2be8c63af7
Create psa_util_internal.h
...
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-06 12:42:33 +02:00
3d0c8255aa
Merge pull request #7825 from daverodgman/cipher_wrap_size
...
Cipher wrap size improvement
2023-07-05 15:45:48 +01:00
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:26:26 +02:00
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:25:00 +02:00
e939464eb7
Merge pull request #7829 from mpg/deduplicate-tls-hashing
...
De-duplicate TLS hashing functions
2023-07-04 16:06:00 +01:00
aaad2b6bfc
Rename some local variables
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-04 11:35:16 +02:00
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
85a88133aa
Use fewer bits for block_size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-06-24 13:37:28 +01:00
bb521fdbc9
Don't directly access iv_size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-06-24 12:59:31 +01:00
de33278e43
Unify ssl_calc_finished_tls_sha{256,384}
...
Saves about 50-60 bytes on m0+ depending on whether USE_PSA is set.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-24 10:13:41 +02:00
74970664a9
Unify ssl_calc_verify_sha{256,384}
...
Saves about 40 bytes of code size on m0plus with baremetal_size.
Note: the debug messages are change to no longer include the hash name.
That's not a problem as we already know which alg is used from previous
output, and we can also know it form the size of the printed buffer.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-24 09:43:26 +02:00
8c0a95374f
Adapt remaining guards to FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-15 17:07:10 +02:00
15ddda9ff8
Remove PSA_TO_MD_ERR from ssl_tls.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-14 07:37:46 -04:00
1e4a030b00
Fix wrong array size calculation in error translation code
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:47 -04:00
b22b9778c7
Move the ARRAY_LENGTH definition to common.h
...
Reuse it in the library and tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:47 -04:00
0064484a70
Optimize error translation code size
...
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:46 -04:00
47bb380f6d
Fix missing call to mbedtls_ssl_md_alg_from_hash()
...
I looked around and think this one the only place where a conversion was
missing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-08 11:50:49 +02:00
da4fba64b8
Further code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:09 +02:00
316c19ef93
Adapt guards, dependencies + optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:09 +02:00
383f471bf4
Add the DHE groups to the default list of supported groups
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:07 +02:00
3761e9e8fd
Use function instead of macro for error conversion
...
tests/scripts/all.sh build_arm_none_eabi_gcc_m0plus | grep TOTALS
Before: 323003
After: 322883
Saved: 120 bytes
Not huge, but still nice to have.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
02b10d8266
Add missing include
...
Fix build failures with config full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
2d6d993662
Use MD<->PSA functions from MD light
...
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
...
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
835be986e0
Merge pull request #7631 from tom-daubney-arm/remove_surplus_loop_condition_issue_7529
...
Remove extraneous check in for loop condition
2023-05-24 20:24:28 +02:00
d0405093d9
tls: use pk_get_group_id() instead of directly accessing PK's structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-24 16:02:32 +02:00
f9f0ba8211
Use functions in alignment.h to get value
...
Refactor code using get functions from alignment.h to
read values.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-05-24 06:24:16 +01:00
972077820b
tls/x509: minor enhancement for using the new private key format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-23 15:12:07 +02:00
850a0797ca
Remove extraneous check in for loop condition
...
Issue 7529 uncovered an unrequired check in a for loop
condition in ssl_tls.c. This commit removes said check.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-05-22 12:05:03 +01:00
77a75685ed
pk: align library and tests code to the new internal functions
...
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
the legacy version of that function is available in that
case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-15 11:18:46 +02:00
501fb3abf3
Merge pull request #5894 from Xeenych/patch-1
...
Reduce RAM - move some variables to .rodata
2023-05-05 14:54:32 +01:00
6c496a1553
solve disparities for ECP_LIGHT between ref/accel
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
d4a5d461de
library: add remaining changes for the new ECP_LIGHT symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
097ba146e7
tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
...
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
3b35455a69
tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
6291b23080
tls: Add logic in handshake step to enable server version negotiation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
8a12aeec93
tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-04-06 10:26:18 +02:00
080a22ba75
ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
0c8ec3983e
ssl_tls: fix proper guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
7224086ebc
Remove legacy_or_psa.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:29:31 +01:00
bef824d394
SSL: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:29:31 +01:00
5d1f29e700
ssl_tls: fix guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-20 14:02:07 +01:00
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
...
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
18336dace2
Merge pull request #7196 from mprse/ecjpake-driver-dispatch-peer-user
...
EC J-PAKE: partial fix for role vs user+peer
2023-03-15 09:37:30 +01:00
4a1d3beaee
Merge pull request #7229 from tom-cosgrove-arm/static-assert
2023-03-14 16:57:38 +00:00
c0e6250ff9
Fix documentation and tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-14 11:49:36 +01:00
151f64283f
Add parsing for Record Size Limit extension in TLS 1.3
...
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-03-14 08:41:25 +01:00
fde112830f
Code optimizations and documentation fixes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-13 16:28:27 +01:00
18cd6c908c
Use local macros for j-pake slient/server strings
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-12 16:59:28 +01:00
4cd20313fe
Use user/peer instead role in jpake TLS code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-03-10 09:18:03 +01:00
