lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-23 00:02:39 +03:00
Code Activity
22,088 Commits 176 Branches 276 Tags
d384b64dd23629d08d932a06bae62a6b4769be3d
Commit Graph

5473 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
138387fc8c Fix some typos, improve wording & formatting 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
72687b76ca Clarify dependencies in mbedtls_config.h 
- One module was missing the warning on psa_crypto_init().
- For modules that are affected by USE_PSA_CRYPTO, it makes more sense
to mention that in the warning.
- Attempt to improve the description of the TLS 1.3 situation.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
f17f85ef0c Simplify definition of TLS 1.3 MD max size. 
Actually this macro is never used in parts that depend on USE_PSA, so
it's always using PSA.

Currently the macro seems a bit redundant, but:
- since it's public we can't remove it;
- and there are plans in the future to make it more precise (actually
the largest hash that matters for TLS 1.3 is SHA-384 now).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public 
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public. 
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:02:48 +02:00
Gilles Peskine
04e4c19ee3 Document the base state of platform abstraction 
It's `#define mbedtls_xxx xxx` unless some option to override `mbedtls_xxx`
is enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:50 +02:00
Manuel Pégourié-Gonnard
409a620dea Merge pull request #6255 from mprse/md_tls13 
Driver-only hashes: TLS 1.3
 2022-09-15 10:37:46 +02:00
Manuel Pégourié-Gonnard
18dff1f226 Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake 
Expose ECJPAKE through the PSA Crypto API
 2022-09-15 09:25:55 +02:00
Andrzej Kurek
d60907b85d Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 14:57:51 -04:00
Przemyslaw Stekiel
67ffab5600 ssl.h: use PSA hash buffer size when PSA is used 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 14:51:14 +02:00
Andrzej Kurek
18f8e8d62c Document the input size restriction for EC J-PAKE to PMS 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:44:34 -04:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-14 08:39:26 -04:00
Przemyslaw Stekiel
034492bd56 ssl.h: Fix hash guards 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:09:20 +02:00
Przemek Stekiel
ce0aa58fd9 check_config.h: make TLS1.3 requirements verification more readable 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
8a2f2b0bd6 check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
9408b70513 check_config.h: revert HKDF requirements 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a06787a629 build_info.h: include config_psa.h also when MBEDTLS_PSA_CRYPTO_C 
This is done to have PSA_WANT_xxx symbols available in check_config.h when MBEDTLS_PSA_CRYPTO_C.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
cf9d972a9a Fix config for MBEDTLS_SSL_PROTO_TLS1_3 
Remove MBEDTLS_HKDF_C as it is not needed since #5838

Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a9a8816107 ssl.h: adapt guards for MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Jerry Yu
6cf85a4bb0 update document abourt maximum ticket_age_tolerance 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 14:28:15 +08:00
Neil Armstrong
fb3093a9cb Use PSA_PAKE_ROLE_NONE in PSA_PAKE_OPERATION_INIT macro instead of 0 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 14:59:32 +02:00
Neil Armstrong
7cd4eacbd4 Fix typo in mbedtls_ecjpake_write_shared_key() comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 14:57:55 +02:00
Neil Armstrong
ecb221b1ff Move operation buffer in operation struct and remove dynamic allocation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 11:21:07 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146 
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2022-09-07 17:15:05 +02:00
Andrzej Kurek
f000471c66 Add missing MD dependency for pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
345a92b321 Adjust PKCS5 dependencies in check_config 
It's possible to build PKCS5 with PSA instead of MD
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
65bf73ed6a Enable HMAC in config_psa.h regardless of MD availability 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
890e78ae66 Deprecate mbedtls_pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:41 -04:00
Jerry Yu
89eb95a221 Add ticket age tolerance config option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Neil Armstrong
b764fb60aa Remove MBEDTLS_MD_C dep in config_psa.h when ECJPAJE is wanted 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
12663092bc Introduce mbedtls_ecjpake_write_shared_key() to export the EC J-PAKE shared key material before the KDF() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
ed40782628 Fix SECP256R1 enable when PSA_WANT_ALG_JPAKE is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
a557cb8c8b Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
7616ad28e3 Fix guard of ecjpake.h include in crypto_extra.h 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
63212ddf2f Fix formatting of PSA_PAKE_OPERATION_INIT macro 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
7aaa34a1ba Fix formatting of PSA_PAKE_OUTPUT_SIZE & PSA_PAKE_INPUT_SIZE macros 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
637d0a0290 Enable buildin PSA PAKE implementation when ECJPAKE_C is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Neil Armstrong
35269d93da Fill psa_pake_operation and INPUT/OUTPUT min/max sizes for PSA PAKE builtin implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-31 10:49:18 +02:00
Manuel Pégourié-Gonnard
bf22a2500b Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured 
Remove the dependency on MD from TLS 1.2 tests
 2022-08-30 12:34:37 +02:00
Nicholas Wilson
8e5bdfbbcf Improve programs/cert_write with a way to set extended key usages 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:08:43 +01:00
Dave Rodgman
0edfa9dd26 Merge pull request #6207 from daverodgman/ticket_time 
Fix type used for capturing TLS ticket generation time
 2022-08-30 10:03:06 +01:00
Andrzej Kurek
cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Janos Follath
645ff5b8ff Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures 
Add the new modulus and the residue structures with low level I/O operations
 2022-08-23 09:02:43 +01:00
Andrzej Kurek
e02da81086 Update TLS1.2 dependencies description in mbedtls_config.h 
It is possible to use it without MBEDTLS_SHAXXX defines and USE_PSA_CRYPTO
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Andrzej Kurek
7e16ce3a72 Clarify TLS 1.2 dependencies with and without PSA crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Dave Rodgman
0ce93933e8 Merge pull request #6219 from KloolK/development 
Fix minor typos
 2022-08-22 21:47:21 +01:00
Gilles Peskine
e5018c97f9 Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake 
Driver-only hashes: EC J-PAKE
 2022-08-22 17:28:15 +02:00