65e3046e18
Fix code style in ssl_tls.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-20 17:55:10 +00:00
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-20 17:28:31 +00:00
851d8df58d
fix/work around dependency issues when !MBEDTLS_ECP_C
...
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no >
2023-12-20 13:09:27 +02:00
9f41770313
pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C
...
For real this time.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 13:05:55 +02:00
bad170e159
pk: remove last references to MBEDTLS_PSA_CRYPTO_C
...
They are replaced by MBEDTLS_USE_PSA_CRYPTO.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
1941af087c
pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C
...
Deprecated functions are removed and #ifdefs are updated accordingly.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
573dc23141
rsa: introduce rsa_internal_rsassa_pss_sign_no_mode_check()
...
And use it in the non-PSA version of mbedtls_pk_sign_ext()
to bypass checks that didn't succeed when used by TLS 1.3.
That is because in the failing scenarios the padding of
the RSA context is not set to PKCS_V21.
See the discussion on PR #7930 for more details.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
8174662b64
pk: implement non-PSA mbedtls_pk_sign_ext()
...
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes #7583 .
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
689c0f71cb
tests: use new CCM/GCM capability macros in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-20 09:54:18 +01:00
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
...
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
50333977c6
cipher_wrap: fix guards for alloc/free functions of CCM/GCM
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-20 07:36:05 +01:00
a69c782351
Merge pull request #8634 from daverodgman/iar-fixes
...
IAR warning fix & some improvements
2023-12-19 16:26:23 +00:00
d47186d6e3
Disable automatic setting of clang target flags on old clang
...
Old versions of clang don't support this pragma, so we have to assume
that the user will have set the flags.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-12-19 13:11:47 +00:00
7f062a58fb
pkwrite: add newlines when calling mbedtls_pem_write_buffer()
...
New defines, which are shared with the pkparse module, lack the
new line so we manually add it when invoking
mbedtls_pem_write_buffer().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-19 07:48:42 +01:00
4bb5740a7d
Revert "pem: auto add newlines to header/footer in mbedtls_pem_write_buffer()"
...
This reverts commit 180915018dvalerio.setti@nordicsemi.no >
2023-12-19 07:48:38 +01:00
8860021abc
Fix false claim of variables used unitialised
...
GCC with TSan + O3 causes an error where it claims key_len and iv_len
may be used uninitialised. This is, as far as I can tell incorrect (the
only way it could not be set is in the error case, and then it is not
used), however the simplest option seemed to be just to fix it.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-12-18 14:49:34 +00:00
af616d9123
Merge remote-tracking branch 'origin/development' into iar-fixes
2023-12-18 13:38:22 +00:00
8f1c36df00
Merge pull request #8607 from valeriosetti/issue8602
...
Make enrollement "optional" in pk_can_do_ext()
2023-12-18 11:30:04 +00:00
a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len
...
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
2023-12-18 02:03:17 +00:00
4ff405cf80
block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t
...
This information was redundant with the already existing mbedtls_block_cipher_id_t.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-15 16:10:52 +01:00
543d275c68
Merge pull request #8635 from daverodgman/asan-opt
...
CI perf - prefer clang for Asan
2023-12-15 13:25:02 +00:00
cddab78612
Merge pull request #8630 from joerchan/mbedtls-tfm-compat
...
Mbedtls tfm compat
2023-12-15 09:31:27 +00:00
815b240d72
Fix unused function/variable warnings from clang
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-12-14 23:20:48 +00:00
bd7528a592
ccm/gcm: use BLOCK_CIPHER whenever possible
...
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
785ec17795
block_cipher: use PSA_BITS_TO_BYTES() in mbedtls_block_cipher_setkey()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
849a1abfdd
block_cipher: remove useless use of psa_cipher_operation_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
c6f004f0e2
psa_crypto: add internal helper to signal that cipher driver is ready
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
8ceaa75b73
psa_util: add error translations from PSA to cipher
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
c1db99d3f5
block_cipher: add PSA dispatch if possible
...
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
26e3698357
Revert back checking on handshake messages length
...
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-14 16:23:25 +00:00
05d670b711
Revert "Skip checking on maximum fragment length during handshake"
...
This reverts commit 419f841511waleed.elmelegy@arm.com >
2023-12-14 16:23:10 +00:00
3b9de38208
Make clienthello comment clear
...
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com >
2023-12-14 22:44:08 +08:00
b349108b99
library: Move mbedtls_ecc helper functions to psa_util
...
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no >
2023-12-14 13:55:11 +01:00
69928dbe86
Fix compile warning from IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-12-14 12:09:18 +00:00
650674bb41
Add MBEDTLS_BSWAPxx intrinsics for IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-12-14 12:08:57 +00:00
f3c04f3f47
Better definition of MBEDTLS_IS_BIG_ENDIAN for IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-12-14 12:08:57 +00:00
1f67363d6a
Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa
...
Add test for driver-only RSA (crypto only)
2023-12-14 11:05:55 +00:00
001fb73131
Merge pull request #8612 from valeriosetti/issue8601
...
Quit using enrollment in pkparse
2023-12-13 14:55:34 +00:00
ea6b3c030d
Merge pull request #8605 from valeriosetti/issue8600
...
Quit using enrollment alg in for ECDSA in PK
2023-12-12 16:53:15 +00:00
c5b7285da9
library: Remove unused psa_crypto_core.h include
...
Remove unused psa_crypto_core.h include.
The PSA util file provides helper functions when using the PSA API.
It should not rely on PSA internal headers, and instead only use
public headers.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no >
2023-12-11 21:25:44 +01:00
656d4b3c74
Avoid use of ip_len as it clashes with a macro in AIX system headers
...
Fixes #8624
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-12-08 21:51:15 +00:00
f75893bb36
Update comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 17:40:00 +08:00
e9efbc2aa5
Error out when get domain_parameters is not supported
...
From time being, domain_parameters could not be extracted
from driver. We need to return error to indicate this
situation. This is temporary and would be fixed after #6494 .
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 17:30:26 +08:00
94a42ccb3e
Add tls13 in ticket flags helper function names
...
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 11:12:46 +08:00
90acdc65e5
tl13: srv: improve comment
...
Improve comment when received version 1.2 of the protocol while TLS
1.2 is disabled on server side.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-08 11:00:38 +08:00
2bef917a3c
tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-08 11:00:35 +08:00
177e49ad7a
tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-08 11:00:33 +08:00
408ba6f7b8
tls13: srv: replace with internal API to check is_tls12_enabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-08 11:00:30 +08:00
abd844f379
Fix wrong format in the function doc
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
02e72f65da
Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
