98f5db9fca
psa_util: fix typo in comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-05 18:17:38 +01:00
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
...
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
44d557c52d
Indicate which curves Mbed TLS supports
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-03 20:59:38 +01:00
6e2069661e
Note unusual curve size
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-03 20:59:03 +01:00
2a22dac694
Fix typo in curve name
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-03 20:58:55 +01:00
39b7bba8a0
Make input parameter const
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-01-02 17:56:54 +01:00
1cc90a1003
Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910
...
Fixes redundant declarations for psa_set_key_domain_parameters
2024-01-02 16:34:40 +00:00
6315441be7
adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling
...
CCM/GCM can be either fully accelerated or rely on just the key type
being accelerated. This means that ultimately it is just the key
type which determines if the legacy block cipher modes need to
be auto-enabled or not.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-02 17:21:01 +01:00
3d2e0f5f42
psa_util: add algorithm's availability checks for MD conversion functions
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-02 14:57:47 +01:00
45c3cae8a5
md: move PSA conversion functions from md_psa.h to psa_util.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-02 13:26:04 +01:00
e581e140cc
oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
...
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-29 16:35:58 +01:00
1994e72e18
check_config/block_cipher: minor improvements
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-28 18:33:04 +01:00
e98ad5931a
mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-28 10:42:12 +01:00
62e33bcc64
New function mbedtls_ecp_write_public_key
...
Directly export the public part of a key pair without having to go through
intermediate objects (using mbedtls_ecp_point_write_binary would require a
group object and a point object).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-24 15:23:19 +01:00
ad5e437c8e
mbedtls_ecp_read_key: explain how to set the public key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-24 15:23:19 +01:00
7ea72026cd
New function mbedtls_ecp_keypair_calc_public
...
For when you calculate or import a private key, and then need to calculate
the public key.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-22 21:30:03 +01:00
28240323d3
New function mbedtls_ecp_set_public_key
...
Set the public key in a key pair. This complements mbedtls_ecp_read_key and
the functions can be used in either order.
Document the need to call check functions separately.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-22 21:30:03 +01:00
091a85a762
Promise mbedtls_ecp_read_key doesn't overwrite the public key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-22 21:30:03 +01:00
ba5b5d67aa
Support partial export from mbedtls_ecp_keypair
...
Sometimes you don't need to have all the parts of a key pair object. Relax
the behavior of mbedtls_ecp_keypair so that you can extract just the parts
that you need.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-22 21:30:03 +01:00
e6886102ef
New function mbedtls_ecp_keypair_get_group_id
...
Add a simple function to get the group id from a key object.
This information is available via mbedtls_ecp_export, but that function
consumes a lot of memory, which is a waste if all you need is to identify
the curve.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-22 21:30:03 +01:00
6d3a68162c
check_config: remove CIPHER_C requirement for PKCS[5/12]
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-21 16:40:03 +01:00
a69e872001
pkcs[5/12]: add CIPHER_C for [en/de]crypting functions
...
This commit also updates corresponding test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-21 16:39:04 +01:00
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-20 17:28:31 +00:00
851d8df58d
fix/work around dependency issues when !MBEDTLS_ECP_C
...
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no >
2023-12-20 13:09:27 +02:00
bad170e159
pk: remove last references to MBEDTLS_PSA_CRYPTO_C
...
They are replaced by MBEDTLS_USE_PSA_CRYPTO.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
8174662b64
pk: implement non-PSA mbedtls_pk_sign_ext()
...
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.
Related dependencies and tests are updated as well.
Fixes #7583 .
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
a70b3c24f6
rsa: minor comment/guard improvements
...
This brings some improvements to comments/
function prototypes that relate to PKCS#1.
Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com >
2023-12-20 12:59:57 +02:00
689c0f71cb
tests: use new CCM/GCM capability macros in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-20 09:54:18 +01:00
bfa675fe48
adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-20 09:52:08 +01:00
1a9e05bf08
Note that domain parameters are not supported with drivers
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-19 12:23:22 +01:00
5ad9539363
Remove DSA and DH domain parameters from the documentation
...
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-19 12:22:46 +01:00
9deb54900e
Document the domain_parameters_size==SIZE_MAX hack
...
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-12-18 21:01:18 +01:00
a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len
...
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
2023-12-18 02:03:17 +00:00
4ff405cf80
block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t
...
This information was redundant with the already existing mbedtls_block_cipher_id_t.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-15 16:10:52 +01:00
bd7528a592
ccm/gcm: use BLOCK_CIPHER whenever possible
...
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
4a5d57d225
adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available
...
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
2684e3f2e3
config_adjust_legacy_crypto: fix typo
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
291571b447
block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
849a1abfdd
block_cipher: remove useless use of psa_cipher_operation_t
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
4bc7fac99a
crypto_builtin_composites: add missing guards for includes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
c0f9bbca2c
check_config: use new helpers for legacy GCM_C/CCM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
8bba087fe1
adjust_legacy_crypto: add helpers for block ciphers capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
c1db99d3f5
block_cipher: add PSA dispatch if possible
...
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-14 18:08:14 +01:00
b349108b99
library: Move mbedtls_ecc helper functions to psa_util
...
Move the mbedtls_ecc helper functions from psa_core to psa_util.
These files are not implemented as part of the PSA API and should not
be part of the PSA crypto implementation.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no >
2023-12-14 13:55:11 +01:00
656d4b3c74
Avoid use of ip_len as it clashes with a macro in AIX system headers
...
Fixes #8624
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-12-08 21:51:15 +00:00
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
...
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-06 15:18:15 +00:00
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-12-06 15:18:08 +00:00
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
...
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:42 +01:00
