| /mbedtls/tests/scripts/ |
| A D | generate_tls13_compat_tests.py | 111 self._cert_sig_algs = list(CERTIFICATES.keys())
601 itertools.product(CLIENT_CLASSES.keys(),
602 SERVER_CLASSES.keys(),
605 SIG_ALG_IANA_VALUE.keys()):
614 itertools.product(CLIENT_CLASSES.keys(),
615 SERVER_CLASSES.keys(),
640 print(*CIPHER_SUITE_IANA_VALUE.keys())
642 print(*SIG_ALG_IANA_VALUE.keys())
644 print(*NAMED_GROUP_IANA_VALUE.keys())
646 print(*SERVER_CLASSES.keys())
[all …]
|
| A D | psa_collect_statuses.py | 64 for function in sorted(self.functions.keys()):
66 names = [self.status_names[value] for value in fdata.keys()]
|
| A D | depends.py | 389 self.all_config_symbols = set(conf.settings.keys())
544 options.tasks = sorted(domain_data.domains.keys())
547 for domain_name in sorted(getattr(domain_data, arg).keys()):
|
| /mbedtls/library/ |
| A D | ssl_ticket.c | 260 ctx->keys[0].alg = alg; in mbedtls_ssl_ticket_setup()
261 ctx->keys[0].key_type = key_type; in mbedtls_ssl_ticket_setup()
262 ctx->keys[0].key_bits = key_bits; in mbedtls_ssl_ticket_setup()
264 ctx->keys[1].alg = alg; in mbedtls_ssl_ticket_setup()
265 ctx->keys[1].key_type = key_type; in mbedtls_ssl_ticket_setup()
266 ctx->keys[1].key_bits = key_bits; in mbedtls_ssl_ticket_setup()
339 key = &ctx->keys[ctx->active]; in mbedtls_ssl_ticket_write()
406 for (i = 0; i < sizeof(ctx->keys) / sizeof(*ctx->keys); i++) { in ssl_ticket_select_key()
408 return &ctx->keys[i]; in ssl_ticket_select_key()
538 psa_destroy_key(ctx->keys[0].key); in mbedtls_ssl_ticket_free()
[all …]
|
| A D | aesce.c | 159 block = vaeseq_u8(block, vld1q_u8(keys)); \
161 keys += 16
167 unsigned char *keys, in aesce_encrypt_block() argument
189 block = vaeseq_u8(block, vld1q_u8(keys)); in aesce_encrypt_block()
190 keys += 16; in aesce_encrypt_block()
195 block = veorq_u8(block, vld1q_u8(keys)); in aesce_encrypt_block()
222 block = vaesdq_u8(block, vld1q_u8(keys)); \
224 keys += 16
252 block = vaesdq_u8(block, vld1q_u8(keys)); in aesce_decrypt_block()
253 keys += 16; in aesce_decrypt_block()
[all …]
|
| A D | psa_crypto_cipher.c | 314 uint8_t keys[24]; in psa_cipher_setup() local
315 memcpy(keys, key_buffer, 16); in psa_cipher_setup()
316 memcpy(keys + 16, key_buffer, 8); in psa_cipher_setup()
318 keys, in psa_cipher_setup()
|
| A D | ssl_tls13_keys.c | 269 mbedtls_ssl_key_set *keys) in mbedtls_ssl_tls13_make_traffic_keys() argument
275 keys->client_write_key, key_len, in mbedtls_ssl_tls13_make_traffic_keys()
276 keys->client_write_iv, iv_len); in mbedtls_ssl_tls13_make_traffic_keys()
283 keys->server_write_key, key_len, in mbedtls_ssl_tls13_make_traffic_keys()
284 keys->server_write_iv, iv_len); in mbedtls_ssl_tls13_make_traffic_keys()
289 keys->key_len = key_len; in mbedtls_ssl_tls13_make_traffic_keys()
290 keys->iv_len = iv_len; in mbedtls_ssl_tls13_make_traffic_keys()
|
| /mbedtls/programs/ssl/ |
| A D | ssl_test_common_source.c | 23 eap_tls_keys *keys = (eap_tls_keys *) p_expkey; in eap_tls_key_derivation() local
29 if (secret_len != sizeof(keys->master_secret)) { in eap_tls_key_derivation()
33 memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); in eap_tls_key_derivation()
34 memcpy(keys->randbytes, client_random, 32); in eap_tls_key_derivation()
35 memcpy(keys->randbytes + 32, server_random, 32); in eap_tls_key_derivation()
36 keys->tls_prf_type = tls_prf_type; in eap_tls_key_derivation()
123 if (secret_len != sizeof(keys->master_secret)) { in dtls_srtp_key_derivation()
127 memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); in dtls_srtp_key_derivation()
128 memcpy(keys->randbytes, client_random, 32); in dtls_srtp_key_derivation()
129 memcpy(keys->randbytes + 32, server_random, 32); in dtls_srtp_key_derivation()
[all …]
|
| /mbedtls/tests/suites/ |
| A D | test_suite_psa_crypto_slot_management.function | 800 mbedtls_svc_key_id_t *keys = NULL;
808 TEST_CALLOC(keys, max_keys);
818 &keys[i]);
825 TEST_ASSERT(!mbedtls_svc_key_id_equal(keys[i], keys[j]));
832 PSA_ASSERT(psa_export_key(keys[i],
838 PSA_ASSERT(psa_close_key(keys[i - 1]));
842 mbedtls_free(keys);
933 mbedtls_svc_key_id_t *keys = NULL;
943 TEST_CALLOC(keys, available_key_slots);
1013 PSA_ASSERT(psa_export_key(keys[i],
[all …]
|
| A D | test_suite_pkparse.function | 73 /* Whether a pk key can do ECDSA. Opaque keys are not supported since this
74 * test suite does not create opaque keys. */
78 * keys on Montgomery curves, which can only do ECDH, so we'll have
242 /* PSA keys are already checked on import so nothing to do here. */
304 /* Montgomery keys have specific bits set to either 0 or 1 depending on
|
| A D | test_suite_aes.xts.data | 36 # 128-bit keys with 32 byte sector
48 # 128-bit keys with 512 byte sector
69 # 256-bit keys with 512 byte sector
92 # 128-bit keys with sector size not evenly divisible by 16 bytes
|
| /mbedtls/docs/architecture/testing/ |
| A D | psa-storage-format-testing.md | 31 Use a similar approach for files other than keys where possible and relevant.
39 If the way certain keys are stored changes, and we don't deliberately decide to stop supporting old…
45 …rage) (files containing one key's metadata and, except for some secure element keys, key material).
70 ### Enumeration of test cases for keys
72 Objective: ensure that the coverage is sufficient to have assurance that all keys are stored correc…
85 … knowledge of what attributes (sizes, algorithms, …) and content to use for keys of a certain type.
103 * HMAC keys longer than the block size: pre-hashed or not?
104 * DES keys: was parity enforced?
105 * RSA keys: can invalid DER encodings (e.g. leading zeros, ignored sign bit) have been stored?
106 * RSA private keys: can invalid CRT parameters have been stored?
[all …]
|
| A D | driver-interface-test-strategy.md | 72 #### Persistence of SE keys
76 * Test that keys in a secure element survive `psa_close_key(); psa_open_key()`.
77 * Test that keys in a secure element survive `mbedtls_psa_crypto_free(); psa_crypto_init()`.
90 … is supposed to be present) and does not have any unexpected content (for keys, this can be done b…
|
| /mbedtls/scripts/ |
| A D | generate_psa_constants.py | 264 return ''.join([make(k, d[k]) for k in sorted(d.keys())])
269 return ''.join([make(k, d[k]) for k in sorted(d.keys())])
292 return ''.join([make(k, d[k]) for k in sorted(d.keys())])
|
| A D | abi_check.py | 468 missing = frozenset(old_tests.keys()).difference(new_tests.keys())
503 shared_modules = list(set(self.old_version.modules.keys()) &
504 set(self.new_version.modules.keys()))
|
| /mbedtls/docs/architecture/ |
| A D | psa-storage-resilience.md | 38 * [Key management for stateful secure element keys](#designing-key-management-for-secure-element-ke…
44 ## Designing key management for secure element keys
46 …in a stateful secure element, i.e. a secure element that stores keys. This excludes keys in a stat…
54 ### Dual management of keys: the problem argument
154 From the analysis above, assuming that all keys are treated in the same way, there are 4 possible s…
246 * The flow of information is somewhat different from transparent keys and keys in stateless secure …
464 …ds reading bad data if Mbed TLS is upgraded to a different integration that names keys differently.
498 …all keys in storage, and does not need to (for example, it would be pointless to check anything ab…
501 * When invoked from the test hook on the transaction file: on all the keys listed in the transactio…
519 * Call the secure element test driver to create keys without going throught the PSA API.
[all …]
|
| A D | alternative-implementations.md | 28 …phic operations with transparent keys (keys available in cleartext), for cryptographic operations …
|
| A D | mbed-crypto-storage-specification.md | 28 * [Persistent transparent keys](#key-file-format-for-0.1.0) designated by a [slot number](#key-name…
83 …ed to the file name (so it must end with a directory separator to put the keys in a different dire…
105 * [Persistent transparent keys](#key-file-format-for-1.0.0) designated by a [key identifier and own…
160 * Delete files 1 through 0xfffeffff, which contain keys in a format that is no longer supported.
185 …ed to the file name (so it must end with a directory separator to put the keys in a different dire…
226 * Key files can store references to keys in a secure element. In such key files, the key material c…
347 Backward compatibility commitments: we promise backward compatibility for stored keys when Mbed TLS…
357 * [Persistent keys](#key-file-format-for-mbed-tls-2.25.0) designated by a [key identifier and owner…
392 …ed to the file name (so it must end with a directory separator to put the keys in a different dire…
|
| /mbedtls/docs/ |
| A D | use-psa-crypto.md | 7 - enables new APIs for using keys handled by PSA Crypto, such as
70 ### PSA-held (opaque) keys in the PK layer
96 ### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
109 ### PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange
|
| /mbedtls/docs/architecture/psa-migration/ |
| A D | psa-legacy-bridges.md | 41 …API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys.
54 * Key management: parsing, generating, deriving and formatting cryptographic keys.
55 * Data manipulation other than keys. In practice, most data formats within the scope of the legacy …
63 * Manipulating data formats, other than keys, where the PSA API is lacking.
75 …do not provide the same functionality. A typical example is parsing and formatting asymmetric keys.
78 …e-mixing-happens)”, we focus the gap analysis on two topics: metadata and keys. This chapter explo…
92 Hashes do not involve keys, and involves no nontrivial data format. Therefore the only gap is with …
118 …keys can also be further classified according to their curve. The legacy API also supports DHM (Di…
125 ECC keys are also involved in EC-JPAKE, but this happens internally: the EC-JPAKE interface only ne…
127 Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (…
[all …]
|
| /mbedtls/docs/architecture/psa-thread-safety/ |
| A D | psa-thread-safety.md | 53 … management functions](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html):
92 1. The key identifier does not exist. This is a functional requirement for persistent keys: any thr…
93 2. The resources from the key have been freed. This allows threads to create similar keys immediate…
188 …he key store while holding `mbedtls_threading_key_slot_mutex`, the set of keys within the key stor…
211 ##### Re-loading persistent keys
217 ##### Using existing keys
277 * Have increased testing for kicking persistent keys out of slots.
285 …is entirely sequential, this is required for persistent keys to stop issues with re-loading keys w…
302 …tion specification](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html#key…
308 1. The key identifier does not exist. This is a functional requirement for persistent keys: any thr…
[all …]
|
| /mbedtls/docs/proposed/ |
| A D | psa-driver-interface.md | 35 …celerators that operate on keys in cleartext; cryptoprocessors that can wrap keys with a built-in …
801 …ration functions are supposed to receive valid keys, and should not have to check and report inval…
815 * For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: wh…
816 * For elliptic curve public keys (`PSA_KEY_TYPE_ECC_PUBLIC_KEY`), check the size and range, and tha…
892 …volved when exporting, copying or destroying keys, or when importing, generating or deriving symme…
1050 …or [built-in keys](#built-in-keys). This allows drivers to efficiently represent application keys …
1106 …lled by functions that access a key to retrieve information about a [built-in key](#built-in-keys).
1166 TODO: some of the above doesn't apply to volatile keys
1237 #### Built-in keys
1239 Opaque drivers may declare built-in keys. Built-in keys can be accessed, but not created, through t…
[all …]
|
| A D | psa-driver-developer-guide.md | 21 * **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext…
22 * **Opaque** drivers implement cryptographic operations on keys that can only be used inside a prot…
|
| /mbedtls/include/mbedtls/ |
| A D | ssl_ticket.h | 72 mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */
|
| /mbedtls/ |
| A D | Makefile | 134 CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated…
135 CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit …
|