This is a temporary fix for not excluding tests which depend on
MBEDTLS_PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_LEGACY. This fix
can be reverted as soon as those _LEGACY symbols will be removed
from the code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is a temporary fix for replacing
PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR
with the temporary symbols
MBEDTLS_PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_LEGACY.
Once new PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_yyy will be used
both in library's code and tests, then this fix will be removed.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- deprecate legacy PSA_WANT_KEY_TYPE_xxx_KEY_PAIR
- introduce new PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy where
- xxx is either RSA, DH or ECC
- yyy can be USE, IMPORT, EXPORT, GENERATE, DERIVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys
are basically stored in the same way (only a diffferent ownership for
the key itself), so they should be treated similarly in the code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests
Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This reverts commit f1e396c42724896b9d31ac727043da45a35d5e26.
Performance is slightly better with this reverted, especially
for AES-CBC 192.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Attempt to fix failing test by dealing with overflow with three rounds,
instead of previous subtract modulus solution. Also optimise out shifts
by using memcpy / memmove instead. Remove final sub to return canonical
result, as this is not required here.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Ensure that all possible config options are documented by building the
docs in the realfull config on Read The Docs.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
We no longer support TLS 1.0, TLS 1.1 or CBC record splitting since 3.0,
but those where still referenced here.
While at it, group things in a more logical way in this component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Several components needed to remove it, with the same comment every
time. It's probably just chance that other components happened to work
despite it being enabled.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
