5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies
...
MD: HMAC in DTLS cookies
2022-03-23 13:05:24 +01:00
93ba3e3918
Add mbedtls_ssl_is_handshake_over() function
...
Add function to query if SSL handshake is over or not, in order to
determine when to stop calling mbedtls_ssl_handshake_step among other
things. Document function, and add warnings that the previous method of
ascertaining if handshake was over is now deprecated, and may break in
future releases.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-03-22 22:47:49 +00:00
488a40eecb
Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-22 10:41:38 +01:00
c0db7623ec
Also guard include of mbedtls/threading.h in ssl_cookie.h when USE_PSA_CRYPTO is set
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-22 10:38:58 +01:00
406cf27cb5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:14:53 +08:00
b02ee18e64
replace use_psa_crypto with psa_crypto_c
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:35 +08:00
704cfd2a86
fix comments and style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:35 +08:00
718a9b4a3f
fix doxgen fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:34 +08:00
bc18c23531
Guard pk_sign_ext with PSA_CRYPTO_C
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:34 +08:00
79c004148d
Add PSA && TLS1_3 check_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:34 +08:00
8beb9e173d
Change prototype of pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:34 +08:00
d69439aa61
add mbedtls_pk_sign_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-03-22 15:13:34 +08:00
b9af2db4cf
Add accessor for timing final delay
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-03-21 15:26:19 +00:00
a677b5f6c7
Fix minor issues
...
- parameter name in function description
- test_suite_ecp.data: add new line at the end of file
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-21 09:49:40 +01:00
711d0f5e29
Add implemetation of ECP keypair export function
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-18 13:52:26 +01:00
750596e6d6
Improve documentation of MBEDTLS_PSA_CRYPTO_CONFIG
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-17 12:26:28 +01:00
a02c124006
Document MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-17 12:26:28 +01:00
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection
...
TLS Cipher 2a: tickets: use PSA for protection
2022-03-17 09:50:09 +01:00
08622b6dc7
Declare PSA_WANT_ALG_CCM_STAR_NO_TAG and use it in tests
...
CCM*-no-tag is currently available whenever CCM is, so declare
PSA_WANT_ALG_CCM_STAR_NO_TAG whenever PSA_WANT_ALG_CCM is declared and vice
versa.
Fix dependencies of test cases that use PSA_ALG_CCM_STAR_NO_TAG: some were
using PSA_WANT_ALG_CCM and some had altogether wrong dependencies.
This commit does not touch library code. There is still no provision for
providing CCM support without CCM*-no-tag or vice versa.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-16 13:54:25 +01:00
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
...
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
c50dec07b2
ChaCha20 (classic): Document that we only support 12-byte nonces
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-10 18:57:09 +01:00
14d3554ff5
ChaCha20 (PSA): Document that we only support 12-byte nonces
...
Support for 8-byte nonces may be added in the future:
https://github.com/ARMmbed/mbedtls/issues/5615
Support for a 16-byte IV for ChaCha20 consisting of a 12-byte nonce and a
4-byte initial counter value may be added in the future:
https://github.com/ARMmbed/mbedtls/issues/5616
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-10 18:56:57 +01:00
2a02051286
Use PSA in TLS ticket handling
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-03-10 17:09:59 +01:00
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
9bff95f051
Adjust comment describing mbedtls_ssl_set_hs_own_cert()
...
mbedtls_ssl_set_hs_own_cert() is callable from the certificate selection
callback.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-03-10 04:45:27 -05:00
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
7cd0270d6c
Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-07 14:33:21 +01:00
77b69ab971
Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-04 14:45:45 +01:00
f071024bf8
Do not include time.h without MBEDTLS_HAVE_TIME
...
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
bca99ee0ac
Add PSA key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-04 10:20:20 +01:00
3f076dfb6d
Fix comments for conditional compilation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-04 09:36:46 +01:00
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls
...
Rename, move and refine PSA to mbedtls PK errors mappings
2022-03-03 13:30:29 +01:00
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters
...
Add function to get message digest info from context
2022-03-02 16:44:26 +01:00
19915c2c00
Rename error translation functions and move them to library/pk_wrap.*
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-01 15:21:02 +01:00
f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs
...
doxygen: merge multiple descriptions of the same return codes
2022-02-28 17:09:45 +01:00
0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development
...
Add check_config checks for AEAD
2022-02-28 17:07:48 +01:00
0ebf24a668
Adjust comment describing mbedtls_ssl_conf_sni()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:53 -05:00
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:53 -05:00
36872dbd0b
Provide means to reset handshake cert list
...
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:48 -05:00
2ed95279c0
Add server certificate selection callback
...
https://github.com/ARMmbed/mbedtls/issues/5430
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 17:31:49 -05:00
3f9cef4547
Remove actual and use new PSA to mbedtls PK errors mapping functions
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-22 15:44:39 +01:00
ea761963c5
Add specialized PSA to mbedtls PK/RSA error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-22 14:37:00 +01:00
cd501f406e
Add specialized PSA to mbedtls PK/ECDSA error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-22 14:37:00 +01:00
a3fdfb4925
Introduce new PSA to mbedtls PK error mapping function
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-02-22 14:37:00 +01:00
6d3d18b2dc
psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code
...
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-22 13:35:27 +01:00
57bf02bd58
ssl_conf_{min,max}_version documentation: update for 1.3 and improve
...
Mention that TLS 1.3 is supported, in addition to (D)TLS 1.2.
Improve and clarify the documentation. In particular, emphasise that the
minor version numbers are the internal numbers which are off by one from the
human numbers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
ce4f00de69
Reference get_version_number from the conf_xxx_version documentation
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
d44e050339
get_version_number documentation: explicitly mention VERSION_UNKNOWN
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-02-21 15:14:02 +01:00
