fbefe04bf3
check_config: fix requirements for CTR_DRBG
...
The module now depends on either:
- AES_C, which is the default and the preferred solution for
backward compatibility
- CRYPTO_C + KEY_TYPE_AES + ALG_ECB_NO_PADDINTG, which is the
new solution when AES_C is not defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:41 +01:00
40a93dff32
all.sh: keep CTR_DRBG enabled in test_psa_crypto_config_accel_cipher_aead()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-04 11:04:41 +01:00
3d12d65946
Merge pull request #8590 from valeriosetti/fix-pkcs5-pkcs12
...
pkcs[5/12]: use cipher enums for encrypt and decrypt
2023-12-04 10:03:02 +00:00
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562
...
Fixed compilation for Haiku OS
2023-12-04 09:53:08 +00:00
3d82ffce5b
ssl-opt: test handshake for TLS 1.2 only cli with TLS 1.3 only srv
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 17:50:43 +08:00
fb0f47b1f8
tls13: srv: check tls version in ClientHello with min_tls_version
...
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 17:50:36 +08:00
7a2dae6442
Merge pull request #8589 from daverodgman/ct-unused
...
Remove unused/non-compiling code
2023-12-04 09:41:39 +00:00
7bb40a3650
send unexpected alert when not received eoed or app during reading early data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 10:04:15 +08:00
fbf039932a
Send decode error alert when EOED parsing fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 10:00:37 +08:00
3be850782c
fix various issues
...
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-04 09:58:54 +08:00
10769bca9e
Fix bad whitespace in keyword argument assignment
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-12-01 23:47:59 +00:00
3a0690647e
Use guess_mbedtls_root in Mbed-TLS-only script
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-12-01 18:27:25 +00:00
04c446cc21
Modify crypto_core_directory to also return a relative path
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-12-01 17:18:38 +00:00
4577bda6d5
pkcs[5|12]: use cipher enums for encrypt and decrypt
...
Instead of re-defining MBEDTLS_PKCS5_[EN/DE]CRYPT and
MBEDTLS_PKCS12_PBE_[EN/DE]CRYPT from scratch, since these values
are to be used with the mbedtls_cipher_setkey() function, ensure
that their value matches with enums in cipher.h.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-12-01 16:51:24 +01:00
744577a429
tls13: early_data: cli: check a PSK has been selected in EE
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-01 23:03:37 +08:00
f1be1f6740
Remove unused code
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-12-01 13:53:45 +00:00
304fa091cf
Shortening a comment line
...
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562
Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com >
2023-12-01 12:23:26 +01:00
99030e2a50
Remove trailing whitespace
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-12-01 09:52:35 +00:00
9ae6534c20
tls13: early_data: cli: improve comment
...
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-01 17:46:08 +08:00
03a00768c0
tls13: early_data: cli: improve comment
...
This commit improves comment of the check for handshake parameters
in Encrypted Extension.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-01 17:40:21 +08:00
0af63dc263
improve comments and output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 17:18:04 +08:00
ee4d729555
print received early application data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
e96551276a
switch inbound transform to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
75c9ab76b5
implement parser of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:53:50 +08:00
b4ed4602f2
implement coordinate of eoed
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:34:00 +08:00
d5c3496ce2
Add dummy framework of eoed state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:32:31 +08:00
59d420f17b
empty process_end_of_early_data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:30:34 +08:00
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
9b72e39701
re-introduce process_wait_flight2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:27:08 +08:00
e32fac3d23
remove wait_flight2 state
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-01 16:25:16 +08:00
422951b9ed
Merge pull request #8044 from daverodgman/msft-aarch64
...
Better support for MSVC aarch64 aka ARM64 and ARM64EC
2023-12-01 07:48:26 +00:00
e72dfff1d6
tls13: early_data: cli: improve comment
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-01 12:05:16 +08:00
2bef7fbc8d
tls13: early_data: cli: remove guard to fix failure
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-01 12:02:56 +08:00
1097d4e731
Minor clarification
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:18:10 +01:00
c3fd0958ce
typo
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:18:04 +01:00
02112cc9a1
Update PBKDF2 availability for 3.5
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:17:55 +01:00
3ea22dcb51
Correct function names prefixes where they diverge from module names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:07:24 +01:00
dbcfc7dd95
Be more informative about "No change"
...
Distinguish between interfaces that won't change in 4.0, and interfaces that
have no PSA equivalent but are likely to change in 4.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 21:04:06 +01:00
db80b2301c
Introduce guess_tf_psa_crypto_root
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-11-30 17:33:54 +00:00
d1f2934e78
Introduce guess_mbedtls_root
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-11-30 17:27:42 +00:00
56bee0344e
Rename variable for better clarity
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-11-30 14:33:35 +00:00
46588de8fc
Improve documentation of crypto_core_directory
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-11-30 13:59:30 +00:00
08c6dc4942
Rename project_crypto_name
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-11-30 13:56:09 +00:00
d79854b3f7
That's not what mbedtls_ecdh_get_params does
...
Keep the discussion of how to retrieve information about a key exchange.
This doesn't seem to have equivalent legacy ECDH APIs.
Add a todo item for mbedtls_ecdh_get_params(). At this point I don't know
where it fits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 14:01:59 +01:00
f7746bdd79
Correct lists of sign/verify functions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 14:01:44 +01:00
951cf39b3f
Corrections and clarifications around asymmetric key formats
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 14:01:20 +01:00
4d234f1ede
Editorial corrections
...
Fix typos, copypasta, and other minor clarifications.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 13:59:49 +01:00
059f66ce7c
Remove redundant check
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-30 11:02:03 +00:00
6eee57bc07
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-30 11:01:50 +00:00
396a2a3dcb
Explain interruptible operations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-11-30 11:02:06 +01:00
