9057 commits

Author	SHA1	Message	Date
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	5f4e91253f	ssl_client.c: Add DTLS ClientHello message sending specifics ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	4079abc7d1	ssl_client.c: Adapt extensions writing to the TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards ... In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	df823bf39b	ssl_client.c: Re-order partially extension writing ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:57:54 +02:00
Ronald Cron	42c1cbf1de	ssl_client.c: Adapt compression methods comment to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:56:58 +02:00
Paul Elliott	571f1187b6	Merge pull request #5642 from mprse/ecp_export ... Add ECP keypair export function	2022-03-29 17:19:04 +01:00
Artur Allmann	3f396152b7	Fix typo "phtreads" to "pthreads" ... Closes issue #5349 Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>	2022-03-29 17:43:56 +02:00
Ronald Cron	d491c2d779	ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	a874aa818a	ssl_client.c: Add DTLS 1.2 cookie support ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	021b1785ef	ssl_client.c: Adapt session id generation to the TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	58b803818d	ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:50 +02:00
Gabor Mezei	cb5ef6a532	Remove duplicated includes ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:10:01 +02:00
Gabor Mezei	55c49a3335	Use proper macro guard ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:09:15 +02:00
Gabor Mezei	29e7ca89d5	Fix typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:49 +02:00
Gabor Mezei	c09437526c	Remove commented out code ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:15 +02:00
Ronald Cron	1614eb668c	ssl_client.c: Adapt TLS version writing to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	86a477f5ee	ssl_client.c: Adapt initial version selection to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	5456a7f89c	ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	71c2332860	ssl_client.c: Rename TLS 1.3 ClientHello writing functions ... Rename TLS 1.3 ClientHello writing functions aiming to support TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Dave Rodgman	1c41501949	Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal ... SECLIB-667: Accelerate SHA-512 with A64 crypto extensions	2022-03-29 15:34:12 +01:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards ... Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	12dcdf0d6e	ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4e263fd49c	ssl_tls12_client.c: Simplify TLS version in encrypted PMS ... This can only be TLS 1.2 now in this structure and when adding support for TLS 1.2 or 1.3 version negotiation the highest configured version can be TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90f012037d	ssl_tls12_server.c: Simplify TLS version check in ClientHello ... The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8457c12127	ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	b894ac7f99	ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90915f2a21	ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version ... ssl_tls12_client.c contains only TLS 1.2 specific code thus remove some checks on the minor version version being MBEDTLS_SSL_MINOR_VERSION_3. No aim for completeness, ssl_parse_server_hello() is not reworked here for example. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	a25cf58681	ssl_tls.c: Remove one unnecessary minor version check ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	c2f13a0568	ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() ... Modify mbedtls_ssl_set_calc_verify_md() taking into account that it is an TLS 1.2 only function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4dcbca952e	ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section ... In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the "if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive as it is specific to TLS 1.2. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	81591aa0f3	ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param ... ssl_set_handshake_prfs() is TLS 1.2 specific and only called from TLS 1.2 only code thus no need to pass the TLS minor version of the currebt session. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	f12b81d387	ssl_tls.c: Fix PSA ECDH private key destruction ... In TLS 1.3, a PSA ECDH private key may be created even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We must destroy this key if still referenced by an handshake context when we free such context. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8540cf66ac	ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 ... In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose PKCS1 v1.5 signatures with SHA_384/512 not only SHA_256. There is no point in not proposing them if they are available. In TLS 1.3 those could be useful for certificate signature verification. In hybrid TLS 1.2/1.3 this allows to propose for TLS 1.2 the same set of signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	60ff79424e	ssl_tls13_client.c: alpn: Miscellanous minor improvements ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	13d8ea1dd9	ssl_tls13_client.c: alpn: Loop only once over protocol names ... This has although the benefit of getting rid of a potential integer overflow (though very unlikely and probably harmless). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	a0855a6d13	ssl_tls13_client.c: alpn: Add missing return value assignment ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	de1adee51a	Rename ssl_cli/srv.c ... Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 ... Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard	39f2f73e69	Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing ... Restore full TLS compatibility testing	2022-03-28 18:31:17 +02:00
Ronald Cron	e44d8e7eea	Merge pull request #5369 from xkqian/add_2nd_client_hello ... Add 2nd client hello	2022-03-28 12:18:41 +02:00
Przemek Stekiel	ab5274bb19	Remove parameters validation using ECP_VALIDATE_RET ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-28 07:23:08 +02:00
Gabor Mezei	ed6d6589b3	Use hash algoritm for parameter instead of HMAC ... To be compatible with the other functions `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` use hash algorithm for parameter. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:28:06 +01:00
Gabor Mezei	07732f7015	Translate from mbedtls_md_type_t to psa_algorithm_t ... Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:04:19 +01:00
Gabor Mezei	5d9a1fe9e9	PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 ... With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support is always enabled. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 15:47:15 +01:00
Ronald Cron	fb39f15fa1	ssl_tls.c: Use ETM status only in CBC mode case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Ronald Cron	862902dd57	ssl_srv.c: Mark ETM as disabled if cipher is not CBC ... Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS 1.2 server only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard	cefa904759	Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor ... Accessor for mbedtls_timing_delay_context final delay	2022-03-25 09:14:41 +01:00
XiaokangQian	20438976f9	Change comments and styles base on review ... Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:09:29 +00:00
XiaokangQian	c02768a399	Replace ssl->handshake with handshake in write_cookie_ext() ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9b93c0dd8d	Change cookie parameters for dtls and tls 1.3 ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	25c9c9023c	Refine cookie len to fix compile issues ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9deb90f74e	Change parameter names and code style ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	5e3c947841	Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	233397ef88	Update code base on comments ... Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data Change code styles and comments Fix cookie write issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	0b64eedba8	Add cookies write in client hello ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
Ronald Cron	90045241e7	Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify ... TLS1.3: Fix incorrect check for certificate verify	2022-03-25 08:35:41 +01:00
Jerry Yu	6c6f10265d	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-25 11:09:50 +08:00
Paul Elliott	27b0d94e25	Use mbedtls_ssl_is_handshake_over() ... Switch over to using the new function both internally and in tests. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-24 14:43:52 +00:00
Jerry Yu	bd1b3278b1	Remove useless code ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-24 13:07:28 +08:00
Tom Cosgrove	b7f5b97650	Minor changes to sha256.c to bring it in line with sha512.c ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:56 +00:00
Tom Cosgrove	87fbfb5d82	SECLIB-667: Accelerate SHA-512 with A64 crypto extensions ... Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:53 +00:00
Jerry Yu	e26acee896	Refactor guards for sig algs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 21:01:33 +08:00
Jerry Yu	f8aa9a44aa	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard	5e4bf95d09	Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies ... MD: HMAC in DTLS cookies	2022-03-23 13:05:24 +01:00
Jerry Yu	8c3388620d	create sig_alg decode function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 13:34:04 +08:00
Jerry Yu	0c23fc39c3	fix various guards issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:20:01 +08:00
Jerry Yu	7533982f68	guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:06:31 +08:00
Jerry Yu	e010de4be3	Rename ctx to rsa_ctx ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:45:55 +08:00
Jerry Yu	fb0621d841	fix pk_sign_ext issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:42:06 +08:00
Jerry Yu	cef3f33012	Guard rsa sig algs with rsa_c and pkcs1_v{15,21} ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 23:16:42 +08:00
Jerry Yu	e91a51a539	Refactor get_sig_alg_from pk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:42:50 +08:00
Jerry Yu	bf455e7516	rename pk_psa_rsa_sign_ext param ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:39:41 +08:00
Jerry Yu	3616533d26	tls13:remove ec check from validate certification ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 19:46:05 +08:00
Neil Armstrong	488a40eecb	Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-22 10:41:38 +01:00
Jerry Yu	dddf5a0e18	Refactor get_sig_alg_from_pk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:47:19 +08:00
Jerry Yu	89107d1bc2	fix ci fail without RSA_C ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	406cf27cb5	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	848ecce990	fix wrong typo in function name ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:52 +08:00
Jerry Yu	07869e804c	fix psa crypto test fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	b02ee18e64	replace use_psa_crypto with psa_crypto_c ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	b6875bc17a	change rsa_pss salt type ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	704cfd2a86	fix comments and style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	718a9b4a3f	fix doxgen fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	1d172a3483	Add pk_psa_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	8beb9e173d	Change prototype of pk_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	67eced0132	replace pk_sign with pk_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	d69439aa61	add mbedtls_pk_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	bfcfe74b4e	add signature algorithm debug helper ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Jerry Yu	919130c035	Add rsa_pss_rsae_sha256 support ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Gabor Mezei	1e64f7a643	Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:54 +01:00
Gabor Mezei	1bf075fffd	Use SSL error codes ... The `psa_ssl_status_to_mbedtls` function is not only used for cipher operations so transalte to TLS error codes. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	adfeadc6e5	Extend PSA error translation ... Add new error codes to the PSA to mbedtls error translation. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	58db65354b	Use the PSA-based HKDF functions ... Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` functions in the HKDF handling. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Paul Elliott	b9af2db4cf	Add accessor for timing final delay ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-21 15:26:19 +00:00
Neil Armstrong	79daea25db	Handle and return translated PSA errors in ssl_cookie.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-21 12:05:51 +01:00
Neil Armstrong	2d5e343c75	Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard	f4042f076b	Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac ... TLS record HMAC	2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard	706f6bae27	Merge pull request #5518 from superna9999/5274-ecdsa-signing ... PK: ECDSA signing	2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard	472044f21e	Merge pull request #5525 from superna9999/5161-pk-rsa-encryption ... PK: RSA encryption	2022-03-21 09:57:38 +01:00
Ronald Cron	8d7afc642c	Merge pull request #5523 from ronald-cron-arm/one-flush-output-development ... TLS 1.3: One flush output	2022-03-21 08:44:04 +01:00
Neil Armstrong	62e6ea2c22	Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:39:49 +01:00
Neil Armstrong	17a0655c8d	Add documentation to find_ecdsa_private_key() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:27:38 +01:00
Neil Armstrong	05132ed490	md_alg is used in ecdsa_sign_wrap(), cleanup code ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:14:57 +01:00
Neil Armstrong	cb753a6945	Use mbedtls_eckey_info directly in ecdsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:14:48 +01:00
Przemek Stekiel	711d0f5e29	Add implemetation of ECP keypair export function ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard	e5b53193e0	Merge pull request #5636 from mprse/tls_ecdh_2b ... TLS ECDH 2b: client-side static ECDH (1.2)	2022-03-18 11:36:53 +01:00
Neil Armstrong	29c0c040fc	Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() ... This requires moving the HMAC init after CIPHER init. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:10:09 +01:00
Neil Armstrong	9ebb9ff60c	Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:58 +01:00
Neil Armstrong	72c2f76c43	Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:36 +01:00
Neil Armstrong	36cc13b340	Use PSA defines for buffers in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:20 +01:00
Neil Armstrong	ae57cfd3e7	Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 10:00:10 +01:00
Neil Armstrong	28d9c631b8	Fix comments in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 10:00:10 +01:00
Ron Eldor	183264cb95	Fix shared library link error with cmake on Windows ... Set the library path as the current binary dir Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard	8d4bc5eeb9	Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac ... HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC	2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard	15c0e39fff	Merge pull request #5519 from superna9999/5150-pk-rsa-decryption ... PK: RSA decryption	2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard	7c92fe966a	Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection ... TLS Cipher 2a: tickets: use PSA for protection	2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard	560ef5975c	Merge pull request #5613 from mprse/tls_ecdh_2a ... TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)	2022-03-17 09:29:41 +01:00
Przemek Stekiel	068a6b4013	ssl_check_server_ecdh_params():Adapt build flags ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-17 07:54:09 +01:00
Neil Armstrong	da1d80db19	Use mbedtls_rsa_info directly in rsa_encrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:36:32 +01:00
Neil Armstrong	7b1dc85919	Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:36:06 +01:00
Neil Armstrong	6b03a3de5c	Use mbedtls_rsa_info directly in rsa_decrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:31:07 +01:00
Neil Armstrong	8e80504b46	Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:30:31 +01:00
Gabor Mezei	103e08aab9	Fix return value handling ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 13:45:41 +01:00
Przemek Stekiel	561a42392a	ssl_parse_signature_algorithm(): refactor PSA CRYPTO code ... - use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary(). - add check for ECDH curve type in server's certificate Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 13:16:24 +01:00
Gabor Mezei	5b8b890a61	Check PSA functions' return value before converting ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 12:56:58 +01:00
Gabor Mezei	36c9f51ef2	Use size_t instead of int to silence compiler warnings ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 12:55:32 +01:00
Gabor Mezei	4f4bac7e22	Remove blank lines ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 12:54:27 +01:00
Przemek Stekiel	dd482bfd6a	Modify own_pubkey_max_len calculation ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:43:22 +01:00
Przemek Stekiel	a4e15cc0d5	Fix comment: add fields size ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:32:42 +01:00
Przemek Stekiel	855938e17d	Move mbedtls_ecdh_setup() to no-psa path ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:29:29 +01:00
Przemek Stekiel	338b61d6e4	Fix code style ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:24:09 +01:00
Przemek Stekiel	d905d33488	ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 09:50:56 +01:00
Przemek Stekiel	ea4000f897	ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 09:49:33 +01:00
Dave Rodgman	2cecd8aaad	Merge pull request #3624 from daxtens/timeless ... RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test	2022-03-15 16:43:19 +00:00
Przemek Stekiel	ce1d792315	Remove duplicated code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 16:16:25 +01:00
Neil Armstrong	169e61add6	Zeroise stack buffer containing private key ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-14 14:26:49 +01:00
Neil Armstrong	3aca61fdfc	Zeroise stack buffer containing private key ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-14 14:24:48 +01:00
Dave Rodgman	868d38f50f	Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal ... SECLIB-667: Accelerate SHA-256 with A64 crypto extensions	2022-03-14 12:57:37 +00:00
Przemek Stekiel	fc91a1f030	Use PSA for private key generation and public key export only for ECDHE keys ... This should be cleaned when server-side static ECDH (1.2) support is added (#5320). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 12:05:27 +01:00
Przemek Stekiel	a21af3da00	Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() ) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 10:09:13 +01:00
Przemek Stekiel	0a60c129de	Add intermediate variables to increase code readability ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 09:54:51 +01:00
Przemek Stekiel	e9f00445bc	Destroy ecdh_psa_privkey on failure ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 09:42:32 +01:00
Przemek Stekiel	130c4b5567	Use PSA version of key agreement only for ECDHE keys ... This should be cleaned when server-side static ECDH (1.2) support is added (#5320). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard	c11bffe989	Merge pull request #5139 from mprse/key_der_ecc ... PSA: implement key derivation for ECC keys	2022-03-14 09:17:13 +01:00
Gilles Peskine	81d903f5aa	Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing ... feat: MD: X.509 hashing	2022-03-10 20:16:43 +01:00
Gilles Peskine	afb482897b	Merge pull request #5292 from mprse/asym_encrypt ... Driver dispatch for PSA asymmetric encryption + RSA tests	2022-03-10 20:07:38 +01:00
Gabor Mezei	49c8eb3a5a	Enable chachcapoly cipher for SSL tickets ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Gabor Mezei	2a02051286	Use PSA in TLS ticket handling ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Gabor Mezei	e6d867f476	Typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 15:04:58 +01:00
Ronald Cron	a8b38879e1	Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:17 +01:00
Ronald Cron	7a94aca81a	Move state change from CLIENT_CERTIFICATE to its main handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data ... server certificate selection callback	2022-03-10 11:51:42 +01:00
Przemek Stekiel	fd32e9609b	ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-09 16:01:59 +01:00
Przemek Stekiel	b6ce0b6cd8	ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-09 16:01:50 +01:00
Ronald Cron	5bb8fc830a	Call Certificate writing generic handler only if necessary ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3f20b77517	Improve comment ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	00d012f2be	Fix type of force_flush parameter ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9f55f6316e	Move state change from CSS states to their main handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3addfa4964	Move state change from WRITE_CLIENT_HELLO to its main handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers ... Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9df7c80c78	TLS 1.3: Always go through the CLIENT_CERTIFICATE state ... Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:50:08 +01:00
Paul Elliott	17f452aec4	Merge pull request #5448 from lhuang04/tls13_alpn ... Port ALPN support for tls13 client from tls13-prototype	2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c ... TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Przemek Stekiel	c85f0912c4	psa_crypto.c, test_suite_psa_crypto.function: fix style ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-08 11:37:54 +01:00
Gilles Peskine	44311f5c98	Merge pull request #5571 from superna9999/5162-pk-rsa-signing ... PK: RSA signing	2022-03-07 17:09:14 +01:00
Gilles Peskine	15364ffb03	Merge pull request #5579 from SiliconLabs/erase_secret_before_free ... Erase secrets in allocated memory before freeing said memory	2022-03-07 17:04:04 +01:00
Neil Armstrong	6d5baf5f1e	Use PSA MAC verify API in mbedtls_ssl_cookie_check() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	be52f500c8	Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	7cd0270d6c	Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	2217d6f825	Generate cookie MAC key with psa_generate_key ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
pespacek	b9ca22dead	Improving readability of x509_crt and x509write_crt for PR ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:59:44 +01:00
pespacek	d924e55944	Improving readability of x509_crt and x509write_crt ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:31:54 +01:00
Przemek Stekiel	7fc0751f78	Restore build options for mbedtls_ecc_group_of_psa() and related functions ... Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-06 20:43:46 +01:00
Neil Armstrong	77b69ab971	Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:45 +01:00
Neil Armstrong	23d34ce372	Use PSA HMAC API in ssl_cookie_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:45 +01:00
Neil Armstrong	d633201279	Import PSA HMAC key in mbedtls_ssl_cookie_setup() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:18 +01:00
Andrzej Kurek	09e803ce0d	Provide a dummy implementation of timing.c ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	108bf520e0	Add a missing guard for time.h in net_sockets.c ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Daniel Axtens	f071024bf8	Do not include time.h without MBEDTLS_HAVE_TIME ... MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()." If that is not defined, do not attempt to include time.h. A particular problem is platform-time.h, which should only be included if MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it should be refactored to have the check inside the header. Signed-off-by: Daniel Axtens <dja@axtens.net>	2022-03-04 05:07:45 -05:00
Neil Armstrong	bca99ee0ac	Add PSA key in mbedtls_ssl_cookie_ctx ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 10:20:20 +01:00
Neil Armstrong	e87804920a	Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:54:16 +01:00
Neil Armstrong	b556a42656	Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	f47135756c	Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	0d46786034	Fix style issue in rsa_decrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	f1b564bb8d	Check psa_destroy_key() return in rsa_decrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	18f43c7304	PK: RSA decrypt PSA wrap implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	e4edcf761d	Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:46:41 +01:00
Neil Armstrong	ff70f0bf77	Check psa_destroy_key() return in rsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	edcc73c992	Fix 80 characters indentation in ecdsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	dab14de96a	Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	15021659d1	Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	5874aa38f7	Fix style issue in find_ecdsa_private_key() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	cf5a215a43	Check psa_destroy_key() return in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	e960690b89	PK: ECDSA signing PSA wrap implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	db69c5213f	Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:41:23 +01:00
Neil Armstrong	66fa769ae8	Fix 80 characters indentation in rsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	4b1a059f7d	Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	48a9833cdf	Check psa_destroy_key() return in rsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	e4f28688fd	Fix comment typo in rsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	9854568204	PK: RSA signing PSA wrap implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	3770e2483f	Use new PSA to mbedtls PK error mapping functions in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:37:33 +01:00
Neil Armstrong	deb4bfb2b9	Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	9dccd866c3	Check psa_destroy_key() return in ecdsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	7dd3b20d36	Check psa_destroy_key() return in rsa_encrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	ac014ca5d9	Fix comment typos in rsa_encrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	96a16a429b	PK: RSA encrypt PSA wrap implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Gilles Peskine	1f13e984ad	Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls ... Rename, move and refine PSA to mbedtls PK errors mappings	2022-03-03 13:30:29 +01:00
Gilles Peskine	d929dbbb25	Merge pull request #5368 from mfil/feature/additional_md_getters ... Add function to get message digest info from context	2022-03-02 16:44:26 +01:00
Gilles Peskine	e8c8300190	Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes ... Move max sizes of RSA & EC DER keys into public header	2022-03-02 16:41:53 +01:00
Neil Armstrong	6828d8fdc4	Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:11 +01:00
Neil Armstrong	6958bd0206	Clean aux_out in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:11 +01:00
Neil Armstrong	4313f55a13	Simplify error handling of PSA mac operationsg in ssl_msg.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:04 +01:00
Neil Armstrong	321116c755	Remove spurious debug in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:06:15 +01:00
Przemek Stekiel	e894c5c4a5	Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-02 08:45:56 +01:00
Paul Elliott	06898650f9	Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify ... TLS1.3: Add write client Certificate and CertificateVerify	2022-03-01 18:42:00 +00:00
Przemek Stekiel	15565eeb59	Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 17:01:39 +01:00
Neil Armstrong	19915c2c00	Rename error translation functions and move them to library/pk_wrap.* ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 15:21:02 +01:00
Przemek Stekiel	a81aed2dae	Clean up init values of psa crypto status and fix switch default case ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 15:13:30 +01:00
Przemek Stekiel	f110dc05be	Clenup conditional compilation flags. ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 14:48:05 +01:00
Przemek Stekiel	dcab6ccb3b	Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 14:29:49 +01:00
Neil Armstrong	0f49f83625	Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 10:05:33 +01:00
Neil Armstrong	e9ecd27890	Rename max sizes of RSA & EC DER keys defines ... Rename to match the required pattern of defines: '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 10:03:21 +01:00
Neil Armstrong	e0326a6acc	Move max sizes of RSA & EC DER keys into private pkwrite.h ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 09:58:58 +01:00
Glenn Strauss	6989407261	Add accessor to retrieve SNI during handshake ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Glenn Strauss	36872dbd0b	Provide means to reset handshake cert list ... Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert() only provided a way to append to the handshake certificate list, without providing a way to replace the handshake certificate list. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:48 -05:00
Glenn Strauss	2ed95279c0	Add server certificate selection callback ... https://github.com/ARMmbed/mbedtls/issues/5430 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 17:31:49 -05:00
Neil Armstrong	e858996413	Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() ... Due to mbedtls_ct_hmac() implementation the decryption MAC key must be exportable. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:17:50 +01:00
Neil Armstrong	2968d306e4	Implement mbedtls_ct_hmac() using PSA hash API ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:50 +01:00
Neil Armstrong	cf8841a076	Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined ... Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	26e6d6764e	Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	0760ade761	Setup & Import HMAC keys in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Steven Cooreman	cd5be32191	Erase secrets in allocated memory before freeing said memory ... Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2022-02-25 11:14:59 +01:00
Andrzej Kurek	a0237f86d3	Add missing key destruction calls in ssl_write_client_key_exchange ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-25 04:36:40 -05:00
Tom Cosgrove	7e7aba8c9d	Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support() ... The Mbed TLS coding standard specifies that "check" functions must return 0 for success (i.e. feature present), while "has" functions should return 1 for true. Since we were using "check" to do the actual check, and "has" to get the cached value, having inverted values here would be confusing. Therefore, rename "check" to "determine", as that's what those functions are doing. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-02-24 08:33:11 +00:00
Jerry Yu	71f36f1d2e	change alert message type ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 17:34:29 +08:00
Neil Armstrong	39b8e7dde4	Add, Initialize & Free HMAC keys in mbedtls_ssl_transform ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-23 09:24:57 +01:00
Jerry Yu	0b7b101b3b	fix warnings ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 12:26:48 +08:00
Jerry Yu	2ff6ba1df0	Remove rsa_pss_rsae_sha256 support. ... Sign rsa is not thread safe. Remove it from current code. And a thread-safe version should be re-introduce in future. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 10:38:25 +08:00
Przemyslaw Stekiel	91ebfc0402	Adapt compilation flags for ECC key derivation ... Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa(). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 15:50:30 +01:00
Neil Armstrong	3f9cef4547	Remove actual and use new PSA to mbedtls PK errors mapping functions ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 15:44:39 +01:00
Neil Armstrong	ea761963c5	Add specialized PSA to mbedtls PK/RSA error mapping function ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 14:37:00 +01:00
Neil Armstrong	cd501f406e	Add specialized PSA to mbedtls PK/ECDSA error mapping function ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 14:37:00 +01:00
Neil Armstrong	a3fdfb4925	Introduce new PSA to mbedtls PK error mapping function ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel	76960a7217	mbedtls_mpi_read_binary() document that function guarantees to return an MPI with exactly the necessary number of limbs and remove redundant call to mbedtls_mpi_grow() ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	aeaa4f0651	Code optimization ... - fix codding style - fix comments and descriptions - add helper function for montgomery curve - move N-2 calculation outside the loop - fix access to <data> bytes: *data[x] -> (*data)[x] Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	6d3d18b2dc	psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code ... Perform the following optimizations: - fix used flags for conditional compilation - remove redundant N variable - move loop used to generate valid k value to helper function - fix initial value of status - fix comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	924815982a	Workaround for VS compiler build error ... The following error was reported by CI for win32/release builds: 37>Done Building Project "C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\gen_entropy.vcxproj.metaproj" (Rebuild target(s)). 67>c:\builds\workspace\mbed-tls-pr-head_pr-5139-head\worktrees\tmp_nn5muy8\library\psa_crypto.c(4840): fatal error C1001: An internal error has occurred in the compiler. [C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\key_ladder_demo.vcxproj] (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 228) To work around this problem, try simplifying or changing the program near the locations listed above. Please choose the Technical Support command on the Visual C++ Help menu, or open the Technical Support help file for more information Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	e33ae7186e	psa_crypto.c: adapt macros ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	dc215f4b97	Simplify calculations for clear mask ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	d80b6ed46d	Use loop instead goto and fix misleading variable name ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	dc8d7d9211	fix mbedtls/psa status code mismatch ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	871a336028	Remove redundant psa_generate_derived_ecc_key_weierstrass_check_config() ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	aaa1ada086	psa_generate_derived_ecc_key_weierstrass_check_config: Build only when ECC enabled ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	50fcc535e5	Add Weierstrass curve/bits consistancy check + negative test vectors ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel	58ce8d8fb6	Add support for Montgomery curves ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel	705fb0f918	Only Weierstrass curves supported ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel	c6e4c512af	psa_crypto.c: fix warning on windows compiler ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	1dfd1224dc	psa_generate_derived_ecc_key_helper: compile only when ECC is supported ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	653481632e	psa_generate_derived_ecc_key_helper: fix bugs found during testing ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	d8cdcba970	Move derivation of ECC private key to helper function and refactor code ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	1608e33606	PSA: implement key derivation for ECC keys ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Jerry Yu	782720787f	Refactor write_certificate_verify ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:28:13 +08:00
Jerry Yu	2124d05e06	Add sha384 and sha512 case ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	d66409ae92	Add non support sig alg check and test ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	c8d8d4e01a	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7db5b8f68c	add rsa_pss_rsae_sha256 write support ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	3391ac00d3	fix various issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	ca133a34c5	Change state machine ... Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	537530d57a	Add certificate request echo ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	3e536442f5	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	a23b9d954c	fix undefine error ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7399d0d806	refactor write certificate ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	1bb5a1ffe3	Implement received sig_algs check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	32e0c2d526	fix server only build fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	90f152dfac	fix psk only build fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	72637c734b	fix write certificate fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	8511f125af	Add certificteVerify ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	5cc3506c9f	Add write certificate and client handler ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	566c781290	Add dummy state for client_certifiate ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Ronald Cron	4579a972bf	Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 ... Add accessors to mbedtls_ssl_context: user data, version ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.	2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard	e3a2dd787e	Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa ... Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO	2022-02-21 16:58:57 +01:00
Gabor Mezei	d860e0f18b	Add comment ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	0e7c6f4961	Check return value of psa_destroy_key ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	26c6741c58	Add better name for variable. ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	320d21cecf	Update documentation ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	c5efb8e58b	Use PSA error code ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:38 +01:00
Gabor Mezei	89c1a95f8f	Delete leftover code ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:59 +01:00
Gabor Mezei	b1f53976ee	Add documentation for mbedtls_psa_hkdf_extract ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:59 +01:00
Gabor Mezei	62bf024025	Make the mbedtls_psa_hkdf_extract function more PSA compatible ... Change the return value to `psa_status_t`. Add `prk_size` and `prk_len` parameters. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:57 +01:00
Gabor Mezei	9f4bb319c9	Implement HKDF extract in TLS 1.3 based on PSA HMAC ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:23:29 +01:00
Gilles Peskine	66971f8ab1	Add prototype for automatically generated debug helper ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	c63a1e0e15	Fix mbedtls_ssl_get_version() for TLSv1.3 ... Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	e1a0c25f71	New function to access the TLS version from a context as an enum ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Tom Cosgrove	b9987fc344	Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-02-21 12:26:11 +00:00
Paul Elliott	436b72690d	Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build ... TLS1.3:Enable tls13 only build	2022-02-21 11:22:37 +00:00
Tom Cosgrove	f3ebd90a1c	SECLIB-667: Accelerate SHA-256 with A64 crypto extensions ... Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8-a+crypto. The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms continue to work, and are mutually exclusive with A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard	9b545c04f7	Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac ... HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC	2022-02-21 09:30:31 +01:00
Jerry Yu	f1b23caa4e	move wrong comments ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	18621dfd23	remove extra empty line ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	50f2f703a7	remove extra guards ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	840fbb2817	guards populate_transform reference ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	4f9e3efbeb	move session_save/load_tls12 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d9d91da7c7	move sig_hash_* ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	ee40f9d4b3	move get_key_exchange_md_tls12 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	9bccc4c63f	move populate_transform ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	e93ffcd2c7	move tls_prf_get_type ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	392112c058	move tls12prf_from_cs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	0b3d7c1ea1	move parse_finished ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	3c8e47bbbf	move write_finished ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	2a9fff571d	move wrapup ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	aef0015ba0	move wrapup_free_hs_transform ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	b7ba49ef74	move calc_finished_tls_sha384 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	615bd6f5b9	move calc_finished_tls_sha256 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d952669ad8	move write_certificate ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	c2c673da59	move resend_hello_request ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	ce3dca4175	move psk_derive_premaster ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	c1cb384708	move calc_verify_tls_sha384 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	8392e0dae4	move calc_verify_tls_sha256 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d62f87e151	move derive_keys ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	2a7b5ac791	move compute_master ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d6ab235972	move use_opaque_psk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	f009d86186	move set_handshake_prfs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	dc7bd17d11	move tls_prf_sha256/384 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	ed14c93008	add static prototypes ... prepare for moving functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	53d23e2c95	Guards tls_prf functions with TLS1_2 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c73c618094	Wrap function not used by test_tls13_only ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_tls13_generic.c	2022-02-21 09:06:00 +08:00
Jerry Yu	bef175db96	Wrap derive_keys with TLS1_2 option ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	cc43c6bee5	fix coding style issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	e754193e87	Remove guard inside ssl_srv.c ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	fb4b6478ee	tls13_only: improve guards of files. ... To improve readability of the preprocess guards. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	db8c48aaff	tls13_only:Remove unnecessary functions ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	7d2396332d	fix wrong setting of max_minor version ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c5aef88be6	tls13_only: guard ssl_{cli,srv}.c with TLS1_2 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c10f6b4735	tls13_only: simple test pass ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c3091b1c8c	tls13_only: compile pass ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Andrzej Kurek	d70fa0e327	Restructure error handling in mbedtls_pk_verify_ext ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-17 10:51:15 -05:00
pespacek	3015148ae6	Improving readability ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-17 16:08:23 +01:00
Gabor Mezei	8e3602569b	Typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard	4fa604cc3b	Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 ... feat: Update test_suite_psa_its to NOT use UID=0	2022-02-17 11:49:33 +01:00
Gilles Peskine	57b1ff39c2	Merge pull request #5377 from hanno-arm/ecp_add_mixed_fewer_mpis ... Minor improvements to ECC arithmetic subroutines	2022-02-17 10:27:18 +01:00
Manuel Pégourié-Gonnard	3d1f8b9c00	Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto ... Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO	2022-02-16 17:33:47 +01:00
Andrzej Kurek	59550537f0	Change signature_length type to size_t ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-16 07:46:42 -05:00
Andrzej Kurek	4a953cdd9f	pk: properly handle signatures in larger buffers when using PSA ... As stated in function documentation. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-16 06:13:35 -05:00
Gabor Mezei	8d5a4cbfdb	Check return value of psa_destroy_key ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-15 16:23:17 +01:00
Gabor Mezei	833713c35c	Add better name for variable ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-15 16:16:08 +01:00
Andrzej Kurek	8666df6f18	Add signature length mismatch handling when using PSA in pk_verify_ext ... Introduce a regression test for that too. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-15 08:23:02 -05:00
Andrzej Kurek	90ba2cbd0a	Cosmetic changes to return placement and variable naming ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard	a1b506996d	Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref ... Ensure ctr_drbg is initialised every time in fuzz_server	2022-02-15 10:31:03 +01:00
Ronald Cron	b788c044b7	Use PSA status to Mbed TLS error code conversion function ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard	e14b644f4d	Merge pull request #5456 from mpg/cleanup-ecdh-psa ... Cleanup PSA-based ECDHE in TLS 1.2	2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel	0f5ecefbe9	Clean up the code ... - remove redundant local buffer - fix code style Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel	4b3fff43a8	Destroy ecdh_psa_privkey on HRR ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-15 08:53:26 +01:00
Przemyslaw Stekiel	169f115bf0	ssl_client2: init psa crypto for TLS 1.3 build ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 17:15:04 +01:00
lhuang04	86cacac91a	Port ALPN support for tls13 client from tls13-prototype ... Summary: Port ALPN implementation of tls13 client from [tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124). Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-02-14 08:03:32 -08:00
pespacek	a6e955e729	X.509: x509write_crt_set_key_identifier created ... Function mbedtls_x509write_crt_set_key_identifier was implemented to provide functionality of both mbedtls_x509write_crt_set_authority_key_identifier and mbedtls_x509write_crt_set_subject_key_identifier. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:20:57 +01:00
pespacek	a7a646986f	Improving readability ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:18:43 +01:00
pespacek	b9f07a79a7	Changing buffer size checks. ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:13:26 +01:00
pespacek	3110c7b340	Changing error codes. ... Change from MBEDTLS_ERR_ERROR_GENERIC_ERROR to MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED where PSA crypto is used. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:07:41 +01:00
PeterSpace	c2774a3ad4	Update library/psa_its_file.c ... Signed-off-by: pespacek <peter.spacek@silabs.com> Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>	2022-02-14 12:24:56 +01:00
Przemyslaw Stekiel	4f419e55a1	ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning) ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel	c0824bfb11	Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement() ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:19:45 +01:00
Przemyslaw Stekiel	6d6aabdb0d	Remove unused function: ssl_tls13_check_ecdh_params() ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel	9e23ddb09d	Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code. ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:13:00 +01:00
Ronald Cron	f6893e11c7	Finalize PSA hash operations in TLS 1.3 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-11 16:10:34 +01:00
Przemyslaw Stekiel	ea859c24b7	Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA ... Generate ECDH private key using psa_generate_key() Export the public part of the ECDH private key using psa_export_public_key() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-11 15:17:05 +01:00
Paul Elliott	00738bf65e	Ensure ctr_drbg is initialised every time ... ctr_drbg is a local variable and thus needs initialisation every time LLVMFuzzerTestOneInput() is called, the rest of the variables inside the if(initialised) block are all static. Add extra validation to attempt to catch this issue in future. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-02-10 18:38:53 +00:00
Przemyslaw Stekiel	b15f33d496	Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3 ... These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-10 15:24:27 +01:00
Gabor Mezei	9607ab4dbd	Prevent function not used compilation error ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-10 10:57:24 +01:00
Gabor Mezei	a3eecd242c	Implement HKDF expand in TLS 1.3 based on PSA HMAC ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-10 10:57:23 +01:00
Glenn Strauss	a941b62985	Create public macros for ssl_ticket key,name sizes ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 15:28:28 -05:00
Glenn Strauss	a950938ff0	Add mbedtls_ssl_ticket_rotate for ticket rotation. ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:15 -05:00
Andrzej Kurek	7db1b78fff	Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO ... Duplicate a test case but with a different expected error due to error translation to and from PSA. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-09 14:13:44 -05:00
Jerry Yu	7840f81303	fix client_auth fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard	62b49cd06a	Merge pull request #5472 from yuhaoth/pr/move-client-auth ... Move client_auth to handshake	2022-02-09 10:57:00 +01:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request ... add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Xiaofei Bai	7c8b6a97b9	Update CertificateRequest skip condition ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 15:21:13 +00:00
Jerry Yu	5c7d1cce97	fix typo error ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 21:08:29 +08:00
Jerry Yu	2d9a694088	change type of client_auth ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 21:07:10 +08:00
pespacek	e990100ddb	BUGFIX: psa_its_set now rejects UID = 0 ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-08 14:05:41 +01:00
pespacek	7599a7744e	X.509: use PSA for hashing under USE_PSA_CRYPTO ... When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than mbedtls_md_xxx. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-08 11:27:42 +01:00
Xiaofei Bai	c234ecf695	Update mbedtls_ssl_handshake_free() and address review comments. ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard	45c5768a74	Merge pull request #5434 from mprse/tls_use_psa ... TLS Cipher: use PSA crypto	2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard	5d6053f548	Fix a typo ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-08 10:26:19 +01:00
Xiaofei Bai	51f515a503	update based on comments ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 07:28:04 +00:00
Jerry Yu	0ff8ac89f5	fix comments issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel	c499e33ed0	ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard	ff229cf639	Add debug message for wrong curve ... The non-PSA path has a debug message here, so let's have a similar one in the PSA case - just add the curve ID to be a bit more informative. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard	422370d633	Improve a comment and fix some whitespace ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel	c8a06feae6	ssl_msg.c: Optimize null/stream cipher decryption/encryption ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel	98ef6dca68	Remove redundant new lines ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel	6928a5164d	Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	8c010eb467	Fix comments, code style, remove debug code ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	6b2eedd25f	ssl_msg.c: add debug code for psa failures ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard	141be6cc7f	Fix missing check on server-chosen curve ... We had this check in the non-PSA case, but it was missing in the PSA case. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	0d63b84fa4	Add mbedtls_ssl_check_curve_tls_id() (internal) ... This can be used to validate the server's choice of group in the PSA case (this will be done in the next commit). Note that new function doesn't depend on ECP_C, as it only requires mbedtls_ssl_get_groups(), which is always available. As a general rule, functions for defining and enforcing policy in the TLS module should not depend on low-level modules but work with TLS-level identifiers are much as possible, and this new function follows that principle. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	3caa0edb9b	Remove dead preprocessor code ... There's no way currently (see below regarding the future) that ECC-based key exchanges are enabled without ECP_C being defined. So, the #if was fully redundant with the checks surrounding the function, as it always evaluated to true. The situation arose as, in the old days (before Mbed TLS 2.0), mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back then) was optional, controlled by its own compile-time option POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by that. When it was made non-optional, a blind s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in stupid situations like this with redundant checks for ECP_C. Note regarding the future: at some point it will be possible to compile with ECC-based key exchanges but without ECP_C. This doesn't change anything to the reasoning above: mbedtls_ssl_check_curve() will be available in all builds where ECC is used; it will just need a new definition (with new guards), but that doesn't change anything for its callers. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	4a0ac1f160	Remove mbedtls_psa_tls_ecpoint_to_psa_ec() ... Same reasons as for the previous commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	58d2383ef4	Remove mbedtls_psa_tls_psa_ec_to_ecpoint() ... Initially this function was doing something because the output format of psa_export_public() didn't match the ECPoint format that TLS wants. Then it became a no-op then the output format of psa_export_public() changed, but it made sense to still keep the function in case the format changed again. Now that the PSA Crypto API has reached 1.0 status, this is unlikely to happen, so the no-op function is no longer useful. Removing it de-clutters the code a bit; while at it we can remove a temporary stack buffer (that was up to 133 bytes). It's OK to remove this function even if it was declared in a public header, as there's a warning at the top of the file saying it's not part of the public API. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard	e5119898e4	Improve a comment ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel	d66387f8fa	Init psa status to PSA_ERROR_CORRUPTION_DETECTED ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel	b97556e8d1	mbedtls_ssl_encrypt/decrypt_buf: remove dead code ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel	f9cd60853f	ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard	9cb7b8d263	Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround ... Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug	2022-02-01 09:21:27 +01:00
Tautvydas Žilys	40fc7da101	Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1. ... Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>	2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel	77aec8d181	Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel	be47ecf5e2	mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel	2c87a200a3	ssl_write_encrypt_then_mac_ext(): adapt to psa crypto ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	89dad93a78	Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	399ed51185	Fix condition in mbedtls_ssl_get_record_expansion ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	e5c2238a99	Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	f57b45660d	Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. ... New function name: mbedtls_ssl_cipher_to_psa(). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	1d714479a3	mbedtls_ssl_get_record_expansion: rework switch statement for psa ... As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	e88477844c	Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version ... mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	221b52791e	ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	9b22c2b1e6	Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	6be9cf542f	Cleanup the code ... Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	d4eab57933	Skip psa encryption/decryption for null cipher ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	ce09e7d868	Use psa_status_to_mbedtls() for psa error case ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	fe7397d8a7	Fix key attributes encrypt or decrypt only (not both) ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	dd7b501c92	Move PSA init after taglen is set ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	e87475d834	Move psa_status_to_mbedtls to ssl_misc.h ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	8398a67e31	Fix description of the translation function ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	1fe065b235	Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	2e9711f766	mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	b37fae122c	mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	76e1583483	Convert psa status to mbedtls ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	11a33e6d90	Use PSA_BITS_TO_BYTES macro to convert key bits to bytes ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ae77b0ab28	mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ffccda45df	ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ce37d11c67	mbedtls_ssl_transform_free(): fix destruction of psa keys ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	8f80fb9b1d	Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	44187d7a3e	Extend mbedtls_ssl_transform struct for psa keys and alg ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	430f337b49	Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Paul Elliott	a9f32fbb21	Merge pull request #5382 from lhuang04/tls13_f_export_keys ... Swap the client and server random for TLS 1.3 f_export_keys	2022-01-28 12:09:19 +00:00
Xiaofei Bai	6d42bb430c	Update mbedtls_ssl_handshake_free() ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard	f7d704dbd2	Avoid dead code in some configurations ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-28 10:05:56 +01:00
Xiaofei Bai	f5b4d25cfa	Add received_sig_algs member to struct mbedtls_ssl_handshake_params ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 06:37:15 +00:00
Jerry Yu	fb28b88e26	move client_auth to handshake ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-28 11:05:58 +08:00
lhuang04	a3890a3427	Swap the client and server random for TLS 1.3 ... Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-01-27 06:00:43 -08:00
XiaokangQian	8499b6ce25	Only free verify_cookie in tls 1.3 case. ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 09:00:11 +00:00
Xiaofei Bai	82f0a9a1db	Rebase and address review comments ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-27 07:53:52 +00:00
XiaokangQian	a909061c2a	Refine HRR parse successfully message in test cases ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 03:48:27 +00:00
XiaokangQian	34909746df	Change cookie free code and some comments ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 02:25:04 +00:00
Tautvydas Žilys	60165d7708	Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug. ... Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>	2022-01-26 15:44:10 -08:00
XiaokangQian	52da558103	Change code base on comments ... Align the alert type in parse_server_hello Remove MBEDTLS_SSL_COOKIE_C guard Enable cookie for both DTLS and TLS1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	aec1f3e913	Cookie fields are used only by DTLS 1.3 ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	b119a35d07	Refine fatal alert in parse_server_hello ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	d59be77ce7	Refine code based on comments ... Add comments for parse hrr key share and cookie Change variable names based on RFC8466 Refine fatal allerts in parse server hello and hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	0ece998287	Refine code in mbedtls_ssl_reset_transcript_for_hrr ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	f1e7d12cb6	Fix compile issues in mbedtls_ssl_session_reset_msg_layer ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	43550bd761	Prepare function to parse hrr cookie extension ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	2b01dc30cb	Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	355e09ae9d	Change code base on comments ... Change functions name Change some comments Improve hrr test case for gnutls Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments ... Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	53f20b71c5	Improve ssl_tls13_parse_server_hello ... Avoid coping random bytes in hrr Send illegal parameter alert when cipher suite mismatch Send illegal parameter alert when supported_version not exist Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	d9e068e10b	Change code based on comments ... Align coding styles Add hrr parameter for ssl_tls13_parse_server_hello Add reset steps for SHA384 in HRR Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	8945db36ab	Reduce paramter hrr from ssl_tls13_parse_server_hello ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	b48894eca4	Add buffer check for named group ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	16acd4b3e4	Reject the second HRR earlier and align naming styles ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	b851da8a44	Re-construct the code to merge hello and hrr based on comments ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	0b56a8f85c	Replace curve_list with group_list and add update test scripts ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	51eff22c9b	Align oode style with server hello parse ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	647719a172	Add hello retry request in client side ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:50:06 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	de3f13e0b8	update based on comments ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	f6d3696eda	fix test failures ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	a0ab777cfc	update based on comments. ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	e1e344213a	Add TLS1.3 process certificate request ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:52 +00:00
Ronald Cron	f51b79c297	Merge pull request #5355 from yuhaoth/pr/remove-duplicate-sig-alg-ext ... Remove duplicate write signature algorithms extension The failure of ABI-API-checking is expected.	2022-01-26 10:05:26 +01:00
Jerry Yu	ed5e9f431d	Change ecdsa sig_algs order for tls1.3 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-26 12:41:12 +08:00
Manuel Pégourié-Gonnard	9d95d81eae	Merge pull request #5359 from hanno-arm/mpi_montmul_remove_dead_code ... Remove redundant write operation in Montgomery multiplication	2022-01-25 13:00:19 +01:00
Jerry Yu	0b994b8061	fix typo error ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 17:22:12 +08:00
Jerry Yu	53037894ab	change the defaut sig_algs order ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	18c833e2eb	fix tls1_2 only sig_algs order issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	f377d644f5	Refactor duplicate check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	6ade743a43	Add mbedtls_printf alias for !PLATFORM_C ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	370e146acb	fix comments issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	909df7b17b	Refactor *_sig_algs tables ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	b476a44fc6	Add static assert check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	971988528d	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	941e07ff02	fix test_no_platform fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1a8b481ce6	Remove duplicated signature algorithm in default settings ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	600ded7ea5	Reserve end tag space at sig_algs_len init. ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	a68dca24ee	move overflow inside loop ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	8afd6e4308	fix typo issues in comments ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	eb821c6916	remove check_sig_hash ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	24811fb2e0	replace check_sig_hash with is_offered ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1bab301c0d	Add signature algorithm supported check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	7ddc38cedb	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	4131ec1260	Add signature algorithm length check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	a69269a711	change sig_algs_len unit to byte ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	713013fa80	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	e12f1ddcfa	fix check names fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	11f0a9c2c4	fix deprecated-declarations error ... replace sig_hashes with sig_alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	6106fdc085	fix build fail without TLS13 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	f017ee4203	merge write sig_alg of tls12 and tls13 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_misc.h	2022-01-25 12:46:17 +08:00
Jerry Yu	1abd1bc22f	Change write_sig_alg_ext of tls12 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	2d0bd32982	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	0e5bcb6bf5	Replace directly access for sig_hashes ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	08e2ceae18	Remove directly access for tls13_sig_algs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	afdfed16d0	add get sig_algs helper function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	18cd43909b	Align signature_algorithms extension name ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite ... Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Dave Rodgman	b032685543	Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc ... mbedtls_pk_parse_key: don't allocate if not needed	2022-01-24 10:03:48 +00:00
Gilles Peskine	6d6d93ea4a	Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup ... Detect invalid tag lengths in psa_aead_setup	2022-01-21 21:46:37 +01:00
Gilles Peskine	fe271b9c92	Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes ... Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly	2022-01-21 21:46:08 +01:00
Andrzej Kurek	f881601c91	Detect invalid tag lengths in psa_aead_setup ... Read tag lengths from the driver and validate against preset values. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-20 07:40:12 -05:00
Manuel Pégourié-Gonnard	d2da19b8eb	Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes ... Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO	2022-01-18 09:16:25 +01:00
Ronald Cron	188ed19456	Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext ... Remove duplicate function for writing supported_groups extension	2022-01-17 09:13:14 +01:00
Andrzej Kurek	63439eda62	Return an error for IV lengths other than 12 with ChaCha20+Poly1305 ... The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-14 16:31:54 +01:00
Andrzej Kurek	33ca6af8a3	Return an error for IV lengths other than 12 with ChaCha20 ... The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard	73839e02a7	Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat ... Reset dhm_P and dhm_G if config call repeated; avoid memory leak	2022-01-14 10:41:06 +01:00
Bence Szépkúti	aa3a6e4ea7	Fix brace placement ... Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-13 16:26:03 +01:00
Bence Szépkúti	39fb9d170b	Rename helper function to psa_aead_check_algorithm ... Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-13 14:33:45 +01:00
Jerry Yu	d491ea4f18	fix comment issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-13 16:15:25 +08:00
Glenn Strauss	8f52690956	Add accessors for ciphersuite info ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-13 00:05:48 -05:00
Jerry Yu	b925f21806	fix comment issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 11:17:02 +08:00
Jerry Yu	f0fede56a6	minor performance improvement ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 10:57:47 +08:00
Jerry Yu	1510cea0f3	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 10:56:49 +08:00
Jerry Yu	3ad14ac9e9	Add named group IANA value check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 17:13:16 +08:00
Jerry Yu	f46b016058	skip some extensions if ephemeral not enabled ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 16:28:00 +08:00
Jerry Yu	63282b4321	Refactor write supported group ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 15:43:53 +08:00
Hanno Becker	bae3023576	Make more use of helper function for init/free of MPI array ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-11 05:06:54 +00:00
Jerry Yu	7f029d8a94	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 11:08:53 +08:00
Przemyslaw Stekiel	2ecfd57b93	psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel	71284eabdb	psa_asymmetric_decrypt: add test driver impl ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel	8d45c00759	psa_asymmetric_decrypt: access the key store and call driver dispatch ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel	234f318bd7	psa_asymmetric_encrypt: move build-in impl to mbedtls_psa_asymmetric_encrypt ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel	b6a6650a64	psa_asymmetric_encrypt: add test driver impl ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel	19e6142214	psa_asymmetric_encrypt: access the key store and call driver dispatch ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Hanno Becker	466df6e713	Introduce helper function for init/free of MPI array ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-10 11:24:42 +00:00
Hanno Becker	ac4d4bc97c	Improve documentation of ECP module ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-09 06:34:04 +00:00
Hanno Becker	ee95f6c4c9	Don't allow Z coordinate being unset in ecp_add_mixed() ... Previously, ecp_add_mixed(), commputing say P+Q, would allow for the Q parameter to have an unset Z coordinate as a shortcut for Z == 1. This was leveraged during computation and usage of the T-table (storing low multiples of the to-be-multiplied point on the curve). It is a potentially error-prone corner case, though, since an MPIs with unset data pointer coordinate and limb size 0 is also a valid representation of the number 0. As a first step towards removing ECP points with unset Z coordinate, the constant time T-array getter ecp_select_comb() has previously been modified to return 'full' mbedtls_ecp_point structures, including a 1-initialized Z-coordinate. Similarly, this commit ... - Modifies ecp_normalize_jac_many() to set the Z coordinates of the points it operates on to 1 instead of freeing them. - Frees the Z-coordinates of the T[]-array explicitly once the computation and normalization of the T-table has finished. As a minimal functional difference between old and new code, the new code also frees the Z-coordinate of T[0]=P, which the old code did not. - Modifies ecp_add_mixed() to no longer allow unset Z coordinates. Except for the post-precomputation storage form of the T[] array, the code does therefore no longer use EC points with unset Z coordinate. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-09 05:52:40 +00:00
Bence Szépkúti	08f34656cb	Return the same error in multipart and single shot AEAD ... psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or psa_aead_decrypt(). The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT in the case that the supplied algorithm is not an AEAD one. Also move these shared checks to a helper function, to reduce code duplication and ensure that the functions remain in sync. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-07 19:36:07 +01:00
Hanno Becker	c27a0e0093	Add more wrappers for ECP MPI operations ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-06 09:21:50 +00:00
Hanno Becker	595616e5cd	Add more wrappers for internal ECP coordinate operations ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-06 05:12:02 +00:00
Hanno Becker	6a28870b1e	Make ecp_select_comb() create valid EC point with Z coordinate set ... ecp_select_comb() did previously not set the Z coordinate of the target point. Instead, callers would either set it explicitly or leave it uninitialized, relying on the (only partly upheld) convention that sometimes an uninitialized Z value represents 1. This commit modifies ecp_select_comb() to always set the Z coordinate to 1. This comes at the cost of memory for a single coordinate, which seems worth it for the increased robustness. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-06 04:46:45 +00:00
Manuel Pégourié-Gonnard	6ced002a69	Count allocs without side-effects ... At the end of the benchmark program, heap stats are printed, and these stats will be wrong if we reset counters in the middle. Also remove the function to reset counters, in order to encourage other programs to behave correctly as well. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-05 10:08:59 +01:00
Hanno Becker	30838868ac	Keep temporaries across iterations of ecp_double_add_mxz() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-05 06:09:42 +00:00
Manuel Pégourié-Gonnard	35415a0c46	Add counter access to memory debug API ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-04 10:23:34 +01:00
Hanno Becker	3b29f2194b	Keep temporaries across iterations of ecp_add_mixed() ... This saves heap operations Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:34:14 +00:00
Hanno Becker	a7f8edd709	Keep temporaries across iterated invocations of ecp_double_jac() ... This reduces the number of heap operations. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:29:46 +00:00
Hanno Becker	28ccb1cc90	Reduce number of local MPIs from 9 to 4 in ecp_double_add_mxz() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:15:14 +00:00
Hanno Becker	376dc89519	Reorder ops in ecp_double_add_mxz() to indicate redundant local MPIs ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:14:07 +00:00
Hanno Becker	0d629791e9	Remove local MPI from ecp_randomize_jac() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:45:49 +00:00
Hanno Becker	885ed403c9	Introduce wrapper for modular squaring ... This paves the way for dedicated squaring implementations. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:43:50 +00:00
Hanno Becker	b8442cd9c6	Remove another local MPI from ecp_normalize_jac_many() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:42 +00:00
Hanno Becker	02a999b91a	Remove local MPI from ecp_normalize_jac_many() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:42 +00:00
Hanno Becker	838b715fcc	Add comment on input/output aliasing in ecp_add_mixed() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:42 +00:00
Hanno Becker	ce29ae84dd	Introduce macro wrappers for ECC modular arithmetic ... This improves readibility and prepares for further changes like the introduction of a single double-width temporary for ECP arithmetic. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:39 +00:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO ... Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Hanno Becker	76f897d699	Reduce number of temporary MPIs in ECP normalization ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-02 12:47:34 +00:00
Hanno Becker	02b35bd00a	Introduce wrapper for modular multiplication with single-width const ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-01 06:54:25 +00:00
Hanno Becker	5c8ea307b8	Reduce number of local MPIs in ECP mixed point addition ... `ecp_add_mixed()` and `ecp_double_jac()` are the core subroutines for elliptic curve arithmetic, and as such crucial for the performance of ECP primitives like ECDHE and ECDSA. This commit provides a very slight simplification and performance and memory usage improvement to `ecp_add_mixed()` by removing the use of three temporary MPIs used for coordinate calculations. Where those variables were used, the code now writes directly to the coordinate MPIs of the target elliptic curve point. This is a valid change even if there is aliasing between input and output, since at the time any of the coordinate MPIs in question is written, the corresponding coordinates of both inputs are no longer read. (The analogous change in `ecp_double_jac()` can not be made since this property does not hold for `ecp_double_jac()`.) Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-01 06:16:16 +00:00
Max Fillinger	0bb38336a5	Add function to get md info from md context ... Signed-off-by: Max Fillinger <max@max-fillinger.net>	2021-12-28 16:32:00 +01:00
Jerry Yu	ffef9c52d4	fix alignment issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-24 22:31:08 +08:00
Hanno Becker	9a83443af2	Remove redundant write operation in Montgomery multiplication ... This commit removes code from the Montgomery multiplication routine `mpi_montmul()` which seems to serve no purpose. Details: `mpi_montmul()` uses a temporary storage `T` for intermediate results which is assumed to be of twice the size as the inputs to be multiplied, and which is used as follows: After the i-th (i=0,1,...) iteration, the n-limb word starting at `T->p + i + 1` contains the Montgomery multiplication of B with the limbs 0,..,i of A, and the variable `d` points to `T->p + i + 1`. In particular, after `n` iterations, `T->p + n` holds the full multiplication (subject to conditional subtraction). As a consequence of this way of using the temporary `T`, the contents of `{T->p, ..., T->p + i}` are irrelevant after the i-th iteration. Nonetheless, the code copies `A[i]` to `T->p[i]` at the end of the i-th iterations, which is redundant and can be removed. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-12-22 11:23:27 +00:00
Jerry Yu	136320ba0b	fix ci fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 17:09:00 +08:00
Jerry Yu	1ea9d10687	fix test_ref_configs build fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 14:52:38 +08:00
Glenn Strauss	cee11296aa	Reset dhm_P and dhm_G if config call repeated ... Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated to avoid leaking memory. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2021-12-20 20:24:56 -05:00
Jerry Yu	1753261083	change write_supported_groups_ext prototype ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:32:09 +08:00
Jerry Yu	9d555ac003	Remove TLS12 version write_supported_group_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:27:58 +08:00
Jerry Yu	7581c11fc7	Remove tls13_write_supported_groups_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:25:41 +08:00
Jerry Yu	ba07342cd6	Add generic write_supported-groups_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:22:15 +08:00
Jerry Yu	b47d0f893e	Replace SUPPORTED_ELLIPTIC_CURVES with SUPPORTED_GROUPS ... According to RFC7919 and RFC8442 , they are same. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 17:38:50 +08:00
Archana	4a9e02632a	Review comments addressed ... * Updated the default argument to create less noise with argument passing. * Reworded ChangeLog to match MbedTLS documentation/ announcement requirements Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 13:37:37 +05:30
Archana	c08248d650	Rename the template file from .conf to .jinja ... Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	e03960e460	Restructure Python script to use argparse and main ... Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:34:59 +05:30
Archana	b32eafff51	Add psa_crypto_driver_wrappers.c to .gitignore ... Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 13:29:10 +05:30
Archana	6f21e45b78	Fix Pylint errors and improve Python script ... Pylint errors are fixed. The Python script is improved to take default arguments when not passed (eg invoked from root of the tree) check-generated-files.sh and CMakeLists.sh updated. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 13:28:59 +05:30
Archana	a8939b6da3	Restructure scripts' folder alignment ... Moved python script generate_driver_wrappers.py under scripts and corresponding template file under script/data_files. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:57:15 +05:30
Archana	1f1a34a226	Rev 1.0 of Driver Wrappers code gen ... The psa_crypto_driver_wrappers.c is merely rendered with no real templating in version 1.0. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:22:06 +05:30
Archana	68eb2ac960	Deleted psa_crypto_driver_wrappers.c ... The file psa_crypto_driver_wrappers.c is deleted to be autogenerated. Updated psa_crypto_driver_wrappers.h, this file only contains the prototypes for the driver wrappers, we don't expect this to be auto generated. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 10:51:52 +05:30
Dave Rodgman	77d778eee2	Merge branch 'development' into mbedtls-3.1.0_merge_into_release	2021-12-17 10:01:53 +00:00
Dave Rodgman	b8c3301b80	Revert "Add generated files" ... This reverts commit 4e62cbc322.	2021-12-17 09:44:04 +00:00
Gilles Peskine	863b96a21b	Add copyright notice to ssl_debug_helpers* ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-16 10:04:58 +01:00
Gilles Peskine	1a1e78fa55	Remove comments indicating that the file was automatically generated ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:58:22 +01:00
Gilles Peskine	923d5c9e3c	Rename ssl_debug_helpers.h ... It's no longer generated, so rename it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:56:54 +01:00
Gilles Peskine	ccbc318fc5	Remove generation of ssl_debug_helpers_generated.h ... It's now under version control and meant to be updated manually. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:55:37 +01:00
Gilles Peskine	09f1ee68b6	Commit header file ... Having an automatically generated header file makes it harder to have working build scripts. The content of ssl_debug_helpers_generated.h isn't likely to change often, so we can update it manually. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:55:33 +01:00
Ronald Cron	4e62cbc322	Add generated files ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 09:02:53 +01:00
Ronald Cron	17b1e2f6c3	Bump version to 3.1.0 ... Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17 + fix of build_info.h Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 09:02:53 +01:00
Ronald Cron	9ed3873905	psa: driver wrapper: cipher: Fix unused variable warning ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-14 18:11:06 +01:00
Ronald Cron	8188d19b0e	Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr	2021-12-14 10:58:18 +01:00
Gilles Peskine	12e27d4c5b	List ssl_debug_helpers_generated.h in generated files ... Running `generate_ssl_debug_helpers.py` generates both `ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`. List the `.h` file as well as the `.c` file in `check-generated-files.sh` so that `check-generated-files.sh -u` will complain if it isn't up to date. List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when to wait until the `.h` file is present. In `Makefile`, declare the `.c` file as depending on the `.h` file for order. This way, a dependency for either will wait until the `.h` file is present, and since the `.h` file is generated after the `.c` file, this guarantees that the `.c` file is present. This fixes random failures of `make -j` from a fresh checkout. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-14 00:19:47 +01:00
Gilles Peskine	32d2a58cc2	Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 ... Zeroize expected MAC/tag intermediate variables	2021-12-13 19:09:30 +01:00
Gilles Peskine	cd74298c83	mbedtls_cipher_check_tag: jump on error for more robustness to refactoring ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 17:01:25 +01:00
Gilles Peskine	a5c18512b9	Merge pull request #5155 from paul-elliott-arm/pcks12_fix ... Fixes for pkcs12 with NULL and/or zero length password	2021-12-13 14:52:36 +01:00
Gilles Peskine	a4174312da	Initialize hash_len before using it ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 14:38:40 +01:00
Gilles Peskine	14d5fef6b7	PKCS#1v1.5 signature: better cleanup of temporary values ... Zeroize temporary buffers used to sanity-check the signature. If there is an error, overwrite the tentative signature in the output buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:37:55 +01:00
Gilles Peskine	f0fd4c3aee	mbedtls_ssl_parse_finished: zeroize expected finished value on error ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:36:15 +01:00
Gilles Peskine	c2f7b75a71	mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:35:08 +01:00
Gilles Peskine	60aebec47e	PSA hash verification: zeroize expected hash on hash mismatch ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:33:18 +01:00
Gilles Peskine	e7835d92c1	mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:32:43 +01:00
Dave Rodgman	050ad4bb50	Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac ... Check HMAC return values	2021-12-13 10:51:27 +00:00
Gilles Peskine	ecf6bebb9c	Catch failures of md_hmac operations ... Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that their return values should be checked. Do check the return values in our code. We were already doing that everywhere for hash calculations, but not for HMAC calculations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 15:00:57 +01:00
Gilles Peskine	d5ba50e239	Zeroize local MAC variables ... Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption, this is just good hygiene but probably not needed for security since the data protected by the MAC that could leak is about to be transmitted anyway. In DTLS decryption, this could be a security issue since an adversary could learn the MAC of data that they were trying to inject. At least with encrypt-then-MAC, the adversary could then easily inject a datagram with a corrected packet. TLS would still be safe since the receiver would close the connection after the bad MAC. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 14:59:45 +01:00
Gilles Peskine	0ca219575a	mbedtls_pk_parse_key: don't allocate if not needed ... mbedtls_pk_parse_key() makes a temporary copy of the key when it calls pk_parse_key_pkcs8_encrypted_der(), because that function requires a writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an empty password, so skip calling it in that case, which allows us to skip the allocation as well. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-10 17:36:37 +01:00
Ronald Cron	db6adc5aad	ssl: Fix some compilation guards for TLS 1.3 signature algorithms ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 14:25:35 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 ... As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Dave Rodgman	76a2b306ac	Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated ... Add debug helpers generated	2021-12-10 11:56:55 +00:00
Manuel Pégourié-Gonnard	4525cce691	Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done ... TLS1.3 MVP: Erase secrets when they are not necessary anymore.	2021-12-10 12:48:25 +01:00
Ronald Cron	6b07916e40	Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client ... Add initial support for "Middlebox Compatibility Mode"	2021-12-10 11:58:05 +01:00
Jerry Yu	a5563f6115	move position of base_key init ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 18:14:36 +08:00
Jerry Yu	b737f6a9be	move base_key init ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 17:55:59 +08:00
Ronald Cron	574ace48d8	Remove unnecessary blank line ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 10:27:25 +01:00
Jerry Yu	9c07473ebc	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 17:12:43 +08:00
Jerry Yu	889b3b76da	fix clang build fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:57:45 +08:00
Jerry Yu	d05e1cec4b	fix build fail on check_* ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:03 +08:00
Jerry Yu	e6369b0061	fix test_cmake_as_package fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:03 +08:00
Jerry Yu	eb96fb508e	Add cmake generator ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:03 +08:00
Jerry Yu	e3b3412bc4	Add tests for enum helper ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:45:52 +08:00
Jerry Yu	e78ee99624	add enum value to string helpers ... Only add helpers for enum in `ssl.h`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:43:30 +08:00
Jerry Yu	4a2fa5d0aa	Move erase handshake secrets ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:37:14 +08:00
Jerry Yu	27224f58be	fix coding style issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	5132771f5f	Revert "fix possible security leak for counter" ... This reverts commit 8aab77e11e2aebec09dc9d682b16373771471fe0. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	7ca3054795	move zerioize tls13_hs_secrets ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	23ab7a46a3	move zeroize master secrets ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	2c70a39d97	move zeroize randbytes ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	bdfd01835a	fix compile break after merge ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	a986e9faac	Clean handshake secrets ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	d103bdb01d	Clean randbytes ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	745db226db	fix possible security leak for counter ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Gilles Peskine	d5b2a59826	Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm ... PSA Multipart AEAD CCM Internal implementation and tests.	2021-12-09 14:49:42 +01:00
Ronald Cron	d4c64027a5	tls13: Move state transition after sending CCS to ssl_tls13_client.c ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	49ad6197ca	Add injection of dummy's ChangeCipherSpec for middlebox compatibility ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	7e38cba993	Add incoming ChangeCipherSpec filtering in TLS 1.3 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard	c38c1f2411	Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 ... Reorder structure fields to maximize usage of immediate offset access	2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard	d7d740eb6e	Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions ... Move base64 constant-time functions to the new module	2021-12-09 12:40:18 +01:00
Manuel Pégourié-Gonnard	b873577fc3	Merge pull request #5240 from duckpowermb/development ... [session] fix a session copy bug	2021-12-09 09:23:23 +01:00
Gilles Peskine	cfe74a37b9	mbedtls_ssl_handshake_params: move ecrs_ctx back further ... "mbedtls_ssl_handshake_params: reorder fields to save code size" moved this filed earlier along with byte-sized fields that should be in the 128-element access window on Arm Thumb. This took away precious room in the 128-byte window. Move it back further out. Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2860 -> 2816 (diff: 44) library/ssl_msg.o: 3080 -> 3076 (diff: 4) library/ssl_srv.o: 3340 -> 3300 (diff: 40) library/ssl_tls.o: 6546 -> 6478 (diff: 68) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-08 18:38:51 +01:00
Gilles Peskine	41139a2541	mbedtls_ssl_handshake_params: move group_list earlier to save code size ... Placing group_list earlier seems to help significantly, not just as a matter of placing it in the 128-element (512-byte) access window. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19559 -> 19551 (diff: 8) library/ssl_msg.o: 24690 -> 24674 (diff: 16) library/ssl_srv.o: 20418 -> 20406 (diff: 12) library/ssl_tls.o: 20555 -> 20519 (diff: 36) library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4) library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4) Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2864 -> 2860 (diff: 4) library/ssl_tls.o: 6566 -> 6546 (diff: 20) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-08 18:26:55 +01:00
Ronald Cron	1865585eab	Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases ... TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests	2021-12-08 14:56:39 +01:00
Manuel Pégourié-Gonnard	5d9f42200f	Merge pull request #861 from ronald-cron-arm/fix-aead-nonce ... psa: aead: Fix invalid output buffer usage in generate_nonce()	2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard	39c2aba920	Merge pull request #849 from ronald-cron-arm/fix-cipher-iv ... Avoid using encryption output buffer to pass generated IV to PSA driver	2021-12-08 13:30:06 +01:00
Gilles Peskine	392113434a	Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x ... Forward port to 3.x: Introduce PSA test driver library to test PSA configuration	2021-12-07 12:52:20 +01:00
Ronald Cron	0b4d12313a	Remove assertion on local nonce buffer size ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-07 10:45:00 +01:00
Ronald Cron	a393619dc2	Change test on local nonce buffer size to an assertion ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-07 09:25:20 +01:00
Dave Rodgman	351c71b7f2	Fix builds when config.h only defines MBEDTLS_BIGNUM_C ... Fixes #4929 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-06 17:50:53 +00:00
Jerry Yu	6eaa41c15e	Fix overflow error ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00