mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-25 02:02:03 +03:00

Author	SHA1	Message	Date
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Manuel Pégourié-Gonnard	564bc1bb96	Fix limitation in checking supported alg in pk_sign The recent changes in pkparse made it so ECDSA (deterministic or not) is set as the secondary alg and ECDH the first one. This broke the wrapper in pk_wrap as it was only checking the first alg when deciding whether to use deterministic or not. The wrapper should not have unnecessary requirements on how algs are set up, so make the check more flexible. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Manuel Pégourié-Gonnard	116175c5d7	Use helper macro for (deterministic) ECDSA - centralizes decision making about which version to use when - avoids nested #ifs in pk_ecc_set_key() Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-10-16 10:27:22 +02:00
Dave Rodgman	2eab462a8c	Fix IAR warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 13:30:37 +01:00
Dave Rodgman	02a53d7bef	Fix IAR pointless integer comparison Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-28 17:19:50 +01:00
Gilles Peskine	a4c01dd6e9	Merge pull request #7991 from sarveshb14/fix/psa_rsa_signature_using_large_stack rsa_signature: Use heap memory to allocate DER encoded RSA private key	2023-08-16 09:23:29 +00:00
Dave Rodgman	1d4d944e19	Merge pull request #7933 from tom-cosgrove-arm/add-mbedtls_zeroize_and_free Provide and use internal function mbedtls_zeroize_and_free()	2023-08-03 12:56:21 +00:00
Sarvesh Bodakhe	430a4f3968	rsa_signature: Use heap memory to allocate DER encoded RSA private key 'mbedtls_pk_psa_rsa_sign_ext' function allocates a buffer of maximum size 5679 bytes (MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES) on the stack to store DER encoded private key. This increased stack usage significantly for RSA signature operations when MBEDTLS_PSA_CRYPTO_C is defined. This issue was discovered when adding support for EAP-TLS 1.3 (rfc9190). Signed-off-by: Sarvesh Bodakhe <sarvesh.bodakhe@espressif.com>	2023-07-27 14:51:25 +05:30
Tom Cosgrove	ca8c61b815	Provide and use internal function mbedtls_zeroize_and_free() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-07-17 15:17:40 +01:00
Valerio Setti	f6d4dfb745	library: replace PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_LEGACY symbols with proper ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-11 14:06:00 +02:00
Manuel Pégourié-Gonnard	2be8c63af7	Create psa_util_internal.h Most functions in psa_util.h are going to end up there (except those that can be static in one file), but I wanted to have separate commits for file creation and moving code around, so for now the new file's pretty empty but that will change in the next few commits. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-07-06 12:42:33 +02:00
Valerio Setti	35d1dacd82	pk_wrap: fix: always clear buffer holding private key in eckey_check_pair_psa Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-30 18:04:16 +02:00
Valerio Setti	38913c16b0	pk_wrap: do not support opaque EC keys when !PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-30 16:18:33 +02:00
Valerio Setti	88a3aeed9f	pk_wrap: use PK_HAVE_ECC_KEYS as guard for ecdsa_opaque_check_pair_wrap Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 15:01:10 +02:00
Valerio Setti	d9d74c285b	pk_wrap: guard all ECDSA function with MBEDTLS_PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 15:00:02 +02:00
Valerio Setti	4d1daf8f8d	pk_wrap: minor fixes for guards Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:27 +02:00
Valerio Setti	97976e3e4c	pk_wrap: always fill all the fields of the pk_info structures Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:27 +02:00
Valerio Setti	76d0f9637c	pk: uniform naming of functions and structures in pk/pk_wrap Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:27 +02:00
Valerio Setti	884c1ec1f5	pk_wrap: share code for selecting the psa_alg in ECDSA sign Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:27 +02:00
Valerio Setti	574a00b576	pk_wrap: minor reorganization for opaque keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	5c26b30d9e	pk_wrap: add missing labels to #else and #endif Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	bb7603a28f	pk_wrap: optimize eckey_check_pair() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	f69514a7d8	pk_wrap: name all the fields of the pk_info structs Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	e77307738d	pk_wrap: add support for ECDSA verify for opaque keys This commit also add tests to verify the functionality Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	ed7d6af670	pk_wrap: optimize code for ECDSA verify Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	4657f10bdb	pk_wrap: optimize code for ECDSA sign Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-29 14:33:26 +02:00
Valerio Setti	81d75127ba	library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-19 19:24:05 +02:00
Valerio Setti	8bb5763a85	library: replace deprecated symbols with temporary _LEGACY ones Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:23:55 +02:00
Manuel Pégourié-Gonnard	02b10d8266	Add missing include Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	6076f4124a	Remove hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	2d6d993662	Use MD<->PSA functions from MD light As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
valerio	eab9a85f4c	pk_wrap: add support for key pair check for EC opaque keys Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-06-05 11:05:40 +02:00
Valerio Setti	9efa8c4d14	pk: fix eckey_check_pair_psa The problem was that the private key ID was destroyed even when MBEDTLS_PK_USE_PSA_EC_DATA was enabled and of course this was not correct. At the same time the code has been slighlty reorganized to make it more readable. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-23 15:12:07 +02:00
Valerio Setti	ae8c628edb	pk: improve sign, check_pair and wrap_as_opaque functions with new format Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-23 15:12:07 +02:00
Valerio Setti	b536126183	pk: manage allocate and free space when working with PSA private key Allocation does not need to perform any action since the priv_id field is already present on the pk_context. Free should destroy the key. Of course this is true only if the key is not opaque (because in that case it's the user responsibility to do so). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-23 15:12:07 +02:00
Valerio Setti	8a6225062a	pk: move PSA error translation macros to internal header Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-23 15:12:07 +02:00
Valerio Setti	a7cb845705	pk: add checks for the returned ECC family Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-22 18:39:43 +02:00
Valerio Setti	f57007dd1e	pk: fixing and improving comments Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-19 13:54:39 +02:00
Valerio Setti	c1541cb3c7	pk: minor fixes (guards and a wrong assignment) Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-17 19:23:02 +02:00
Valerio Setti	a1b8af6869	pkwrap: update ECDSA verify and EC pair check to use the new public key Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-17 15:34:57 +02:00
Valerio Setti	4f387ef277	pk: use better naming for the new key ID field Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:59:32 +02:00
Valerio Setti	048cd44f77	pk: fix library code for using the new opaque key solution Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:59:32 +02:00
Valerio Setti	e00954d0ed	pk: store opaque key ID directly in the pk_context structure Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:57:26 +02:00
valerio	38992cb833	pk: pass pk_context pointer to wrappers intead of void one Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-04-20 12:02:34 +02:00
Valerio Setti	3f8d23eaef	pk_wrap: fix guards in eckey_check_pair to only include 1 option at build time Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	0d2980f117	pk: adapt to new ECP_LIGHT symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Valerio Setti	1df94f841b	pk: fix return codes' precedence and code style Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 11:04:32 +02:00
Valerio Setti	9d65f0ef12	pk_wrap: simplify prototype of eckey_check_pair_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:53:17 +02:00
Valerio Setti	f286664069	pk_wrap: minor code optimizations Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:37:46 +02:00
Valerio Setti	8eb552647f	pk_wrap: fix sizing for private key buffer Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-04 10:20:53 +02:00

1 2 3 4 5 ...

281 Commits