5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification
...
Add partial support for URI SubjectAltNames verification
2023-06-05 16:46:47 +02:00
975d9c0faf
Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes
...
Miscellaneous fixes for SubjectAltName code / docs
2023-06-05 15:38:53 +02:00
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans
...
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00
f37b94b5bf
Merge pull request #7533 from valeriosetti/issue7484
...
PK: add support for private key writing with "opaque" EC keys
2023-06-05 10:53:53 +02:00
32b06f50df
Merge pull request #7650 from yanrayw/7360-code-size-tfm-medium
...
code size measurement support for tfm-medium
2023-06-02 13:25:26 +01:00
1747304a7a
Update the descriptions of SANs
...
All of them are listed, so the previous description was wrong.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-01 18:20:24 +01:00
64e0184a39
psa_util: add support for rfc8410's OIDs
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no >
2023-06-01 11:06:40 +02:00
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
...
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
a1b416670e
Merge pull request #7547 from silabs-Kusumit/PBKDF2_input_validation
...
PBKDF2: Input Validation
2023-06-01 10:05:34 +02:00
b20f13a41b
Change input cost type to uint64_t and fix max iteration test case
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-05-31 12:51:02 +05:30
10cc6bda1c
Add PSA_ALG_PBKDF2_HMAC_GET_HASH macro
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-05-24 12:35:14 +05:30
e66a8ad8d6
Define PSA_VENDOR_PBKDF2_MAX_ITERATIONS
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-05-24 12:30:43 +05:30
52fe517a77
Change pbkdf2 password to array
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-05-24 12:28:46 +05:30
b2e551d347
Merge pull request #6943 from ucko/2023b-platform
2023-05-23 18:37:54 +01:00
7ef8a8d0da
pk: improve description for the new priv_id field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-23 18:39:54 +02:00
9dc9204b77
Merge pull request #7554 from valeriosetti/issue7073-reshape
...
Avoid parse/unparse public ECC keys in PK with USE_PSA when !ECP_C
2023-05-23 15:08:45 +02:00
2f1ae5a86e
Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style.
...
Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com >
2023-05-23 15:40:11 +08:00
016264b6cb
pk: fix a return value and a typo in comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-22 18:40:35 +02:00
50729eac74
Merge pull request #7611 from yanrayw/7609_tweak_build_info_include_order
...
build_info.h: fix mutual implications with config_psa.h temporarily
2023-05-22 17:49:55 +02:00
37db332658
build_info.h: rewrite comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-05-22 16:50:39 +08:00
5e4a01bff5
mbedtls/platform.h: Avoid potential macro redefinition warnings.
...
Some identifiers (e.g. mbedtls_free) can name either functions or
macros depending on configuration settings. For those that turn out
to name macros, first clear out any existing macro definitions to
accommodate possible unconditional bulk symbol renaming. (There
remains no standard provision for such renaming, but it's nevertheless
straightforward enough to do as desired, particularly with this change
in place.)
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov >
2023-05-19 10:50:06 -04:00
f57007dd1e
pk: fixing and improving comments
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-19 13:54:39 +02:00
9a11f8a122
Merge pull request #7573 from tom-cosgrove-arm/add-psa_want_alg_some_pake
...
Only include psa_pake_setup() and friends if some PAKE algorithms are required
2023-05-18 09:59:52 +01:00
1bc7df2540
Add documentation and a changelog entry
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-05-17 15:23:56 -04:00
8203f2d89f
Merge pull request #7535 from minosgalanakis/ecp/7264_enable_core_shift_l
...
[Bignum] Adjust mbedtls_mpi_core_shift_l to use the core function
2023-05-17 18:45:44 +01:00
c1541cb3c7
pk: minor fixes (guards and a wrong assignment)
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-17 19:23:02 +02:00
67fdb3307d
Add a possibility to write subject alt names in a certificate
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-05-17 11:45:36 -04:00
1a75269589
Move mbedtls_x509_san_list to x509.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-05-17 11:45:36 -04:00
92c3f36866
test_suite_debug: fix USE_PSA_INIT/DONE guards in a test
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-17 15:38:34 +02:00
722f8f7472
pk: adding a new field to store the public key in raw format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-17 15:31:21 +02:00
b1c0afe484
Merge pull request #7595 from valeriosetti/deprecate_pk_ec
...
Set mbedtls_pk_ec() as internal function when ECP_C is not defined
2023-05-17 12:27:03 +02:00
419a55e929
build_info.h: rewrite comment for inclusion of config_psa.h
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-05-17 18:22:34 +08:00
6397673cb8
build_info.h: change location of including config_psa.h
...
In build_info.h, some macros are defined based on PSA_WANT_XXX symbol.
This commit tweaks the location of including config_psa.h
so that macros in build_info.h could imply config options correctly.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-05-17 13:57:22 +08:00
2056d09893
bignum: Updated documentation for mbedtls_mpi_shift_l()
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-05-16 17:16:26 +01:00
3f00b84dd1
pk: fix build issues
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-15 12:57:06 +02:00
77a75685ed
pk: align library and tests code to the new internal functions
...
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
the legacy version of that function is available in that
case
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-15 11:18:46 +02:00
229bf1031f
pk: make mbedtls_pk_ec internal when !ECP_C
...
mbedtls_pk_ec() is not an ideal function because:
- it provides direct access to the ecp_keypair structure wrapped
by the pk_context and
- this bypasses the PK module's control
However, since for backward compatibility, it cannot be deprecated
immediately, 2 alternative internal functions are proposed.
As a consequence:
- when ECP_C is defined, then the legacy mbedtls_pk_ec is available
- when only ECP_LIGHT is defined, but ECP_C is not, then only the
new internal functions will be available
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-15 11:13:55 +02:00
cc207bc379
Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
...
Signed-off-by: Fredrik Hesse <fredrik@hesse.se >
2023-05-12 14:59:01 +01:00
6d62faca8e
Only include psa_pake_setup() and friends if some PAKE algorithms are required
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-05-12 12:36:24 +01:00
199eab97e7
Add partial support for URI SubjectAltNames
...
Only exact matching without normalization is supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-05-10 09:57:19 -04:00
1d046fa0dd
Merge pull request #6010 from mprse/ffdh_import_export
...
FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
2023-05-10 11:40:54 +02:00
8d42cfddd6
Merge pull request #7539 from gilles-peskine-arm/mbedtls_error_pair_t-smaller
...
Halve size of mbedtls_error_pair_t
2023-05-09 15:55:51 +02:00
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
9016bc4ed2
Clean up commented code
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-05-08 16:04:05 +05:30
3fc4ca7272
Limit max input cost to 32bit
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com >
2023-05-08 15:57:41 +05:30
4837e9d1c0
Correct comment about mbedtls error codes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-05-07 20:27:13 +02:00
92da2a79aa
pk: improve description for the next opaque ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-05 12:31:23 +02:00
4f387ef277
pk: use better naming for the new key ID field
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-05 10:59:32 +02:00
e00954d0ed
pk: store opaque key ID directly in the pk_context structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-05 10:57:26 +02:00
0167244be4
Read and write X25519 and X448 private keys
...
Signed-off-by: Jethro Beekman <jethro@fortanix.com >
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com >
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com >
2023-05-04 13:01:47 +02:00
