Home
last modified time | relevance | path

Searched refs:keys (Results 1 – 25 of 65) sorted by relevance

123

/mbedtls-latest/tests/scripts/
Dgenerate_tls13_compat_tests.py111 self._cert_sig_algs = list(CERTIFICATES.keys())
583 parser.add_argument('server', choices=SERVER_CLASSES.keys(), nargs='?',
584 default=list(SERVER_CLASSES.keys())[0],
586 parser.add_argument('client', choices=CLIENT_CLASSES.keys(), nargs='?',
587 default=list(CLIENT_CLASSES.keys())[0],
589 parser.add_argument('cipher', choices=CIPHER_SUITE_IANA_VALUE.keys(), nargs='?',
590 default=list(CIPHER_SUITE_IANA_VALUE.keys())[0],
592 parser.add_argument('sig_alg', choices=SIG_ALG_IANA_VALUE.keys(), nargs='?',
593 default=list(SIG_ALG_IANA_VALUE.keys())[0],
595 parser.add_argument('named_group', choices=NAMED_GROUP_IANA_VALUE.keys(), nargs='?',
[all …]
Dpsa_collect_statuses.py64 for function in sorted(self.functions.keys()):
66 names = [self.status_names[value] for value in fdata.keys()]
Ddepends.py389 self.all_config_symbols = set(conf.settings.keys())
544 options.tasks = sorted(domain_data.domains.keys())
547 for domain_name in sorted(getattr(domain_data, arg).keys()):
/mbedtls-latest/library/
Dssl_ticket.c69 mbedtls_ssl_ticket_key *key = ctx->keys + index; in ssl_ticket_gen_key()
123 mbedtls_ssl_ticket_key * const key = ctx->keys + ctx->active; in ssl_ticket_update_keys()
140 if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) { in ssl_ticket_update_keys()
160 mbedtls_ssl_ticket_key * const key = ctx->keys + idx; in mbedtls_ssl_ticket_rotate()
260 ctx->keys[0].alg = alg; in mbedtls_ssl_ticket_setup()
261 ctx->keys[0].key_type = key_type; in mbedtls_ssl_ticket_setup()
262 ctx->keys[0].key_bits = key_bits; in mbedtls_ssl_ticket_setup()
264 ctx->keys[1].alg = alg; in mbedtls_ssl_ticket_setup()
265 ctx->keys[1].key_type = key_type; in mbedtls_ssl_ticket_setup()
266 ctx->keys[1].key_bits = key_bits; in mbedtls_ssl_ticket_setup()
[all …]
Daesce.c159 block = vaeseq_u8(block, vld1q_u8(keys)); \
161 keys += 16
167 unsigned char *keys, in aesce_encrypt_block() argument
189 block = vaeseq_u8(block, vld1q_u8(keys)); in aesce_encrypt_block()
190 keys += 16; in aesce_encrypt_block()
195 block = veorq_u8(block, vld1q_u8(keys)); in aesce_encrypt_block()
222 block = vaesdq_u8(block, vld1q_u8(keys)); \
224 keys += 16
230 unsigned char *keys, in aesce_decrypt_block() argument
252 block = vaesdq_u8(block, vld1q_u8(keys)); in aesce_decrypt_block()
[all …]
Dpsa_crypto_cipher.c314 uint8_t keys[24]; in psa_cipher_setup() local
315 memcpy(keys, key_buffer, 16); in psa_cipher_setup()
316 memcpy(keys + 16, key_buffer, 8); in psa_cipher_setup()
318 keys, in psa_cipher_setup()
Dssl_tls13_keys.c269 mbedtls_ssl_key_set *keys) in mbedtls_ssl_tls13_make_traffic_keys() argument
275 keys->client_write_key, key_len, in mbedtls_ssl_tls13_make_traffic_keys()
276 keys->client_write_iv, iv_len); in mbedtls_ssl_tls13_make_traffic_keys()
283 keys->server_write_key, key_len, in mbedtls_ssl_tls13_make_traffic_keys()
284 keys->server_write_iv, iv_len); in mbedtls_ssl_tls13_make_traffic_keys()
289 keys->key_len = key_len; in mbedtls_ssl_tls13_make_traffic_keys()
290 keys->iv_len = iv_len; in mbedtls_ssl_tls13_make_traffic_keys()
/mbedtls-latest/tests/suites/
Dtest_suite_psa_crypto_slot_management.function17 /**< Terminate and reinitialize without closing/destroying keys */
50 /* Closing the key invalidate only volatile keys, not persistent ones. */
59 /* Purging the key just purges RAM data of persistent keys. */
83 /* All keys must have been closed. */
87 /* Some keys may remain behind, and we're testing that this
825 mbedtls_svc_key_id_t *keys = NULL;
833 TEST_CALLOC(keys, max_keys);
844 &keys[i]);
846 TEST_ASSERT(!mbedtls_svc_key_id_is_null(keys[i]));
848 TEST_ASSERT(!mbedtls_svc_key_id_equal(keys[i], keys[j]));
[all …]
Dtest_suite_pkparse.function54 /* There is a historical limitation with support for RSA keys in PSA:
57 * For now, for such keys, treat not-supported from PSA as a success.
85 /* Whether a pk key can do ECDSA. Opaque keys are not supported since this
86 * test suite does not create opaque keys. */
90 * keys on Montgomery curves, which can only do ECDH, so we'll have
254 /* PSA keys are already checked on import so nothing to do here. */
316 /* Montgomery keys have specific bits set to either 0 or 1 depending on
Dtest_suite_aes.xts.data36 # 128-bit keys with 32 byte sector
48 # 128-bit keys with 512 byte sector
69 # 256-bit keys with 512 byte sector
92 # 128-bit keys with sector size not evenly divisible by 16 bytes
Dtest_suite_pk.function246 * Predefined keys used for the setup are taken from "test/src/test_keys.h"
252 * \param curve_or_keybits - For RSA keys, the key size in bits.
253 * - For EC keys, the curve (\c MBEDTLS_ECP_DP_xxx).
273 TEST_FAIL("RSA keys not supported.");
297 TEST_FAIL("EC keys not supported.");
311 * - For RSA and EC keys predefined key data is used (as in the pk_setup() above).
319 * \param persistent_key_id PSA key ID for persistent keys. Set to PSA_KEY_ID_NULL
320 * for volatile keys.
344 /* For EC and RSA keys we use predefined keys in order to:
347 * For other keys (ex: DH) psa_generate_key() is used instead. */
[all …]
/mbedtls-latest/programs/ssl/
Dssl_test_common_source.c23 eap_tls_keys *keys = (eap_tls_keys *) p_expkey; in eap_tls_key_derivation() local
29 if (secret_len != sizeof(keys->master_secret)) { in eap_tls_key_derivation()
33 memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); in eap_tls_key_derivation()
34 memcpy(keys->randbytes, client_random, 32); in eap_tls_key_derivation()
35 memcpy(keys->randbytes + 32, server_random, 32); in eap_tls_key_derivation()
36 keys->tls_prf_type = tls_prf_type; in eap_tls_key_derivation()
117 dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; in dtls_srtp_key_derivation() local
123 if (secret_len != sizeof(keys->master_secret)) { in dtls_srtp_key_derivation()
127 memcpy(keys->master_secret, secret, sizeof(keys->master_secret)); in dtls_srtp_key_derivation()
128 memcpy(keys->randbytes, client_random, 32); in dtls_srtp_key_derivation()
[all …]
/mbedtls-latest/docs/architecture/
Dpsa-keystore-design.md10 The storage of persistent keys is out of scope of this document. See the [Mbed Crypto storage speci…
32 …bsystem with `mbedtls_psa_crypto_free()` destroys all volatile keys and purges all persistent keys.
79 The static key store could become a runtime decision, where only keys larger than some threshold re…
96 …Y_SLOT_COUNT`. This value is an upper bound for the total number of volatile keys plus loaded keys.
114 The dynamic key store allows a large number of keys, at the expense of more complex memory manageme…
120 …)$ amortized performance, and mostly $O(1)$ performance for actions involving keys. More precisely:
124 …ich is a hard-coded value less than $30$), but when creating $k$ volatile keys, at most $\log(k)$ …
125 …e calls to `free()` which may total $O(k)$ memory where $k$ is the maximum number of volatile keys.
131 Volatile keys and loaded keys (persistent or built-in) are stored in separate slices.
132 Key slices number 0 to `KEY_SLOT_VOLATILE_SLICE_COUNT - 1` contain only volatile keys.
[all …]
Dpsa-storage-resilience.md34 For a transparent key, all key management operations (creation or destruction) on persistent keys r…
38 * [Key management for stateful secure element keys](#designing-key-management-for-secure-element-ke…
40 …n the library design, and we do not need to perform any testing of resilience for transparent keys.
44 ## Designing key management for secure element keys
46 …in a stateful secure element, i.e. a secure element that stores keys. This excludes keys in a stat…
54 ### Dual management of keys: the problem argument
121 … cannot be used for this purpose because there is no way to enumerate all keys (and even if there …
133 …ions will explore the format of the transaction list, as well as how many keys it needs to contain.
154 From the analysis above, assuming that all keys are treated in the same way, there are 4 possible s…
211 Recovery means removing all traces of all keys on the transaction list. This means following the de…
[all …]
Dalternative-implementations.md28 …phic operations with transparent keys (keys available in cleartext), for cryptographic operations …
Dmbed-crypto-storage-specification.md28 * [Persistent transparent keys](#key-file-format-for-0.1.0) designated by a [slot number](#key-name…
83 …ed to the file name (so it must end with a directory separator to put the keys in a different dire…
105 * [Persistent transparent keys](#key-file-format-for-1.0.0) designated by a [key identifier and own…
160 * Delete files 1 through 0xfffeffff, which contain keys in a format that is no longer supported.
185 …ed to the file name (so it must end with a directory separator to put the keys in a different dire…
226 * Key files can store references to keys in a secure element. In such key files, the key material c…
347 Backward compatibility commitments: we promise backward compatibility for stored keys when Mbed TLS…
357 * [Persistent keys](#key-file-format-for-mbed-tls-2.25.0) designated by a [key identifier and owner…
392 …ed to the file name (so it must end with a directory separator to put the keys in a different dire…
Dpsa-crypto-implementation-structure.md64 4. Call psa_finish_key_creation() that mostly saves persistent keys into persistent storage.
130 * For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed…
135 … example, you can't do GCM without a block cipher, or RSA-PSS without RSA keys. When mechanism A r…
141 …whether the mechanism is implemented in software or in a driver and looks up keys in the key store.
171 * Tests with invalid keys (e.g. wrong size or format).
/mbedtls-latest/docs/architecture/testing/
Dpsa-storage-format-testing.md31 Use a similar approach for files other than keys where possible and relevant.
39 If the way certain keys are stored changes, and we don't deliberately decide to stop supporting old…
45 …rage) (files containing one key's metadata and, except for some secure element keys, key material).
56 This section describes the desired test cases for keys created with the current storage format vers…
70 ### Enumeration of test cases for keys
72 Objective: ensure that the coverage is sufficient to have assurance that all keys are stored correc…
85 … knowledge of what attributes (sizes, algorithms, …) and content to use for keys of a certain type.
94 …persistence levels. We may also want to have negative tests ensuring that keys with a not-supporte…
103 * HMAC keys longer than the block size: pre-hashed or not?
104 * DES keys: was parity enforced?
[all …]
/mbedtls-latest/scripts/
Dgenerate_psa_constants.py265 return ''.join([make(k, d[k]) for k in sorted(d.keys())])
270 return ''.join([make(k, d[k]) for k in sorted(d.keys())])
293 return ''.join([make(k, d[k]) for k in sorted(d.keys())])
Dabi_check.py481 missing = frozenset(old_tests.keys()).difference(new_tests.keys())
516 shared_modules = list(set(self.old_version.modules.keys()) &
517 set(self.new_version.modules.keys()))
/mbedtls-latest/docs/architecture/psa-migration/
Dpsa-legacy-bridges.md41 …API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys.
54 * Key management: parsing, generating, deriving and formatting cryptographic keys.
55 * Data manipulation other than keys. In practice, most data formats within the scope of the legacy …
63 * Manipulating data formats, other than keys, where the PSA API is lacking.
75 …do not provide the same functionality. A typical example is parsing and formatting asymmetric keys.
78 …e-mixing-happens)”, we focus the gap analysis on two topics: metadata and keys. This chapter explo…
92 Hashes do not involve keys, and involves no nontrivial data format. Therefore the only gap is with …
118keys can also be further classified according to their curve. The legacy API also supports DHM (Di…
125 ECC keys are also involved in EC-JPAKE, but this happens internally: the EC-JPAKE interface only ne…
127 Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (…
[all …]
/mbedtls-latest/docs/
Duse-psa-crypto.md7 - enables new APIs for using keys handled by PSA Crypto, such as
70 ### PSA-held (opaque) keys in the PK layer
91 ### PSA-held (opaque) keys for TLS pre-shared keys (PSK)
104 ### PSA-held (opaque) keys for TLS 1.2 EC J-PAKE key exchange
/mbedtls-latest/docs/architecture/psa-thread-safety/
Dpsa-thread-safety.md5 …key management API](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html) an…
53 … management functions](https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html):
92 1. The key identifier does not exist. This is a functional requirement for persistent keys: any thr…
93 2. The resources from the key have been freed. This allows threads to create similar keys immediate…
119 …here is no overlap between their calls. All threads share the same set of keys, as soon as one thr…
188 …he key store while holding `mbedtls_threading_key_slot_mutex`, the set of keys within the key stor…
194 The union of this set and the set of persistent keys not currently loaded into slots is our abstrac…
206 …`PSA_SLOT_FILLING`. If not found, it will see if there are any persistent keys loaded which do not…
211 ##### Re-loading persistent keys
213 As described above, persistent keys can be kicked out of the key slot array provided they are not c…
[all …]
/mbedtls-latest/docs/proposed/
Dpsa-driver-interface.md14 …regardless of how the operations are performed. Under the hood, different keys may be stored and u…
24 * **Transparent** drivers implement cryptographic operations on keys that are provided in cleartext…
25 * **Opaque** drivers implement cryptographic operations on keys that can only be used inside a prot…
35 …celerators that operate on keys in cleartext; cryptoprocessors that can wrap keys with a built-in
82 …, mandatory for opaque drivers): information about the [representation of keys](#key-format-for-op…
775 Additionally, opaque drivers can create keys through their [`"key_derivation_output_key"`](#key-der…
801 …ration functions are supposed to receive valid keys, and should not have to check and report inval…
805keys A and B (or more), then the creation of A must ensure that using it does not risk compromisin…
815 * For elliptic curve private keys (`PSA_KEY_TYPE_ECC_KEY_PAIR`), check the size and range. TODO: wh…
816 * For elliptic curve public keys (`PSA_KEY_TYPE_ECC_PUBLIC_KEY`), check the size and range, and tha…
[all …]
/mbedtls-latest/
DMakefile120 CTR_DRBG_128_BIT_KEY_WARN_L2=**** Using 128-bit keys for CTR_DRBG limits the security of generated…
121 CTR_DRBG_128_BIT_KEY_WARN_L3=**** keys and operations that use random values generated to 128-bit …

123