Merge remote-tracking branch 'origin/development' into check_config_look_for_crypto_client
This commit is contained in:
Antonio de Angelis
commit
aa33d600cf
82 changed files with 2577 additions and 1218 deletions
|
|
@ -197,7 +197,8 @@ typedef struct mbedtls_asn1_named_data {
|
|||
}
|
||||
mbedtls_asn1_named_data;
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
|
||||
defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
|
||||
/**
|
||||
* \brief Get the length of an ASN.1 element.
|
||||
* Updates the pointer to immediately behind the length.
|
||||
|
|
@ -244,7 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p,
|
|||
int mbedtls_asn1_get_tag(unsigned char **p,
|
||||
const unsigned char *end,
|
||||
size_t *len, int tag);
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
|
||||
#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
|
||||
|
||||
#if defined(MBEDTLS_ASN1_PARSE_C)
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -36,7 +36,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
|
||||
#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \
|
||||
defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
|
||||
/**
|
||||
* \brief Write a length field in ASN.1 format.
|
||||
*
|
||||
|
|
@ -65,7 +66,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start,
|
|||
*/
|
||||
int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
|
||||
unsigned char tag);
|
||||
#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
|
||||
#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA*/
|
||||
|
||||
#if defined(MBEDTLS_ASN1_WRITE_C)
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -27,18 +27,8 @@
|
|||
#if !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_C is required on Windows"
|
||||
#endif
|
||||
|
||||
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
|
||||
* it would confuse config.py. */
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
||||
#endif
|
||||
/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
|
||||
* in * config_adjust_legacy_crypto.h */
|
||||
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
||||
|
||||
#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
|
||||
|
|
@ -54,65 +44,6 @@
|
|||
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
|
||||
#endif
|
||||
|
||||
/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
|
||||
* when PSA crypto is enabled. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
/* SECP224K1 is buggy in PSA API so we skip this check */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
|
||||
* `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
|
||||
* all 4 of them.
|
||||
|
|
@ -234,9 +165,8 @@
|
|||
#endif
|
||||
#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || \
|
||||
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_CLIENT) ) )
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
!defined(MBEDTLS_ECP_C)
|
||||
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
|
@ -281,23 +211,8 @@
|
|||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helpers for hash dependencies, will be undefined at the end of the file */
|
||||
/* Do SHA-256, 384, 512 to cover Entropy and TLS. */
|
||||
#if defined(MBEDTLS_SHA256_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256))
|
||||
#define MBEDTLS_MD_HAVE_SHA256
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_384))
|
||||
#define MBEDTLS_MD_HAVE_SHA384
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_512))
|
||||
#define MBEDTLS_MD_HAVE_SHA512
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
!(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256))
|
||||
!(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256))
|
||||
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
|
|
@ -305,24 +220,24 @@
|
|||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
(defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \
|
||||
(defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \
|
||||
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
|
||||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256)
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#define MBEDTLS_HAS_MEMSAN
|
||||
#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
|
||||
#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
|
||||
#endif
|
||||
#undef MBEDTLS_HAS_MEMSAN
|
||||
#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) && \
|
||||
!(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
|
||||
|
|
@ -388,28 +303,6 @@
|
|||
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helper for JPAKE dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_HAVE_JPAKE
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#define MBEDTLS_PK_HAVE_JPAKE
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for curve SECP256R1 */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_CAN_ECDH) || \
|
||||
!defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
|
||||
|
|
@ -463,43 +356,48 @@
|
|||
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_JPAKE) || \
|
||||
!defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) )
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(PSA_WANT_ALG_JPAKE) || \
|
||||
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
|
||||
!defined(PSA_WANT_ECC_SECP_R1_256) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECJPAKE_C) || \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Use of EC J-PAKE in TLS requires SHA-256. */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
!defined(MBEDTLS_MD_HAVE_SHA256)
|
||||
!defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
( !defined(MBEDTLS_SHA256_C) && \
|
||||
!defined(MBEDTLS_SHA512_C) && \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA1)
|
||||
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_C) && !( \
|
||||
defined(MBEDTLS_MD5_C) || \
|
||||
defined(MBEDTLS_RIPEMD160_C) || \
|
||||
defined(MBEDTLS_SHA1_C) || \
|
||||
defined(MBEDTLS_SHA224_C) || \
|
||||
defined(MBEDTLS_SHA256_C) || \
|
||||
defined(MBEDTLS_SHA384_C) || \
|
||||
defined(MBEDTLS_SHA512_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
|
||||
(defined(PSA_WANT_ALG_MD5) || \
|
||||
defined(PSA_WANT_ALG_RIPEMD160) || \
|
||||
defined(PSA_WANT_ALG_SHA_1) || \
|
||||
defined(PSA_WANT_ALG_SHA_224) || \
|
||||
defined(PSA_WANT_ALG_SHA_256) || \
|
||||
defined(PSA_WANT_ALG_SHA_384) || \
|
||||
defined(PSA_WANT_ALG_SHA_512))))
|
||||
#error "MBEDTLS_MD_C defined, but not all prerequisites"
|
||||
#if defined(MBEDTLS_MD_C) && \
|
||||
!defined(MBEDTLS_MD_CAN_MD5) && \
|
||||
!defined(MBEDTLS_MD_CAN_RIPEMD160) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA1) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA224) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_224) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_384) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_512)
|
||||
#error "MBEDTLS_MD_C defined, but no hash algorithm"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_LMS_C) && \
|
||||
|
|
@ -975,7 +873,7 @@
|
|||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if !defined(MBEDTLS_MD_C) || \
|
||||
!(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384))
|
||||
!(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384))
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
|
@ -1074,20 +972,18 @@
|
|||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_C defined, single threading implementation required"
|
||||
#endif
|
||||
#undef MBEDTLS_THREADING_IMPL
|
||||
#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
||||
#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
|
||||
|
|
@ -1218,13 +1114,6 @@
|
|||
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Undefine helper symbols */
|
||||
#undef MBEDTLS_PK_HAVE_JPAKE
|
||||
#undef MBEDTLS_MD_HAVE_SHA256
|
||||
#undef MBEDTLS_MD_HAVE_SHA384
|
||||
#undef MBEDTLS_MD_HAVE_SHA512
|
||||
#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
* workaround since this is included by every single file before the
|
||||
|
|
|
|||
|
|
@ -22,6 +22,22 @@
|
|||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
|
||||
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
|
||||
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
|
||||
*
|
||||
* So, adjust it here.
|
||||
* Not related to crypto, but this is the bottom of the stack. */
|
||||
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
||||
#endif
|
||||
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
||||
|
||||
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
|
||||
* in PSA. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
|
|
@ -324,15 +340,6 @@
|
|||
#define MBEDTLS_PSA_CRYPTO_CLIENT
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* The PK wrappers need pk_write/pk_parse functions to format RSA key objects
|
||||
* when they are dispatching to the PSA API. This happens under MBEDTLS_USE_PSA_CRYPTO,
|
||||
* and even under just MBEDTLS_PSA_CRYPTO_C in psa_crypto_rsa.c. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#endif
|
||||
|
||||
/* Helpers to state that each key is supported either on the builtin or PSA side. */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#define MBEDTLS_ECP_HAVE_SECP521R1
|
||||
|
|
@ -400,6 +407,13 @@
|
|||
#define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
|
||||
#endif
|
||||
|
||||
/* psa_util file features some ECDSA conversion functions, to convert between
|
||||
* legacy's ASN.1 DER format and PSA's raw one. */
|
||||
#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
(defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
|
||||
#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
|
||||
#endif
|
||||
|
||||
/* Some internal helpers to determine which keys are availble. */
|
||||
#if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
|
||||
(defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
|
||||
|
|
|
|||
|
|
@ -685,9 +685,6 @@
|
|||
#define MBEDTLS_RSA_C
|
||||
#define MBEDTLS_BIGNUM_C
|
||||
#define MBEDTLS_OID_C
|
||||
#define MBEDTLS_PK_PARSE_C
|
||||
#define MBEDTLS_PK_WRITE_C
|
||||
#define MBEDTLS_PK_C
|
||||
#define MBEDTLS_ASN1_PARSE_C
|
||||
#define MBEDTLS_ASN1_WRITE_C
|
||||
#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
|
||||
|
|
|
|||
|
|
@ -288,12 +288,17 @@
|
|||
#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
* Encryption algorithms,
|
||||
* the following standardized object identifiers are specified at
|
||||
* https://datatracker.ietf.org/doc/html/rfc8018#appendix-C.
|
||||
*/
|
||||
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
|
||||
MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
|
||||
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
|
||||
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
|
||||
#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */
|
||||
#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */
|
||||
#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */
|
||||
|
||||
/*
|
||||
* Key Wrapping algorithms
|
||||
|
|
|
|||
|
|
@ -16,6 +16,11 @@
|
|||
|
||||
#include "psa/crypto.h"
|
||||
|
||||
/* ASN1 defines used in the ECDSA conversion functions.
|
||||
* Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here
|
||||
* otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/
|
||||
#include <mbedtls/asn1write.h>
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
/* Expose whatever RNG the PSA subsystem uses to applications using the
|
||||
|
|
@ -175,8 +180,50 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa
|
|||
{
|
||||
return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
|
||||
|
||||
/** Convert an ECDSA signature from raw format to DER ASN.1 format.
|
||||
*
|
||||
* \param bits Size of each coordinate in bits.
|
||||
* \param raw Buffer that contains the signature in raw format.
|
||||
* \param raw_len Length of \p raw in bytes. This must be
|
||||
* PSA_BITS_TO_BYTES(bits) bytes.
|
||||
* \param[out] der Buffer that will be filled with the converted DER
|
||||
* output. It can overlap with raw buffer.
|
||||
* \param der_size Size of \p der in bytes. It is enough if \p der_size
|
||||
* is at least the size of the actual output. (The size
|
||||
* of the output can vary depending on the presence of
|
||||
* leading zeros in the data.) You can use
|
||||
* #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a
|
||||
* size that is large enough for all signatures for a
|
||||
* given value of \p bits.
|
||||
* \param[out] der_len On success it contains the amount of valid data
|
||||
* (in bytes) written to \p der. It's undefined
|
||||
* in case of failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
|
||||
unsigned char *der, size_t der_size, size_t *der_len);
|
||||
|
||||
/** Convert an ECDSA signature from DER ASN.1 format to raw format.
|
||||
*
|
||||
* \param bits Size of each coordinate in bits.
|
||||
* \param der Buffer that contains the signature in DER format.
|
||||
* \param der_len Size of \p der in bytes.
|
||||
* \param[out] raw Buffer that will be filled with the converted raw
|
||||
* signature. It can overlap with der buffer.
|
||||
* \param raw_size Size of \p raw in bytes. Must be at least
|
||||
* 2 * PSA_BITS_TO_BYTES(bits) bytes.
|
||||
* \param[out] raw_len On success it is updated with the amount of valid
|
||||
* data (in bytes) written to \p raw. It's undefined
|
||||
* in case of failure.
|
||||
*/
|
||||
int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
|
||||
unsigned char *raw, size_t raw_size, size_t *raw_len);
|
||||
|
||||
#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
|
||||
|
||||
/**@}*/
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||
#endif /* MBEDTLS_PSA_UTIL_H */
|
||||
|
|
|
|||
|
|
@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key(
|
|||
*
|
||||
* This function clears all data associated with the PSA layer,
|
||||
* including the whole key store.
|
||||
* This function is not thread safe, it wipes every key slot regardless of
|
||||
* state and reader count. It should only be called when no slot is in use.
|
||||
*
|
||||
* This is an Mbed TLS extension.
|
||||
*/
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue