eden-emu/mbedtls
17
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
29502 commits 89 branches 205 tags 107 MiB
Commit graph

29502 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764 
Conversion function from ecp group to PSA curve
 2024-01-18 10:28:55 +00:00
Ryan Everett
491f7e5ac3 Define key_slot_mutex 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-18 10:21:38 +00:00
Valerio Setti
18371ee08f generate_tls13_compat_tests: add DH group dependency when FFDH is used 
"tls13-compat.sh" is also updated in this commit using the python
script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 10:44:57 +01:00
Valerio Setti
05754d8e85 ssl-opt: add DH groups requirements in test cases using FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 09:47:00 +01:00
Valerio Setti
4f34b155f5 test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private 
Only mbedtls_test_opaque_unwrap_key() is actually needed by other
test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key()
can be kept private to test_driver_key_management.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 08:44:13 +01:00
Valerio Setti
43ff242a8b changelog: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 08:42:38 +01:00
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf 
Ctr perf
 2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states 
Implement the new key slot state system within the PSA subsystem.
 2024-01-17 17:50:04 +00:00
Valerio Setti
78aa0bc1d9 all.sh: fix tests with accelerated FFDH 
Explicitly accelerate also DH groups in those tests.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
1161b44981 crypto_config_test_driver_extension: support accelaration of DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
48a847afb7 tests: add guards for DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
6bed64ec75 all.sh: add new component with only DH 2048 bits. 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
504a10254c psa_crypto: do not validate DH groups which are not enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:03 +01:00
Valerio Setti
e8683ce9ef ssl_test_lib: add guards for enabled DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
ecaf7c5690 ssl_tls: add guards for enabled DH key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
de50413009 crypto_sizes: adjust PSA_VENDOR_FFDH_MAX_KEY_BITS based on the supported groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
4ed8daa929 psa_crypto_ffdh: add guards for enabled domain parameters 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
fecef8bc8e config_adjust: fix adjustments between legacy and PSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:26 +01:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation 
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
 2024-01-17 14:12:33 +00:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes 
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:58:25 +01:00
Ryan Everett
38a2b7a6a3 Extend psa_wipe_key_slot documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:40:29 +00:00
Gilles Peskine
42a025dc9c Reference filed issues 
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:35:31 +01:00
Dave Rodgman
885248c8ee Add header guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 11:06:31 +00:00
Valerio Setti
bbff303fe1 crypto_config: define feature macros for DH keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 11:47:44 +01:00
Gilles Peskine
5a64c42693 Reference ongoing work 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO 
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:07:55 +01:00
Valerio Setti
584dc80d96 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 08:06:32 +01:00
Bence Szépkúti
1325942c28
Merge pull request #8707 from bensze01/new_redirect_format 
Migrate to new RTD redirect format
 2024-01-16 20:22:08 +00:00
Dave Rodgman
9039ba572b Fix test dependencies 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 18:38:55 +00:00
Dave Rodgman
7e5b7f91ca Fix error in ctr_drbg 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 17:28:25 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 16:27:34 +00:00
Bence Szépkúti
333ca8fdfc Migrate to new RTD redirect format 
Migrate to the new redirect format introduced by ReadTheDocs in
readthedocs/readthedocs.org#10881

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-01-16 17:06:06 +01:00
Dave Rodgman
9f97566c04 Add Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 13:24:45 +00:00
Dave Rodgman
24ad1b59e8 Add NIST AES-CTR test vectors 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 13:24:45 +00:00
Dave Rodgman
4cc6fb9039 add test for multipart AES-CTR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 13:24:45 +00:00
Valerio Setti
4860a6c7ac test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 16:30:12 +01:00
Valerio Setti
62b6f10f64 test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 16:30:07 +01:00
Valerio Setti
66a827fc83 test_driver_key_management: make opaque [un]wrapping functions public 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 15:00:52 +01:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot 
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong 
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00