
6df1e54c1d
Do not use assembly on Thumb 1 / clang
...
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com >
2023-06-02 13:51:31 -04:00
62e7fae109
Fix bug in calculation of maximum possible bytes
...
Each DER-encoded OID byte can only store 7 bits of actual data, so take
account of that.
Calculate the number of bytes required as:
number_of_bytes = ceil(subidentifier_size * 8 / 7)
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-06-02 15:51:28 +01:00
02127ab022
Allow subidentifiers of size UINT_MAX
...
Make overflow check more accurate and add testcases
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-06-02 15:51:17 +01:00
e773978e68
Remove unnecessary addition to buffer size estimation
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-02 09:42:44 -04:00
9dc219ff9b
Merge pull request #7668 from tom-daubney-arm/code_size_md_light
...
Remove certain null pointer checks when only MD_LIGHT enabled
2023-06-02 13:09:00 +01:00
7c86974d6d
Fix overflow checks in x509write_crt
...
Previous ones could still overflow.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-02 05:02:41 -04:00
154a605ae8
Change the name of the temporary san variable
...
Explain why it is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-01 18:20:26 +01:00
805a0a2d06
Merge pull request #7591 from minosgalanakis/ecp/6028_xtract_fast_reduction_curve25519
...
[Bignum] Implement fast reduction curve25519
2023-06-01 17:43:35 +01:00
45d5e2dc1a
Rename minimum_mem to resized_mem
...
This new name is clearer about its purpose.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-06-01 15:10:33 +01:00
5d074168f3
Rearrange declarations for readability
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-06-01 15:09:27 +01:00
017139751a
Change behaviour away from NUL-terminated strings
...
Instead, require the length of the string to be passed. This is more
useful for our use-case, as it is likely we will parse OIDs from the
middle of strings.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-06-01 15:04:20 +01:00
