yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20540 commits 89 branches 205 tags 114 MiB
Commit graph

9057 commits

Author SHA1 Message Date
Neil Armstrong eccf88fa48 Only accept RSA key pair in mbedtls_pk_setup_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-08 15:11:50 +02:00
Hanno Becker 5e18f74abb Make alert sending function re-entrant 
Fixes #1916

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:16:43 +01:00
Andrzej Kurek 5735369f4a Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C 
The timing module might include time.h on its own when on 
a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. 


Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 04:41:42 -04:00
Glenn Strauss 236e17ec26 Introduce mbedtls_ssl_hs_cb_t typedef 
Inline func for mbedtls_ssl_conf_cert_cb()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-07 14:18:30 -04:00
Przemek Stekiel e3ee221893 Free other secret in tls12_prf context 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-07 15:41:56 +02:00
Przemek Stekiel 23650286ac Add psa_tls12_prf_set_other_key() function to store other secret input 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-07 15:41:46 +02:00
Neil Armstrong c1152e4a0f Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong 7e1b4a45fa Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong 295aeb17e6 Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong b980c9b48c Add support for RSA in pk_opaque_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong ca5b55f0d1 Add support for RSA in mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 15:01:24 +02:00
Neil Armstrong eabbf9d907 Add support for RSA PK Opaque key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-07 14:51:47 +02:00
Andrzej Kurek 714b6603e4 Remove dummy timing implementation 
Having such implementation might cause issues for those that
expect to have a working implementation.
Having a compile-time error is better in such case.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard 1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh 
TLS ECDH 3b: server-side static ECDH (1.2)
 2022-04-07 11:46:25 +02:00
Hanno Becker e141702551 Adjust mpi_montmul() to new signature of mpi_mul_hlp() 
A previous commit has changed the signature of mpi_mul_hlp, making the length
of the output explicit. This commit adjusts mpi_montmul() accordingly.

It also fixes a comment on the required size of the temporary value
passed to mpi_montmul() (but does not change the call-sites).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker 74a11a31cb Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() 
A previous commit has changed the signature of mpi_mul_hlp(), making
the length of the output explicit.

This commit adjusts mbedtls_mpi_mul_int() to this change.

Along the way, we make the code simpler and more secure by not calculating
the minimal limb-size of A. A previous comment indicated that this was
functionally necessary because of the implementation of mpi_mul_hlp() --
if it ever was, it isn't anymore.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker fee261a505 Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp() 
The previous commit has changed the signature of mpi_mul_hlp(),
making the length of the output explicit.

This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to
this new signature.

A notable change to the multiplication strategy had to be made:
mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook
multiplication, which however was so far computed iterating
rows from top to bottom. This leads to the undesirable consequence
that as lower rows are calculated and added to the temporary
result, carry chains can grow. It is simpler and faster to
iterate from bottom to top instead, as it is guaranteed that
there will be no carry when adding the next row to the previous
temporary result: The length of the output in each iteration
can be fixed to len(B)+1.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:34 +01:00
Hanno Becker defe56928e Make length of output explicit in mpi_mul_hlp() 
The helper `mpi_mul_hlp()` performs a multiply-accumulate
operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar.

Previously, only the length of `s` was specified, while `d` was
assumed to be 0-terminated of unspecified length.

This was leveraged at the end of the core multiplication steps
computingg the first `limb(s)` limbs of `d + s*b`: Namely, the
routine would keep on adding the current carry to `d` until none
was left. This can, in theory, run for an arbitrarily long time
if `d` has a tail of `0xFF`s, and hence the assumption of
`0`-termination.

This solution is both fragile and insecure -- the latter because
the carry-loop depends on the result of the multiplication.

This commit changes the signature of `mpi_mul_hlp()` to receive
the length of the output buffer, which must be greater or equal
to the length of the input buffer.

It is _not_ assumed that the output buffer is strictly larger
than the input buffer -- instead, the routine will simply return
any carry that's left. This will be useful in some applications
of this function. It is the responsibility of the caller to either
size the output appropriately so that no carry will be left, or
to handle the carry.

NOTE: The commit leaves the library in a state where it cannot
      be compiled since the call-sites of mpi_mul_hlp() have
      not yet been adjusted. This will be done in the subsequent
      commits.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:59:29 +01:00
Hanno Becker e7f14a3090 Remove unused variable in mpi_mul_hlp() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2022-04-06 06:11:26 +01:00
Gilles Peskine a9b6c8074a Fix psa_mac_verify() returning BUFFER_TOO_SMALL 
It doesn't make sense for psa_mac_verify() to return
PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this
was happening when requesting the verification of an unsupported algorithm
whose output size is larger than the maximum supported MAC size, e.g.
HMAC-SHA-512 when building with only SHA-256 support. Arrange to return
PSA_ERROR_NOT_SUPPORTED instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine 695c4cb7ea If a cipher algorithm is not supported, fail during setup 
In some cases, a cipher operation for an unsupported algorithm could succeed
in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually
fed. This is not a major bug, but it has several minor downsides: fail-late
is harder to diagnose for users than fail-early; some code size can be
gained; tests that expect failure for not-supported parameters would have to
be accommodated to also accept success.

This commit at least partially addresses the issue. The only completeness
goal in this commit is to pass our full CI, which discovered that disabling
only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping
the relevant key type) allowed cipher setup to succeed, which caused
failures in test_suite_psa_crypto_op_fail.generated in
component_test_psa_crypto_config_accel_xxx.

Changes in this commit:
* mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher
  algorithms. (No change related to key types.)
* Some code that is only relevant for ECB is no longer built if
  PSA_WANT_ALG_ECB_NO_PADDING is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:03:39 +02:00
Gilles Peskine 0c3a071300 Make psa_key_derivation_setup return early if the key agreement is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 15:00:01 +02:00
Gilles Peskine 0cc417d34b Make psa_key_derivation_setup return early if the hash is not supported 
Otherwise the systematically generated algorithm-not-supported tests
complain when they try to start an operation and succeed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:58:39 +02:00
Gilles Peskine 9efde4f2ec Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 14:57:20 +02:00
Przemek Stekiel 8583627ece psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-05 10:50:53 +02:00
Neil Armstrong 1039ba5c98 Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong ede381c808 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:33:01 +02:00
Neil Armstrong 3cae167e6a Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong e18ff952a7 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong b7ca76b652 Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong fdf20cb513 Fix command indentation in ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong 2d63da9269 Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong d6e2759afb Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong fb0a81ece9 Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong 5a1455d8d5 Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong 3bcef08335 Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong 549a3e4737 Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong fc834f2e2c Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:53 +02:00
Neil Armstrong 0bdb68a242 Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong d8420cad31 Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong c530aa6b4e Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:52 +02:00
Neil Armstrong b9f319aec1 Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:51 +02:00
Neil Armstrong 2540045542 Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong bc5e8f9dd0 Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong 039db29c7d Implement PSA server-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:07 +02:00
Neil Armstrong 868af821c9 Implement PSA client-side ECDHE-PSK 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-05 10:29:06 +02:00
Przemek Stekiel a9f9335ee9 ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check 
This check can be removed as if the buffer is too small for the key, then export will fail.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-04 17:32:30 +02:00
Neil Armstrong e88d190f2e Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:27:57 +02:00
Neil Armstrong f716a700a1 Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard de68e39ddf
Merge pull request #5568 from superna9999/5159-pk-rsa-verification 
PK: RSA verification
 2022-04-04 11:23:33 +02:00
Ronald Cron 0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard 33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors 
Accessors to own CID within mbedtls_ssl_context
 2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard 6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations 
HKDF 2: use internal implementations in TLS 1.3
 2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard 451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo 
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
 2022-04-01 10:04:56 +02:00
Paul Elliott 0113cf1022 Add accessor for own cid to ssl context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-31 19:21:41 +01:00
Ronald Cron 11218dda96 ssl_client.c: Fix unused parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron bdb4f58cea Add and update documentation of some minor version fields 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:24:59 +02:00
Ronald Cron 82c785fac3 Make handshake::min_minor_ver client only 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 15:44:41 +02:00
Neil Armstrong 91477a7964 Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong 1335222f13 Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong f788253ed3 Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong 80325d00cf Allow ECDSA PK Opaque keys for ECDH Derivation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong 104a7c1d29 Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong 8113d25d1e Add ecdh_psa_shared_key flag to protect PSA privkey if imported 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Neil Armstrong 5cd5f76d67 Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong 4f33fbc7e9 Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong 306d6074b3 Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong 062de7dd79 Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Neil Armstrong 1f4b39621b Implement PSA server-side ECDH-RSA/ECDSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:23:12 +02:00
Ronald Cron 6476726ce4 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 14:13:57 +02:00
Ronald Cron a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 
TLS 1.2/1.3 version negotiation - 1
 2022-03-31 11:47:16 +02:00
Ronald Cron ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation 
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron 8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron 757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function 
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version 
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:35:33 +02:00
Ronald Cron 9847338429 ssl_tls13_client.c: Add check in supported_versions parsing 
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:33:41 +02:00
Ronald Cron 1fa4f6863b ssl_tls.c: Return in error if default config fails 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:27:35 +02:00
Ronald Cron 37bdaab64f tls: Simplify the logic of the config version check and test it 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 09:26:58 +02:00
Ronald Cron 3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 21:59:44 +02:00
Ronald Cron 150d579d7a ssl_client.c: Improve coding style 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 21:58:50 +02:00
Neil Armstrong e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:41:12 +02:00
Neil Armstrong 253e9e7e6d Use mbedtls_rsa_info directly in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong ea54dbe7c2 Fix comment typo in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong 19e6bc4c9f Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong 8a44bb47ac Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong 82cf804e34 Fix 80 characters indentation in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong 6baea78072 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong a33280af6c Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong 059a80c212 Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Neil Armstrong 52f41f8228 PK: RSA verification PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-30 16:39:07 +02:00
Ronald Cron da41b38c42 Improve and fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard 3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over 
Add mbedtls_ssl_is_handshake_over()
 2022-03-30 12:16:40 +02:00
Gabor Mezei e42d8bf83b
Add macro guard for header file 
Some of the macros are used by the test data files and must be moved
before the macros guard.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard abed05f335
Merge pull request #5652 from arturallmann/issue-commit 
Fix comment typo in threading.c
 2022-03-30 10:01:24 +02:00
Ronald Cron 8ecd9937a9 ssl_client.c: Fix state change for DTLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations 
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron e71639d39b Simplify TLS major version default value setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron dbe87f08ec Propose TLS 1.3 and TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 9f0fba374c Add logic to switch to TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 5f4e91253f ssl_client.c: Add DTLS ClientHello message sending specifics 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 11e1857f5e ssl_client.c: Fix key share code guards 
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron df823bf39b ssl_client.c: Re-order partially extension writing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:57:54 +02:00
Ronald Cron 42c1cbf1de ssl_client.c: Adapt compression methods comment to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:56:58 +02:00
Paul Elliott 571f1187b6
Merge pull request #5642 from mprse/ecp_export 
Add ECP keypair export function
 2022-03-29 17:19:04 +01:00
Artur Allmann 3f396152b7 Fix typo "phtreads" to "pthreads" 
Closes issue #5349

Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>
 2022-03-29 17:43:56 +02:00
Ronald Cron d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron a874aa818a ssl_client.c: Add DTLS 1.2 cookie support 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron 021b1785ef ssl_client.c: Adapt session id generation to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron 58b803818d ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:50 +02:00
Gabor Mezei cb5ef6a532
Remove duplicated includes 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:10:01 +02:00
Gabor Mezei 55c49a3335
Use proper macro guard 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:09:15 +02:00
Gabor Mezei 29e7ca89d5
Fix typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:49 +02:00
Gabor Mezei c09437526c
Remove commented out code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-29 17:08:15 +02:00
Ronald Cron 1614eb668c ssl_client.c: Adapt TLS version writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron 86a477f5ee ssl_client.c: Adapt initial version selection to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron 5456a7f89c ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron 71c2332860 ssl_client.c: Rename TLS 1.3 ClientHello writing functions 
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron 3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Dave Rodgman 1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
 2022-03-29 15:34:12 +01:00
Ronald Cron 8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 7ffe7ebe38 ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards 
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 04fbd2b2ff ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 12dcdf0d6e ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 4e263fd49c ssl_tls12_client.c: Simplify TLS version in encrypted PMS 
This can only be TLS 1.2 now in this structure and when
adding support for TLS 1.2 or 1.3 version negotiation
the highest configured version can be TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 90f012037d ssl_tls12_server.c: Simplify TLS version check in ClientHello 
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 086ee0be0e ssl_tls.c: Reject TLS 1.3 version configuration for server 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 8457c12127 ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron b894ac7f99 ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 90915f2a21 ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version 
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron a25cf58681 ssl_tls.c: Remove one unnecessary minor version check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron c2f13a0568 ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() 
Modify mbedtls_ssl_set_calc_verify_md() taking into
account that it is an TLS 1.2 only function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 4dcbca952e ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section 
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 81591aa0f3 ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param 
ssl_set_handshake_prfs() is TLS 1.2 specific and only called
from TLS 1.2 only code thus no need to pass the TLS minor
version of the currebt session.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron f12b81d387 ssl_tls.c: Fix PSA ECDH private key destruction 
In TLS 1.3, a PSA ECDH private key may be created
even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We
must destroy this key if still referenced by an
handshake context when we free such context.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 5b98ac9c64 TLS 1.3: Move PSA ECDH private key destroy to dedicated function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 8540cf66ac ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 
In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.

In TLS 1.3 those could be useful for certificate
signature verification.

In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 60ff79424e ssl_tls13_client.c: alpn: Miscellanous minor improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron 13d8ea1dd9 ssl_tls13_client.c: alpn: Loop only once over protocol names 
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron a0855a6d13 ssl_tls13_client.c: alpn: Add missing return value assignment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron de1adee51a Rename ssl_cli/srv.c 
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron 63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard 39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing 
Restore full TLS compatibility testing
 2022-03-28 18:31:17 +02:00
Ronald Cron e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello 
Add 2nd client hello
 2022-03-28 12:18:41 +02:00
Przemek Stekiel ab5274bb19 Remove parameters validation using ECP_VALIDATE_RET 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-28 07:23:08 +02:00
Gabor Mezei ed6d6589b3
Use hash algoritm for parameter instead of HMAC 
To be compatible with the other functions `mbedtls_psa_hkdf_extract` and
`mbedtls_psa_hkdf_expand` use hash algorithm for parameter.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:28:06 +01:00
Gabor Mezei 07732f7015
Translate from mbedtls_md_type_t to psa_algorithm_t 
Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 17:04:19 +01:00
Gabor Mezei 5d9a1fe9e9
PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 
With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support
is always enabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-26 15:47:15 +01:00
Ronald Cron fb39f15fa1 ssl_tls.c: Use ETM status only in CBC mode case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-25 16:50:18 +01:00
Ronald Cron 862902dd57 ssl_srv.c: Mark ETM as disabled if cipher is not CBC 
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.

The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor 
Accessor for mbedtls_timing_delay_context final delay
 2022-03-25 09:14:41 +01:00
XiaokangQian 20438976f9 Change comments and styles base on review 
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 08:09:29 +00:00
XiaokangQian c02768a399 Replace ssl->handshake with handshake in write_cookie_ext() 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 9b93c0dd8d Change cookie parameters for dtls and tls 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 25c9c9023c Refine cookie len to fix compile issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 9deb90f74e Change parameter names and code style 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 5e3c947841 Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 233397ef88 Update code base on comments 
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 0b64eedba8 Add cookies write in client hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
Ronald Cron 90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify 
TLS1.3: Fix incorrect check for certificate verify
 2022-03-25 08:35:41 +01:00
Jerry Yu 6c6f10265d fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-25 11:09:50 +08:00
Paul Elliott 27b0d94e25 Use mbedtls_ssl_is_handshake_over() 
Switch over to using the new function both internally and in tests.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-24 14:43:52 +00:00
Jerry Yu bd1b3278b1 Remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-24 13:07:28 +08:00
Tom Cosgrove b7f5b97650 Minor changes to sha256.c to bring it in line with sha512.c 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-23 21:40:56 +00:00
Tom Cosgrove 87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-23 21:40:53 +00:00
Jerry Yu e26acee896 Refactor guards for sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 21:01:33 +08:00
Jerry Yu f8aa9a44aa fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard 5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies 
MD: HMAC in DTLS cookies
 2022-03-23 13:05:24 +01:00
Jerry Yu 8c3388620d create sig_alg decode function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 13:34:04 +08:00
Jerry Yu 0c23fc39c3 fix various guards issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:20:01 +08:00
Jerry Yu 7533982f68 guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:06:31 +08:00
Jerry Yu e010de4be3 Rename ctx to rsa_ctx 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 11:45:55 +08:00
Jerry Yu fb0621d841 fix pk_sign_ext issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 11:42:06 +08:00
Jerry Yu cef3f33012 Guard rsa sig algs with rsa_c and pkcs1_v{15,21} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 23:16:42 +08:00
Jerry Yu e91a51a539 Refactor get_sig_alg_from pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 21:42:50 +08:00
Jerry Yu bf455e7516 rename pk_psa_rsa_sign_ext param 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 21:39:41 +08:00
Jerry Yu 3616533d26 tls13:remove ec check from validate certification 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 19:46:05 +08:00
Neil Armstrong 488a40eecb Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-22 10:41:38 +01:00
Jerry Yu dddf5a0e18 Refactor get_sig_alg_from_pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:47:19 +08:00
Jerry Yu 89107d1bc2 fix ci fail without RSA_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu 406cf27cb5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu 848ecce990 fix wrong typo in function name 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:52 +08:00
Jerry Yu 07869e804c fix psa crypto test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu b02ee18e64 replace use_psa_crypto with psa_crypto_c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu b6875bc17a change rsa_pss salt type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu 704cfd2a86 fix comments and style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu 718a9b4a3f fix doxgen fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 1d172a3483 Add pk_psa_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 67eced0132 replace pk_sign with pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu d69439aa61 add mbedtls_pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu bfcfe74b4e add signature algorithm debug helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Jerry Yu 919130c035 Add rsa_pss_rsae_sha256 support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Gabor Mezei 1e64f7a643
Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:54 +01:00
Gabor Mezei 1bf075fffd
Use SSL error codes 
The `psa_ssl_status_to_mbedtls` function is not only used for
cipher operations so transalte to TLS error codes.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Gabor Mezei adfeadc6e5
Extend PSA error translation 
Add new error codes to the PSA to mbedtls error translation.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Gabor Mezei 58db65354b
Use the PSA-based HKDF functions 
Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand`
functions in the HKDF handling.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-21 17:00:53 +01:00
Paul Elliott b9af2db4cf Add accessor for timing final delay 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-21 15:26:19 +00:00
Neil Armstrong 79daea25db Handle and return translated PSA errors in ssl_cookie.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-21 12:05:51 +01:00
Neil Armstrong 2d5e343c75 Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac 
TLS record HMAC
 2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard 706f6bae27
Merge pull request #5518 from superna9999/5274-ecdsa-signing 
PK: ECDSA signing
 2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard 472044f21e
Merge pull request #5525 from superna9999/5161-pk-rsa-encryption 
PK: RSA encryption
 2022-03-21 09:57:38 +01:00
Ronald Cron 8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development 
TLS 1.3: One flush output
 2022-03-21 08:44:04 +01:00
Neil Armstrong 62e6ea2c22 Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:39:49 +01:00
Neil Armstrong 17a0655c8d Add documentation to find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:27:38 +01:00
Neil Armstrong 05132ed490 md_alg is used in ecdsa_sign_wrap(), cleanup code 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:14:57 +01:00
Neil Armstrong cb753a6945 Use mbedtls_eckey_info directly in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 15:14:48 +01:00
Przemek Stekiel 711d0f5e29 Add implemetation of ECP keypair export function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard e5b53193e0
Merge pull request #5636 from mprse/tls_ecdh_2b 
TLS ECDH 2b: client-side static ECDH (1.2)
 2022-03-18 11:36:53 +01:00
Neil Armstrong 29c0c040fc Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() 
This requires moving the HMAC init after CIPHER init.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:10:09 +01:00
Neil Armstrong 9ebb9ff60c Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:58 +01:00
Neil Armstrong 72c2f76c43 Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:36 +01:00
Neil Armstrong 36cc13b340 Use PSA defines for buffers in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 11:09:20 +01:00
Neil Armstrong ae57cfd3e7 Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 10:00:10 +01:00
Neil Armstrong 28d9c631b8 Fix comments in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-18 10:00:10 +01:00
Ron Eldor 183264cb95 Fix shared library link error with cmake on Windows 
Set the library path as the current binary dir

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard 8d4bc5eeb9
Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac 
HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC
 2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard 15c0e39fff
Merge pull request #5519 from superna9999/5150-pk-rsa-decryption 
PK: RSA decryption
 2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard 7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection 
TLS Cipher 2a: tickets: use PSA for protection
 2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard 560ef5975c
Merge pull request #5613 from mprse/tls_ecdh_2a 
TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)
 2022-03-17 09:29:41 +01:00
Przemek Stekiel 068a6b4013 ssl_check_server_ecdh_params():Adapt build flags 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-17 07:54:09 +01:00
Neil Armstrong da1d80db19 Use mbedtls_rsa_info directly in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:32 +01:00
Neil Armstrong 7b1dc85919 Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:06 +01:00
Neil Armstrong 6b03a3de5c Use mbedtls_rsa_info directly in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:31:07 +01:00
Neil Armstrong 8e80504b46 Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:30:31 +01:00
Gabor Mezei 103e08aab9
Fix return value handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 13:45:41 +01:00
Przemek Stekiel 561a42392a ssl_parse_signature_algorithm(): refactor PSA CRYPTO code 
- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 13:16:24 +01:00
Gabor Mezei 5b8b890a61
Check PSA functions' return value before converting 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:56:58 +01:00
Gabor Mezei 36c9f51ef2
Use size_t instead of int to silence compiler warnings 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:55:32 +01:00
Gabor Mezei 4f4bac7e22
Remove blank lines 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:54:27 +01:00
Przemek Stekiel dd482bfd6a Modify own_pubkey_max_len calculation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:43:22 +01:00
Przemek Stekiel a4e15cc0d5 Fix comment: add fields size 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:32:42 +01:00
Przemek Stekiel 855938e17d Move mbedtls_ecdh_setup() to no-psa path 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:29:29 +01:00
Przemek Stekiel 338b61d6e4 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:24:09 +01:00
Przemek Stekiel d905d33488 ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:50:56 +01:00
Przemek Stekiel ea4000f897 ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:49:33 +01:00
Dave Rodgman 2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Przemek Stekiel ce1d792315 Remove duplicated code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 16:16:25 +01:00
Neil Armstrong 169e61add6 Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:26:49 +01:00
Neil Armstrong 3aca61fdfc Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:24:48 +01:00
Dave Rodgman 868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Przemek Stekiel fc91a1f030 Use PSA for private key generation and public key export only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 12:05:27 +01:00
Przemek Stekiel a21af3da00 Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() ) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 10:09:13 +01:00
Przemek Stekiel 0a60c129de Add intermediate variables to increase code readability 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:54:51 +01:00
Przemek Stekiel e9f00445bc Destroy ecdh_psa_privkey on failure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:42:32 +01:00
Przemek Stekiel 130c4b5567 Use PSA version of key agreement only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Gilles Peskine 81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing 
feat: MD: X.509 hashing
 2022-03-10 20:16:43 +01:00
Gilles Peskine afb482897b
Merge pull request #5292 from mprse/asym_encrypt 
Driver dispatch for PSA asymmetric encryption + RSA tests
 2022-03-10 20:07:38 +01:00
Gabor Mezei 49c8eb3a5a
Enable chachcapoly cipher for SSL tickets 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei 2a02051286
Use PSA in TLS ticket handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei e6d867f476
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 15:04:58 +01:00
Ronald Cron a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:17 +01:00
Ronald Cron 7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard 10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Przemek Stekiel fd32e9609b ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:59 +01:00
Przemek Stekiel b6ce0b6cd8 ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:50 +01:00
Ronald Cron 5bb8fc830a Call Certificate writing generic handler only if necessary 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 3f20b77517 Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 00d012f2be Fix type of force_flush parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 9f55f6316e Move state change from CSS states to their main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers 
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state 
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:50:08 +01:00
Paul Elliott 17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Przemek Stekiel c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-08 11:37:54 +01:00
Gilles Peskine 44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing 
PK: RSA signing
 2022-03-07 17:09:14 +01:00
Gilles Peskine 15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free 
Erase secrets in allocated memory before freeing said memory
 2022-03-07 17:04:04 +01:00
Neil Armstrong 6d5baf5f1e Use PSA MAC verify API in mbedtls_ssl_cookie_check() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong be52f500c8 Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong 7cd0270d6c Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong 2217d6f825 Generate cookie MAC key with psa_generate_key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
pespacek b9ca22dead Improving readability of x509_crt and x509write_crt for PR 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:59:44 +01:00
pespacek d924e55944 Improving readability of x509_crt and x509write_crt 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:31:54 +01:00
Przemek Stekiel 7fc0751f78 Restore build options for mbedtls_ecc_group_of_psa() and related functions 
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-06 20:43:46 +01:00
Neil Armstrong 77b69ab971 Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong 23d34ce372 Use PSA HMAC API in ssl_cookie_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong d633201279 Import PSA HMAC key in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:18 +01:00
Andrzej Kurek 09e803ce0d Provide a dummy implementation of timing.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek 108bf520e0 Add a missing guard for time.h in net_sockets.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Daniel Axtens f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Neil Armstrong bca99ee0ac Add PSA key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 10:20:20 +01:00
Neil Armstrong e87804920a Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:54:16 +01:00
Neil Armstrong b556a42656 Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong f47135756c Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong 0d46786034 Fix style issue in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong f1b564bb8d Check psa_destroy_key() return in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong 18f43c7304 PK: RSA decrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong e4edcf761d Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:46:41 +01:00
Neil Armstrong ff70f0bf77 Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong edcc73c992 Fix 80 characters indentation in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong dab14de96a Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong 15021659d1 Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong 5874aa38f7 Fix style issue in find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong cf5a215a43 Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong e960690b89 PK: ECDSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong db69c5213f Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:41:23 +01:00
Neil Armstrong 66fa769ae8 Fix 80 characters indentation in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong 4b1a059f7d Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong 48a9833cdf Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong e4f28688fd Fix comment typo in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong 9854568204 PK: RSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong 3770e2483f Use new PSA to mbedtls PK error mapping functions in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:37:33 +01:00
Neil Armstrong deb4bfb2b9 Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong 9dccd866c3 Check psa_destroy_key() return in ecdsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong 7dd3b20d36 Check psa_destroy_key() return in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong ac014ca5d9 Fix comment typos in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong 96a16a429b PK: RSA encrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Gilles Peskine 1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls 
Rename, move and refine PSA to mbedtls PK errors mappings
 2022-03-03 13:30:29 +01:00
Gilles Peskine d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Gilles Peskine e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes 
Move max sizes of RSA & EC DER keys into public header
 2022-03-02 16:41:53 +01:00
Neil Armstrong 6828d8fdc4 Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong 6958bd0206 Clean aux_out in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong 4313f55a13 Simplify error handling of PSA mac operationsg in ssl_msg.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:04 +01:00
Neil Armstrong 321116c755 Remove spurious debug in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:06:15 +01:00
Przemek Stekiel e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 08:45:56 +01:00
Paul Elliott 06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify 
TLS1.3: Add write client Certificate and CertificateVerify
 2022-03-01 18:42:00 +00:00
Przemek Stekiel 15565eeb59 Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:01:39 +01:00
Neil Armstrong 19915c2c00 Rename error translation functions and move them to library/pk_wrap.* 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 15:21:02 +01:00
Przemek Stekiel a81aed2dae Clean up init values of psa crypto status and fix switch default case 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 15:13:30 +01:00
Przemek Stekiel f110dc05be Clenup conditional compilation flags. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:48:05 +01:00
Przemek Stekiel dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:29:49 +01:00
Neil Armstrong 0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:05:33 +01:00
Neil Armstrong e9ecd27890 Rename max sizes of RSA & EC DER keys defines 
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:03:21 +01:00
Neil Armstrong e0326a6acc Move max sizes of RSA & EC DER keys into private pkwrite.h 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 09:58:58 +01:00
Glenn Strauss 6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss 36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss 2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Neil Armstrong e858996413 Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() 
Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:17:50 +01:00
Neil Armstrong 2968d306e4 Implement mbedtls_ct_hmac() using PSA hash API 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:50 +01:00
Neil Armstrong cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong 26e6d6764e Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong 0760ade761 Setup & Import HMAC keys in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Steven Cooreman cd5be32191 Erase secrets in allocated memory before freeing said memory 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2022-02-25 11:14:59 +01:00
Andrzej Kurek a0237f86d3 Add missing key destruction calls in ssl_write_client_key_exchange 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-25 04:36:40 -05:00
Tom Cosgrove 7e7aba8c9d Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support() 
The Mbed TLS coding standard specifies that "check" functions must return 0
for success (i.e. feature present), while "has" functions should return 1 for
true. Since we were using "check" to do the actual check, and "has" to get the
cached value, having inverted values here would be confusing.  Therefore,
rename "check" to "determine", as that's what those functions are doing.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-24 08:33:11 +00:00
Jerry Yu 71f36f1d2e change alert message type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 17:34:29 +08:00
Neil Armstrong 39b8e7dde4 Add, Initialize & Free HMAC keys in mbedtls_ssl_transform 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-23 09:24:57 +01:00
Jerry Yu 0b7b101b3b fix warnings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 12:26:48 +08:00
Jerry Yu 2ff6ba1df0 Remove rsa_pss_rsae_sha256 support. 
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 10:38:25 +08:00
Przemyslaw Stekiel 91ebfc0402 Adapt compilation flags for ECC key derivation 
Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 15:50:30 +01:00
Neil Armstrong 3f9cef4547 Remove actual and use new PSA to mbedtls PK errors mapping functions 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 15:44:39 +01:00
Neil Armstrong ea761963c5 Add specialized PSA to mbedtls PK/RSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong cd501f406e Add specialized PSA to mbedtls PK/ECDSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong a3fdfb4925 Introduce new PSA to mbedtls PK error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel 76960a7217 mbedtls_mpi_read_binary() document that function guarantees to return an MPI with exactly the necessary number of limbs and remove redundant call to mbedtls_mpi_grow() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel aeaa4f0651 Code optimization 
- fix codding style
- fix comments and descriptions
- add helper function for montgomery curve
- move N-2 calculation outside the loop
- fix access to <data> bytes: *data[x] -> (*data)[x]

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel 6d3d18b2dc psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code 
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel 924815982a Workaround for VS compiler build error 
The following error was reported by CI for win32/release builds:

37>Done Building Project "C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\gen_entropy.vcxproj.metaproj" (Rebuild target(s)).
67>c:\builds\workspace\mbed-tls-pr-head_pr-5139-head\worktrees\tmp_nn5muy8\library\psa_crypto.c(4840): fatal error C1001: An internal error has occurred in the compiler. [C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\key_ladder_demo.vcxproj]
         (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 228)
          To work around this problem, try simplifying or changing the program near the locations listed above.
         Please choose the Technical Support command on the Visual C++
          Help menu, or open the Technical Support help file for more information

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel e33ae7186e psa_crypto.c: adapt macros 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel dc215f4b97 Simplify calculations for clear mask 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel d80b6ed46d Use loop instead goto and fix misleading variable name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel dc8d7d9211 fix mbedtls/psa status code mismatch 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel 871a336028 Remove redundant psa_generate_derived_ecc_key_weierstrass_check_config() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel aaa1ada086 psa_generate_derived_ecc_key_weierstrass_check_config: Build only when ECC enabled 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel 50fcc535e5 Add Weierstrass curve/bits consistancy check + negative test vectors 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel 58ce8d8fb6 Add support for Montgomery curves 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel 705fb0f918 Only Weierstrass curves supported 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel c6e4c512af psa_crypto.c: fix warning on windows compiler 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel 1dfd1224dc psa_generate_derived_ecc_key_helper: compile only when ECC is supported 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel 653481632e psa_generate_derived_ecc_key_helper: fix bugs found during testing 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel d8cdcba970 Move derivation of ECC private key to helper function and refactor code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel 1608e33606 PSA: implement key derivation for ECC keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:26:46 +01:00
Jerry Yu 782720787f Refactor write_certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:28:13 +08:00
Jerry Yu 2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu c8d8d4e01a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 3391ac00d3 fix various issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 537530d57a Add certificate request echo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 3e536442f5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu a23b9d954c fix undefine error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 7399d0d806 refactor write certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 1bb5a1ffe3 Implement received sig_algs check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 32e0c2d526 fix server only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 90f152dfac fix psk only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 72637c734b fix write certificate fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 8511f125af Add certificteVerify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 5cc3506c9f Add write certificate and client handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 566c781290 Add dummy state for client_certifiate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Ronald Cron 4579a972bf
Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 
Add accessors to mbedtls_ssl_context: user data, version
ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.
 2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard e3a2dd787e
Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa 
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
 2022-02-21 16:58:57 +01:00
Gabor Mezei d860e0f18b
Add comment 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei 0e7c6f4961
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei 26c6741c58
Add better name for variable. 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei 320d21cecf
Update documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:39 +01:00
Gabor Mezei c5efb8e58b
Use PSA error code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:46:38 +01:00
Gabor Mezei 89c1a95f8f
Delete leftover code 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei b1f53976ee
Add documentation for mbedtls_psa_hkdf_extract 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:59 +01:00
Gabor Mezei 62bf024025
Make the mbedtls_psa_hkdf_extract function more PSA compatible 
Change the return value to `psa_status_t`.
Add `prk_size` and `prk_len` parameters.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:42:57 +01:00
Gabor Mezei 9f4bb319c9
Implement HKDF extract in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-21 15:23:29 +01:00
Gilles Peskine 66971f8ab1 Add prototype for automatically generated debug helper 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine e1a0c25f71 New function to access the TLS version from a context as an enum 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Tom Cosgrove b9987fc344 Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 12:26:11 +00:00
Paul Elliott 436b72690d
Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build 
TLS1.3:Enable tls13 only build
 2022-02-21 11:22:37 +00:00
Tom Cosgrove f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions 
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard 9b545c04f7
Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac 
HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC
 2022-02-21 09:30:31 +01:00
Jerry Yu f1b23caa4e move wrong comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 18621dfd23 remove extra empty line 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 50f2f703a7 remove extra guards 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 840fbb2817 guards populate_transform reference 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 4f9e3efbeb move session_save/load_tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu d9d91da7c7 move sig_hash_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu ee40f9d4b3 move get_key_exchange_md_tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 9bccc4c63f move populate_transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu e93ffcd2c7 move tls_prf_get_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 392112c058 move tls12prf_from_cs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 0b3d7c1ea1 move parse_finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 3c8e47bbbf move write_finished 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 2a9fff571d move wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu aef0015ba0 move wrapup_free_hs_transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu b7ba49ef74 move calc_finished_tls_sha384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 615bd6f5b9 move calc_finished_tls_sha256 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu d952669ad8 move write_certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu c2c673da59 move resend_hello_request 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu ce3dca4175 move psk_derive_premaster 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu c1cb384708 move calc_verify_tls_sha384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 8392e0dae4 move calc_verify_tls_sha256 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu d62f87e151 move derive_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 2a7b5ac791 move compute_master 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu d6ab235972 move use_opaque_psk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu f009d86186 move set_handshake_prfs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu dc7bd17d11 move tls_prf_sha256/384 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu ed14c93008 add static prototypes 
prepare for moving functions

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:01 +08:00
Jerry Yu 53d23e2c95 Guards tls_prf functions with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c73c618094 Wrap function not used by test_tls13_only 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_tls13_generic.c
 2022-02-21 09:06:00 +08:00
Jerry Yu bef175db96 Wrap derive_keys with TLS1_2 option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu cc43c6bee5 fix coding style issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu e754193e87 Remove guard inside ssl_srv.c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu fb4b6478ee tls13_only: improve guards of files. 
To improve readability of the preprocess guards.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu db8c48aaff tls13_only:Remove unnecessary functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu 7d2396332d fix wrong setting of max_minor version 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c5aef88be6 tls13_only: guard ssl_{cli,srv}.c with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c10f6b4735 tls13_only: simple test pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c3091b1c8c tls13_only: compile pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Andrzej Kurek d70fa0e327 Restructure error handling in mbedtls_pk_verify_ext 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-17 10:51:15 -05:00
pespacek 3015148ae6 Improving readability 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-17 16:08:23 +01:00
Gabor Mezei 8e3602569b
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard 4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:33 +01:00
Gilles Peskine 57b1ff39c2
Merge pull request #5377 from hanno-arm/ecp_add_mixed_fewer_mpis 
Minor improvements to ECC arithmetic subroutines
 2022-02-17 10:27:18 +01:00
Manuel Pégourié-Gonnard 3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Andrzej Kurek 59550537f0 Change signature_length type to size_t 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 07:46:42 -05:00
Andrzej Kurek 4a953cdd9f pk: properly handle signatures in larger buffers when using PSA 
As stated in function documentation.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 06:13:35 -05:00
Gabor Mezei 8d5a4cbfdb
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:23:17 +01:00
Gabor Mezei 833713c35c
Add better name for variable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:16:08 +01:00
Andrzej Kurek 8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext 
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:23:02 -05:00
Andrzej Kurek 90ba2cbd0a Cosmetic changes to return placement and variable naming 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref 
Ensure ctr_drbg is initialised every time in fuzz_server
 2022-02-15 10:31:03 +01:00
Ronald Cron b788c044b7 Use PSA status to Mbed TLS error code conversion function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa 
Cleanup PSA-based ECDHE in TLS 1.2
 2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel 0f5ecefbe9 Clean up the code 
- remove redundant local buffer
- fix code style

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel 4b3fff43a8 Destroy ecdh_psa_privkey on HRR 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-15 08:53:26 +01:00
Przemyslaw Stekiel 169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
lhuang04 86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
pespacek a6e955e729 X.509: x509write_crt_set_key_identifier created 
Function mbedtls_x509write_crt_set_key_identifier
was implemented to provide functionality of both
mbedtls_x509write_crt_set_authority_key_identifier
and
mbedtls_x509write_crt_set_subject_key_identifier.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:20:57 +01:00
pespacek a7a646986f Improving readability 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:18:43 +01:00
pespacek b9f07a79a7 Changing buffer size checks. 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:13:26 +01:00
pespacek 3110c7b340 Changing error codes. 
Change from MBEDTLS_ERR_ERROR_GENERIC_ERROR
to MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
where PSA crypto is used.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-14 15:07:41 +01:00
PeterSpace c2774a3ad4 Update library/psa_its_file.c 
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
 2022-02-14 12:24:56 +01:00
Przemyslaw Stekiel 4f419e55a1 ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel c0824bfb11 Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:19:45 +01:00
Przemyslaw Stekiel 6d6aabdb0d Remove unused function: ssl_tls13_check_ecdh_params() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel 9e23ddb09d Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 10:13:00 +01:00
Ronald Cron f6893e11c7 Finalize PSA hash operations in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:34 +01:00
Przemyslaw Stekiel ea859c24b7 Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA 
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-11 15:17:05 +01:00
Paul Elliott 00738bf65e Ensure ctr_drbg is initialised every time 
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-10 18:38:53 +00:00
Przemyslaw Stekiel b15f33d496 Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3 
These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-10 15:24:27 +01:00
Gabor Mezei 9607ab4dbd
Prevent function not used compilation error 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Gabor Mezei a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:23 +01:00
Glenn Strauss a941b62985 Create public macros for ssl_ticket key,name sizes 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 15:28:28 -05:00
Glenn Strauss a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation. 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:15 -05:00
Andrzej Kurek 7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO 
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-09 14:13:44 -05:00
Jerry Yu 7840f81303 fix client_auth fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard 62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth 
Move client_auth to handshake
 2022-02-09 10:57:00 +01:00
Ronald Cron 6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Xiaofei Bai 7c8b6a97b9 Update CertificateRequest skip condition 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 15:21:13 +00:00
Jerry Yu 5c7d1cce97 fix typo error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:08:29 +08:00
Jerry Yu 2d9a694088 change type of client_auth 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:07:10 +08:00
pespacek e990100ddb BUGFIX: psa_its_set now rejects UID = 0 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 14:05:41 +01:00
pespacek 7599a7744e X.509: use PSA for hashing under USE_PSA_CRYPTO 
When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than
mbedtls_md_xxx.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 11:27:42 +01:00
Xiaofei Bai c234ecf695 Update mbedtls_ssl_handshake_free() and address review comments. 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard 45c5768a74
Merge pull request #5434 from mprse/tls_use_psa 
TLS Cipher: use PSA crypto
 2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard 5d6053f548 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:26:19 +01:00
Xiaofei Bai 51f515a503 update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 07:28:04 +00:00
Jerry Yu 0ff8ac89f5 fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel c499e33ed0 ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard ff229cf639 Add debug message for wrong curve 
The non-PSA path has a debug message here, so let's have a similar one
in the PSA case - just add the curve ID to be a bit more informative.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard 422370d633 Improve a comment and fix some whitespace 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel c8a06feae6 ssl_msg.c: Optimize null/stream cipher decryption/encryption 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel 98ef6dca68 Remove redundant new lines 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel 6928a5164d Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel 8c010eb467 Fix comments, code style, remove debug code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel 6b2eedd25f ssl_msg.c: add debug code for psa failures 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard 141be6cc7f Fix missing check on server-chosen curve 
We had this check in the non-PSA case, but it was missing in the PSA
case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard 0d63b84fa4 Add mbedtls_ssl_check_curve_tls_id() (internal) 
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Note that new function doesn't depend on ECP_C, as it only requires
mbedtls_ssl_get_groups(), which is always available. As a general rule,
functions for defining and enforcing policy in the TLS module should not
depend on low-level modules but work with TLS-level identifiers are much
as possible, and this new function follows that principle.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard 3caa0edb9b Remove dead preprocessor code 
There's no way currently (see below regarding the future) that ECC-based
key exchanges are enabled without ECP_C being defined. So, the #if was
fully redundant with the checks surrounding the function, as it always
evaluated to true.

The situation arose as, in the old days (before Mbed TLS 2.0),
mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back
then) was optional, controlled by its own compile-time option
POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended
on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by
that.

When it was made non-optional, a blind
s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in
stupid situations like this with redundant checks for ECP_C.

Note regarding the future: at some point it will be possible to compile
with ECC-based key exchanges but without ECP_C. This doesn't change
anything to the reasoning above: mbedtls_ssl_check_curve() will be
available in all builds where ECC is used; it will just need a new
definition (with new guards), but that doesn't change anything for its
callers.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard 4a0ac1f160 Remove mbedtls_psa_tls_ecpoint_to_psa_ec() 
Same reasons as for the previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard 58d2383ef4 Remove mbedtls_psa_tls_psa_ec_to_ecpoint() 
Initially this function was doing something because the output format of
psa_export_public() didn't match the ECPoint format that TLS wants.

Then it became a no-op then the output format of psa_export_public()
changed, but it made sense to still keep the function in case the format
changed again. Now that the PSA Crypto API has reached 1.0 status, this
is unlikely to happen, so the no-op function is no longer useful.

Removing it de-clutters the code a bit; while at it we can remove a
temporary stack buffer (that was up to 133 bytes).

It's OK to remove this function even if it was declared in a public
header, as there's a warning at the top of the file saying it's not part
of the public API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard e5119898e4 Improve a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel b97556e8d1 mbedtls_ssl_encrypt/decrypt_buf: remove dead code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel f9cd60853f ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard 9cb7b8d263
Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround 
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
 2022-02-01 09:21:27 +01:00
Tautvydas Žilys 40fc7da101 Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel 77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel be47ecf5e2 mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel 2c87a200a3 ssl_write_encrypt_then_mac_ext(): adapt to psa crypto 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel 89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel 399ed51185 Fix condition in mbedtls_ssl_get_record_expansion 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel e5c2238a99 Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 1d714479a3 mbedtls_ssl_get_record_expansion: rework switch statement for psa 
As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel e88477844c Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version 
mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 221b52791e ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 9b22c2b1e6 Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 6be9cf542f Cleanup the code 
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel d4eab57933 Skip psa encryption/decryption for null cipher 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel ce09e7d868 Use psa_status_to_mbedtls() for psa error case 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel fe7397d8a7 Fix key attributes encrypt or decrypt only (not both) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel dd7b501c92 Move PSA init after taglen is set 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel e87475d834 Move psa_status_to_mbedtls to ssl_misc.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 8398a67e31 Fix description of the translation function 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel 2e9711f766 mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel b37fae122c mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel 76e1583483 Convert psa status to mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel 11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel ffccda45df ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel ce37d11c67 mbedtls_ssl_transform_free(): fix destruction of psa keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel 8f80fb9b1d Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel 44187d7a3e Extend mbedtls_ssl_transform struct for psa keys and alg 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel 430f337b49 Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Paul Elliott a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys 
Swap the client and server random for TLS 1.3 f_export_keys
 2022-01-28 12:09:19 +00:00
Xiaofei Bai 6d42bb430c Update mbedtls_ssl_handshake_free() 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard f7d704dbd2 Avoid dead code in some configurations 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 10:05:56 +01:00
Xiaofei Bai f5b4d25cfa Add received_sig_algs member to struct mbedtls_ssl_handshake_params 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 06:37:15 +00:00
Jerry Yu fb28b88e26 move client_auth to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-28 11:05:58 +08:00
lhuang04 a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
XiaokangQian 8499b6ce25 Only free verify_cookie in tls 1.3 case. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 09:00:11 +00:00