11079 commits

Author	SHA1	Message	Date
Jerry Yu	ffa1582793	move get_extension mask ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	9872eb2d69	change return type for unexpected extension ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	43ff252688	Remove unnecessary checks. ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	d15992d3ce	fix wrong setting of unrecognized ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	6ba9f1c959	Add extension check for NewSessionTicket ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	2c5363e58b	Add extension check for ServerHello and HRR ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	2eaa76044b	Add extension check for Certificate ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	c55a6af9eb	Add extensions check for CertificateRequest ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	cbd082f396	Add extension check for EncryptedExtensions ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	e18dc7eb9a	Add forbidden extensions check for ClientHello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	471dee5a12	Add debug helpers to track extensions ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	def7ae4404	Add auth mode check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-30 17:57:06 +08:00
Nick Child	5f39767495	pkcs7: Fix imports ... Respond to feedback about duplicate imports[1] and new import style [2]. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 12:38:41 -05:00
Nick Child	bb82ab764f	pkcs7: Respond to feeback on parsing logic ... After recieving review on the pkcs7 parsing functions, attempt to use better API's, increase consisitency and use better documentation. The changes are in response to the following comments: - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1] - make lack of support for authenticatedAttributes more clear [2] - increment pointer in pkcs7_get_content_info_type rather than after [3] - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 12:28:54 -05:00
Glenn Strauss	7db3124c00	Skip asn1 zeroize if freeing shallow pointers ... This skips zeroizing additional pointers to data. (Note: actual sensitive data should still be zeroized when freed.) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00
Glenn Strauss	a4b4041219	Shared code to free x509 structs ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00
Nick Child	73621ef0f0	pkcs7: Improve verify logic and rebuild test data ... Various responses to feedback regarding the pkcs7_verify_signed_data/hash functions. Mainly, merge these two functions into one to reduce redudant logic [1]. As a result, an identified bug about skipping over a signer is patched [2]. Additionally, add a conditional in the verify logic that checks if the given x509 validity period is expired [3]. During testing of this conditional, it turned out that all of the testing data was expired. So, rebuild all of the pkcs7 testing data to refresh timestamps. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 11:24:25 -05:00
Ronald Cron	04e2133f45	Merge pull request #6482 from ronald-cron-arm/tls13-misc ... TLS 1.3: Update documentation for the coming release and misc	2022-10-28 11:09:03 +02:00
Gilles Peskine	75c4eaf1f8	Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak ... Fix a timing leak in ecp_mul_mxz()	2022-10-27 19:46:48 +02:00
Minos Galanakis	4d4c98b1b9	bignum_mod: mbedtls_mpi_mod_modulus_setup() refactoring. ... This patch addresses more review comments, and fixes a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 17:47:26 +01:00
Minos Galanakis	771c47055f	bignum_mod: Style changes ... This patch addresses review comments with regards to style of `mbedtls_mpi_mod_modulus_setup/free()`. It also removes a test check which was triggering a use-after-free. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 12:36:24 +01:00
Minos Galanakis	8b33363315	bignum_mod: Updated modulus lifecycle with mm and rr. ... This patch updates the `mbedtls_mpi_mod_modulus_setup/free()` methods to precalculate mm and rr(Montgomery const squared) during setup and zeroize it during free. A static `set_mont_const_square()` is added to manage the memory allocation and parameter checking before invoking the `mbedtls_mpi_core_get_mont_r2_unsafe()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 11:43:54 +01:00
Minos Galanakis	760f5d6b6b	bignum_mod: Updated mbedtls_mpi_mod_modulus_setup/free with new fields ... At the current state, those fields are initialised to 0, NULL. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 11:43:54 +01:00
Hanno Becker	cd860dfe02	bignum_mod: Added Montgomery constants ... This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 11:43:54 +01:00
Gilles Peskine	9603daddaa	Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add ... Bignum: extract core_add from the prototype	2022-10-27 11:25:27 +02:00
Ronald Cron	77e15e8a2c	Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory ... Internal and Open CI merge job ran successfully. Good to go.	2022-10-27 10:40:56 +02:00
Gilles Peskine	88f5fd9099	Merge pull request #6479 from AndrzejKurek/depends-py-no-psa ... Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts	2022-10-26 20:02:57 +02:00
Gilles Peskine	d4d080b41b	Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared ... Bignum: Added pre-calculation of Montgomery constants	2022-10-26 14:28:16 +02:00
Ronald Cron	4f7feca0dc	Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup ... The Open CI ran successfully thus I think we can ignore the internal CI.	2022-10-26 14:27:54 +02:00
Xiaokang Qian	72dbfef6e4	Improve coding styles ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-26 06:33:57 +00:00
Ronald Cron	eac00ad2a6	tls13: server: Note down client not being authenticated in SSL context ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 20:02:03 +02:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 ... Fix unusual macros	2022-10-25 19:55:29 +02:00
Ronald Cron	a709a0f2c6	tls13: Declare PSK ephemeral key exchange mode first ... In the PSK exchange modes extension declare first PSK ephemeral if we support both PSK ephemeral and PSK. This is aligned with our implementation giving precedence to PSK ephemeral over pure PSK and improve compatibility with GnuTLS. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 19:05:26 +02:00
Tom Cosgrove	6469fdfb0a	Fix whitespace issue spotted in review ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Tom Cosgrove	82f131063a	Update documentation following review comment ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Tom Cosgrove	af7d44b4d2	Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Hanno Becker	c98871339d	Extract MPI_CORE(add) from the prototype ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Minos Galanakis	a081c51cd3	Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg ... Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	51d638baf6	bignum_core: Style update ... 'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const keyword to match the style of the rest of the module. Documentation is also updated to remove `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	ae4fb671b4	mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking ... Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	b85506e250	bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe ... Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:23 +01:00
Minos Galanakis	4f43f61c6a	Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe ... Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:23 +01:00
Hanno Becker	ec440f2397	bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype ... Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:08:08 +01:00
David Horstmann	3a334c2edc	Minor improvements to ssl_tls12_server.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:53:44 +01:00
David Horstmann	7aee0ec0ba	Minor improvements in ssl_client.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:38:25 +01:00
David Horstmann	6e11687ba5	Minor improvements to ecp.c changes ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:32:08 +01:00
David Horstmann	9b0eb90131	Rename ARIA_SELF_TEST_IF_FAIL ... Change to ARIA_SELF_TEST_ASSERT Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:23:34 +01:00
David Horstmann	059848ff23	Minor changes to asn1write.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:16:45 +01:00
Gilles Peskine	e5a715e8c0	Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r ... Bignum core: shift_r	2022-10-25 10:40:39 +02:00
Xiaokang Qian	72de95dcf5	Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 05:34:25 +00:00
Xiaokang Qian	600804b0e7	Remove useless early data related macros for the time being ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 03:00:18 +00:00
Xiaokang Qian	54413b10c2	Add early data support preparatory work ... Add MBEDTLS_SSL_EARLY_DATA configuration option Define early_data_enabled field in mbedtls_ssl_config Add function mbedtls_ssl_conf_early_data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 03:00:18 +00:00
Andrzej Kurek	409248a73a	mbedtls_ssl_get_handshake_transcript is unusable without hashes ... Mark unused variables when compiling without SHA256 and SHA384. In future a proper dependency will be added to TLS 1.2 to enforce either of these hashes to be on. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:56:10 -04:00
Andrzej Kurek	57d1063db9	Fix tls_prf generic dependencies ... One version was already surrounded by the USE_PSA define, so the VIA_XX_OR_XX macros were removed; Second version is when USE_PSA is undefined, so MBEDTLS_ macros can be used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:56:10 -04:00
Andrzej Kurek	468c50656e	Fix key exchange dependencies for ssl_parse_server_ecdh_params ... Resulting from particular configs in which this code is used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:55:18 -04:00
Ronald Cron	083da8eb53	tls13: client: Improve coding style ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	a2900bcd1e	tls13: keys: Simplify code guard ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	766c0cdb1f	tls13: Add missing kex guards ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	82be0d4b4d	tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	de08cf3543	tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ... Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	73fe8df922	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED ... Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	e68ab4f55e	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED ... Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	41a443a68d	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED ... Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard code specific to one of the TLS 1.3 key exchange mode with PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	928cbd34e7	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED ... Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard code specific to the TLS 1.3 ephemeral key exchange mode. Use it also for the dependencies of TLS 1.3 only tests relying on ephemeral key exchange mode, but for tests in tls13-kex-modes.sh where the change is done later using all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Gilles Peskine	abc6fbb8d7	Fix brief description ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-21 18:36:31 +02:00
Ronald Cron	d29e13eb1b	tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	2a87e9bf83	tls: Align set and usage check for PSK ... Check that the identity length is not zero in ssl_conf_set_psk_identity() as it is done in mbedtls_ssl_conf_has_static_psk(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	fa1e04a7c4	tls13: keys: Fix PSK build only case ... When deriving the handshake stage master secret, in the case of a PSK only build, the only possible key exchange mode is PSK and there is no ephemeral key exchange shared secret in that case. Thus do not error out in that case in the first phae of the derivation dedicated to the shared secret. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	9a6a49c7cb	tls13: keys: Fail if the group type is not ECDHE or DHE ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	b15d4d8966	tls13: keys: Fix error code ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	3b056202d3	tls13: keys: Do not use handshake->premaster ... `handshake->premaster` was used to store the (EC)DHE shared secret but in TLS 1.3 there is no need to store it in a context. Futhermore, `handshake->premaster` and more specifically its sizing is TLS 1.2 specific thus better to not use it in TLS 1.3. Allocate a buffer to store the shared secret instead. Allocation instead of a stack buffer as the maintenance of the size of such buffer is harder (new elliptic curve for ECDHE, support for FFDHE ... ). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	4c7edb2b9b	tls13: keys: Fix indentation ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	831fee68c3	tls13: keys: Avoid input buffer copy ... In mbedtls_ssl_tls13_evolve_secret() avoid to copy the input buffer into a local buffer as the copy is avoidable. This also fixes a potential overflow as the size of the local buffer was not checked when copying into it. With the current calls to mbedtls_ssl_tls13_evolve_secret() no buffer overflow was expected to happen though. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Manuel Pégourié-Gonnard	45c6792faf	Merge pull request #6385 from AndrzejKurek/depends-py-reloaded ... Unified tests/scripts/depends.py - reloaded	2022-10-21 10:17:58 +02:00
Gilles Peskine	c279b2fa4a	Move mbedtls_mpi_core_shift_r to the proper source file ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-20 11:40:15 +02:00
Gilles Peskine	6641420951	Bignum core: Break shift_r function out of the classic shift_r ... This commit contains the function prototype for mbedtls_mpi_core_shift_r, and the implementation minimally modified from mbedtls_mpi_shift_r. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-20 11:40:15 +02:00
Gilles Peskine	4281ae0bd2	Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions ... Spell out bignum core conventions	2022-10-19 15:53:33 +02:00
Gilles Peskine	db2996357c	Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum ... Bignum: Add safe conditional assign and swap for the new MPI types	2022-10-19 15:51:19 +02:00
Andrzej Kurek	9387b7b34e	Add a temporary solution to create a seedfile ... This caused problems if a config with SHA512 was compiled after a config without it and the seedfile did not contain enough data. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	c610e7402e	Formatting & unnecessary (void) fixes ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	ecb630925f	Fix constant name in ssl_tls13_keys ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	e5a5cc1944	Remove the dependency of tls1_3 key evolution tests on curve25519 ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	eabeb30c65	Fix SHA512 vs SHA384 dependencies ... When building SHA512 without SHA384, there are some code paths that resulted in unused variables or usage of undefined code. This commit fixes that. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	c19fb08dd3	Add missing ECDH dependency in tls 1.3 client ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	68327748d3	Add missing dependencies ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	46a987367c	Formatting fix ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	084334c8f2	Compile constant time masking and hmac if there are suites using MAC ... This is used in TLS 1.2 authentication with NULL cipher, when there are no TLS_CBC suites. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	2d59dbc032	Use TLS prf only if TLS 1.2 is compiled in ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	894edde991	Add tls prf handling when there's no SHA256 or SHA384 ... Return a null prf function pointer and check for it when populating transform. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	252283f2aa	Fix missing cipher mode dependencies ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
David Horstmann	078250eb56	Fix incorrect return style ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-18 18:11:13 +01:00
David Horstmann	178ec96c89	Remove unnecessary NULL assignments ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-18 18:09:30 +01:00
David Horstmann	11307a1933	Clarify wording on allocation ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-17 18:10:23 +01:00
Aditya Deshpande	cfb441d5ee	Fix spacing and formatting ... Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-10-17 15:17:30 +01:00
Gilles Peskine	8874cd570e	Merge pull request #4826 from RcColes/development ... Add LMS implementation	2022-10-14 18:33:01 +02:00
Aditya Deshpande	40c05cc8e4	Newlines at end of file + trim trailing whitespace ... Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-10-14 16:46:51 +01:00
Aditya Deshpande	17845b8f71	Add driver wrapper function for raw key agreement, along with test call for transparent drivers. ... Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-10-14 16:46:00 +01:00
Gilles Peskine	dcd1717f5f	Forbid aliasing outputs ... Aliasing between two outputs is hardly ever useful. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-14 17:15:21 +02:00
Gabor Mezei	4086de667d	Fix documentation ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-14 16:29:42 +02:00
Manuel Pégourié-Gonnard	b3c30907d6	Merge pull request #6383 from mprse/aead_driver_test ... Enable testing of AEAD drivers with libtestdriver1	2022-10-14 11:11:01 +02:00
Raef Coles	1951259a10	Update how lms.c imports platform.h ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 16:47:13 +01:00
Ronald Cron	49e4184812	Merge pull request #6299 from xkqian/tls13_add_servername_check ... Add server name check when proposing pre-share key	2022-10-13 16:00:59 +02:00
Raef Coles	cbd02adc6e	Simplify LMS context freeing ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:32 +01:00
Raef Coles	45c4ff93c9	Fix windows requiring explicit cast in LMS calloc ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:14 +01:00
Raef Coles	142e577c34	Add extra zeroization to LMS and LMOTS ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:03 +01:00
Raef Coles	9fc303a99a	Add extra LMOTS import negative tests ... And fix failures that are related to the new tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:30:01 +01:00
Raef Coles	4829459c90	Validate LMOTS sig length before parsing type ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:47 +01:00
Raef Coles	285d44b180	Capitalize "Merkle" in LMS and LMOTS code ... As it is a proper noun Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:43 +01:00
Raef Coles	faf59babe8	Make LMS verification return VERIFY_FAILED more ... To align with PSA error code rules on when VERIFY_FAILED is returned vs INVALID_ARGUMENT Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:42 +01:00
Raef Coles	fbd60ec775	Change LMS and LMOTS init functions to use memset ... Instead of zeroize Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:40 +01:00
Raef Coles	9b0daf60fb	Improve LMS private function warning ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:38 +01:00
Raef Coles	f6cb5a4826	Fix LMS return statements having incorrect style ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:35 +01:00
Raef Coles	75b4c7790e	Fix LMS internal function documentation ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:34 +01:00
Raef Coles	d48f7e90bb	Allocate LMS C_RANDOM_VALUE as hash size ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:32 +01:00
Raef Coles	1fb2f32ef5	Check LMS offsets are sane at runtime ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:31 +01:00
Raef Coles	e34e3c0e59	Remove unneeded cast in LMS calloc ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:30 +01:00
Raef Coles	370cc43630	Make LMS public key export part of public key api ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:28 +01:00
Raef Coles	e89488debf	Fix bug in LMS public key loading ... To avoid using the type before it is parsed from the signature Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:27 +01:00
Raef Coles	3f6cdd7aab	Fix LMS not checking RNG function return value ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:24 +01:00
Raef Coles	02cf8234b4	Fix ots sig length check in LMS validate function ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:22 +01:00
Raef Coles	f36874a535	Fix error type of lms_import_public_key ... Was returning an incorrect error when bad public key sizes were input Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:21 +01:00
Raef Coles	dc8fb79e09	Simplify LMS private key generation error handling ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:20 +01:00
Raef Coles	be3bdd8240	Rename LMS and LMOTS init/free functions ... To match convention Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:18 +01:00
Raef Coles	29117d2e4e	Update LMS PSA error conversion ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:17 +01:00
Raef Coles	be0c2f9183	Update LMS local variable allocation ... To use a default failure value, and to avoid a call to psa_hash_operation_init() Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:15 +01:00
Raef Coles	2ac352a322	Make LMS functions args const where required ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:14 +01:00
Raef Coles	5127e859d7	Update LMS and LMOTS dependency macros ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:11 +01:00
Raef Coles	56fe20a473	Move MBEDTLS_PRIVATE required defines into lms.h ... From lmots.h, as it is a private header Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:10 +01:00
Raef Coles	ab300f15e8	Move public header content from lmots.h to lms.h ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:08 +01:00
Raef Coles	0b7da1b787	Fix overflow in LMS context init ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:03 +01:00
Raef Coles	57d5328ad5	Remove MBEDTLS_LM(OT)S prefix from internal macros ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:29:00 +01:00
Raef Coles	ad05425ab7	Update naming of internal LMS functions ... To comply with the mbedtls_ requirement Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:59 +01:00
Raef Coles	40158e11fc	Add LMOTS test hook to header ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:58 +01:00
Raef Coles	3982040232	Fix LMS zeroization using wrong sizeof type ... Causing a buffer write out of bounds Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:55 +01:00
Raef Coles	98d6e22050	Remove doxygen markup from internal LMS functions ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:54 +01:00
Raef Coles	40f184c83e	Cast LMS allocation sizes to size_t ... To prevent implict casting errors on 64-bit platforms Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:52 +01:00
Raef Coles	1310ecb389	Update LMOTS function documentation ... To avoid CI failure Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:51 +01:00
Raef Coles	9c9027b1a4	Add extra LMS and LMOTS tests ... NULL-message and LMOTS signature leak tests Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:50 +01:00
Raef Coles	fa24f9d6ea	Minor fixes to LMS and LMOTS macros ... Update some names, use the correct macro in certain places. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:48 +01:00
Raef Coles	0a967ccf9a	Document LMS and LMOTS internal functions ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:47 +01:00
Raef Coles	8738a49d0c	Fix iterator types in LMOTS ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:45 +01:00
Raef Coles	e0a17610d1	Fix LMS/LMOTS if-statement style ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:41 +01:00
Raef Coles	9b88ee5d5d	Fix LMS and LMOTS coding style violations ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:40 +01:00
Raef Coles	366d67d9af	Shorted LMS and LMOTS line-lengths ... To attempt to comply with the 80-char suggestion Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:38 +01:00
Raef Coles	e9479a0264	Update LMS API to support multiple parameter sets ... Parameterise macros to allow variation of sizes Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:36 +01:00
Raef Coles	ab4f87413a	Add MBEDTLS_LMS_PRIVATE define ... To enable private key operations Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:35 +01:00
Raef Coles	ebd35b5b80	Rename LMS internal tree-manipulation functions ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:31 +01:00
Raef Coles	891c613f31	Update LMOTS signature use of temporary variables ... Document them properly, and move random value to a temporary variable Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:29 +01:00
Raef Coles	0c88d4e447	Remove superfluous casts in LMS and LMOTS ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:28 +01:00
Raef Coles	f5632d3efc	Remove MBEDTLS_PRIVATE usage from LMS and LMOTS ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:27 +01:00
Raef Coles	01c71a17b3	Update LMS and LMOTS api ... Fix function names and parameters. Move macros to be more private. Update implementation. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:25 +01:00
Raef Coles	c8f9604d7b	Use PSA hashing for LMS and LMOTS ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:23 +01:00
Raef Coles	7dce69a27a	Make LMOTS a private api ... Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:22 +01:00
Raef Coles	8ff6df538c	Add LMS implementation ... Also an LM-OTS implementation as one is required for LMS. Signed-off-by: Raef Coles <raef.coles@arm.com>	2022-10-13 14:28:15 +01:00
Manuel Pégourié-Gonnard	02f82bbfa9	Fix MSVC warning ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-13 13:32:02 +02:00
Manuel Pégourié-Gonnard	f155ab9a91	Abort on errors when we should ... We're not strictly required to abort, but at least to leave the context is an invalid state. For "late" functions like input() and output(), calling abort() is the easiest way to do that. Do it systematically for input() and output() by using a wrapper. psa_pake_get_implicit_key() was already doing it. For "early" function, we can just leave the operation in its current state which is already invalid. Restore previous tests about that. Not adding systematic tests, though, just test the two functions that are the most important, and more likely to return errors. Since we now abort in more cases, we need to make sure we don't invalidate the operation that's going to be re-used later in the test. For that reason, use a copy of the operation for calls to input() and output() that are expected to return errors. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-13 13:20:31 +02:00
Gilles Peskine	0fe6631486	Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 ... Include platform.h unconditionally	2022-10-13 10:19:22 +02:00
Xiaokang Qian	28af501cae	Fix the ticket_lifetime equal to 0 issue ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-13 08:18:19 +00:00
Xiaokang Qian	126bf8e4d7	Address some comments ... Delete reference immediately after shallow copy Fix format issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-13 02:57:15 +00:00
Xiaokang Qian	997669aeeb	Fix heap use-after-free corruption issue ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 14:30:27 +00:00
Xiaokang Qian	307a7303fd	Rebase and replace session_negotiate ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:14:32 +00:00
Xiaokang Qian	baa4764d77	Fix typo issues ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	8730644da1	Move ticket and hostname set code just after shallow-copy ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	ed3afcd6c3	Fix various typo and macro guards issues ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	ed0620cb13	Refine code base on comments ... Move code to proper macro guards protection Fix typo issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	03409290d2	Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	d7adc374d3	Refine the server name compare logic ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	a3b451f950	Adress kinds of comments base on review ... Rename function name to mbedtls_ssl_session_set_hostname Add two extra check cases for server name Fix some coding styles Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	2f9efd3038	Address comments base on review ... Change function name to ssl_session_set_hostname() Remove hostname_len Change hostname to c_string Update test cases to multi session tickets Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:49 +00:00
Xiaokang Qian	bc663a0461	Refine code based on commnets ... Change code layout Change hostname_len type to size_t Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:01 +00:00
Xiaokang Qian	adf84a4a8c	Remove public api mbedtls_ssl_reset_hostname() ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:05:11 +00:00
Xiaokang Qian	be98f96de2	Remove useless hostname check in server side ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	6af2a6da74	Fix session save-load overflow issue ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	ecd7528c7f	Address some comments ... Hostname_len has at least one byte Change structure serialized_session_tls13 Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	281fd1bdd8	Add server name check when proposeing pre-share key ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:41 +00:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types ... Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Jerry Yu	c79742303d	Remove unnecessary empty line and fix format issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 21:22:33 +08:00
Jerry Yu	22c18c1432	Add NULL check in prepare hello ... `session_negotiate` is used directly in `ssl_prepare_client_hello` without NULL check. Add the check in the beggining to avoid segment fault. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 18:07:19 +08:00
Jerry Yu	c2bfaf00d9	fix wrong typo ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 18:07:19 +08:00
Jerry Yu	4f77ecf409	disable session resumption when ticket expired ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 22:10:08 +08:00
Jerry Yu	03aa174d7c	Improve test message and title ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:48:37 +08:00
Jerry Yu	6916e70521	fix various issues ... - adjust guards. Remove duplicate guards and adjust format. - Return success at function end. Not `ret` - change input len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:33:51 +08:00
Jerry Yu	21092062f3	Restrict cipher suite validation to TLS1.3 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:21:31 +08:00
Gabor Mezei	d7edb1d225	Initialize variable ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 14:32:09 +02:00
Gabor Mezei	e9c013c222	Handle if parameters are alised ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-10 14:26:57 +02:00
Przemek Stekiel	88ade84735	psa_aead_setup: remove redundant tag length check ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-08 17:56:18 +02:00
Przemek Stekiel	6ab50762e0	psa_aead_setup: validate tag length before calling driver setup ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-08 17:54:30 +02:00
Jerry Yu	a99cbfa2d3	fix various issues ... - rename function and variable - change signature of `ssl_tls13_has_configured_psk` - remove unnecessary statements - remove unnecessary local variables - wrong variable initial value - improve output message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:47 +08:00
Jerry Yu	40afab61a8	Add ciphersuite check in set_session ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:43 +08:00
Jerry Yu	21f9095fa8	Revert "move ciphersuite validation to set_session" ... This reverts commit 19ae6f62c7. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:35:34 +08:00
Jerry Yu	379b91a393	add ticket age check ... Remove ticket if it is expired. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 10:21:15 +08:00
David Horstmann	91e20a0580	Refactor macro-spanning ifs in ecdh.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	fc735dffd6	Refactor macro-spanning ifs in ecp.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	8a7629fd0f	Refactor macro-spanning if in asn1write.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	2788f6b668	Refactor macro-spanning if in sha512.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	687262ca7d	Refactor macro-spanning if in sha256.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	21b89761f8	Refactor macro-spanning if in ssl_tls13_server.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	10be134d8e	Refactor macro-spanning if in ssl_msg.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	4a28563e84	Refactor macro-spanning ifs in ssl_client.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:42 +01:00
David Horstmann	e0af39a2ef	Refactor macro-spanning ifs in ssl_tls12_server.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-07 14:08:36 +01:00
Przemek Stekiel	86679c7bd8	psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-07 08:24:19 +02:00
Jerry Yu	4a698341c9	Re-org selected_identity parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	6183cc7470	Re-org binders writer ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	f75364bee1	Re-organize identities writer ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	8b41e893a2	fix various issues ... - Re-order code and comments - move comment above `write_identities` - move `write_binder` above `write_identities`. - Add has_{psk,identity} into {ticket,psk}_get_{psk,identity} - rename `*_session_tickets_*` to `_ticket_` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	19ae6f62c7	move ciphersuite validation to set_session ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	25ab654781	Add dummy ticket support ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	b300e3c5be	add selected_identity parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	1a0a0f4416	Add binders writer ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	f7c125917c	Add identites writer ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	0c6105bc9e	empty pre_shared_key functions ... To easy review Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Jerry Yu	8897c07075	Add server only guards for psk callback ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
David Horstmann	b21bbef061	Refactor macro-spanning if in ssl_tls12_client.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 18:00:51 +01:00
David Horstmann	3b2276a439	Refactor macro-spanning ifs in ssl_tls.c ... Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 17:59:57 +01:00
Przemek Stekiel	8a05a646f4	Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-06 17:01:58 +02:00
Przemek Stekiel	ff1efc9a84	psa_aead_check_nonce_length: Fix unused variable warining ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-06 16:53:47 +02:00
David Horstmann	0763ccf04f	Refactor ARIA_SELF_TEST_IF_FAIL macro ... Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly. Currently it expands to the body of an if statement, which causes problems for automatic brace-addition for if statements. Convert the macro to a function-like macro that takes the condition as an argument and expands to a full if statement inside a do {} while (0) idiom. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 14:32:30 +01:00
Manuel Pégourié-Gonnard	0771d41584	Fix missing length check ... There was a check against the remaining size of the buffer, which used to be correct, but was broken two commits ago when we started not just copying the input but also adding to it. Replace it with a check that the input length is not greater that what's expected for this step. This guarantees we won't overflow the internal buffer. While at it, add an explicit cast to uint8_t when writing the length to the buffer, so silence an MSVC warning. This cast is safe because we checked that the length is no larger than 65 or 32 (depending on the step), so in any case is fits in one byte. This was found because some lengths had not been adjusted in the test suite, and instead of failing cleanly, library code performed buffer overflows. I'll fix the tests in the next commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-06 09:30:34 +02:00
Manuel Pégourié-Gonnard	79617d99ae	Fix namespacing issue ... This macro is specific to the Mbed TLS implementation and not part of the public API, so it shouldn't used the PSA_ namespace. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard	ec7012dbc7	Fix I/O format of PSA EC J-PAKE for compliance ... The format used by the mbedtls_ecjpake_xxx() APIs and that defined by the PSA Crypto PAKE extension are quite different; the former is tailored to the needs of TLS while the later is quite generic and plain. Previously we only addressed some part of this impedance mismatch: the different number of I/O rounds, but failed to address the part where the legacy API adds some extras (length bytes, ECParameters) that shouldn't be present in the PSA Crypto version. See comments in the code. Add some length testing as well; would have caught the issue. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-10-05 12:52:48 +02:00
David Horstmann	ed79483aca	Free structs in mbedtls_x509_get_name() on error ... mbedtls_x509_get_name() allocates a linked list of mbedtls_x509_name structs but does not free these when there is an error, leaving the caller to free them itself. Change this to cleanup these objects within the function in case of an error. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-05 11:51:16 +01:00
Gilles Peskine	01af3ddc82	Fixed confusion between number size and limb size; define limb ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 16:23:29 +02:00
Gilles Peskine	2926484de1	Describe generic conventions for the bignum core module ... This commit codifies some conventions that result from the original design goals and others that have emerged after starting the implementation. * Value ranges * Bignum parameter naming and ordering * Sizes * Aliasing and overlap * Error handling Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 14:51:21 +02:00
Gilles Peskine	7aab2fbe41	Add a short description of what each module does ... There was already a short introduction to _who_ should use each module, but not to _what_ each module does. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 14:50:17 +02:00
Gilles Peskine	7f887bdc05	Move license out of Doxygen comment ... Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-04 14:50:17 +02:00
Gabor Mezei	dba2677597	Update documentation ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-10-03 17:01:02 +02:00
Glenn Strauss	2ff77119df	mbedtls_ecp_point_read_binary from compressed fmt ... mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-03 05:43:27 -04:00
Denis V. Lunev	2df73ae742	mbedtls: fix possible false success in ...check_tags() helpers ... We should report a error when the security check of the security tag was not made. In the other case false success is possible and is not observable by the software. Technically this could lead to a security flaw. Signed-off-by: Denis V. Lunev <dlunev@gmail.com>	2022-09-30 17:15:49 +01:00
Gabor Mezei	86dfe384c2	Fix documentation tags to be lower case ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 14:03:04 +02:00
Gabor Mezei	e5b8585f1e	Follow parameter naming convention ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:54:02 +02:00
Gabor Mezei	1c628d5700	Follow parameter naming comvention ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	3eff425b1a	Use only one limb parameter for assign ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	81e57021c6	Change the input parameters to be const ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	2b5bf4cec7	Fix doumentation ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	f4dd3b6a6d	Fix documentation ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:40 +02:00
Gabor Mezei	cfc0eb8d22	Remove unused parameter ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	87638a9ead	Add missing include ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	63c3282ec4	Remove retrun code from mod_raw_cond_assign/swap ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	24d183aa00	Use the new swap and assign function in the old interface ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	9f6615f146	Remove argument checking from constant time functions ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:36:39 +02:00
Gabor Mezei	12071d4403	Add conditional assign and swap function for MPI modulus ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:33:35 +02:00
Gabor Mezei	e1d31c4aad	Add conditional swap and assign function for MPI core ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-09-30 13:33:30 +02:00
Gilles Peskine	845de0898e	Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication ... Montgomery multiplication from bignum prototype	2022-09-30 10:35:21 +02:00
Tom Cosgrove	6da3a3b15f	Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-29 17:20:18 +01:00
Victor Barpp Gomes	47c7a732d2	Print RFC 4108 hwSerialNum in hex format ... Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>	2022-09-29 11:34:23 -03:00
Tom Cosgrove	4386ead662	Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-29 14:40:21 +01:00
Przemek Stekiel	ce5b68c7a3	Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions" ... This reverts commit a82290b727. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-29 15:29:18 +02:00
Ronald Cron	77c691f099	Merge pull request #6194 from xkqian/tls13_add_psk_client_cases ... TLS 1.3: Add PSK client cases	2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 ... Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard	f3f9e450b6	Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 ... Ad-hoc KDF for EC J-PAKE in TLS 1.2	2022-09-28 09:47:32 +02:00
Xiaokang Qian	ca343ae280	Improve message logs and test cases description in psk ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-28 02:07:54 +00:00
Przemek Stekiel	4c49927bad	Fix unused variables warnings in default + stream cipher only build ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Przemek Stekiel	a82290b727	Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions ... Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent. As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available). Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Przemek Stekiel	89ad62352d	Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq() ... Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-27 15:04:14 +02:00
Ronald Cron	c27a9074c4	tls13: server: Add comment when trying another sig alg ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-27 10:07:55 +02:00
Xiaokang Qian	cb6e96305f	Change kex mode string name ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 08:02:41 +00:00
Ronald Cron	b72dac4ed7	Fix PSA identifier of RSA_PKCS1V15 signing algorithms ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-27 09:25:47 +02:00
Andrzej Kurek	b510cd2c50	Fix a copy-paste error - wrong macro used ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:50:22 -04:00
Andrzej Kurek	5603efd525	Improve readability and formatting ... Also use a sizeof instead of a constant for zeroization, as requested in review. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-26 10:49:16 -04:00
Nick Child	5f9456f3e3	pkcs7: Fix trailing whitespace ... Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-26 09:18:12 -05:00
Xiaokang Qian	5beec4b339	Refine ssl_get_kex_mode_str() for easy automatic generation ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 08:23:45 +00:00
Xiaokang Qian	ac8195f4f7	Fix wrongly kex mode fallback issue in psk cases ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-26 06:31:58 +00:00
Gilles Peskine	5596c74a98	Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc ... Validation remove change auth enc	2022-09-23 17:04:31 +02:00
Gilles Peskine	12a1e85caa	Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree ... Validation remove change key agree	2022-09-23 17:04:20 +02:00
Gilles Peskine	87953f228f	Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk ... Validation remove change pk	2022-09-23 17:03:30 +02:00
Paul Elliott	2c282c9bd0	Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets ... TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.	2022-09-23 15:48:33 +01:00
Xiaokang Qian	8939930b82	Rebase and fix some test failures ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
Xiaokang Qian	5001bfc619	Add key exchange mode log in client side ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
XiaokangQian	335cfaadf9	Finalize client side code for psk ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-09-23 01:48:26 +00:00
Jerry Yu	359e65f784	limit session ticket number when resumption ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 23:47:43 +08:00
Jerry Yu	f3bdf9dd51	fix various issues ... - improve document about configuration item. - format issue - variable type issue. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 23:47:14 +08:00
Tom Cosgrove	87d9c6c4d8	Ensure client mbedtls_ssl_handshake_step() returns success for HELLO_REQUEST ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-22 09:27:56 +01:00
Gilles Peskine	07ba2be20b	Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg ... TLS 1.3: PSK: Exclude pre_shared_key for HRR	2022-09-22 10:21:06 +02:00
Manuel Pégourié-Gonnard	1475ac49a4	Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash ... Validation remove change hash	2022-09-22 09:24:44 +02:00
Manuel Pégourié-Gonnard	d5c82fb821	Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher ... Validation remove and change in files related to cipher in library	2022-09-22 09:10:13 +02:00
Jerry Yu	b7e3fa7fbd	move count decrement after success sent ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 13:21:29 +08:00
Jerry Yu	d0766eca58	fix various issues ... - Improve comments - Align count variable name to `new_session_tickets_count` - move tickets_count init to handshake init Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-22 13:21:29 +08:00
Tom Cosgrove	2fdc7b3599	Return an error from mbedtls_ssl_handshake_step() if neither client nor server ... This prevents an infinite loop in mbedtls_ssl_handshake(). Fixes #6305. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-21 12:33:17 +01:00
Tom Cosgrove	c573882674	Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication	2022-09-21 12:08:43 +01:00
Manuel Pégourié-Gonnard	d433cd7d07	Merge pull request #6283 from mpg/driver-only-hashes-wrap-up ... Driver only hashes wrap-up	2022-09-21 08:29:46 +02:00
Tom Cosgrove	4782823ec3	Ensure we explicitly document the modulus for fixed-width arithmetic ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-20 13:51:50 +01:00
Tom Cosgrove	b0b77e1b13	Document and test aliasing of the bignums given to mbedtls_mpi_core_mla() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-20 13:33:40 +01:00
Ronald Cron	067a1e735e	tls13: Try reasonable sig alg for CertificateVerify signature ... Instead of fully validating beforehand signature algorithms with regards to the private key, do minimum validation and then just try to compute the signature. If it fails try another reasonable algorithm if any. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	38391bf9b6	tls13: Do not impose minimum hash size for RSA PSS signatures ... When providing proof of possession of an RSA private key, allow the usage for RSA PSS signatures of a hash with a security level lower that the security level of the RSA private key. We did not allow this in the first place to align with the ECDSA case. But as it is not mandated by the TLS 1.3 specification (in contrary to ECDSA), let's allow it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:29:41 +02:00
Ronald Cron	67ea2543ed	tls13: server: Add sig alg checks when selecting best certificate ... When selecting the server certificate based on the signature algorithms supported by the client, check the signature algorithms as close as possible to the way they are checked to compute the signature for the server to prove it possesses the private key associated to the certificate. That way we minimize the odds of selecting a certificate for which the server will not be able to compute the signature to prove it possesses the private key associated to the certificate. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:26:32 +02:00
Tom Cosgrove	ea45c1d2d4	Document and test aliasing of output for mbedtls_mpi_core_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-20 13:17:51 +01:00
Jerry Yu	d4e7500a07	Enable multi session tickets on Server ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-19 14:24:03 +08:00
Jerry Yu	1ad7ace6b7	Add conf new session tickets ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-19 14:22:21 +08:00
Ronald Cron	be0224aef3	Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets	2022-09-18 21:18:13 +02:00
Andrzej Kurek	7763829c5c	Add missing ifdef when calculating operation capacity ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 12:24:52 -04:00
Andrzej Kurek	3c4c514302	Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 07:24:14 -04:00
Andrzej Kurek	b093650033	Add proper capacity calculation for EC J-PAKE to PMS KDF ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 07:13:00 -04:00
Andrzej Kurek	702776f7cc	Restrict the EC J-PAKE to PMS input type to secret ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 06:22:44 -04:00
Jerry Yu	ad4d2bb3e1	Exclude pre_shared_key for HRR ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard	07018f97d2	Make legacy_or_psa.h public. ... As a public header, it should no longer include common.h, just use build_info.h which is what we actually need anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:02:48 +02:00
Jerry Yu	6ee726e1ab	Replace md translation function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-16 16:32:27 +08:00
Jerry Yu	a5df584d87	fix build fail for test_psa_crypto_config_accel_hash_use_psa ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-16 11:28:54 +08:00
Gilles Peskine	ed1c7f4cd7	Include platform.h unconditionally: gcm ... gcm.c had a slightly different pattern for the conditional inclusion of platform.h which didn't fit the general replacement. Simplify it manually. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:34:50 +02:00
Gilles Peskine	e9b55929dc	Remove useless platform macro redefinitions: automatic part ... Some source files had code to set mbedtls_xxx aliases when MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally by mbedtls/platform.h, so these macro definitions were redundant. Remove them. This commit used the following code: ``` perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)') ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:34:15 +02:00
Gilles Peskine	a7aa80c058	Include platform.h unconditionally: second automatic part ... Some source files included platform.h in a nested conditional. The previous commit "Include platform.h unconditionally: automatic part" only removed the outer conditional. This commit removes the inner conditional. This commit once again replaces most occurrences of conditional inclusion of platform.h, using the following code: ``` perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"') ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:34:10 +02:00
Gilles Peskine	945b23c46f	Include platform.h unconditionally: automatic part ... We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and to define ad hoc replacements for mbedtls_xxx functions on a case-by-case basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this complication was to allow building individual source modules without copying platform.h. This is not something we support or recommend anymore, so get rid of the complication: include platform.h unconditionally. There should be no change in behavior since just including the header should not change the behavior of a program. This commit replaces most occurrences of conditional inclusion of platform.h, using the following code: ``` perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"') ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:33:07 +02:00
Tom Cosgrove	3bd7bc3add	Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-15 15:55:07 +01:00
Tom Cosgrove	5c0e8104bc	Prefer 'fixed-size' to 'known-size' in doc comments ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-15 15:46:10 +01:00
Tom Cosgrove	b7438d1f62	Update name of mbedtls_mpi_montg_init() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-15 15:05:59 +01:00
Tom Cosgrove	2701deaa4b	Use mbedtls_ct_mpi_uint_mask() rather than rolling our own ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-15 15:00:07 +01:00
Tom Cosgrove	818d992cc7	Note that T must not overlap other parameters of mbedtls_mpi_core_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-15 14:58:10 +01:00
Przemek Stekiel	dca224628b	ssl_tls13_select_sig_alg_to_psa_alg: optimize code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-15 14:16:11 +02:00
Przemek Stekiel	f937e669bd	Guard new code with MBEDTLS_USE_PSA_CRYPTO ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-15 14:16:11 +02:00
Przemek Stekiel	3c326f9697	Add function to convert sig_alg to psa alg and use it ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-15 14:16:11 +02:00
Przemek Stekiel	b40f2e81ec	TLS 1.3: Take into account key policy while picking a signature algorithm ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-15 14:10:19 +02:00
Manuel Pégourié-Gonnard	c42c7e660e	Update documentation in legacy_or_psa.h ... - Some things that were indicated as in the near future are now done. - Clarify when these macros are needed and when they're not. - Prepare to make the header public. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-15 11:28:24 +02:00
Manuel Pégourié-Gonnard	1dc37258de	Style: wrap a long line ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-15 11:10:26 +02:00
Manuel Pégourié-Gonnard	409a620dea	Merge pull request #6255 from mprse/md_tls13 ... Driver-only hashes: TLS 1.3	2022-09-15 10:37:46 +02:00
Jerry Yu	0a55cc647c	Remove unnecessary var and improve comment ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-15 16:15:06 +08:00
Manuel Pégourié-Gonnard	18dff1f226	Merge pull request #5871 from superna9999/4153-psa-expose-ec-j-pake ... Expose ECJPAKE through the PSA Crypto API	2022-09-15 09:25:55 +02:00
Nick Child	8ce1b1afc8	pkcs7: Correct various syntatical mistakes ... Resond to feedback from the following comments: - use correct spacing [1-7] - remove unnecessary parenthesis [8] - fixup comments [9-11] - remove unnecessary init work [12] - use var instead of type for sizeof [13] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953655691 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953661514 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953689929 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953696384 [5] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697558 [6] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697793 [7] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953697951 [8] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953699102 [9] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r971223775 [10] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967133905 [11] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967135932 [12] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967151430 [13] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967154159 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-14 15:13:52 -05:00
Nick Child	34d5e931cf	pkcs7: Use better return code for unimplemented specifications ... In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the pkcs7 implemntation being incomplete. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-14 14:44:03 -05:00
Nick Child	7089ce8381	pkcs7: Handle md errors in multisigner pkcs7 verification ... In resonse to feedback [1], if `mbedtls_md_info_from_type` were to fail then skip the signer and try the next one. Additionally, use a for loop instead of a while loop when iterating over signers because it simplifies the use of `continue`. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967198650 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-14 14:18:00 -05:00
Andrzej Kurek	d60907b85d	Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 14:57:51 -04:00
Jerry Yu	f7dad3cfbe	fix various issues ... - Naming - format - Reduce negative tolerance window Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-14 22:31:39 +08:00
Andrzej Kurek	08d34b8693	Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 ... TLS uses it to derive the session secret. The algorithm takes a serialized point in an uncompressed form, extracts the X coordinate and computes SHA256 of it. It is only expected to work with P-256. Fixes #5978. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 08:39:26 -04:00
Ronald Cron	208257b39f	Merge pull request #6259 from yuhaoth/pr/add-psk_ephemeral-possible-group-tests ... TLS 1.3: PSK: Add possible group tests for psk with ECDHE	2022-09-14 14:21:46 +02:00
Przemyslaw Stekiel	ab9b9d4669	ssl_tls13_keys.h: use PSA max hash size ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-14 13:51:07 +02:00
Przemyslaw Stekiel	da6452578f	ssl_tls13_generic.c: fix hash buffer sizes (use PSA_HASH_MAX_SIZE) ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-14 12:50:51 +02:00
Neil Armstrong	6a12a7704d	Fix typo in comment ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-14 12:17:42 +02:00
Przemyslaw Stekiel	004c2181f0	ssl_misc.h: hash guards adaptations ... Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-14 11:00:57 +02:00
Jerry Yu	acff823846	Add negative tolerance window ... If `now == session->start` or the timer of client is faster than server, client age might be bigger than server. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-14 14:50:44 +08:00
Jerry Yu	95db17ed5f	fix various issues ... - improve obfuscated ticket age generator - improve psk getter Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-14 10:37:58 +08:00
Przemek Stekiel	0852ef8b96	mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	9dfbf3a006	ssl_tls13_generic.c: optimize code to save memory ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	153b442cc3	mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Przemek Stekiel	47e3cb1875	ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 18:08:54 +02:00
Neil Armstrong	fa84962296	Add comment explaining PSA PAKE vs Mbedtls J-PAKE API matching strategy ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-13 15:19:56 +02:00
Neil Armstrong	3d4966a5cb	Move possible input/output steps check inside PSA_ALG_JPAKE handling ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-13 15:19:56 +02:00
Neil Armstrong	017db4cdda	Drop calls to mbedtls_ecjpake_check() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-13 15:19:56 +02:00
Neil Armstrong	1d0294f6ed	Clarify sequence length calculation comment ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-13 15:19:56 +02:00
Neil Armstrong	cb679f23bc	Replace 0s with proper defines when possible ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-13 14:43:07 +02:00
Przemek Stekiel	5166954d14	Make more use of MBEDTLS_MAX_HASH_SIZE macro ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-13 12:57:05 +02:00
Jerry Yu	4746b10c2e	fix various issues ... - Format issues - Possible memory leak - Improve naming and comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 15:37:46 +08:00
Jerry Yu	8d4bbbae4f	fix ticket age check issues ... - Ticket age and ticket age add, obfuscated age use different unit. Align the units to million seconds. - Add maximum ticket age check. Until now, ticket_lifetime is not recorded in server side. Check it with maximum ticket_lifetime. - Free session when error found. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 15:37:46 +08:00
Jerry Yu	46bffe0e82	Refine rsumption master secret compute function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 15:09:49 +08:00
Jerry Yu	466dda8553	Rename resumption master secret compute function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 14:28:15 +08:00
Nick Child	9f4fb3e63f	pkcs7: Unite function return style ... In response to feedback[1], standardize return variable management across all pkcs7 functions. Additionally, when adding return codes from two error values, use `MBEDTLS_ERROR_ADD` as recommended [2]. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953634781 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953635128 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-12 16:32:36 -05:00
Neil Armstrong	ecb221b1ff	Move operation buffer in operation struct and remove dynamic allocation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-08 11:21:07 +02:00
Alexey Tsvetkov	2ca343796d	Add const to move variables to .rodata section ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-09-07 17:59:57 +01:00
Hannes Tschofenig	fd6cca4448	CID update to RFC 9146 ... The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content. Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>	2022-09-07 17:15:05 +02:00
Przemek Stekiel	40afdd2791	Make use of MBEDTLS_MAX_HASH_SIZE macro ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-06 14:18:45 +02:00
Przemek Stekiel	c3f2767c25	hash_info.h: add MBEDTLS_MAX_HASH_SIZE macro ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-06 14:18:39 +02:00
Neil Armstrong	9720b881f5	Remove doxygen markup outside doxygen block in psa_pake_sequence comment ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-06 11:39:21 +02:00
Neil Armstrong	b39833cff2	Fix typo in psa_pake_sequence comment ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-06 11:36:02 +02:00
Jerry Yu	58af2335d9	Add possible group tests for psk with ECDHE ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-06 14:49:39 +08:00
Jerry Yu	fd310ebf2d	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-06 09:16:35 +08:00
Neil Armstrong	bcd5bd933e	Add a comment expliciting usage of internal PAKE step/state/sequence enums ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-05 18:34:12 +02:00
Neil Armstrong	5bbdb70131	Fix style in psa_pake_input() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-09-05 17:54:15 +02:00
Tom Cosgrove	67c9247ed9	Move the T++ in mbedtls_mpi_core_montmul() to within the loop body ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-09-02 13:28:59 +01:00
Andrzej Kurek	216baca131	pkcs5: improve error handling ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:15:34 -04:00
Andrzej Kurek	e3d544c58f	Minor PKCS5 improvements ... Add consts, more elegant size calculation and variable initialization. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	3d0dfb99c9	Change the pkcs5_pbkdf2_hmac deprecation approach ... The shared part has now been extracted and will be used regardless of the deprecation define. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	f000471c66	Add missing MD dependency for pkcs5_pbkdf2_hmac ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	ed98e95c81	Adjust pkcs5 test dependencies ... Hashing via PSA is now supported Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	890e78ae66	Deprecate mbedtls_pkcs5_pbkdf2_hmac ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	dd36c76f09	Provide a version of pkcs5_pbkdf2_hmac without MD usage ... Use the new implementation locally Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard	97fc247d6a	Merge pull request #6232 from AndrzejKurek/pkcs12-no-md ... Remove MD dependency from pkcs12 module	2022-09-02 09:43:13 +02:00
Nick Child	62b2d7e7d4	pkcs7: Support verification of hash with multiple signers ... Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the PKCS7 structure and return success if any of them verify successfully. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Daniel Axtens	3538479faa	pkcs7: support multiple signers ... Rather than only parsing/verifying one SignerInfo in the SignerInfos field of the PKCS7 stucture, allow the ability to parse and verify more than one signature. Verification will return success if any of the signatures produce a match. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Nick Child	5d881c36ea	pkcs7: Change copyright ... Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Nick Child	6427b34dec	pkcs7.c: Use pkcs7_get_version for signerInfo ... The function pkcs7_get_version can be used again when parsing the version of the signerInfo. Both require that the version be equal to 1. The pkcs7_get_version function will return error if the found value is not the expected version as opposed to mbedtls_asn1_get_int which does not. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Nick Child	6671841d91	pkcs7.c: Do not ignore return value of mbedlts_md ... CI was failing due to the return value of mbedtls_md being ignored. If this function does fail, return early and propogate the md error. Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Nick Child	c448c94fe3	pkcs7: pkcs7_get_content_info_type should reset *p on error ... The function `pkcs7_asn1_get_tag` should return an update pointer only on success. Currently, the pointer is being updated on a failure case. This commit resets *p to start if the first call to mbedtls_asn1_get_tag fails. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Nick Child <nick.child@ibm.com>	2022-09-01 19:45:41 -05:00
Daniel Axtens	aa91d4ef0b	pkcs7: build under CMake ... The patch updates CMakeLists.txt to include pkcs7. Signed-off-by: Daniel Axtens <dja@axtens.net>	2022-09-01 19:45:41 -05:00
Nayna Jain	673a226698	pkcs7: add support for signed data ... OpenSSL provides APIs to generate only the signted data format PKCS7 i.e. without content type OID. This patch adds support to parse the data correctly even if formatted only as signed data Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:41 -05:00
Nayna Jain	c9deb184b0	mbedtls: add support for pkcs7 ... PKCS7 signing format is used by OpenPOWER Key Management, which is using mbedtls as its crypto library. This patch adds the limited support of pkcs7 parser and verification to the mbedtls. The limitations are: * Only signed data is supported. * CRLs are not currently handled. * Single signer is supported. Signed-off-by: Daniel Axtens <dja@axtens.net> Signed-off-by: Eric Richter <erichte@linux.ibm.com> Signed-off-by: Nayna Jain <nayna@linux.ibm.com>	2022-09-01 19:45:33 -05:00
Andrzej Kurek	e16e6edfce	Remove the dependency on MD_MAX_SIZE from PKCS12 ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-01 08:57:59 -04:00
Andrzej Kurek	7bd12c5d5e	Remove MD dependency from pkcs12 module ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-01 08:57:41 -04:00
Tom Cosgrove	f0b2231fcd	Update comments at the end of montmul following Gilles' feedback ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-31 17:57:34 +01:00
Tom Cosgrove	5eefc3db3f	Move macros to come before function declarations ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-31 17:16:50 +01:00
Tom Cosgrove	630110ab23	Fix documentation where ciL should be biL ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-31 17:15:04 +01:00
Tom Cosgrove	ed43c6caeb	In add_if(), B MAY be aliased to A. Also update another comment for consistency. ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-31 17:15:04 +01:00
Tom Cosgrove	9354990a54	Don't use multiplication by condition in even a semi-constant time function ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-31 17:15:02 +01:00
Jerry Yu	8253486c4f	Add session ticket support for server ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	95699e72f3	Add session ticket identity check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	661dd943b6	Add dummy server name extension paser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	e976492a11	Add session ticket tests for client ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	e6527512d2	Add obfuscated_ticket_age write ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	49d63f8c36	Implement generate resumption master secret ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	db8c5faed7	Add getting session ticket for client ... - Move ssl_get_psk_to_offer to `ssl_tls13_client.c` - Rename to `ssl_tls13_get_psk_to_offer` - Add session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Ronald Cron	e00d6d6b55	Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation ... TLS 1.3: SRV: Finalize external PSK negotiation	2022-08-31 17:21:57 +02:00
Tuvshinzaya Erdenekhuu	9077dbfd94	Remove NULL pointer validation in poly1305.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:18:14 +01:00
Tuvshinzaya Erdenekhuu	913819e73f	Remove NULL pointer validation in chachapoly.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:18:14 +01:00
Tuvshinzaya Erdenekhuu	6a473b2f17	Remove NULL pointer validation in rsa.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:59 +01:00
Tuvshinzaya Erdenekhuu	1c5609df09	Remove NULL pointer validation in dhm.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:59 +01:00
Tuvshinzaya Erdenekhuu	5893ab02b6	Re-introduce ENUM validation in sha512.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu	3446c2603a	Remove NULL pointer validation in sha512.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu	696dfb6b1e	Re-introduce ENUM validation in sha256.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu	df2f560316	Remove NULL pointer validation in sha256.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu	6b150ad8fa	Remove NULL pointer validation in sha1.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:15:25 +01:00
Tuvshinzaya Erdenekhuu	c6b8a6704e	Re-introduce ENUM validation in gcm.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	505ce0b37e	Remove NULL pointer validation in gcm.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	80a6af6ab5	Re-introduce ENUM validation in cipher.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	5ce8e52907	Remove NULL pointer validation in cipher.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	ce8908ed0a	Remove NULL pointer validation in chacha20.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	1fd7f98546	Re-introduce ENUM validation in camellia.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	6291b131ca	Remove NULL pointer validation in camellia.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	a8ef1565bb	Re-introduce ENUM validation in aes.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	cac11d7797	Remove NULL pointer validation in aes.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:57 +01:00
Tuvshinzaya Erdenekhuu	c388af63e4	Remove extra spacings ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu	dcf9c96274	Remove NULL pointer validation in pkparse.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu	088e936839	Remove NULL pointer validation in pkwrite.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu	78c1d8c299	Re-introduce ENUM validation in pk.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:25 +01:00
Tuvshinzaya Erdenekhuu	26b39c6c6f	Remove NULL pointer validation in pk.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-08-31 10:14:25 +01:00
Neil Armstrong	f19a3cb613	Use the mbedtls_ecjpake_write_shared_key() to input raw shared key material as derivation secret ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	12663092bc	Introduce mbedtls_ecjpake_write_shared_key() to export the EC J-PAKE shared key material before the KDF() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	db05cbfb86	Introduce and use mbedtls_ecjpake_to_psa_error() to translate various ECP/MPI errors to expected PSA errors ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	1e855601ca	Fix psa_pake_get_implicit_key() state & add corresponding tests in ecjpake_rounds() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	e92311176a	Add missing parentheses on return statements ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	5fb07c6a96	No need to check for state in psa_pake_setup() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	a557cb8c8b	Fixing XXX_ALG_ECJPAKE to XXX_ALG_JPAKE to match specification ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	fbc4b4aa8e	Fix psa_pake_abort() order to correctly free memory when alg is PSA_ALG_JPAKE ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	0d001ef3da	Check more parameters of psa_pake_output/psa_pake_input ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	4efd7a463d	Check for PSA_ALG_ECJPAKE alg for the ECJPAKE builtin implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	df598abbd3	Fix key usage test in psa_pake_set_password_key() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	6b1f99f5f1	Use proper buffer size macro for allocation in psa_pake_ecjpake_setup() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	5282393091	Remove useless braces in psa_crypto_pake.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	c29f8477e2	Fix comments in psa_crypto_pake.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	a4cc7d6d6b	Add PSA PAKE buildin implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Neil Armstrong	4b5710f8a0	Allow KEY_TYPE_PASSWORD/KEY_TYPE_PASSWORD_HASH to be imported ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-31 10:49:18 +02:00
Jerry Yu	1e05b6dd6d	fix coding style and unnecessary assignment ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 10:35:52 +08:00
Tom Cosgrove	f0c8a8cf44	One statement per line ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-30 15:15:02 +01:00
Tom Cosgrove	5dd97e60d5	Update comments following code review ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-30 14:31:49 +01:00
Tom Cosgrove	b496486cdc	Reorder functions in bignum_core.[ch] ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-30 11:57:22 +01:00
Manuel Pégourié-Gonnard	bf22a2500b	Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured ... Remove the dependency on MD from TLS 1.2 tests	2022-08-30 12:34:37 +02:00
Dave Rodgman	e2b772d1b6	Fix whitespace, missing const ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Dave Rodgman	5f3f0d06e6	Address minor review comments ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Nicholas Wilson	ca841d32db	Add test for mbedtls_x509write_crt_set_ext_key_usage, and fix reversed order ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:43 +01:00
Nicholas Wilson	8e5bdfbbcf	Improve programs/cert_write with a way to set extended key usages ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:08:43 +01:00
Dave Rodgman	0edfa9dd26	Merge pull request #6207 from daverodgman/ticket_time ... Fix type used for capturing TLS ticket generation time	2022-08-30 10:03:06 +01:00
Jerry Yu	e5834fd0d7	remove unnecessary test ... also optimize check sum Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-29 20:33:33 +08:00
Tom Cosgrove	d932de8857	Remove incorrect constant-time claim from doc for mbedtls_mpi_core_add_if() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-25 16:43:43 +01:00
Tom Cosgrove	ecbb124292	Fix incorrect parameter name in mbedtls_mpi_core_add_if() doc comment ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-25 10:13:44 +01:00
Jerry Yu	0baf907e11	remove select_ciphersuite ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:21:04 +08:00
Jerry Yu	c5a23a0f12	fix various issues ... - code style - variable initialize - update comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:09:35 +08:00
Tom Cosgrove	b2c06f4acf	Remove stale comment, and fix whitespace issue ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 17:45:58 +01:00
Dave Rodgman	fac3ea5656	Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect ... mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing	2022-08-24 15:16:45 +01:00
Tom Cosgrove	bcc13c943f	Add further missing whitespaces inside parentheses ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:08:16 +01:00
Tom Cosgrove	20c1137350	Fix coding style ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:06:13 +01:00
Dave Rodgman	5a28142410	Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit ... ctr_drbg: fix free uninitialized aes context	2022-08-24 14:58:44 +01:00
Tom Cosgrove	72594633a1	Apply the function parameter naming convention ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 11:51:58 +01:00
Tom Cosgrove	f0ffb1585a	Have mbedtls_mpi_montg_init() take the modulus, rather than just its least significant limb ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 11:17:15 +01:00
Tom Cosgrove	958fd3dc0c	Remove bignum_new.c, moving contents to bignum_core.c ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 11:08:51 +01:00
Tom Cosgrove	2523791d00	Better constant-time properties for mbedtls_mpi_core_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:32:22 +01:00
Tom Cosgrove	f88b47ea27	Remove 'const' qualifier from temporary for mpi_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:31:42 +01:00
Tom Cosgrove	4641ec6c52	Fix style following review comments ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:31:06 +01:00
Tom Cosgrove	40d229487d	Tidy up doc comments on existing function mpi_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:30:27 +01:00
Tom Cosgrove	9384284530	Use mbedtls_mpi_core_montmul() in mpi_montmul() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:29:32 +01:00
Tom Cosgrove	f334d9622b	Add unit tests for bignum_new.c:mbedtls_mpi_core_montmul() ... These tests are also used to test the existing mpi_montmul() function (which too is renamed with mbedtls_ prefix). Some of these are replays of captured invocations during unit test runs. Others are generated. They use a mixture of primes and odd numbers for N, with four randomly-generated cases for each N. The lines in the .data file were generated by the following script ``` #!/usr/bin/env perl # # mpi-test-core-montmul.pl - generate MPI tests in Perl for mbedtls_mpi_core_montmul() # use strict; use warnings; use Math::BigInt; use sort 'stable'; generate_tests(); sub generate_tests { generate_mbedtls_mpi_core_montmul(); } # XXX mbedtls_mpi_grow() and mbedtls_mpi_shrink() work in little-endian manner # \brief Montgomery multiplication: X = A * B * R^-1 mod N (HAC 14.36) # # \param[out] X The destination MPI, as a big endian array of length \p n. # On successful completion, X contains the result of # the multiplication A * B * R^-1 mod N where # R = (2^ciL)^n. # \param[in] A Big endian presentation of first operand. # Must have exactly \p n limbs. # \param[in] B Big endian presentation of second operand. # \param[in] B_len The number of limbs in \p B. # \param[in] N Big endian presentation of the modulus. # This must be odd and have exactly \p n limbs. # \param[in] n The number of limbs in \p X, \p A, \p N. # \param mm The Montgomery constant for \p N: -N^-1 mod 2^ciL. # This can be calculated by `mbedtls_mpi_montg_init()`. # \param[in,out] T Temporary storage of size at least 2*n+1 limbs. # Its initial content is unused and # its final content is indeterminate. # # void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X, # const mbedtls_mpi_uint *A, # const mbedtls_mpi_uint *B, size_t B_len, # const mbedtls_mpi_uint *N, size_t n, # mbedtls_mpi_uint mm, mbedtls_mpi_uint *T ); sub generate_mbedtls_mpi_core_montmul { my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_sub_mpi my ($ignore, $test_name) = split("main::generate_", $sub_name); my @cases = (); my @replay = ( # [ limbsAN_4, limbsB_4, limbsAN_8, limbsB_8, hexA, hexB, hexN, hexExpected ] [ 2, 1, 1, 1, "19", "1", "1D", "18" ], [ 2, 1, 1, 1, "7", "1", "9", "1" ], [ 2, 1, 1, 1, "4", "1", "9", "7" ], #montmul: #A.n = 3 #A.p = FFFE000000008004 # 0000000000007FFC # 0000000000000000 #B.n = 1 #B.p = 0000000000000001 #N.n = 3 #N.p = 0000000000000001 # 0000000000008000 # 0000000000000000 #mm = FFFFFFFFFFFFFFFF #res.n = 3 #res.p = EFFF9FFF3FFF8001 # 0000000000007FFF # 0000000000000000 #[ "MBEDTLS_HAVE_INT32", 3, 1, 3, "7FFCFFFE000000008004", "1", "80000000000000000001", "2000C001800100000000" ], #[ "MBEDTLS_HAVE_INT64", 3, 1, 3, "7FFCFFFE000000008004", "1", "80000000000000000001", "7FFFEFFF9FFF3FFF8001" ], [ 12, 1, 6, 1, "3C246D0E059A93A266288A7718419EC741661B474C58C032C5EDAF92709402B07CC8C7CE0B781C641A1EA8DB2F4343", "1", "66A198186C18C10B2F5ED9B522752A9830B69916E535C8F047518A889A43A594B6BED27A168D31D4A52F88925AA8F5", "36E139AEA55215609D2816998ED020BBBD96C37890F65171D948E9BC7CBAA4D9325D24D6A3C12710F10A09FA08AB87" ], #A.n = 5 #A.p = 340E918CE03C6211 # 9888165CB75BFA1F # FCCE74B999E470CA # 1E442976B0E63D64 # 0000000000000000 #B.n = 1 #B.p = 0000000000000001 #N.n = 4 #N.p = 8054B3D124D0E561 # 92A338655DCE4CA8 # E28581ECD892E0F5 # B3A119602EE213CD #mm = E41CFB909805815F #res.n = 5 #res.p = 0E65383B59F8CA5B # B103B17A2EEF84E6 # F23BC08FD0801C55 # 38EB7749F4A5DA80 # 0000000000000000 [ 8, 1, 4, 1, "1E442976B0E63D64FCCE74B999E470CA9888165CB75BFA1F340E918CE03C6211", "1", "B3A119602EE213CDE28581ECD892E0F592A338655DCE4CA88054B3D124D0E561", "38EB7749F4A5DA80F23BC08FD0801C55B103B17A2EEF84E60E65383B59F8CA5B" ], #A.n = 12 #A.p = 542306BCA7A2366E # D2780B2B4968F8D8 # CBDFC696104353E4 # 7776839B0AC9DB23 # B7E125BE407E7415 # D711917FD7537E13 # 82392870D6D08F87 # D83ED5FA38560FFB # 9994B0FED1D2A8D3 # 63C65413F57249F5 # 007CF5AC97304E0B # 0000000000000000 #B.n = 1 #B.p = 0000000000000001 #N.n = 11 #N.p = E1AD22CEB7BA0123 # 32B2A6AA42ADA923 # C56C62082912B661 # C6F0EAD752500A32 # DBC8D651793E93C9 # 0B2F60D99CC1950C # 5B4CDCB5734C58F9 # 09D3CB5BC5585472 # 9A2C2BE12ED487A8 # BE09A8111926AAA3 # 0284139EA19C139E #mm = C02E2164B293C975 #res.n = 12 #res.p = F6B14471839D8D31 # FF843ED3B17C44D7 # 1C3D52C7CB9E0BA6 # 82F3590C866BF9F8 # 49C371DB2A4FB164 # 964ECA2527A031ED # FAACEC6982E0E5BE # 1F70C4CB2426AEE1 # 2C92B02886267AB4 # 0630B14113BEAD74 # 01E4426A3D6C425F # 0000000000000000 [ 22, 1, 11, 1, "7CF5AC97304E0B63C65413F57249F59994B0FED1D2A8D3D83ED5FA38560FFB82392870D6D08F87D711917FD7537E13B7E125BE407E74157776839B0AC9DB23CBDFC696104353E4D2780B2B4968F8D8542306BCA7A2366E", "1", "284139EA19C139EBE09A8111926AAA39A2C2BE12ED487A809D3CB5BC55854725B4CDCB5734C58F90B2F60D99CC1950CDBC8D651793E93C9C6F0EAD752500A32C56C62082912B66132B2A6AA42ADA923E1AD22CEB7BA0123", "1E4426A3D6C425F0630B14113BEAD742C92B02886267AB41F70C4CB2426AEE1FAACEC6982E0E5BE964ECA2527A031ED49C371DB2A4FB16482F3590C866BF9F81C3D52C7CB9E0BA6FF843ED3B17C44D7F6B14471839D8D31" ], ); for my $c (@replay) { # For all of these, la4 = 2 * la8, so $xh4 == $xh8 (so we just have $xh) my ($la4, $lb4, $la8, $lb8, $ah, $bh, $nh, $xh) = @$c; # limbs(A), limbs(B), limbs(N), (A, B, N, expected) hex my $a = Math::BigInt->from_hex($ah); my $b = Math::BigInt->from_hex($bh); my $n = Math::BigInt->from_hex($nh); my $desc = "$test_name #NUMBER (replay)"; # mbedtls_mpi_core_montmul:mpiSize:limbs(A,N):limbs(B):<A>:<B>:<N>:<expected4>:<expected8> # (just repeat $xh, as la4 = 2 * la8, so $xh4 == $xh8) my $case = output($test_name, $la4, $lb4, $la8, $lb8, str($ah), str($bh), str($nh), str($xh), str($xh)); push(@cases, [$case, $desc]); } # see mpi-modmul-gen.pl for the source of these test cases my @generate = ( # [ hexN, hexA, hexB, info ] [ "3", "2", "2", "" ], [ "3", "1", "2", "" ], [ "3", "2", "1", "" ], [ "7", "6", "5", "" ], [ "7", "3", "4", "" ], [ "7", "1", "6", "" ], [ "7", "5", "6", "" ], [ "B", "3", "4", "" ], [ "B", "7", "4", "" ], [ "B", "9", "7", "" ], [ "B", "2", "a", "" ], [ "29", "25", "16", "(0x29 is prime)" ], [ "29", "8", "28", "" ], [ "29", "18", "21", "" ], [ "29", "15", "f", "" ], [ "FF", "e2", "ea", "" ], [ "FF", "43", "72", "" ], [ "FF", "d8", "70", "" ], [ "FF", "3c", "7c", "" ], [ "101", "99", "b9", "(0x101 is prime)" ], [ "101", "65", "b2", "" ], [ "101", "81", "32", "" ], [ "101", "51", "dd", "" ], [ "38B", "d5", "143", "(0x38B is prime)" ], [ "38B", "3d", "387", "" ], [ "38B", "160", "2e5", "" ], [ "38B", "10f", "137", "" ], [ "8003", "7dac", "25a", "(0x8003 is prime)" ], [ "8003", "6f1c", "3286", "" ], [ "8003", "59ed", "2f3f", "" ], [ "8003", "6893", "736d", "" ], [ "10001", "d199", "2832", "(0x10001 is prime)" ], [ "10001", "c3b2", "3e5b", "" ], [ "10001", "abe4", "214e", "" ], [ "10001", "4360", "a05d", "" ], [ "7F7F7", "3f5a1", "165b2", "" ], [ "7F7F7", "3bd29", "37863", "" ], [ "7F7F7", "60c47", "64819", "" ], [ "7F7F7", "16584", "12c49", "" ], [ "800009", "1ff03f", "610347", "(0x800009 is prime)" ], [ "800009", "340fd5", "19812e", "" ], [ "800009", "3fe2e8", "4d0dc7", "" ], [ "800009", "40356", "e6392", "" ], [ "100002B", "dd8a1d", "266c0e", "(0x100002B is prime)" ], [ "100002B", "3fa1cb", "847fd6", "" ], [ "100002B", "5f439d", "5c3196", "" ], [ "100002B", "18d645", "f72dc6", "" ], [ "37EEE9D", "20051ad", "37def6e", "(0x37EEE9D is prime)" ], [ "37EEE9D", "2ec140b", "3580dbf", "" ], [ "37EEE9D", "1d91b46", "190d4fc", "" ], [ "37EEE9D", "34e488d", "1224d24", "" ], [ "8000000B", "2a4fe2cb", "263466a9", "(0x8000000B is prime)" ], [ "8000000B", "5643fe94", "29a1aefa", "" ], [ "8000000B", "29633513", "7b007ac4", "" ], [ "8000000B", "2439cef5", "5c9d5a47", "" ], [ "8CD626B9", "4de3cfaa", "50dea178", "(0x8CD626B9 is prime)" ], [ "8CD626B9", "b8b8563", "10dbbbac", "" ], [ "8CD626B9", "4e8a6151", "5574ec19", "" ], [ "8CD626B9", "69224878", "309cfc23", "" ], [ "10000000F", "fb6f7fb6", "afb05423", "(0x10000000F is prime)" ], [ "10000000F", "8391a243", "26034dcd", "" ], [ "10000000F", "d26b98c", "14b2d6aa", "" ], [ "10000000F", "6b9f1371", "a21daf1d", "" ], [ "174876E7E9", "9f49435ad", "c8264ade8", "0x174876E7E9 is prime (dec) 99999999977" ], [ "174876E7E9", "c402da434", "1fb427acf", "" ], [ "174876E7E9", "f6ebc2bb1", "1096d39f2a", "" ], [ "174876E7E9", "153b7f7b6b", "878fda8ff", "" ], [ "8000000017", "2c1adbb8d6", "4384d2d3c6", "(0x8000000017 is prime)" ], [ "8000000017", "2e4f9cf5fb", "794f3443d9", "" ], [ "8000000017", "149e495582", "3802b8f7b7", "" ], [ "8000000017", "7b9d49df82", "69c68a442a", "" ], [ "864CB9076D", "683a134600", "6dd80ea9f6", "(0x864CB9076D is prime)" ], [ "864CB9076D", "13a870ff0d", "59b099694a", "" ], [ "864CB9076D", "37d06b0e63", "4d2147e46f", "" ], [ "864CB9076D", "661714f8f4", "22e55df507", "" ], [ "F7F7F7F7F7", "2f0a96363", "52693307b4", "" ], [ "F7F7F7F7F7", "3c85078e64", "f2275ecb6d", "" ], [ "F7F7F7F7F7", "352dae68d1", "707775b4c6", "" ], [ "F7F7F7F7F7", "37ae0f3e0b", "912113040f", "" ], [ "1000000000F", "6dada15e31", "f58ed9eff7", "(0x1000000000F is prime)" ], [ "1000000000F", "69627a7c89", "cfb5ebd13d", "" ], [ "1000000000F", "a5e1ad239b", "afc030c731", "" ], [ "1000000000F", "f1cc45f4c5", "c64ad607c8", "" ], [ "800000000005", "2ebad87d2e31", "4c72d90bca78", "(0x800000000005 is prime)" ], [ "800000000005", "a30b3cc50d", "29ac4fe59490", "" ], [ "800000000005", "33674e9647b4", "5ec7ee7e72d3", "" ], [ "800000000005", "3d956f474f61", "74070040257d", "" ], [ "800795D9BA47", "48348e3717d6", "43fcb4399571", "(0x800795D9BA47 is prime)" ], [ "800795D9BA47", "5234c03cc99b", "2f3cccb87803", "" ], [ "800795D9BA47", "3ed13db194ab", "44b8f4ba7030", "" ], [ "800795D9BA47", "1c11e843bfdb", "95bd1b47b08", "" ], [ "1000000000015", "a81d11cb81fd", "1e5753a3f33d", "(0x1000000000015 is prime)" ], [ "1000000000015", "688c4db99232", "36fc0cf7ed", "" ], [ "1000000000015", "f0720cc07e07", "fc76140ed903", "" ], [ "1000000000015", "2ec61f8d17d1", "d270c85e36d2", "" ], [ "100000000000051", "6a24cd3ab63820", "ed4aad55e5e348", "(0x100000000000051 is prime)" ], [ "100000000000051", "e680c160d3b248", "31e0d8840ed510", "" ], [ "100000000000051", "a80637e9aebc38", "bb81decc4e1738", "" ], [ "100000000000051", "9afa5a59e9d630", "be9e65a6d42938", "" ], [ "ABCDEF0123456789", "ab5e104eeb71c000", "2cffbd639e9fea00", "" ], [ "ABCDEF0123456789", "197b867547f68a00", "44b796cf94654800", "" ], [ "ABCDEF0123456789", "329f9483a04f2c00", "9892f76961d0f000", "" ], [ "ABCDEF0123456789", "4a2e12dfb4545000", "1aa3e89a69794500", "" ], [ "25A55A46E5DA99C71C7", "8b9acdf013d140f000", "12e4ceaefabdf2b2f00", "0x25A55A46E5DA99C71C7 is the 3rd repunit prime (dec) 11111111111111111111111" ], [ "25A55A46E5DA99C71C7", "1b8d960ea277e3f5500", "14418aa980e37dd000", "" ], [ "25A55A46E5DA99C71C7", "7314524977e8075980", "8172fa45618ccd0d80", "" ], [ "25A55A46E5DA99C71C7", "ca14f031769be63580", "147a2f3cf2964ca9400", "" ], [ "314DC643FB763F2B8C0E2DE00879", "18532ba119d5cd0cf39735c0000", "25f9838e31634844924733000000", "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" ], [ "314DC643FB763F2B8C0E2DE00879", "a56e2d2517519e3970e70c40000", "ec27428d4bb380458588fa80000", "" ], [ "314DC643FB763F2B8C0E2DE00879", "1cb5e8257710e8653fff33a00000", "15fdd42fe440fd3a1d121380000", "" ], [ "314DC643FB763F2B8C0E2DE00879", "e50d07a65fc6f93e538ce040000", "1f4b059ca609f3ce597f61240000", "" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "1ea3ade786a095d978d387f30df9f20000000", "127c448575f04af5a367a7be06c7da0000000", "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "16e15b0ca82764e72e38357b1f10a20000000", "43e2355d8514bbe22b0838fdc3983a0000000", "" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "be39332529d93f25c3d116c004c620000000", "5cccec42370a0a2c89c6772da801a0000000", "" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "ecaa468d90de0eeda474d39b3e1fc0000000", "1e714554018de6dc0fe576bfd3b5660000000", "" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "32298816711c5dce46f9ba06e775c4bedfc770e6700000000000000", "8ee751fd5fb24f0b4a653cb3a0c8b7d9e724574d168000000000000", "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 is (dec) 99999999977^6" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "29213b9df3cfd15f4b428645b67b677c29d1378d810000000000000", "6cbb732c65e10a28872394dfdd1936d5171c3c3aac0000000000000", "" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "6f18db06ad4abc52c0c50643dd13098abccd4a232f0000000000000", "7e6bf41f2a86098ad51f98dfc10490ba3e8081bc830000000000000", "" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "62d3286cd706ad9d73caff63f1722775d7e8c731208000000000000", "530f7ba02ae2b04c2fe3e3d27ec095925631a6c2528000000000000", "" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "a6c6503e3c031fdbf6009a89ed60582b7233c5a85de28b16000000000000000", "75c8ed18270b583f16d442a467d32bf95c5e491e9b8523798000000000000000", "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 is (dec) 99999999977^7" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "bf84d1f85cf6b51e04d2c8f4ffd03532d852053cf99b387d4000000000000000", "397ba5a743c349f4f28bc583ecd5f06e0a25f9c6d98f09134000000000000000", "" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "6db11c3a4152ed1a2aa6fa34b0903ec82ea1b88908dcb482000000000000000", "ac8ac576a74ad6ca48f201bf89f77350ce86e821358d85920000000000000000", "" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "3001d96d7fe8b733f33687646fc3017e3ac417eb32e0ec708000000000000000", "925ddbdac4174e8321a48a32f79640e8cf7ec6f46ea235a80000000000000000", "" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "1029048755f2e60dd98c8de6d9989226b6bb4f0db8e46bd1939de560000000000000000000", "51bb7270b2e25cec0301a03e8275213bb6c2f6e6ec93d4d46d36ca0000000000000000000", "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 is 99999999977^8" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "1c5337ff982b3ad6611257dbff5bbd7a9920ba2d4f5838a0cc681ce000000000000000000", "520c5d049ca4702031ba728591b665c4d4ccd3b2b86864d4c160fd2000000000000000000", "" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "57074dfa00e42f6555bae624b7f0209f218adf57f73ed34ab0ff90c000000000000000000", "41eb14b6c07bfd3d1fe4f4a610c17cc44fcfcda695db040e011065000000000000000000", "" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "d8ed7feed2fe855e6997ad6397f776158573d425031bf085a615784000000000000000000", "6f121dcd18c578ab5e229881006007bb6d319b179f11015fe958b9c000000000000000000", "" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "2a462b156180ea5fe550d3758c764e06fae54e626b5f503265a09df76edbdfbfa1e6000000000000000000000000", "1136f41d1879fd4fb9e49e0943a46b6704d77c068ee237c3121f9071cfd3e6a00315800000000000000000000000", "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "c1ac3800dfb3c6954dea391d206200cf3c47f795bf4a5603b4cb88ae7e574de4740800000000000000000000000", "c0d16eda0549ede42fa0deb4635f7b7ce061fadea02ee4d85cba4c4f7096034193c800000000000000000000000", "" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "19e45bb7633094d272588ad2e43bcb3ee341991c6731b6fa9d47c4018d7ce7bba5ee800000000000000000000000", "1e4f83166ae59f6b9cc8fd3e7677ed8bfc01bb99c98bd3eb084246b64c1e18c3365b800000000000000000000000", "" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "1aa93395fad5f9b7f20b8f9028a054c0bb7c11bb8520e6a95e5a34f06cb70bcdd01a800000000000000000000000", "54b45afa5d4310192f8d224634242dd7dcfb342318df3d9bd37b4c614788ba13b8b000000000000000000000000", "" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "544f2628a28cfb5ce0a1b7180ee66b49716f1d9476c466c57f0c4b2308991784306d48f78686115ee19e25400000000000000000000000000000000", "677eb31ef8d66c120fa872a60cd47f6e10cbfdf94f90501bd7883cba03d185be0a0148d1625745e9c4c827300000000000000000000000000000000", "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime, (dec) 10^143 + 3^4" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "76bb3470985174915e9993522aec989666908f9e8cf5cb9f037bf4aee33d8865cb6464174795d07e30015b80000000000000000000000000000000", "6aaaf60d5784dcef612d133613b179a317532ecca0eed40b8ad0c01e6d4a6d8c79a52af190abd51739009a900000000000000000000000000000000", "" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "6cfdd6e60912e441d2d1fc88f421b533f0103a5322ccd3f4db84861643ad63fd63d1d8cfbc1d498162786ba00000000000000000000000000000000", "1177246ec5e93814816465e7f8f248b350d954439d35b2b5d75d917218e7fd5fb4c2f6d0667f9467fdcf33400000000000000000000000000000000", "" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "7a09a0b0f8bbf8057116fb0277a9bdf3a91b5eaa8830d448081510d8973888be5a9f0ad04facb69aa3715f00000000000000000000000000000000", "764dec6c05a1c0d87b649efa5fd94c91ea28bffb4725d4ab4b33f1a3e8e3b314d799020e244a835a145ec9800000000000000000000000000000000", "" ], ); my %described = (); for my $g (@generate) { my ($nh, $ah, $bh, $info) = @$g; my $a = Math::BigInt->from_hex($ah); my $b = Math::BigInt->from_hex($bh); my $n = Math::BigInt->from_hex($nh); my $ln4 = mpi4s($n); my $la4 = mpi4s($a); my $lb4 = mpi4s($b); my $ln8 = mpi8s($n); my $la8 = mpi8s($a); my $lb8 = mpi8s($b); my $r4 = bound_mpi4($n->copy()); my $i4 = $r4->copy()->bmodinv($n); my $x4 = $a * $b * $i4; $x4->bmod($n); my $xh4 = Math::BigInt->new($x4)->to_hex(); my $r8 = bound_mpi8($n->copy()); my $i8 = $r8->copy()->bmodinv($n); my $x8 = $a * $b * $i8; $x8->bmod($n); my $xh8 = Math::BigInt->new($x8)->to_hex(); die("") if $la4 > $ln4 || $la8 > $ln8; my $desc = "$test_name #NUMBER (gen)"; if ($ln4 > 1) { if (!$described{"2-MPI4"}) { $desc .= " (start of 2-MPI 4-byte bignums)"; $described{"2-MPI4"} = 1; } } if ($ln8 > 1) { if (!$described{"2-MPI8"}) { $desc .= " (start of 2-MPI 8-byte bignums)"; $described{"2-MPI8"} = 1; } } if (length($info) && !$described{$info}) { $desc .= " " . $info; $described{$info} = 1; } my $case = output($test_name, $ln4, $lb4, $ln8, $lb8, str($ah), str($bh), str($nh), str($xh4), str($xh8)); #push(@cases, [$case, $desc, "MBEDTLS_HAVE_INT64"]); -- now doing it differently push(@cases, [$case, $desc]); } output_cases("", @cases); } sub output_cases { my ($explain, @cases) = @_; my $count = 1; for my $c (@cases) { my ($case, $desc, $dep) = @$c; $desc =~ s/NUMBER/$count/; $count++; if (defined($explain) && $desc =~ /EXPLAIN/) { $desc =~ s/EXPLAIN/$explain/; $explain = ""; } my $depends = ""; $depends = "depends_on:$dep\n" if defined($dep) && length($dep); print <<EOF; $desc $depends$case EOF } } # The first number (a power of 2) that won't fit in the number of MPIs # needed for the given number sub bound_mpi4 { my $one = Math::BigInt->new(1); # blsft modifies caller return $one->blsft(bits_mpi4($_[0])); } sub bound_mpi8 { my $one = Math::BigInt->new(1); # blsft modifies caller return $one->blsft(bits_mpi8($_[0])); } # How many bits (a multiple of 32) needed to store the specified number # when using 4-byte MPIs sub bits_mpi4 { return 32 * mpi4s($_[0]); } # How many bits (a multiple of 64) needed to store the specified number # when using 8-byte MPIs sub bits_mpi8 { return 64 * mpi8s($_[0]); } # How many 4-byte MPIs needed to store the specified number sub mpi4s { my ($n) = @_; my $h = $n->to_hex(); return int((length($h) + 7) / 8); } # How many 8-byte MPIs needed to store the specified number sub mpi8s { my ($n) = @_; my $h = $n->to_hex(); return int((length($h) + 15) / 16); } sub output { #run_test(@_); return join(":", @_); } sub str { return '"' . $_[0] . '"'; } ``` The data for the generated test cases (@generate) for mpi-test-core-montmul.pl was created by ``` #!/usr/bin/env perl # # mpi-modmul-gen.pl - randomly generate test cases for mpi-test-core-montmul.pl # use strict; use warnings; use Math::BigInt; use sort 'stable'; my %seen = (); my @primes = ( "3", "7", "B", "29", "101", "38B", "8003", "10001", "800009", "100002B", "37EEE9D", "8000000B", "8CD626B9", # From here they require > 1 4-byte MPI "10000000F", "174876E7E9", "8000000017", "864CB9076D", "1000000000F", "800000000005", "800795D9BA47", "1000000000015", "100000000000051", # From here they require > 1 8-byte MPI "25A55A46E5DA99C71C7", # this is 11111111111111111111111 decimal # 10^143 + 3^4: (which is prime) # 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081 "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", ); my %prime = map { $_ => 1 } @primes; my @moduli = ( [ "3", "" ], [ "7", "" ], [ "B", "" ], [ "29", "" ], [ "FF", "" ], [ "101", "" ], [ "38B", "" ], [ "8003", "" ], [ "10001", "" ], [ "7F7F7", "" ], [ "800009", "" ], [ "100002B", "" ], [ "37EEE9D", "" ], [ "8000000B", "" ], [ "8CD626B9", "" ], [ "10000000F", "" ], [ "174876E7E9", "0x174876E7E9 is prime (dec) 99999999977" ], [ "8000000017", "" ], [ "864CB9076D", "" ], [ "F7F7F7F7F7", "" ], [ "1000000000F", "" ], [ "800000000005", "" ], [ "800795D9BA47", "" ], [ "1000000000015", "" ], [ "100000000000051", "" ], [ "ABCDEF0123456789", "" ], [ "25A55A46E5DA99C71C7", "0x25A55A46E5DA99C71C7 is the 3rd repunit prime (dec) 11111111111111111111111" ], [ "314DC643FB763F2B8C0E2DE00879", "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 is (dec) 99999999977^6" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 is (dec) 99999999977^7" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 is 99999999977^8" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime, (dec) 10^143 + 3^4" ], # 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081 ); #99999999977^2: #ibase=16 ; obase=10 ; 174876E7E9*174876E7E9 #99999999977^3: #ibase=16 ; obase=10 ; 174876E7E9*174876E7E9*174876E7E9 #99999999977^2: 21E19E0C58BACE25211 #99999999977^3: 314DC643FB763F2B8C0E2DE00879 #99999999977^4: 47BF19662275FA2F6845C74942ED1D852E521 #99999999977^5: 6867A5A664437D20ED7941408583AADA2193CE95695209 #99999999977^6: 97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 #99999999977^7: DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 #99999999977^8: 141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 #99999999977^9: 1D42AEA1837AA78C6339224E9B39A483E4AAAF12CE7752E1EA1681082CBC8AB056A36B6299557D7A029 #99999999977^10: 2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 my %mentioned = (); for my $mod (@moduli) { my ($nh, $info) = @$mod; my $n = Math::BigInt->from_hex($nh); my $xxx = $n->to_hex(); die("$xxx != $nh") unless lc($xxx) eq lc($nh); my $cases = ($n < 5) ? 3 : 4; for (my $case = 0; $case < $cases; $case++) { my ($a, $b); for ($a = 0; $a == 0; ) { $a = int(rand($n)); } for ($b = 0; $b == 0; ) { $b = int(rand($n)); } my $cstr = "$a|$b|$n"; if (exists($seen{$cstr})) { # don't repeat ourselves $case--; next; } $seen{$cstr} = 1; my $ah = Math::BigInt->new($a)->to_hex(); my $bh = Math::BigInt->new($b)->to_hex(); my $desc = ""; if (length($info)) { $desc = $info if !$mentioned{$info}; $mentioned{$info} = 1; } elsif (length($nh) > 1 && $prime{$nh} && !$mentioned{$nh}) { $desc = "(0x$nh is prime)"; $mentioned{$nh} = 1; } print <<EOF; [ "$nh", "$ah", "$bh", "$desc" ], EOF } } ``` Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:29:00 +01:00
Tom Cosgrove	79b70f6394	Make a public version of mpi_montg_init() in bignum_new.c and add unit tests ... The unit tests were created by capturing runs of the existing function during execution of existing unit tests. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:28:32 +01:00
Tom Cosgrove	268f96b0ef	Fix Windows builds, which were getting "possible loss of data" ... "bignum_new.c(61,52): warning C4244: 'function': conversion from 'mbedtls_mpi_uint' to 'unsigned int', possible loss of data" Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:17:26 +01:00
Tom Cosgrove	7e655f7b4c	Use new mbedtls_mpi_core_sub() instead of old static mpi_sub_hlp() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:15:44 +01:00
Tom Cosgrove	90c426b932	Tidy up, removing MPI_CORE(), and using the new mbedtls_mpi_core_mla() ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:15:19 +01:00
Jerry Yu	f35ba384ff	Add select ciphersuite entry function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 22:01:58 +08:00
Hanno Becker	71f4b0dda6	Add bignum_new.c starting with MPI_CORE(montmul) for Montgomery multiplication ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 12:09:35 +01:00
Tom Cosgrove	82d3f1e824	Remove bignum_internal.h, moving contents to bignum_core.h ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 12:01:39 +01:00
Jerry Yu	dd1bef788e	Add ciphersuite_info check ... return null if no valid ciphersuite info Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:57:02 +08:00
Jerry Yu	29d9faa468	fix various issues. ... - comments issues - code format style issues - naming improvement. - error return improvements Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:53:43 +08:00
Andrzej Kurek	299b1d6c93	Remove unnecessary psa/crypto.h include ... This is now included in `legacy_or_psa.h`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:42:33 -04:00
Andrzej Kurek	cccb044804	Style & formatting fixes ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:26:02 -04:00
Janos Follath	645ff5b8ff	Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures ... Add the new modulus and the residue structures with low level I/O operations	2022-08-23 09:02:43 +01:00
Andrzej Kurek	7e16ce3a72	Clarify TLS 1.2 dependencies with and without PSA crypto ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	8c95ac4500	Add missing dependencies / alternatives ... A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	25f271557b	Update SHA and MD5 dependencies in the SSL module ... The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	0ce592169e	Use hash_info_get_size in ssl_tls12_client ... This way the code does not rely on the MBEDTLS_MD_C define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	a242e83b21	Rename the sha384 checksum context to reflect its purpose ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:02:04 -04:00
Gilles Peskine	e5018c97f9	Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake ... Driver-only hashes: EC J-PAKE	2022-08-22 17:28:15 +02:00
Gilles Peskine	20ebaac85e	Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1 ... Be explicit about constant time bignum functions that must take a 0 or 1 condition value	2022-08-22 17:24:04 +02:00
Gilles Peskine	03f1c39ac7	Merge pull request #6171 from mprse/md_x509_test ... Driver-only hashes: X.509	2022-08-22 17:18:47 +02:00
Janos Follath	2e328c8591	Remove confusing const qualifier ... Since a is not a pointer, it is passed by value and declaring it const doesn’t make any sense and on the first read can make me miss the fact that a is not a pointer. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 11:19:10 +01:00
Janos Follath	c459641ad1	Bignum: add missing limb qualifiers ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 10:04:52 +01:00
Janos Follath	af3f39c01c	Fix typos ... Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <Werner.Lewis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 09:08:04 +01:00
Jerry Yu	5725f1cf3a	Align ciphersuite with overwrite. ... Selected ciphersuite MUST be same with ciphsersuite of PSK. Overwrite the old ciphersuite with the one of PSK. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 17:50:27 +08:00
Jerry Yu	01e42d2d4c	fix issues in export handshake psk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 13:00:07 +08:00
Jerry Yu	9f7f646b11	Revert "remove psk key when ephemeral selected" ... This reverts commit 5c28e7aa0e. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	e9d4fc09a3	fix binder value security issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	24b8c813c4	fix comments and wrong initial value issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:45 +08:00
Jerry Yu	5d01c05d93	fix various issues ... - wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:01 +08:00
Jerry Yu	6cf6b47b5c	fix format and comment issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:54:53 +08:00
Dave Rodgman	beb4fc0723	Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key ... ssl_tls12_server: fix potential NULL-dereferencing if local certifica…	2022-08-19 20:22:59 +01:00
Leonid Rozenboim	19e5973566	mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing ... Avoid the shorthand practice of the form 'x = func(foo)->bar' which exposes the code to NULL pointer de-referencing when the 'func()' returns a NULL pointer. The first chunk is for when the curve group code is not recognized by the library, and is cleanly rejected if offered. The second chunk addresses the unlikely case of an internal error: if 'mbedtls_pk_can_do()' returns TRUE, it should rule out 'mbedtls_pk_ec()' returning a NULL, unless there is a regression. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-19 11:49:22 -07:00
Janos Follath	a95f204cd3	Improve documentation ... Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com> Co-authored-by: Minos Galanakis <minos.galanakis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	ca5688e10c	Improve coding style ... Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	b7a88eca42	Bignum: Apply naming conventions ... Numbers: - A, B for mbedtls_mpi_uint* operands - a, b for mbedtls_mpi_uint operands - X or x for result - HAC references where applicable Lengths: - Reserve size or length for length/size in bytes or byte buffers. - For length of mbedtls_mpi_uint* buffers use limbs - Length parameters are qualified if possible (eg. input_length or a_limbs) Setup functions: - The parameters match the corresponding structure member's name - The structure to set up is a standard lower case name even if in other functions different naming conventions would apply Scope of changes/conventions: - bignum_core - bignum_mod - bignum_mod_raw Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	6b8a4ad0d8	Bignum: update const qualifiers ... While at it, mark parameters based on their role. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Dave Rodgman	c947751a5f	Fix ECDSA signature verification edge-case ... For R and S equal to 1, ensure the public key is checked for validity. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-19 11:16:37 +01:00
Neil Armstrong	ecaba1c9b2	Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Neil Armstrong	0d76341eac	Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Przemek Stekiel	bc3906c58f	pem_pbkdf1(): optimize psa version ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:36:57 +02:00
Przemek Stekiel	bf01c64e9d	oid.c: unify dependencies (VIA_MD_OR_PSA->VIA_LOWLEVEL_OR_PSA) ... *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing reference -> drivers *** x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	4146525ce9	Fix compilation guard (comment) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	0cd6f08e6f	pem.c: fix style issues (redundant spaces) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	d23a4efe2c	pem.c: remove redundant compilation guard ... If MBEDTLS_MD5_C is not defined MBEDTLS_USE_PSA_CRYPTO must be defined due to PEM_RFC1421. *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing reference -> drivers *** x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	c410ccc528	Include psa/crypto.h in legacy_or_psa.h ... It is needed for PSA_WANT_ALG_xxxx symbols *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing reference -> drivers *** x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	4092ff9ba9	pem.c: add internal macro to increase code readability ... *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing reference -> drivers *** x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	829e97d029	Fix include order ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	76b753bbb7	Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files ... This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled. So the build should not attempt to enable pem_pbkdf1. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	81799fd9d8	pem.c, test_suite_pem: fix dependency MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA->MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA ... *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 *** Comparing reference -> drivers *** x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	be92bee58a	pem.c: Fix conditional compilation flags ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	a68d08f7d1	pem.c: adjust for bulid without md ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	de81028f00	Adjust dependencies in library/oid.c ... *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	fd18366965	Adjust declared dependencies in library/x509* ... *** Comparing before-default -> after-default *** x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 *** Comparing before-full -> after-full *** x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Ronald Cron	f3f6b0a5c3	Merge pull request #6123 from yuhaoth/pr/finialize-tls13-serialize_session_save_load ... TLS 1.3:finalize tls13 serialize session save and load	2022-08-19 08:16:05 +02:00
Leonid Rozenboim	70dfd4c8ac	ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. ... Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-18 14:39:37 -07:00
Tom Cosgrove	583816caaf	Be explicit about constant time bignum functions that must take a 0 or 1 condition value ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-18 14:09:18 +01:00
Dave Rodgman	92cd8642fa	Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a ... Remove encoding width suffix from Arm bignum assembly	2022-08-18 08:48:03 +01:00
Jerry Yu	e28d9745a1	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 15:44:03 +08:00
Jerry Yu	3419107e8d	Add checks for ticket and resumption_key fields ... From RFC 8446 and the definition of session, we should check the length. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 11:28:41 +08:00
Dave Rodgman	86c333e79e	Add explicit cast to satisfy compiler ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 16:57:26 +01:00
Jerry Yu	e36fdd676c	Change signature of tls13_session_save ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-17 21:50:25 +08:00
Dave Rodgman	392f714153	Fix type used for capturing TLS ticket generation time ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 12:38:24 +01:00
Dave Rodgman	a7448bf19d	Merge pull request #6141 from mpg/driver-hashes-rsa-v21 ... Driver hashes rsa v21	2022-08-16 09:52:39 +01:00
Janos Follath	cc93908b88	Bignum: Declare loop variable in loop head ... In the new bignum files (bignum_core.c, bignum_mod_raw.c and bignum_mod.c) the loop variables are declared in the loop head wherever this change is beneficial. There are loops where the loop variable is used after the end of the loop (this might not be good practice, but that is out of scope for this commit) and others where there are several loop variables and declaring them there would hurt readability. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 12:08:49 +01:00
Janos Follath	620c58ced9	Bignum: make const placement consistent ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:58:42 +01:00
Janos Follath	ed5c8d3d1e	Bignum: make modulus value const ... The modulus value won't change during normal operations, make this clear in the struct and the function signatures. This won't prevent the caller from modifying the passed buffer, but might give a hint and reinforces the message of the documentation. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:50:22 +01:00
Janos Follath	138f51c5c8	Fix alphabetic order in makefiles ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:38:30 +01:00
Gabor Mezei	fd65e82753	Rename structure elements ... Use better names for structure elements and adopting the convention of the other modules. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 18:09:12 +02:00
Gabor Mezei	c414ba3fc0	Simplify code ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 17:59:53 +02:00
Gabor Mezei	5a5c0c5f0a	Move the declaration of variables to their scope of usage ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:40:09 +02:00
Gabor Mezei	7f93264ab1	Change struct element order ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:37:27 +02:00
Gabor Mezei	89e31460db	Typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:36:56 +02:00
Dave Rodgman	7b1be55484	Merge pull request #5993 from eliteraspberries/android-soname ... Allow non-versioned library soname.	2022-08-12 13:49:55 +01:00
Gabor Mezei	5f56df44f0	Remove redundant check ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 14:41:54 +02:00
Gabor Mezei	bf9da1dfb1	Do not read if output pointer is NULL ... Skip reading if output pointer is NULL even if the length of the input buffer is 0. The memory sanitizer will mark this as an error. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 14:11:56 +02:00
Mansour Moufid	6a8673092f	Allow non-versioned library soname. ... Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>	2022-08-12 11:02:01 +01:00
Janos Follath	6318468183	Improve bignum documentation ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 17:42:59 +01:00
Janos Follath	a30b4e5692	Bignum: remove duplicate documentation from source ... These functions have full documentation in the header. Maintaing two copies does not worth the effort and having an out of sync reduced duplicate is not helpful. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 17:15:18 +01:00
Janos Follath	2ab2d3e3e9	Inline mpi_core_clear() ... This used to resize MPIs in the legacy interface, which is not needed/possible as the new interface has fixed size MPIs. Inlining this function makes the code easier to read and maintain, while there is no obvious drawback to it. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 16:16:49 +01:00
Janos Follath	56a10f97ba	Bignum: remove unnecessary NULL pointer checks ... A null pointer dereference, or null pointer plus small offset, is a clean runtime error in most environments. So it's not particularly useful to protect against this. While at it make a null pointer check that is actually necessary more robust. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 15:19:00 +01:00
Janos Follath	296ea66442	Bignum: clean up use of enums ... - Made use of enums in struct and function declaration - All enums are handled by switch case now - If the switch does nothing on default, omit the default case to make compiler warnings more powerful - The two enums are now disjoint and the value 1 is skipped to make mistakes easier to detect Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 14:58:29 +01:00
Jerry Yu	5c28e7aa0e	remove psk key when ephemeral selected ... ephemeral is selected, `handshake->psk` must be removed. Otherwise the encrypt key will be caculate fail. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	56acc9421c	Write key_share base on key_exchange mode. ... In ServerHello, write key share should base on key_exchange mode, not base on configuration. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	f0bad2554a	Continue check next psk key when binder mismatch ... with matched identity and mismatch binder, should check next psk key. Exit with error will break multi-psk cases. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	32e1370fbc	Add config check for pre_shared_key parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	e95c8af266	Align ciphersuite with psk key ... With OpenSSL and GnuTLS client, if the MAC of ciphersuite does not match selected binder, client will reject connection. This change is to select ciphersuite base on algo of psk binder. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	ccc68a466e	change handshake psk key type for tls13 ... PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is decided when create binder Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Ronald Cron	295d93ebe8	Add psk handshake with gnutls ... Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	40f3771e18	Add handshake psk export function. ... Rename `ssl_tls13_get_psk` and export the function. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Przemek Stekiel	71bf28bb34	Fix include file path ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	f98b57f231	Initialize status/ret to error value ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	2aae040615	make ret_from_status() global function and move it to has_info.[ch] ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	712bb9c5af	Use more suitable function for checking if hash is supported ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	79b99f47a1	Fix definition of MD_OR_PSA macros ... The code will make the decision based on availability of MD, not of MD+this_hash. The later would only be possible at runtime (the hash isn't known until then, that's the whole point of MD), so we'd need to have both MD-based and PSA-based code paths in a single build, which would have a very negative impact on code size. So, instead, we choose based on the presence of MD, which is know at compile time, so we only have one of the two code paths in each build. Adjust the macros so that they match the logic of the code using them. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	077ba8489d	PKCS#1 v2.1 now builds with PSA if no MD_C ... Test coverage not there yet, as the entire test_suite_pkcs1_v21 is skipped so far - dependencies to be adjusted in a future commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	faa3b4e0c3	Get rid of md_info outside helper functions ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	35c09e4824	Introduce compute_hash() function ... This allows callers not to worry with md_info and makes it easier to provide a PSA version for when MD_C is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f701acc088	Extract common code into hash_mprime() ... This will also make it easier to provide a PSA-based version for when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f3a6755450	Simplify callers of mgf_mask() ... Some of them no longer need md_ctx, some of those no longer need the exit dance that was used to free it, or need it on a smaller scope. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	259c213545	Tune API of internal function mgf_mask in RSA ... This is a first step towards making a version of this function that uses PSA when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Dave Rodgman	8a9f88899d	Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code ... ssl_tls: avoid the appearance of a potential NULL dereferencing	2022-08-11 10:12:34 +01:00
kXuan	9ac6b28e27	ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed ... Since 11e9310 add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it should not init aes_ctx again in mbedtls_ctr_drbg_seed. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-11 16:38:45 +08:00
Janos Follath	d0895708e2	Bignum: move internal constants to headers ... Now that the check_names script allows it, we can do so. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-10 13:32:16 +01:00
kXuan	11e9310fd1	ctr_drbg: fix free uninitialized aes context ... Application may enabled AES_ALT and define mbedtls_aes_context by its own. The initial state of user-defined mbedtls_aes_context may not all byte zero. In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES context nested in the ctr_drbg context. And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES context without calling mbedtls_aes_init. If user-defined AES context requires an non-zero init, the mbedtls_aes_free call in mbedtls_ctr_drbg_free is illegal. This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init. So aes context will always be initialized to correct state. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-10 16:43:28 +08:00
Leonid Rozenboim	e9d8dcdbf5	ssl_tls: avoid the appearance of a potential NULL dereferencing ... Looking at the bigger picture it is clear that if `ssl->session` is NULL, there will be a failure much earlier, and that is well protected from, however, the practice of dereferencing a pointer which has not been verified in prior for validity goes against secure coding practices. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-09 12:34:30 -07:00
Janos Follath	c47c0569d4	Remove VALIDATE macros from bignum_core.c ... They are deprecated and are declared to be empty anyway. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:54:43 +01:00
Janos Follath	d1baedb786	Bignum: extract bignum_mod.h functions ... Extract functions declared in bignum_mod.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point This makes library/bignum_new.c empty and therefore it is deleted. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:44:53 +01:00
Janos Follath	0ded631879	Bignum: extract bignum_mod_raw.h functions ... Extract functions declared in bignum_mod_raw.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:34:54 +01:00
Janos Follath	3ca0775e59	Bignum: extract bignum_core.h functions ... Extract functions declared in bignum_core.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 11:45:47 +01:00
Dave Rodgman	f421d45869	Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype ... Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled	2022-08-09 11:27:42 +01:00
Dave Rodgman	953ce3962f	Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 ... Add rsa pss rsae for tls12	2022-08-09 10:21:45 +01:00
Janos Follath	dae1147596	Improve Bignum documentation ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-08 11:50:02 +01:00
Janos Follath	8ff0729dd7	Fix typos in Bignum documentation ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-08 08:39:52 +01:00
Gabor Mezei	6666914b76	Revert "Move Bignum macros to common header" ... This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078. Reverting commit due the macros are meant to be local and not following the naming convention. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:10:51 +01:00
Gabor Mezei	37b06360b3	Add documentation for new bignum functions ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:10:51 +01:00
Gabor Mezei	c0b9304f92	Use value as numerical value instead of bitfield value ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	d8f5bc2d3d	Free the correct struct element ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	535f36d203	Unify parameter naming ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	e66b1d47ed	Typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	8b718b5a66	Add bounds check to residue input ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	23bdeca64d	Add core constant time comparison ... Unfortunately reusing the new function from the signed constant time comparison is not trivial. One option would be to do temporary conditional swaps which would prevent qualifying input to const. Another way would be to add an additional flag for the sign and make it an integral part of the computation, which would defeat the purpose of having an unsigned core comparison. Going with two separate function for now and the signed version can be retired/compiled out with the legacy API eventually. The new function in theory could be placed into either `library/constant_time.c` or `library/bignum_new.c`. Going with the first as the other functions in the second are not constant time yet and this distinction seems more valuable for new (as opposed to belonging to the `_core` functions. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	5f016650d7	Reuse Bignum core I/O functions ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	91dc67d31c	Allow (NULL, 0) as a representation of 0 ... - We don't check for NULL pointers this deep in the library - Accessing a NULL pointer when the limb number is 0 as a mistake is the very similar to any other out of bounds access - We could potentially mandate at least 1 limb representation for 0 but we either would need to enforce it or the implementation would be less robust. - Allowing zero limb representation - (NULL, 0) in particular - for zero is present in the legacy interface, if we disallow it, the compatibility code will need to deal with this (more code size and opportunities for mistakes) In summary, interpreting (NULL, 0) as the number zero in the core interface is the least of the two evils. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	4670f88991	Reuse Bignum helper functions ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	4614b9ad1b	Move Bignum macros to common header ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	f1d617deb8	Add tests for big endian core I/O ... The test case where there were extra limbs in the MPI failed and this commit contains the corresponding fix as well. (We used to use the minimum required limbs instead of the actual limbs present.) Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:06:31 +01:00
Janos Follath	ba5c139e4c	Add more validation to modulus life cycle ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Janos Follath	281ccda8a5	Clean up mpi_mod_init/free ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Janos Follath	5005edb36c	Fix typos ... Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	c5328cf9a6	Add a set of I/O functions for the modulus structure ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	b903070cec	Add a set of I/O functions ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	0c655572dc	Build the new bignum_new.c file ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	f049dbfe94	Add the new modulus and the residue structures ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gilles Peskine	b3edc1576c	Merge pull request #2602 from edsiper/crt-symlink ... x509_crt: handle properly broken links when looking for certificates	2022-08-03 13:05:29 +02:00
Gilles Peskine	07e7fe516b	Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve ... Validation remove and change in files related to curve in library	2022-08-03 13:05:16 +02:00
Gilles Peskine	7e1ee0f04b	Merge pull request #6114 from mman/development ... Use double quotes to include private header file psa_crypto_cipher.h	2022-08-03 13:04:57 +02:00
Martin Man	4741e0b56c	Use double quotes to include private header file psa_crypto_cipher.h ... Signed-off-by: Martin Man <mman@martinman.net> Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>	2022-08-02 12:44:35 +02:00
Aditya Patwardhan	3096f331ee	Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is ... enabled Added the changelog.d entry Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>	2022-08-02 11:15:18 +05:30
Dave Rodgman	919ff15ecf	Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020 ... Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined	2022-07-29 17:08:11 +01:00
Dave Rodgman	27036c9e28	Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments ... Fix a/an typos in doxygen and other comments	2022-07-29 12:59:05 +01:00
Jerry Yu	c3bf748dc7	fix vertical alignment ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-29 10:27:17 +08:00
Jerry Yu	09a99fcf8a	Add rsa_pss_rsae_* sig algos for tls12 default ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	379b1ff3a5	remove useless comment ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	95b743ca17	Rename get_pk_type_and_md_alg ... The function is for both tls12 and tls13 now. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	693a47ab1d	add rsa_pss_rsae_* support in tls12 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Tuvshinzaya Erdenekhuu	86669de348	Broke 2 long lines ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-28 10:31:16 +01:00
Dave Rodgman	aba26d0099	Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new ... Remove use of SSL session compression	2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard	f6b8c3297a	Merge pull request #6065 from mpg/explore2 ... Driver-only hashes: RSA 1.5 and PK + strategy doc	2022-07-28 10:43:38 +02:00
Tom Cosgrove	ce7f18c00b	Fix a/an typos in doxygen and other comments ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-28 05:50:56 +01:00
Manuel Pégourié-Gonnard	68429fc44d	Fix a few more typos ... Update link while at it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-27 20:44:02 +02:00
Tuvshinzaya Erdenekhuu	22f3654324	Remove NULL pointer validation in ecp.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:21:48 +01:00
Tuvshinzaya Erdenekhuu	a891f83803	Re-introduce ENUM validation in ecjpake.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu	2b1ecdaf4e	Remove NULL pointer validation in ecjpake.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu	f69cac784a	Reintroduce enum validation ecdh.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:43:38 +01:00
Tuvshinzaya Erdenekhuu	7857caadcd	Remove NULL pointer validation in ecdh.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:40:47 +01:00
Tuvshinzaya Erdenekhuu	375950f119	Remove NULL pointer validations in ecdsa.c ... Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:28:20 +01:00
Thomas Daubney	31e03a8e15	Replace hard-coded zeroes for constant ... Replace two occurances of hard-coded zero for MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Thomas Daubney	54e38ea9cd	Remove remaining references to compression in docs ... Some references to compression exist in the docs. This commit removes those instances. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Thomas Daubney	20f89a9605	Remove uses of SSL compression ... Remove or modify current uses of session compression. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:03 +01:00
Manuel Pégourié-Gonnard	de9ffe37ab	Fix typos in hash_info.[ch] ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-26 10:20:52 +02:00
Ronald Cron	e579ece305	Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load ... TLS 1.3: Add serialize session save load I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123. Thus I am ok to merge it as it is.	2022-07-23 08:57:11 +02:00
Ronald Cron	340c559cb3	Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks ... TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.	2022-07-23 08:50:45 +02:00
Jerry Yu	13ab81d5ac	Add handshake failure in pre_shared_key withou psk_kex_modes ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:17:11 +08:00
Jerry Yu	bc7c1a4260	fix typo/format/name issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:09:40 +08:00
Jerry Yu	438ddd835b	Add tls13 session save/load ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	a66fecebe7	Add endpoint/ticket_flag field for session ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	6f1db3fc92	fix format and potential non-PSK fail issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:05:59 +08:00
Jerry Yu	ce6ed7076a	Change the order of key_exchange determine ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:49:53 +08:00
Jerry Yu	ba9b6e9e53	fix unkown identity case ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:45:05 +08:00
Jerry Yu	568ec2502a	fix format/name issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:27:34 +08:00
Jerry Yu	2f0abc94d8	fix typo/type/format issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 19:34:48 +08:00
Ronald Cron	4beb870fa8	Merge pull request #6064 from xkqian/tls13_add_psk ... Add psk code to tls13 client side	2022-07-22 11:35:05 +02:00
Dave Rodgman	a948f0588c	Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4 ... bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5	2022-07-21 17:34:48 +01:00
Jerry Yu	77f0148e11	Add psk/psk_ephemeral key exchange check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 23:27:22 +08:00
Ronald Cron	32578b3bd0	Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket ... TLS 1.3:add tls13 write new session ticket Validated by the internal CI and Travis.	2022-07-21 16:17:35 +02:00
XiaokangQian	bee71453b2	Improve the buffer pointer check in write pre_shared key ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages ... Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	7c12d31813	Refine comments for psk related code ... Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	8698195566	Address comments of various issues ... Improve comments Change coding style Rename functions Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	adab9a6440	Fix transcript issues and add cases against openssl ... Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	008d2bf80b	Address comments in psk client review ... Improve comments Refine cipher suite related code in psk Refine get_psk_offered() Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	eb69aee6af	Add psk code to tls13 client side ... Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard	73692b7537	Rework macros expressing dependencies ... Fix usage with sed: s/MBEDTLS_OR_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/ s/MBEDTLS_USE_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/ Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-21 12:11:53 +02:00
Jerry Yu	96a2e368dc	TLS 1.3: Add pre-shared-key multiple psk parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 18:00:13 +08:00
Jerry Yu	6119715e05	Change type cast to size_t ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:28:02 +08:00
Jerry Yu	1c9247cff4	TLS 1.3: Add pre_share_key last ext check ... From RFC, pre_share_key must be the last one. Add check for it. And with/without psk, it should be check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	352cd7db59	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	daf375aa8b	fix issues of check_binder_match ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	bb852029f4	fix naming issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	6e74a7e3c7	Add check return flags ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	997549353e	fix various code format issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	032b15ce5e	Add write selected_identity ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	1c105560b4	add offered psks parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	6dcd18d55b	export hdr checksum function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Ronald Cron	bc817bac76	TLS 1.3: Limit scope of tls13_kex_modes handshake field ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-21 09:43:53 +02:00
Jerry Yu	fca4d579a4	fix various issues ... - unnecessary comments - format issue - improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 10:37:48 +08:00
Ronald Cron	799077177b	TLS 1.3: Use selected key exchange mode field ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:58 +02:00
Ronald Cron	853854958f	TLS 1.3: Add selected key exchange mode field ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:22 +02:00
Ronald Cron	7f9ccfeccc	TLS 1.3: Remove unnecessary key exchange mode check ... If there is a PSK involved in the key exchange and thus no certificate we do not go through the MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there is no reason to check that in the coordination function of that state. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:47:23 +02:00
Ronald Cron	2d8b7ac898	TLS 1.3: Fix selected key exchange mode check ... ECDHE operations have to be done in ephemeral and PSK-ephemeral key exchange mode, not just ephemeral key exhange mode. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:46:58 +02:00
Dave Rodgman	fa40b02da3	Remove use of lstat ... lstat is not available on some platforms (e.g. Ubuntu 16.04). In this particular case stat is sufficient. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 16:10:33 +01:00
Jerry Yu	6cb4fcd1a5	Remove key exchange mode check. ... This change does not meet RFC requirements. It should be revert after key exchange mode issue fixed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	e67bef4aba	Add tls13 write new session ticket ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	251a12e942	Add dummy session save ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:40:59 +08:00
Dave Rodgman	7085aa42ee	Merge pull request #5896 from wernerlewis/aes_shallow_copy ... Refactor AES context to be shallow-copyable	2022-07-20 15:16:37 +01:00
Dave Rodgman	103f8b6506	Spelling and grammar improvements ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:08 +01:00
Dave Rodgman	935154ef04	Don't increase failure count for dangling symlinks ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:07 +01:00
Eduardo Silva	e1bfffc4f6	x509_crt: handle properly broken links when looking for certificates ... On non-windows environments, when loading certificates from a given path through mbedtls_x509_crt_parse_path() function, if a symbolic link is found and is broken (meaning the target file don't exists), the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is not honoring the default behavior of just skip the bad certificate file and increase the counter of wrong files. The problem have been raised many times in our open source project called Fluent Bit which depends on MbedTLS: https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209 The expected behavior is that if a simple certificate cannot be processed, it should just be skipped. This patch implements a workaround with lstat(2) and stat(2) to determinate first if the entry found in the directory is a symbolic link or not, if is a simbolic link, do a proper stat(2) for the target file, otherwise process normally. Upon find a broken symbolic link it will increase the counter of not processed certificates. Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>	2022-07-20 14:36:12 +01:00
Jerry Yu	3afdf36de7	Add hash length check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 18:12:08 +08:00
Jerry Yu	0a430c8aaf	Rename resumption_key and the hardcode len ... `resumption_key` is better name. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	b14413804a	Remove ticket_flags ... It should be added later. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	08aed4def9	fix comments and time_t type issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a0446a0344	Add check_return flag ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	4e6c42a533	fix various issues ... - wrong typo - unnecessary comments/debug code - wrong location Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	cb3b1396f3	move resume psk ticket computation to end ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	af2c0c8dd6	fix various comment/format issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state ... Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	f8a4994ec7	Add tls13 new session ticket parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	c62ae5f539	Add new session ticket message check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a270f67340	Add tls13 session fields ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard	d82a9edc63	Rm now-duplicate helper function ... Again, the guards are slightly different, let's see in the CI if this causes any trouble. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	130fa4d376	Rm local helper now that a global one is available ... There is a small difference: the global function only works for hashes that are included in the build, while the old one worked for all hashes regardless of whether they were enabled or not. We'll see in the CI is this causes any issues. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	abac037a7b	Migrate from old inline to new actual function. ... This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/*.c tests/suites/*.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	4772884133	New internal module for managing hash information ... Using static inline functions is bad for code size; the function from md_internal.h was already used from 3 different C files, so already was copied at least 3 times in the library, and this would only get worse over time. Use actual functions, and also share the actual data between them. Provide a consistent set of operations. Conversion to/from human-readable string was omitted for now but could be added later if needed. In the future, this can be used to replace other similar (inline) functions that are currently scattered, including (but perhaps not limited to): - mbedtls_psa_translate_md() from psa_util.h - mbedtls_md_info_from_psa() (indirectly) from psa_crypto_hash.h - get_md_alg_from_psa() from psa_crypto_rsa.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Peter Korsgaard	c0546e351f	bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5 ... Fixes #1910 With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline assembly fails to build with GCC < 5 in PIC mode with the following error: include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’ This is because older GCC versions treated the x86 ebx register (which is used for the GOT) as a fixed reserved register when building as PIC. This is fixed by an improved register allocator in GCC 5+. From the release notes: Register allocation improvements: Reuse of the PIC hard register, instead of using a fixed register, was implemented on x86/x86-64 targets. This improves generated PIC code performance as more hard registers can be used. https://www.gnu.org/software/gcc/gcc-5/changes.html As a workaround, detect this situation and disable the inline assembly, similar to the MULADDC_CANNOT_USE_R7 logic. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2022-07-18 17:31:13 +01:00
Manuel Pégourié-Gonnard	1c402a4217	Remove macro that's no longer used ... It was only used in test_suite_pk which was fixed to no longer compute hashes in a temporary buffer. Also, it's not entirely clear is this macro was really a good idea: perhaps it's better for each user to have an explicit #if defined(MBEDTSL_USE_PSA_CRYPTO) and use either MBEDTLS_MD_MAX_SIZE or PSA_HASH_MAX_SIZE in each branch of that #if. So, removing it for the time being. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 12:49:19 +02:00
Ronald Cron	d5b1eb51db	Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext ... TLS 1.3: PSK: Add parser of psk kex mode ext on server side	2022-07-18 11:34:24 +02:00
Hanno Becker	907a367b50	Remove explicit width suffixes from Arm bignum assembly ... Within the M-profile of the Arm architecture, some instructions admit both a 16-bit and a 32-bit encoding. For those instructions, some assemblers support the use of the .n (narrow) and .w (wide) suffixes to force a choice of instruction encoding width. Forcing the size of encodings may be useful to ensure alignment of code, which can have a significant performance impact on some microarchitectures. It is for this reason that a previous commit introduced explicit .w suffixes into what was believed to be M-profile only assembly in library/bn_mul.h. This change, however, introduced two issues: - First, the assembly block in question is used also for Armv7-A systems, on which the .n/.w distinction is not meaningful (all instructions are 32-bit). - Second, compiler support for .n/.w suffixes appears patchy, leading to compilation failures even when building for M-profile targets. This commit removes the .w annotations in order to restore working code, deferring controlled re-introduction for the sake of performance. Fixes #6089. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-07-15 12:00:58 +01:00
Manuel Pégourié-Gonnard	f88b1b5375	Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros ... Currently just replacing existing uses, but the real point of having these conditions as a single macro is that we'll be able to use them in tests case dependencies, see next commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-15 12:08:14 +02:00
Jerry Yu	854dd9e23f	fix comment issue ... Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-15 14:38:38 +08:00
Jerry Yu	299e31f10e	fix various issue ... - remove unused test case - add alert message - improve readabitlity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-13 23:06:36 +08:00
Paul Elliott	af4b90db3f	Revert "Add missing library/psa_crypto_driver_wrappers.c" ... This reverts commit c2a9387110 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 11:30:17 +01:00
Paul Elliott	81c69b547a	Revert "Revert "Revert "Add generated files for 3.2.0 release""" ... This reverts commit 185d24ba0e. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 11:29:34 +01:00
Jerry Yu	e19e3b9eb8	Add psk_key_exchange_modes parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:35 +00:00
Paul Elliott	cd08ba0326	Bump version to 3.2.1 ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:55 +01:00
Dave Rodgman	c2a9387110	Add missing library/psa_crypto_driver_wrappers.c ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-12 10:51:55 +01:00
Dave Rodgman	185d24ba0e	Revert "Revert "Add generated files for 3.2.0 release"" ... This reverts commit 7adb8cbc0e. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:44 +01:00
Manuel Pégourié-Gonnard	043c8c5de8	Add USE_PSA version of PK test functions ... While at it, also fix buffer size for functions that already depend on USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that use it or not depending on USE_PSA. The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function always uses MD - currently this is the case with pk_sign_verify_restart() as it is incompatible with USE_PSA anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard	5508673832	Add helper macros for dependencies based on USE_PSA ... For now in an internal header as it's the safest option and that way we can change whenever we want. Later on if we think the macros can be useful to applications as well then we can move them to a public location. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	3f4778995e	Rm dependency on MD in psa_crypto_rsa.c ... The previous commit made the PKCS#1v1.5 part of rsa.c independent from md.c, but there was still a dependency in the corresponding part in PSA. This commit removes it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	fe2b9b5397	Make mbedtls_oid_get_md_alg() always available ... This is a step towards building with RSA PKCS#1v1.5 without MD. Also loosen guards around oid data: the OID definitions clearly don't depend on our software implementation. We could simply have no dependency as this is just data. But for the sake of code size, let's have some guards so that people who don't use MD5, SHA1 or RIPEMD160 don't have to pay the price for them. Note: this is used for RSA (PKCS#v1.5) signatures among other things, an area that is not influenced by USE_PSA, so the guards should not depend on it either. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	f493f2ad1d	Use md_internal_get_size() in rsa.c ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	3356b89b64	Add missing guard around call to MD ... PKCS#1 v1.5 mostly does not need hash operations. This is a first step towards allowing builds with PKCS#1 v1.5 only (no v2.1) without MD. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	a370e06e30	Avoid dependency of PK on MD ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	d8a298e1fc	Add internal MD size getter ... Modules / tests that only need to get the size of a hash from its type, without actually computing a hash, need not depend on MD_C. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Paul Elliott	7adb8cbc0e	Revert "Add generated files for 3.2.0 release" ... This reverts commit cb21f2eab3. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 18:18:30 +01:00
Paul Elliott	cb21f2eab3	Add generated files for 3.2.0 release ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	20362cd1ca	Bump library and so versions for 3.2.0 release ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	f518f81d41	Ensure return for mbedtls_ssl_write_alpn_ext() is checked ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 12:37:47 +01:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash ... Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Andrzej Kurek	21b50808cd	Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing ... Use a more straightforward condition to note that session resumption is happening. Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 03:26:55 -04:00
Werner Lewis	c1999d5746	Add fallback when rk unaligned with padlock ... Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-07-05 11:55:15 +01:00
Andrzej Kurek	92d7417d89	Formatting fixes ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Paul Elliott	072d2b094d	Add pem_free() to other error paths in pk_parse_public_key() ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-04 06:49:26 -04:00
Leonid Rozenboim	116f50cd96	Fix resource leaks ... These potential leaks were flagged by the Coverity static analyzer. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard	4d7af2aee0	Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection ... Permissions 2a: TLS 1.2 ciphersuite selection	2022-07-04 12:37:02 +02:00
Paul Elliott	41aa808a56	Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf ... Turn off stdio buffering with setbuf()	2022-07-04 10:12:22 +01:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk ... Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints ... Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Paul Elliott	c466ec2e73	Fix code formatting ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-01 16:43:25 +01:00
Neil Armstrong	971f30d917	Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 16:23:50 +02:00
Manuel Pégourié-Gonnard	8b8a1610f7	Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check ... Fix the wrong variable being used for TLS record size checks	2022-07-01 12:29:48 +02:00
Jerry Yu	52b7d923fe	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 18:12:44 +08:00
Neil Armstrong	96eceb8022	Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 18:05:05 +02:00
Gilles Peskine	da0913ba6b	Call setbuf when reading or writing files: library ... After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), except: * In ctr_drbg.c, in load_file(), because this is only used for DH parameters and they are not confidential data. * In psa_its_file.c, in psa_its_remove(), because the file is only opened to check its existence, we don't read data from it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:03:40 +02:00
Gilles Peskine	6497b5a1d1	Add setbuf platform function ... Add a platform function mbedtls_setbuf(), defaulting to setbuf(). The intent is to allow disabling stdio buffering when reading or writing files with sensitive data, because this exposes the sensitive data to a subsequent memory disclosure vulnerability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:01:40 +02:00
Ronald Cron	cb67e1a890	Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix ... Improve ASN.1 write tests	2022-06-30 15:42:16 +02:00
Paul Elliott	f6a56cf5ff	Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check ... TLS 1.3: Add missing overread check	2022-06-29 17:01:14 +01:00
Werner Lewis	7656a373b6	Reformat AES changes for readability ... Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Werner Lewis	dd76ef359d	Refactor AES context to be shallow-copyable ... Replace RK pointer in AES context with a buffer offset, to allow shallow copying. Fixes #2147. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Dave Rodgman	5b50f38f92	Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 ... Fix null pointer dereference in mpi_mod_int(0, 2)	2022-06-29 15:02:59 +01:00
Jerry Yu	2fe6c638e2	remove supported check from parse sig algs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	959e5e030b	fix format issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	660cb4209c	Remove pkcs1 from key cert and sig alg map ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	71b18844ff	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:19:49 +08:00
Jerry Yu	9d3e2fa372	Add negative tests ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:19:06 +08:00
Manuel Pégourié-Gonnard	2f244c43b4	Merge pull request #5980 from mprse/md_dep_fix ... Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()	2022-06-29 10:18:41 +02:00
Jerry Yu	c2e0493e6e	Add rsa_pkcs1 for cert sig match ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:31 +08:00
Jerry Yu	cc5391048e	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:30 +08:00
Jerry Yu	ee28e7a21d	add tests for select sig alg ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:17:06 +08:00
Jerry Yu	aebaaaf527	add debug messages ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	430db6b6ff	Remove hack fix for server hybrid issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	a1255e6b8c	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	9bb3ee436b	Revert rsa_pss_rsae_* support for tls12 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	53f5c15155	Add debug message ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	80dd5db808	Remove pkcs1 from certificate verify. ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	d4a71a57a8	Add tls12 algorithms in hybrid mode client hello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	5ef71f2723	remove rsa_pkcs1_* from tls13 support list ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	f085678879	remove unnecessary check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	6272c4d4aa	Revert unnecessary space change ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	96ee23eb88	fix tls12 openssl/gnutls server fail ... To test version negotiation with tls12 OpenSSL/GnuTLS server, If `rsa_pss_rsae_*` were sent to server before `rsa_pkcs_*`, server will return `rsa_pss_rsae_*` as key exchange sig alg. OpenSSL/GnuTLS can work with this case. mbedTLS will fail due to `rsa_pss_rsae_*` unsupported. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	ba5e379697	Revert order of default sig_algs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	3f71ca0941	Remove rsa_pss_rsae_* from tls12 sig_algs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	0c6be8f863	move big function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	3896ac6e5b	fix ordered sig algs fail for openssl ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:06 +08:00
Jerry Yu	f3b46b5082	Add debug message ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:05 +08:00
Jerry Yu	d099cf0325	fix unused variable issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:47 +08:00
Jerry Yu	f55886a217	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	6babfee178	remove out of scope codes ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	fb526693c1	Rename sig_alg cert_key check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	f0cda410a4	remove default sig_hashes ... And add pss_rsae_* sig_algs to fix `Handshake TLS 1.3` test fails, which is part of `test_suite_ssl` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	08524c55f9	remove pkcs1_* support ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	0ebce95785	create tls12/tls13 sig alg support check ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:43 +08:00
Jerry Yu	f249ef7821	refactor get sig algo from pk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:40 +08:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server ... TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Gilles Peskine	d86abf2392	Merge pull request #5861 from wernerlewis/csr_subject_comma ... Fix output of commas and other special characters in X509 DN values	2022-06-28 21:00:49 +02:00
Glenn Strauss	999ef70b27	Add accessors to config DN hints for cert request ... mbedtls_ssl_conf_dn_hints() mbedtls_ssl_set_hs_dn_hints() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-28 12:43:59 -04:00
Neil Armstrong	9f1176a793	Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	9f4606e6d2	Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	0c9c10a401	Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	f7044eaec8	Fix name ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Ronald Cron	e99ec7cb6a	Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc ... TLS 1.3: Fixes and add documentation Validated by the internal CI, no need to wait for the Open CI.	2022-06-28 12:16:17 +02:00
Gabor Mezei	96ae926572	Typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	5471912269	Move switching to handshake transform after sending CCS record ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	05ebf3be74	Revert "Do not encrypt CCS records" ... This reverts commit 96ec831385. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:55:35 +02:00
Przemek Stekiel	4dc874453e	ssl_tls13_parse_certificate_verify(): optimize the code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-28 11:05:42 +02:00
Manuel Pégourié-Gonnard	273453f126	Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next ... Inline mbedtls_x509_dn_get_next() in x509.h	2022-06-28 10:13:58 +02:00
Ronald Cron	11b5332ffc	tls13: Fix certificate extension size write ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	81a334fc02	tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext() ... Some coding style alignement as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	7b8404608a	tls13: Rename ssl_tls13_write_hello_retry_request_coordinate ... Rename ssl_tls13_write_hello_retry_request_coordinate to ssl_tls13_prepare_hello_retry_request as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	fb508b8f21	tls13: Move state changes up to state main handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	63dc463ed6	tls13: Simplify switch to the inbound handshake keys on server side ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	5afb904022	tls13: Move out of place handshake field reset ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	828aff6ead	tls13: Rename server_hello_coordinate to preprocess_server_hello ... Rename server_hello_coordinate to preprocess_server_hello as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	db5dfa1f1c	tls13: Move ServerHello fetch to the ServerHello top handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	9d6a545714	tls13: Re-organize EncryptedExtensions message parsing code ... Align the organization of the EncryptedExtensions message parsing code with the organization of the other message parsing codes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	154d1b68d6	tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	c80835943c	tls13: Fix pointer calculation before space check ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	2827106199	tls13: Add missing buffer overread check ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	b94854f8e3	Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests ... TLS 1.3: Enable and add tests	2022-06-28 09:15:17 +02:00
Glenn Strauss	01d2f52a32	Inline mbedtls_x509_dn_get_next() in x509.h ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-27 14:20:07 -04:00
Dave Rodgman	f5b7082f6e	Merge pull request #5811 from polhenarejos/bug_x448 ... Fix order value for curve x448	2022-06-27 13:47:24 +01:00
Werner Lewis	9b0e940135	Fix case where final special char exceeds buffer ... Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 12:01:22 +01:00
Przemek Stekiel	9e30fc94f3	Remove redundant spaces ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 12:48:35 +02:00
Werner Lewis	b33dacdb50	Fix parsing of special chars in X509 DN values ... Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:19:50 +01:00
Przemek Stekiel	6a5e01858f	ssl_tls13_parse_certificate_verify(): remove md dependency ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:53:13 +02:00
Przemek Stekiel	6230d0d398	mbedtls_x509_sig_alg_gets(): remove md dependency ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:19:04 +02:00
Ronald Cron	cf600bc07c	Comment fixes ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	2b1a43c101	tls13: Add missing overread check in Certificate msg parsing. ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	ad8c17b9c6	tls: Add overread/overwrite check failure tracking ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	e3dac4aaa1	tls13: Add Certificate msg parsing tests with invalid vector lengths ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:42 +02:00
Ronald Cron	07040bb179	Merge pull request #5951 from xkqian/tls13_add_alpn ... Add ALPN extension to the server side	2022-06-27 08:33:03 +02:00
Ronald Cron	9738a8d0fd	Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks ... TLS 1.3: Fix certificate key usage checks	2022-06-27 08:32:17 +02:00
Paul Elliott	668b31f210	Fix the wrong variable being used for TLS record size checks ... Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-06-24 20:09:37 +01:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
XiaokangQian	0b776e282a	Change some comments for alpn ... Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard	93a7f7d7f8	Merge pull request #5954 from wernerlewis/x509_next_merged ... Add mbedtls_x509_dn_get_next function	2022-06-24 09:59:22 +02:00
XiaokangQian	95d5f549f1	Fix coding styles ... Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 05:42:15 +00:00
Przemek Stekiel	1b0ebdf363	Zeroize hkdf_label buffer ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:22:49 +02:00
Przemek Stekiel	38ab400dc4	Adapt code to be consistent with the existing code ... - init status to error - use simple assignment to status - fix code style (spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:05:40 +02:00
XiaokangQian	c740345c5b	Adress review comments ... Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Gabor Mezei	96ec831385	Do not encrypt CCS records ... According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Gabor Mezei	7b39bf178e	Send dummy change_cipher_spec records from TLS 1.3 server ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side ... CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Przemek Stekiel	d5ae365b97	Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand() ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Przemek Stekiel	88e7101d03	Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand() ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard	a82a8b9f4b	Mark internal int SSL functions CHECK_RETURN_CRITICAL ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:55 +02:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard	66b0d61718	Add comments when can_do() is safe to use ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	b64fb62ead	Fix unchecked return value from internal function ... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	e0469b5908	Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix ... Add a client hello cookie_len overflow test	2022-06-20 19:35:54 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 ... HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function ... Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Ronald Cron	30c5a2520e	tls13: Fix certificate key usage checks ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:49:52 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name ... Tls13 add server name	2022-06-16 08:30:09 +02:00
Andrzej Kurek	755ddff25c	Fix print format in a debug message ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:32:02 -04:00
Andrzej Kurek	cbe14ec967	Improve variable extracting operations by using MBEDTLS_GET macros ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:17:28 -04:00
XiaokangQian	75fe8c7e54	Change place of ssl_tls13_check_ephemeral_key_exchange ... Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 09:42:45 +00:00
XiaokangQian	fb665a8452	Adress the comments about styles and pick_cert ... Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 03:57:21 +00:00
Andrzej Kurek	7cf872557a	Rearrange the session resumption code ... Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
Przemek Stekiel	69c4679b22	Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 11:13:32 +02:00
XiaokangQian	07aad0710c	Refine function name ssl_tls13_pick_key_cert ... Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 05:35:09 +00:00
XiaokangQian	81802f43a2	Select certificate base on the received signature list ... Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-13 03:58:06 +00:00
Gilles Peskine	321a08944b	Fix bug whereby 0 was written as 0200 rather than 020100 ... 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:33 +02:00
Gilles Peskine	ae25bb043c	Fix null pointer dereference in mpi_mod_int(0, 2) ... Fix a null pointer dereference when performing some operations on zero represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or mbedtls_mpi_write_string() in base 2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 19:32:46 +02:00
Przemek Stekiel	75fe3fb1d7	psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-09 14:44:55 +02:00
Andrzej Kurek	b58cf0d172	Split a debug message into two - for clarity ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:53:59 -04:00
Andrzej Kurek	078e9bcda6	Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:47:33 -04:00
Dave Rodgman	11930699f1	Merge pull request #5827 from wernerlewis/time_utc ... Use ASN1 UTC tags for dates before 2000	2022-06-08 13:54:19 +01:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests ... Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard	3a833271aa	Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA ... Feature psec-3207 move TLS13 hashing and hmac to psa	2022-06-08 11:53:35 +02:00
XiaokangQian	96287d98d8	Remove the certificate key check against the received signature ... Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 08:37:53 +00:00
pespacek	d9aaf768b5	Fixing CI complains. ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-08 09:44:11 +02:00
XiaokangQian	9850fa8e8d	Refine ssl_tls13_pick_cert() ... Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 07:02:41 +00:00
pespacek	b06acd734b	Fixing PSA return status ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 13:07:21 +02:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 ... Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Ronald Cron	209cae9c42	tls13: server: Fix state update in CLIENT_CERTIFICATE ... The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 10:58:22 +02:00
pespacek	670913f4dc	Fixing return value for ssl_tls13_write_certificate_body() ... Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 10:53:39 +02:00
Andrzej Kurek	cfb01948c8	Add cookie parsing tests to test_suite_ssl ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:29:15 -04:00
Andrzej Kurek	c8183cc492	Add missing sid_len in calculations of cookie sizes ... This could lead to a potential buffer overread with small MBEDTLS_SSL_IN_CONTENT_LEN. Change the bound calculations so that it is apparent what lengths and sizes are used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:28:56 -04:00
Gilles Peskine	364fd8bb71	More SSL debug messages for ClientHello parsing ... In particular, be verbose when checking the ClientHello cookie in a possible DTLS reconnection. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-06 14:25:41 -04:00
Dave Rodgman	5e03d9e601	Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support ... Allow building as a subdir	2022-06-06 14:11:06 +01:00
Przemek Stekiel	b57a44bf9b	is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:43 +02:00
Przemek Stekiel	cde3f783f5	Make info valid only after secret for HKDF-EXPAND + adapt tests ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:02 +02:00
Przemek Stekiel	0586f4c4ea	Make salt mandatory for HKDF-EXTRACT + adapt tests ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:25:43 +02:00
Przemek Stekiel	3e8249cde0	Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:15 +02:00
Przemek Stekiel	a29b488296	Optimize code by adding PSA_ALG_IS_ANY_HKDF macro ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:09 +02:00
XiaokangQian	129aeb9b0e	Update test cases and support sni ca override ... Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-02 09:29:18 +00:00
Przemek Stekiel	459ee35062	Fix typo and style ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-02 11:16:52 +02:00
Werner Lewis	acd01e58a3	Use ASN1 UTC tags for dates before 2000 ... Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-01 16:24:28 +01:00
Gilles Peskine	8399cccd2e	Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access ... Fix uninitialised memory access in constant time functions	2022-06-01 11:42:51 +02:00
Gilles Peskine	09858ae664	Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa ... Deprecate mbedtls_cipher_setup_psa()	2022-05-31 10:56:52 +02:00
Jerry Yu	0a92d6c8eb	fix move state to handshake over fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 15:06:04 +08:00
Kazuyuki Kimura	b88dbdded6	fix issue #2020 ... Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined. Signed-off-by: Kazuyuki Kimura <kim@wing.ocn.ne.jp> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-30 17:55:07 +01:00
Dave Rodgman	a3344f7bac	Merge pull request #5767 from leorosen/avoid-null-args ... Avoid potentially passing NULL arguments	2022-05-30 11:40:21 +01:00
XiaokangQian	0557c94fef	Add back SNI related code to validate_certificate ... Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:10:53 +00:00
XiaokangQian	f2a942073e	Fix SNI test failure ... Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	9b2b7716b0	Change mbedtls_ssl_parse_server_name_ext base on comments ... Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	40a3523eb7	Add support of server name extension to server side ... Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	e7a5da597f	Remove SNI related code ... Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 00:59:29 +00:00
XiaokangQian	aca9048b5f	Change base on review ... Fix comments Add test cases for client authentication with empty certificate Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	989f06d52d	Change some comments base on review ... Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	63e713e8ab	Fix comments ... Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	c3017f620f	Remove useless guards and refine checking ... Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:10 +00:00
XiaokangQian	189ded2b07	Remove coordinate functions and change state machine in server side ... Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:46:13 +00:00
XiaokangQian	6b916b1616	Add client certificate parse and certificate verify ... Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:40:53 +00:00
Dave Rodgman	a636d1f192	Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc ... Enable static linking of the common runtime in MSVC	2022-05-25 14:47:58 +01:00
Dave Rodgman	32c995afa3	Merge pull request #5724 from Biswa96/cmake-mingw ... cmake: Fix runtime library install location in mingw	2022-05-25 13:34:43 +01:00
Paul Elliott	8fba70f66c	Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup ... TLS 1.3: Add Finished Message and wrapup	2022-05-25 12:02:06 +01:00
pespacek	3493587e05	FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() ... replaced withpsa_hash_compute() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:48 +02:00
pespacek	a1378105cf	FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. ... ssl_tls13_parse_certificate_verify() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:47 +02:00
Manuel Pégourié-Gonnard	69e348db85	Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa ... Permissions 1: create `mbedtls_pk_can_do_ext()`	2022-05-23 10:58:32 +02:00
Robert Shade	591e729b54	Allow building as a subdir ... Fixes #5688 Signed-off-by: Robert Shade <robert.shade@gmail.com>	2022-05-21 12:55:12 -04:00
Neil Armstrong	81d391f773	Check when usage == 0 in mbedtls_pk_can_do_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 09:26:16 +02:00
Neil Armstrong	b80785f1a4	Comment typo fix in mbedtls_pk_can_do_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 09:25:55 +02:00
Gilles Peskine	e4d3a6a4e8	Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls ... Remove Cipher dependencies in TLS	2022-05-19 21:02:12 +02:00
Paul Elliott	5260ce27ed	Fix uninitialised memory access in constant time functions ... Fix an issue reported by Coverity whereby some constant time functions called from the ssl decrypt code could potentially access uninitialised memory. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-05-19 18:23:24 +01:00
Dave Rodgman	afe149d76e	Merge pull request #5846 from bootstrap-prime/development ... Fix typos in documentation and constants with typo finding tool	2022-05-19 16:53:32 +01:00
Paul Elliott	4283a6b121	Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small ... Make psa_raw_key_agreement return BUFFER_TOO_SMALL	2022-05-19 16:06:02 +01:00
Neil Armstrong	084338d336	Change mbedtls_pk_can_do_ext() usage test logic for opaque keys ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-19 16:22:40 +02:00
Przemek Stekiel	03d948c47f	Refacor code for HKDF-Extract algorithm ... Solution provided by @mpg. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-19 11:45:20 +02:00
Przemek Stekiel	2fb0dcd403	psa_hkdf_input: use more suitable condition and add comments ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-19 10:34:37 +02:00
Jerry Yu	e3d67cb263	Improve readability ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 15:33:10 +08:00
Jerry Yu	fd5ea0458f	add compute application transform ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 14:29:48 +08:00
Jerry Yu	545432310d	remove zeorize from keys ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 11:23:25 +08:00
Jerry Yu	cc0a13fcf8	remove unnecessary empty line ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 10:14:24 +08:00
bootstrap-prime	6dbbf44d78	Fix typos in documentation and constants with typo finding tool ... Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>	2022-05-18 14:15:33 -04:00
Przemek Stekiel	b398d8693f	Update descryption of HKDF-Extract/Expand algs and fix comment ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-18 15:43:54 +02:00
Neil Armstrong	8395d7a37d	Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3 ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:24:34 +02:00
Neil Armstrong	0fa8ce3498	TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	b818e16b29	Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	e3b0b8ab67	Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	93617245c3	Code style fixes ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	689557ca12	Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	4f4f271850	In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	a8093f5c48	In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	801abb69a5	Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Jerry Yu	bb2d47d956	Remove not used state ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	e8c1fca67c	move trafic set to generic ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	d6e253ded9	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	4d8567fa9e	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	03ed50ba6a	Add handshake wrapup ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	ff2269889d	Add client finished ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	27bdc7c6b6	Implement write server finish ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	69dd8d4091	tls13:finished:add dummy frame work ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Ronald Cron	9edf51d8cd	Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext ... Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3 CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h. @RcColes if you eventually want to request some changes, they can be done in a follow-up PR.	2022-05-17 17:01:55 +02:00
Paul Elliott	a478441517	Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify ... TLS1.3:Add Certificate and CertificateVerify message on Server Side	2022-05-17 15:47:36 +01:00
Paul Elliott	114203814a	Better check for NULL pointer ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-05-17 15:01:20 +01:00
Neil Armstrong	bbb8b75f20	Fixup comment of mbedtls_pk_can_do_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 14:58:27 +02:00
Neil Armstrong	408f6a60a3	Add usage parameter to mbedtls_pk_can_do_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 14:23:20 +02:00
Neil Armstrong	dab56ba2bd	Fix typo in mbedtls_pk_can_do_ext() code documentation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 11:56:55 +02:00
Aurelien Jarno	c79ce88152	Fix a timing leak in ecp_mul_mxz() ... The bit length of m is leaked through through timing in ecp_mul_mxz(). Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR. See: https://github.com/Mbed-TLS/mbedtls/pull/3245#discussion_r490827996 Fix that by using grp->nbits + 1 instead, which anyway is very close to the length of m, which means there is no significant performance impact. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>	2022-05-16 23:15:07 +02:00
Gilles Peskine	3e56130fb9	psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted ... psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH, the only algorithm that is currently implemented. Make it return the correct error code. The reason for the wrong error code is that ecdh.c returns MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL, but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the impact of the fix, handle this in the PSA layer. Fixes #5735. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-05-16 19:37:54 +02:00
Dave Rodgman	2a045325f9	Merge pull request #5766 from leorosen/fix-var-init ... Add missing local variable initialization	2022-05-16 14:47:00 +01:00
Gilles Peskine	9b7e29663f	Merge pull request #4211 from ccawley2011/mingw ... Fix compilation with MinGW32	2022-05-16 12:30:37 +02:00
Leonid Rozenboim	a3008e7e2e	Add missing local variable initialization ... These issues were flagged by Coverity as instances where a local variable may be used prior to being initialized. Please note that none of these changes fixes any particular bug, this is just an attempt to add more robustness. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-05-13 18:08:11 +01:00
Paul Elliott	dd428d3650	Fix incorrect error message ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-05-13 17:43:16 +01:00
Gabor Mezei	696956da24	Typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-13 17:02:19 +02:00
Gabor Mezei	0a4298bbe9	Remove unnecessary duble conversion ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-13 17:02:18 +02:00
Jerry Yu	b89125b81a	Add test without server certificate ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-13 15:50:04 +08:00
Jerry Yu	23d1a256ec	fix hrr handler undefine fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 20:11:16 +08:00
Neil Armstrong	a88b15897d	Add implementation of mbedtls_pk_can_do_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-12 11:53:02 +02:00
Dave Rodgman	8b65420f42	Add comment ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-12 09:45:03 +01:00
Jerry Yu	5a26f3000d	Refactor cert exchange states ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	f1c3c4e77c	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	c6e6dbf2e7	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	4ff9e14356	Add server certificate verfiy ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:14 +08:00
Jerry Yu	1bff711a36	tls13:server:add server certificate writing ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:14 +08:00
Jerry Yu	83da34eb59	tls13:server:add dummy write certificate ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:14 +08:00
Andrzej Kurek	5c65c5781f	Fix additional misspellings found by codespell ... Remaining hits seem to be hex data, certificates, and other miscellaneous exceptions. List generated by running codespell -w -L keypair,Keypair,KeyPair,keyPair,ciph,nd Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-05-11 21:25:54 +01:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. ... Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Gabor Mezei	86acf05b1e	Update signiture algorithm handling ... Rename local variables and to simplify things use static_assert to determine if the default signiture algorithms are not fit into the SSL handshake structure. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	53a3b14823	Update documntation ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	c1051b62aa	Remove MBEDTLS_SSL_SIG_ALG_SET macro ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	3631cf693a	Rename signiture algorithm macros to better suite with TLS 1.2 ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	24c7c2be08	Unify MBEDTLS_TLS_SIG_NONE macro definition for TLS 1.2 and 1.3 ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	a3d016ce41	Rename and rewrite mbedtls_ssl_sig_hash_set_find function ... Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name and rewrite to operate TLS signature algorithm identifiers. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	1226590c88	Explicitly set invalid value for the end of the signiture algorithm set ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	15b95a6c52	Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3 ... Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm. It is intended to use in common code of TLS 1.2 and 1.3. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	1a3be088bf	Reorder defines to use previous definitions ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	078e803d2c	Unify parsing of the signature algorithms extension ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:08 +02:00
Przemek Stekiel	17520fe2c5	PSA: Add support for HKDF-Extend and HKDF-Expand algs ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-11 12:17:03 +02:00
Manuel Pégourié-Gonnard	5479f5321a	Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk ... RSA decrypt 1a: PK	2022-05-11 11:01:01 +02:00
Paul Elliott	d1a954d243	Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request ... TLS1.3: Add HelloRetryRequest Write	2022-05-10 17:25:33 +01:00
Dave Rodgman	4bfb007dcb	Handle platform differences in gmtime_s ... MSVC and C11 specify different arguments and return value meaning for gmtime_s. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-10 13:46:09 +01:00
Dave Rodgman	ad8dc480d4	Remove redundant comment ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-10 13:46:09 +01:00
Cameron Cawley	ea5496ceb3	Fix compilation with MinGW32 ... Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>	2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard	42650260a9	Merge pull request #5783 from mprse/md_dep_v3 ... Fix undeclared dependencies: MD	2022-05-10 10:41:32 +02:00
Jerry Yu	f41553b662	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 22:20:30 +08:00
Manuel Pégourié-Gonnard	9bbb7bacae	Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks ... Unify non-opaque and opaque PSKs	2022-05-09 10:15:16 +02:00
Jerry Yu	ead5cce22c	improve readability ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:58:50 +08:00
Jerry Yu	4ca9140d43	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:55:39 +08:00
Jerry Yu	66d9e6f405	refactor next state of client hello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:11 +08:00
Jerry Yu	4833056833	fix ci test fails ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:11 +08:00
Jerry Yu	7f157eb31f	Change alert message ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:11 +08:00
Jerry Yu	b8ac19a296	send alert when second hrr needed ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:09 +08:00
Jerry Yu	6a2cd9ebf5	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:08 +08:00
Jerry Yu	b0ac10b4a8	Refactor hrr key_share ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:06 +08:00
Jerry Yu	49ca92892d	refactor HRR routine ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:05 +08:00
Jerry Yu	086edc2807	refactor parse key_share ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:04 +08:00
Jerry Yu	fbe3e64b76	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:03 +08:00
Jerry Yu	c1be19f226	misc:minor improvement ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:01 +08:00
Jerry Yu	23f7a6fc5c	share write_body between HRR and ServerHello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:01 +08:00
Jerry Yu	582dd069b7	Add HRR handler ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:01 +08:00
Jerry Yu	fe24d1c9f5	add named group debug helper ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:00 +08:00
Jerry Yu	93a13f2c38	Share magic word of HRR ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:48:59 +08:00
Jerry Yu	67a2c37039	tls13:hrr:add empty frame work ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:48:59 +08:00
XiaokangQian	aad9b0a286	Update code base on comments ... Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-09 01:11:21 +00:00
XiaokangQian	a987e1d2f8	Change state machine after encrypted extension and update cases ... Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	ec6efb98bc	Change variable name to output_len ... Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	cec9ae6259	Change the code places of CERTIFICATE_REQUEST ... Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	45c22201b3	Update test cases and encrypted extension state set ... Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	2f150e184f	Update status and add test cases for client certificate request ... Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	1f1f1e3372	Temp change to align with client/server hello style ... Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	9dc4450647	Fix commets issue about coding styles ... Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	eaf3651e31	Rebase and solve conflicts ... Change handshake_msg related functions Share the ssl_write_sig_alg_ext Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
Xiaofei Bai	5ee73d84a9	Address review comments ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-05-07 01:37:04 +00:00
Xiaofei Bai	9ca09d497f	Add writing CertificateRequest msg on server side ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-05-07 01:37:04 +00:00
Pol Henarejos	b101cb6111	Since the group is unloaded for all curves, it is better to initialize the group also for all curves. ... Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-06 18:43:58 +02:00
Ronald Cron	25b1f5d2b7	Merge pull request #5545 from xffbai/tls13-write-enc-ext ... TLS1.3: add writing encrypted extensions on server side.	2022-05-06 13:54:45 +02:00
Przemek Stekiel	c1e41bb2b5	rsa.c: remove redundant include of md.h ... rsa.c includes rsa.h that includes md.h Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 11:42:18 +02:00
Przemek Stekiel	ef1fb4a3d3	Deprecate mbedtls_cipher_setup_psa() ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 10:55:10 +02:00
Jerry Yu	ef2b98a246	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 16:40:05 +08:00
Jerry Yu	f86eb75c58	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 11:16:55 +08:00
Pol Henarejos	aa68d36234	Fix order value for curve x448. ... Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-05 19:22:29 +02:00
Neil Armstrong	8ecd66884f	Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-05 14:01:49 +02:00
Jerry Yu	e110d258d9	Add set outbound transform ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-05 19:59:59 +08:00
Werner Lewis	e59a531455	Fix memcpy() UB in mbedtls_asn1_named_data() ... Removes a case in mbedtls_asn1_named_data() where memcpy() could be called with a null pointer and zero length. A test case is added for this code path, to catch the undefined behavior when running tests with UBSan. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-05-04 11:45:06 +01:00
Neil Armstrong	80f6f32495	Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	044a32c4c6	Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	cd05f0b9e5	Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	e952a30d47	Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	61f237afb7	Remove PSA-only code dealing with non-opaque PSA key ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	501c93220d	Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	b743d95051	Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() ... When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct but the following derivations output data is incorrect. This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key() since commit 03faf5d2c1. Fixes: 03faf5d2c1 ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage") Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:06:22 +02:00
Neil Armstrong	30beca35f1	Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR ... Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:02:37 +02:00
Jerry Yu	9da5e5a2f2	fix coding style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 15:46:09 +08:00
Jerry Yu	de66d12afc	remove out couter reset ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:15:19 +08:00
Jerry Yu	39730a70cd	remove variable initial ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:14:04 +08:00
Jerry Yu	8937eb491a	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:12:14 +08:00
Neil Armstrong	6c26adc900	Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-02 14:43:04 +02:00
Neil Armstrong	1082818003	Implement PK Opaque RSA decrypt ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard	068a13d909	Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque ... RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`	2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard	67397fa4fd	Merge pull request #5704 from mprse/mixed_psk_2cx ... Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK	2022-04-29 10:47:16 +02:00
Przemek Stekiel	169bf0b8b0	Fix comments (#endif flags) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-29 07:53:29 +02:00
Neil Armstrong	a1fc18fa55	Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-28 13:27:59 +02:00
Gilles Peskine	8855e36030	Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup ... Cipher cleanup: abstract TLS mode	2022-04-28 12:33:38 +02:00
Przemek Stekiel	8a4b7fd7c3	Optimize code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-28 10:21:03 +02:00
Jerry Yu	ab452cc257	fix name issue ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-28 15:27:08 +08:00
Przemek Stekiel	8abcee9290	Fix typos ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-28 09:16:28 +02:00
Neil Armstrong	2230e6c06d	Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-27 10:36:14 +02:00
Neil Armstrong	3bf040ed70	Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-27 10:35:28 +02:00
Gilles Peskine	301711e96e	Simplify mbedtls_ssl_get_base_mode ... Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and non-USE_PSA_CRYPTO definitions independent. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-27 10:28:55 +02:00
Gilles Peskine	e108d987ea	Simplify mbedtls_ssl_get_mode ... Reduce the imbrications between preprocessor directives and C instructions. Handle encrypt-then-mac separately. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-27 10:28:55 +02:00
Jerry Yu	4d3841a4d1	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-25 19:41:47 +08:00
Xiaofei Bai	cba64af50d	TLS1.3: add writing encrypted extensions ... Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-04-25 19:41:47 +08:00
Ronald Cron	eecd0d2fc3	Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello	2022-04-25 09:28:40 +02:00
Jerry Yu	e65d801580	fix undeclare error ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-23 10:34:35 +08:00
Biswapriyo Nath	d7e0ee42b8	cmake: Fix runtime library install location in mingw ... This install DLLs in bin directory instead of lib. Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>	2022-04-22 20:59:50 +05:30
Biswapriyo Nath	0f2e87bdf5	cmake: Use GnuInstallDirs to customize install directories ... Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set. Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>	2022-04-22 20:59:28 +05:30
Gilles Peskine	2f8c2a5fc5	Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512 ... Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration	2022-04-22 16:45:23 +02:00
Gilles Peskine	72b99edf31	Merge pull request #5381 from mpg/benchmark-ecc-heap ... Improve benchmarking of ECC heap usage	2022-04-22 16:43:11 +02:00
Jerry Yu	955ddd75a3	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 22:27:33 +08:00
Przemek Stekiel	99114f3084	Fix build flags for opaque/raw psk checks ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:34 +02:00
Przemek Stekiel	cb322eac6b	Enable support for psa opaque DHE-PSK key exchange on the server side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	b293aaa61b	Enable support for psa opaque DHE-PSK key exchange on the client side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	14d11b0877	Enable support for psa opaque ECDHE-PSK key exchange on the server side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:53:55 +02:00
Przemek Stekiel	19b80f8151	Enable support for psa opaque ECDHE-PSK key exchange on the client side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	51a1f36be0	setup_psa_key_derivation(): change salt parameter to other_secret ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	aeb710fec5	Enable support for psa opaque RSA-PSK key exchange on the server side ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	f2534ba69b	tls12_client: skip PMS generation for opaque RSA-PSK ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	c2033409e3	Add support for psa rsa-psk key exchange ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	ae4ed30435	Fix naming: random bytes are the seed (not salt) in derivation process ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	1f02703e53	setup_psa_key_derivation(): add optional salt parameter ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard	55132c6a9a	Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context ... TLS ECDH 4: remove legacy context	2022-04-22 14:27:06 +02:00
Neil Armstrong	76b7407bd7	Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	f2c82f0a3b	Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	ccc074e44d	Use correct condition to use encrypt_then_mac in ssl_tls.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	d1be7674a4	Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	6b27c97a91	Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	ab555e0a6c	Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	858581e81a	Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	a0eeb7f470	Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	7fea33ea4d	Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	fe635e42c9	Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	4bf4c8675f	Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	136f8409df	Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:26 +02:00
Neil Armstrong	8a0f3e8cf0	Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:26 +02:00
Jerry Yu	a09f5e98ef	fix build fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:46:03 +08:00
Jerry Yu	cfc04b3541	Update comments in write server hello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	e74e04af1a	Rename write supported_versions ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	d9436a1baa	remove guards for write_key_share ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	57d4841eda	fix write key_share issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	637a3f1090	fix various issues ... typo issue, variable `ret` init value and remove finalize_server_hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	1c3e688df1	fix comments issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	349a61388b	fix write selected_version fail ... And rename write_supported_versions to write selected_version Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	fb9f54db8c	fix comments issue ... Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	89e103c54c	tls13: Share write ecdh_key_exchange function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	3bf2c6449d	tls13: write server hello compile pass ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	56404d70c4	tls13:server:Add finalize write_server_hello and dummy body ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	f4b27e4351	tls13:server:Add prepare write_server_hello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	5b64ae9bad	tls13:server:Add base framework for serverhello ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Ronald Cron	38b8aa4f63	Merge pull request #5539 from xkqian/add_client_hello_to_server ... Add client hello into server side	2022-04-22 10:26:00 +02:00
XiaokangQian	e8ff350698	Update code to align with tls13 coding standard ... Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-22 02:34:40 +00:00
Leonid Rozenboim	287527042b	Avoid potentially passing NULL arguments ... Several call sites flagged by Coverity that may potentially cause a pointer argument to be NULL. In two cases the issue is using a function call as a parameter to a second function, where the first function may return NULL, while the second function does not check for the NULL argument value. Remaining case is when static configuration is mixed with run-time decision, that could result in a data buffer argument being NULL. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-04-21 18:00:52 -07:00
Manuel Pégourié-Gonnard	70701e39b5	Merge pull request #5726 from mprse/mixed_psk_1_v2 ... Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)	2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard	90c70146b5	Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign ... RSA-PSS sign 1: PK	2022-04-21 17:11:18 +02:00
XiaokangQian	4d3a60475c	Change default config version to development style ... Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 13:46:17 +00:00
XiaokangQian	4e8cd7b903	Remove useless selected_group ... Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 13:30:18 +00:00
Neil Armstrong	13e76be02b	Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-21 12:08:52 +02:00
Przemek Stekiel	4e47a91d2e	Fix indentation issues ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	03faf5d2c1	psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	937b90febf	Add null check for pms allocation ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	e47201b34a	rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	2503f7e4cb	Handle empty other secret when passed with input bytes ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
XiaokangQian	060d867598	Update parse_key_share in server side and version config ... Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 09:24:56 +00:00
XiaokangQian	0a1b54ed73	Minor change the place of some functions ... Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 03:01:38 +00:00
XiaokangQian	75d40ef8cb	Refine code base on review ... Remove useless hrr code Share validate_cipher_suit between client and server Fix test failure when tls13 only in server side Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 11:05:24 +00:00
XiaokangQian	318dc763a6	Fix test failure issue and update code styles ... Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 09:43:51 +00:00
XiaokangQian	de33391fa0	Rebase and solve conflicts ... Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 08:49:42 +00:00
XiaokangQian	0803755347	Update code base on review comments ... Refine named_group parsing Refine cipher_suites parsing Remove hrr related part Share code between client and server side Some code style changes Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:50:14 +00:00
XiaokangQian	17f974c63e	Re-order the ciphersuite matching code in parse_client_hello ... Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	84823779ce	Only store the first group in ssl_tls13_parse_supported_groups_ext() ... Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	3f84d5d0cd	Update test cases and fix the test failure ... Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	b67384d05c	Fix coding style and comments styles ... Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	f8ceb94fe7	Fix the parse_sig_alg_ext fail issue ... Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	8f9dfe41c0	Fix comments about coding styles and test cases ... Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	cfd925f3e8	Fix comments and remove hrr related code ... Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	ed582dd023	Update based on comments ... Remove cookie support from server side Change code to align with coding styles Re-order functions of client_hello Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	4080a7f687	Change code style and some share functions ... Change variables and functions name style Refine supported_version Refine client hello parse Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	9b5d04b078	Share parse_key_share() between client and server ... Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c4b8c99a38	Rebase and solve conflicts and issues ... Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	8840888fbc	Fix some CI issues ... Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c5763b5efd	Change some code style ... Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	3207a32b1e	Fix unused parameter issue and not defined cookie issue ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7ac3ab3404	Add hello retry request count for server ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	a9c58419f2	Fix compile and test issues ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7807f9f5c9	Add client hello into server side ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	fd8cbda3ec	Remove ECDH code specific to TLS 1.3 ... ECDH operations in TLS 1.3 are now done through PSA. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	fd6193c285	ssl_tls13_client: Add downgrade attack protection ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	217d699d85	Fix Doxygen marks ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:28:51 +02:00
Paul Elliott	a2da9c7e45	Merge pull request #5631 from gstrauss/enum-tls-vers ... Unify internal/external TLS protocol version enums	2022-04-19 17:05:26 +01:00
Tom Cosgrove	c144ca6473	Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration ... Fixes #5752 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-19 13:52:24 +01:00
Hanno Becker	606cb1626f	Add comment explaining structure of UMAAL assembly ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:59:33 +01:00
Hanno Becker	d46d96cc3f	Add 2-fold unrolled assembly for umaal based multiplication ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:19:55 +01:00
Hanno Becker	63eb28c728	Use separate counters for 8-fold and single multiplication steps ... Compilers are likely to generate shorter assembly for loops of the form `while( cnt-- ) { ... }` rather than `for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs a subtract+compare+branch after each loop, while the former only needs decrement+branch). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Hanno Becker	eacf3b9eb4	Simplify organization of inline assembly for bignum ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Gilles Peskine	09dc05b880	Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail ... PSA: systematically test operation failure	2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard	63ed7cbf36	Merge pull request #5701 from hanno-arm/mpi_mul_hlp ... Make size of output in mpi_mul_hlp() explicit	2022-04-15 10:09:06 +02:00
Glenn Strauss	8315811ea7	Remove restrictive proto ver negotiation checks ... Overly restrictive protocol version negotiation checks might be "version intolerant". TLS 1.3 and DTLS 1.3 move the version to the "supported_versions" ClientHello extension. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	bbdc83b55b	Use mbedtls_ssl_protocol_version in public structs ... Use mbedtls_ssl_protocol_version in public structs, even when doing so results in a binary-incompatible change to the public structure (PR feedback from @ronald-cron-arm) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	041a37635b	Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks ... mbedtls no longer supports earlier TLS protocol versions Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read|write)_version using tls_version ... remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version ... Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Glenn Strauss	2dfcea2b9d	mbedtls_ssl_config min_tls_version, max_tls_version ... Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible on little-endian platforms, but is compatible on big-endian platforms. For systems supporting only TLSv1.2, the underlying values are the same (=> 3). New setter functions are more type-safe, taking argument as enum mbedtls_ssl_protocol_version: mbedtls_ssl_conf_max_tls_version() mbedtls_ssl_conf_min_tls_version() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:39:43 -04:00
Glenn Strauss	da7851c825	Rename mbedtls_ssl_session minor_ver to tls_version ... Store the TLS version instead of minor version number in tls_version. Note: struct member size changed from unsigned char to uint16_t Due to standard structure padding, the structure size does not change unless alignment is 1-byte (instead of 2-byte or more) Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is compatible on little-endian platforms, but not compatible on big-endian platforms. The enum values for the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4, respectively. Note: care has been taken to preserve serialized session format, which uses only the lower byte of the TLS version. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:57 -04:00
Glenn Strauss	07c641605e	Rename mbedtls_ssl_transform minor_ver to tls_version ... Store the TLS version in tls_version instead of minor version number. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:54 -04:00
Glenn Strauss	dff84620a0	Unify internal/external TLS protocol version enums ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 13:45:20 -04:00
Hanno Becker	3577131bb4	Reintroduce trimming of input in mbedtls_mpi_mul_int() ... Removing the trimming has significant memory impact. While it is clearly what we want to do eventually for constant-time'ness, it should be fixed alongside a strategy to contain the ramifications on memory usage. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-14 11:52:11 +01:00
Neil Armstrong	769dc05597	Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-14 09:56:24 +02:00
Neil Armstrong	282750215c	Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:05:11 +02:00
Neil Armstrong	11d4945248	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:03:43 +02:00
Neil Armstrong	1f198d8dee	Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:02:30 +02:00
Neil Armstrong	913b364a52	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 14:59:48 +02:00
Manuel Pégourié-Gonnard	6c242a01f7	Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics ... PK Opaque RSA sign	2022-04-13 09:55:42 +02:00
Hanno Becker	0dbf04a9a6	Remove unnecessary memory operations in p25519 quasireduction ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:53 +01:00
Hanno Becker	1772e05fca	Reduce the scope of local variable in mbedtls_mpi_mul_mpi() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:53 +01:00
Hanno Becker	da763de7d0	Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()" ... This reverts commit 808e666eee. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:42 +01:00
Hanno Becker	127fcabb21	Fail gracefully upon unexpectedly large input to p25519 reduction ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 22:18:36 +01:00
Neil Armstrong	62d452baac	Implement PK Opaque RSA PSS signature ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 15:11:49 +02:00
Neil Armstrong	f3f46416e3	Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:43:39 +02:00
Neil Armstrong	3ea01498d8	Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:41:50 +02:00
Neil Armstrong	a33a255dcf	Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:40:47 +02:00
Neil Armstrong	d8419ff390	Refactor to make PSA and non-PSA ECDH(E) client code exclusive ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:39:16 +02:00
Neil Armstrong	d91526c17f	Refactor to make PSA and non-PSA ECDH(E) server code exclusive ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard	927410ded3	Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk ... TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)	2022-04-12 13:28:02 +02:00
Hanno Becker	bb04cb992f	Fix check in p25519 quasi-reduction ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:18:11 +01:00
Hanno Becker	d830feb256	Simplify check in p25519 quasi-reduction ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:10:19 +01:00
Hanno Becker	2ef0cff6c3	Fix size check in p25519 modular reduction ... The check was meant to precisely catch an underflow. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:02:05 +01:00
Hanno Becker	0235f7512f	Reduce scope of local variables in mpi_montmul() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:02:03 +01:00
Hanno Becker	9137b9c587	Note alternative implementation strategy in mbedtls_mpi_mul_int() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:01:58 +01:00
Hanno Becker	808e666eee	Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:01:57 +01:00
Przemek Stekiel	d7a28646bc	psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:27:00 +02:00
Przemek Stekiel	a7695a2d76	psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:27:00 +02:00
Przemek Stekiel	c8fa5a1bdd	psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:26:47 +02:00
Gilles Peskine	43b0943736	Merge pull request #1946 from hanno-arm/alert_reentrant ... Make mbedtls_ssl_send_alert_message() reentrant	2022-04-12 11:05:20 +02:00
Neil Armstrong	7624a5ae5e	Allow RSA PK Opaque keys for RSA-PSS signing ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 10:09:26 +02:00
Hanno Becker	53b3c607a0	Move const keyword prior to type name ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:46:30 +01:00
Hanno Becker	dfcb2d084b	Fix Doxygen for mbedtls_mpi_core_mla() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:44:15 +01:00
Hanno Becker	99ba4cc6d5	Remove Doxygen from mbedtls_mpi_core_mla() implementation ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:44:03 +01:00
Hanno Becker	efdc519864	Reintroduce though-to-be unused variable in correct place ... The variable is a local variable for the i386 bignum assembly only; introduce it as part of the start/finish macros. It can be noted that the variable is initialize to 0 within MULADDC_INIT, so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 10:44:02 +01:00
Hanno Becker	5d4ceeb25c	Remove const qualifier for mutable local variable in mpi_mul_hlp() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:46:47 +01:00
Hanno Becker	284d778d28	Address review comments ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:19:24 +01:00
Hanno Becker	e9dd9a1f31	Use size_t for number of limbs ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard	eaf3086831	Merge pull request #1133 from RonEld/1805 ... Fix Shared Library compilation issue with Cmake	2022-04-11 09:31:59 +02:00
Hanno Becker	6454993e2e	Safeguard against calling p255 reduction with single-width MPI ... (In this case, there's nothing to do anyway since we only do a quasi-reduction to N+1 limbs) Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:35:58 +01:00
Hanno Becker	25bb732ea7	Simplify x25519 reduction using internal bignum MLA helper ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:48 +01:00
Hanno Becker	aef9cc4f96	Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally ... This paves the way for the helper to be used from the ECP module Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:43 +01:00
Gilles Peskine	e1730e492d	Merge pull request #5708 from AndrzejKurek/timeless-struggles ... Remove the dependency on MBEDTLS_TIME_H from the timing module	2022-04-08 18:43:16 +02:00
Krzysztof Stachowiak	de6effa645	Change the MSVC static runtime CMake option name and moved it into the library directory ... Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 15:17:32 +01:00
Neil Armstrong	95a892311d	Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:51 +02:00
Neil Armstrong	7df6677c34	Remove now invalid comment in pk_opaque_ecdsa_can_do() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:06 +02:00
Neil Armstrong	56e71d4d1a	Update documentation of mbedtls_pk_setup_opaque() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:12:42 +02:00
Neil Armstrong	eccf88fa48	Only accept RSA key pair in mbedtls_pk_setup_opaque() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:11:50 +02:00
Hanno Becker	5e18f74abb	Make alert sending function re-entrant ... Fixes #1916 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:43 +01:00
Andrzej Kurek	5735369f4a	Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C ... The timing module might include time.h on its own when on a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:41:42 -04:00
Glenn Strauss	236e17ec26	Introduce mbedtls_ssl_hs_cb_t typedef ... Inline func for mbedtls_ssl_conf_cert_cb() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-07 14:18:30 -04:00
Przemek Stekiel	e3ee221893	Free other secret in tls12_prf context ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:56 +02:00
Przemek Stekiel	23650286ac	Add psa_tls12_prf_set_other_key() function to store other secret input ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:46 +02:00
Neil Armstrong	c1152e4a0f	Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	7e1b4a45fa	Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	295aeb17e6	Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b980c9b48c	Add support for RSA in pk_opaque_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	ca5b55f0d1	Add support for RSA in mbedtls_pk_wrap_as_opaque() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	eabbf9d907	Add support for RSA PK Opaque key ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Andrzej Kurek	714b6603e4	Remove dummy timing implementation ... Having such implementation might cause issues for those that expect to have a working implementation. Having a compile-time error is better in such case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh ... TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Hanno Becker	e141702551	Adjust mpi_montmul() to new signature of mpi_mul_hlp() ... A previous commit has changed the signature of mpi_mul_hlp, making the length of the output explicit. This commit adjusts mpi_montmul() accordingly. It also fixes a comment on the required size of the temporary value passed to mpi_montmul() (but does not change the call-sites). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	74a11a31cb	Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() ... A previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts mbedtls_mpi_mul_int() to this change. Along the way, we make the code simpler and more secure by not calculating the minimal limb-size of A. A previous comment indicated that this was functionally necessary because of the implementation of mpi_mul_hlp() -- if it ever was, it isn't anymore. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	fee261a505	Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp() ... The previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to this new signature. A notable change to the multiplication strategy had to be made: mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook multiplication, which however was so far computed iterating rows from top to bottom. This leads to the undesirable consequence that as lower rows are calculated and added to the temporary result, carry chains can grow. It is simpler and faster to iterate from bottom to top instead, as it is guaranteed that there will be no carry when adding the next row to the previous temporary result: The length of the output in each iteration can be fixed to len(B)+1. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	defe56928e	Make length of output explicit in mpi_mul_hlp() ... The helper `mpi_mul_hlp()` performs a multiply-accumulate operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar. Previously, only the length of `s` was specified, while `d` was assumed to be 0-terminated of unspecified length. This was leveraged at the end of the core multiplication steps computingg the first `limb(s)` limbs of `d + s*b`: Namely, the routine would keep on adding the current carry to `d` until none was left. This can, in theory, run for an arbitrarily long time if `d` has a tail of `0xFF`s, and hence the assumption of `0`-termination. This solution is both fragile and insecure -- the latter because the carry-loop depends on the result of the multiplication. This commit changes the signature of `mpi_mul_hlp()` to receive the length of the output buffer, which must be greater or equal to the length of the input buffer. It is _not_ assumed that the output buffer is strictly larger than the input buffer -- instead, the routine will simply return any carry that's left. This will be useful in some applications of this function. It is the responsibility of the caller to either size the output appropriately so that no carry will be left, or to handle the carry. NOTE: The commit leaves the library in a state where it cannot be compiled since the call-sites of mpi_mul_hlp() have not yet been adjusted. This will be done in the subsequent commits. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:29 +01:00
Hanno Becker	e7f14a3090	Remove unused variable in mpi_mul_hlp() ... Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:11:26 +01:00
Gilles Peskine	a9b6c8074a	Fix psa_mac_verify() returning BUFFER_TOO_SMALL ... It doesn't make sense for psa_mac_verify() to return PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this was happening when requesting the verification of an unsupported algorithm whose output size is larger than the maximum supported MAC size, e.g. HMAC-SHA-512 when building with only SHA-256 support. Arrange to return PSA_ERROR_NOT_SUPPORTED instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:03:39 +02:00
Gilles Peskine	695c4cb7ea	If a cipher algorithm is not supported, fail during setup ... In some cases, a cipher operation for an unsupported algorithm could succeed in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually fed. This is not a major bug, but it has several minor downsides: fail-late is harder to diagnose for users than fail-early; some code size can be gained; tests that expect failure for not-supported parameters would have to be accommodated to also accept success. This commit at least partially addresses the issue. The only completeness goal in this commit is to pass our full CI, which discovered that disabling only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping the relevant key type) allowed cipher setup to succeed, which caused failures in test_suite_psa_crypto_op_fail.generated in component_test_psa_crypto_config_accel_xxx. Changes in this commit: * mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher algorithms. (No change related to key types.) * Some code that is only relevant for ECB is no longer built if PSA_WANT_ALG_ECB_NO_PADDING is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:03:39 +02:00
Gilles Peskine	0c3a071300	Make psa_key_derivation_setup return early if the key agreement is not supported ... Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:00:01 +02:00
Gilles Peskine	0cc417d34b	Make psa_key_derivation_setup return early if the hash is not supported ... Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 14:58:39 +02:00
Gilles Peskine	9efde4f2ec	Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf ... No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 14:57:20 +02:00
Przemek Stekiel	8583627ece	psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-05 10:50:53 +02:00
Neil Armstrong	1039ba5c98	Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:33:01 +02:00
Neil Armstrong	ede381c808	Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:33:01 +02:00
Neil Armstrong	3cae167e6a	Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	e18ff952a7	Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	b7ca76b652	Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fdf20cb513	Fix command indentation in ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	2d63da9269	Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	d6e2759afb	Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fb0a81ece9	Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	5a1455d8d5	Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	3bcef08335	Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	549a3e4737	Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fc834f2e2c	Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	0bdb68a242	Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	d8420cad31	Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	c530aa6b4e	Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	b9f319aec1	Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:51 +02:00
Neil Armstrong	2540045542	Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	bc5e8f9dd0	Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	039db29c7d	Implement PSA server-side ECDHE-PSK ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	868af821c9	Implement PSA client-side ECDHE-PSK ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:06 +02:00
Przemek Stekiel	a9f9335ee9	ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check ... This check can be removed as if the buffer is too small for the key, then export will fail. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-04 17:32:30 +02:00
Neil Armstrong	e88d190f2e	Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:27:57 +02:00
Neil Armstrong	f716a700a1	Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard	de68e39ddf	Merge pull request #5568 from superna9999/5159-pk-rsa-verification ... PK: RSA verification	2022-04-04 11:23:33 +02:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 ... TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard	33a9d61885	Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors ... Accessors to own CID within mbedtls_ssl_context	2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard	6a25159c69	Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations ... HKDF 2: use internal implementations in TLS 1.3	2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard	451114fe42	Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo ... Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined	2022-04-01 10:04:56 +02:00
Paul Elliott	0113cf1022	Add accessor for own cid to ssl context ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-31 19:21:41 +01:00
Ronald Cron	11218dda96	ssl_client.c: Fix unused parameter ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Ronald Cron	bdb4f58cea	Add and update documentation of some minor version fields ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:24:59 +02:00
Ronald Cron	82c785fac3	Make handshake::min_minor_ver client only ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 15:44:41 +02:00
Neil Armstrong	91477a7964	Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	1335222f13	Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	f788253ed3	Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	80325d00cf	Allow ECDSA PK Opaque keys for ECDH Derivation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	104a7c1d29	Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	8113d25d1e	Add ecdh_psa_shared_key flag to protect PSA privkey if imported ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	5cd5f76d67	Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	4f33fbc7e9	Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	306d6074b3	Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	062de7dd79	Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	1f4b39621b	Implement PSA server-side ECDH-RSA/ECDSA ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Ronald Cron	6476726ce4	Fix comments ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 14:13:57 +02:00
Ronald Cron	a980adf4ce	Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 ... TLS 1.2/1.3 version negotiation - 1	2022-03-31 11:47:16 +02:00
Ronald Cron	ba120bb228	ssl_tls13_client.c: Fix ciphersuite final validation ... As we may offer ciphersuites not compatible with TLS 1.3 in the ClientHello check that the selected one is compatible with TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	8fdad9e534	ssl_tls12_client.c: Remove duplicate of ciphersuite validation ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	757a2abfe2	ssl_client.c: Extend and export ciphersuite validation function ... Extend and export ciphersuite validation function to be able to use it in TLS 1.2/3 specific code. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	f735cf1f0f	ssl_tls.c: Fix ciphersuite selection regarding protocol version ... Use the actual minimum and maximum of the minor version to be negotiated to filter ciphersuites to propose rather than the ones from the configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	9847338429	ssl_tls13_client.c: Add check in supported_versions parsing ... Add check in ServerHello supported_versions parsing that the length of the extension data is exactly two. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:33:41 +02:00
Ronald Cron	1fa4f6863b	ssl_tls.c: Return in error if default config fails ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	a77fc2756e	ssl_tls13_client.c: versions ext writing : Fix available space check ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	37bdaab64f	tls: Simplify the logic of the config version check and test it ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:26:58 +02:00
Ronald Cron	3cffc5ccb1	tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 21:59:44 +02:00
Ronald Cron	150d579d7a	ssl_client.c: Improve coding style ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 21:58:50 +02:00
Neil Armstrong	e451295179	Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:41:12 +02:00
Neil Armstrong	253e9e7e6d	Use mbedtls_rsa_info directly in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	ea54dbe7c2	Fix comment typo in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	19e6bc4c9f	Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	8a44bb47ac	Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	82cf804e34	Fix 80 characters indentation in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	6baea78072	Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	a33280af6c	Check psa_destroy_key() return in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	059a80c212	Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	52f41f8228	PK: RSA verification PSA wrap implementation ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Ronald Cron	da41b38c42	Improve and fix comments ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard	3304f253d7	Merge pull request #5653 from paul-elliott-arm/handshake_over ... Add mbedtls_ssl_is_handshake_over()	2022-03-30 12:16:40 +02:00
Gabor Mezei	e42d8bf83b	Add macro guard for header file ... Some of the macros are used by the test data files and must be moved before the macros guard. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard	abed05f335	Merge pull request #5652 from arturallmann/issue-commit ... Fix comment typo in threading.c	2022-03-30 10:01:24 +02:00
Ronald Cron	8ecd9937a9	ssl_client.c: Fix state change for DTLS 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f660655b84	TLS: Allow hybrid TLS 1.2/1.3 in default configurations ... This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e71639d39b	Simplify TLS major version default value setting ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	dbe87f08ec	Propose TLS 1.3 and TLS 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	9f0fba374c	Add logic to switch to TLS 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	5f4e91253f	ssl_client.c: Add DTLS ClientHello message sending specifics ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	4079abc7d1	ssl_client.c: Adapt extensions writing to the TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards ... In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	df823bf39b	ssl_client.c: Re-order partially extension writing ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:57:54 +02:00
Ronald Cron	42c1cbf1de	ssl_client.c: Adapt compression methods comment to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:56:58 +02:00
Paul Elliott	571f1187b6	Merge pull request #5642 from mprse/ecp_export ... Add ECP keypair export function	2022-03-29 17:19:04 +01:00
Artur Allmann	3f396152b7	Fix typo "phtreads" to "pthreads" ... Closes issue #5349 Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>	2022-03-29 17:43:56 +02:00
Ronald Cron	d491c2d779	ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	a874aa818a	ssl_client.c: Add DTLS 1.2 cookie support ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	021b1785ef	ssl_client.c: Adapt session id generation to the TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	58b803818d	ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:50 +02:00
Gabor Mezei	cb5ef6a532	Remove duplicated includes ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:10:01 +02:00
Gabor Mezei	55c49a3335	Use proper macro guard ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:09:15 +02:00
Gabor Mezei	29e7ca89d5	Fix typo ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:49 +02:00
Gabor Mezei	c09437526c	Remove commented out code ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:15 +02:00
Ronald Cron	1614eb668c	ssl_client.c: Adapt TLS version writing to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	86a477f5ee	ssl_client.c: Adapt initial version selection to TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	5456a7f89c	ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	71c2332860	ssl_client.c: Rename TLS 1.3 ClientHello writing functions ... Rename TLS 1.3 ClientHello writing functions aiming to support TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Dave Rodgman	1c41501949	Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal ... SECLIB-667: Accelerate SHA-512 with A64 crypto extensions	2022-03-29 15:34:12 +01:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards ... Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	12dcdf0d6e	ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4e263fd49c	ssl_tls12_client.c: Simplify TLS version in encrypted PMS ... This can only be TLS 1.2 now in this structure and when adding support for TLS 1.2 or 1.3 version negotiation the highest configured version can be TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90f012037d	ssl_tls12_server.c: Simplify TLS version check in ClientHello ... The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8457c12127	ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	b894ac7f99	ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90915f2a21	ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version ... ssl_tls12_client.c contains only TLS 1.2 specific code thus remove some checks on the minor version version being MBEDTLS_SSL_MINOR_VERSION_3. No aim for completeness, ssl_parse_server_hello() is not reworked here for example. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	a25cf58681	ssl_tls.c: Remove one unnecessary minor version check ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	c2f13a0568	ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() ... Modify mbedtls_ssl_set_calc_verify_md() taking into account that it is an TLS 1.2 only function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4dcbca952e	ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section ... In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the "if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive as it is specific to TLS 1.2. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	81591aa0f3	ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param ... ssl_set_handshake_prfs() is TLS 1.2 specific and only called from TLS 1.2 only code thus no need to pass the TLS minor version of the currebt session. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	f12b81d387	ssl_tls.c: Fix PSA ECDH private key destruction ... In TLS 1.3, a PSA ECDH private key may be created even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We must destroy this key if still referenced by an handshake context when we free such context. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8540cf66ac	ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 ... In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose PKCS1 v1.5 signatures with SHA_384/512 not only SHA_256. There is no point in not proposing them if they are available. In TLS 1.3 those could be useful for certificate signature verification. In hybrid TLS 1.2/1.3 this allows to propose for TLS 1.2 the same set of signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	60ff79424e	ssl_tls13_client.c: alpn: Miscellanous minor improvements ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	13d8ea1dd9	ssl_tls13_client.c: alpn: Loop only once over protocol names ... This has although the benefit of getting rid of a potential integer overflow (though very unlikely and probably harmless). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	a0855a6d13	ssl_tls13_client.c: alpn: Add missing return value assignment ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	de1adee51a	Rename ssl_cli/srv.c ... Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 ... Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard	39f2f73e69	Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing ... Restore full TLS compatibility testing	2022-03-28 18:31:17 +02:00
Ronald Cron	e44d8e7eea	Merge pull request #5369 from xkqian/add_2nd_client_hello ... Add 2nd client hello	2022-03-28 12:18:41 +02:00
Przemek Stekiel	ab5274bb19	Remove parameters validation using ECP_VALIDATE_RET ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-28 07:23:08 +02:00
Gabor Mezei	ed6d6589b3	Use hash algoritm for parameter instead of HMAC ... To be compatible with the other functions `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` use hash algorithm for parameter. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:28:06 +01:00
Gabor Mezei	07732f7015	Translate from mbedtls_md_type_t to psa_algorithm_t ... Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:04:19 +01:00
Gabor Mezei	5d9a1fe9e9	PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 ... With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support is always enabled. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 15:47:15 +01:00
Ronald Cron	fb39f15fa1	ssl_tls.c: Use ETM status only in CBC mode case ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Ronald Cron	862902dd57	ssl_srv.c: Mark ETM as disabled if cipher is not CBC ... Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS 1.2 server only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard	cefa904759	Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor ... Accessor for mbedtls_timing_delay_context final delay	2022-03-25 09:14:41 +01:00
XiaokangQian	20438976f9	Change comments and styles base on review ... Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:09:29 +00:00
XiaokangQian	c02768a399	Replace ssl->handshake with handshake in write_cookie_ext() ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9b93c0dd8d	Change cookie parameters for dtls and tls 1.3 ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	25c9c9023c	Refine cookie len to fix compile issues ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9deb90f74e	Change parameter names and code style ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	5e3c947841	Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	233397ef88	Update code base on comments ... Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data Change code styles and comments Fix cookie write issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	0b64eedba8	Add cookies write in client hello ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
Ronald Cron	90045241e7	Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify ... TLS1.3: Fix incorrect check for certificate verify	2022-03-25 08:35:41 +01:00
Jerry Yu	6c6f10265d	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-25 11:09:50 +08:00
Paul Elliott	27b0d94e25	Use mbedtls_ssl_is_handshake_over() ... Switch over to using the new function both internally and in tests. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-24 14:43:52 +00:00
Jerry Yu	bd1b3278b1	Remove useless code ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-24 13:07:28 +08:00
Tom Cosgrove	b7f5b97650	Minor changes to sha256.c to bring it in line with sha512.c ... Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:56 +00:00
Tom Cosgrove	87fbfb5d82	SECLIB-667: Accelerate SHA-512 with A64 crypto extensions ... Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:53 +00:00
Jerry Yu	e26acee896	Refactor guards for sig algs ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 21:01:33 +08:00
Jerry Yu	f8aa9a44aa	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard	5e4bf95d09	Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies ... MD: HMAC in DTLS cookies	2022-03-23 13:05:24 +01:00
Jerry Yu	8c3388620d	create sig_alg decode function ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 13:34:04 +08:00
Jerry Yu	0c23fc39c3	fix various guards issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:20:01 +08:00
Jerry Yu	7533982f68	guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:06:31 +08:00
Jerry Yu	e010de4be3	Rename ctx to rsa_ctx ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:45:55 +08:00
Jerry Yu	fb0621d841	fix pk_sign_ext issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:42:06 +08:00
Jerry Yu	cef3f33012	Guard rsa sig algs with rsa_c and pkcs1_v{15,21} ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 23:16:42 +08:00
Jerry Yu	e91a51a539	Refactor get_sig_alg_from pk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:42:50 +08:00
Jerry Yu	bf455e7516	rename pk_psa_rsa_sign_ext param ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:39:41 +08:00
Jerry Yu	3616533d26	tls13:remove ec check from validate certification ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 19:46:05 +08:00
Neil Armstrong	488a40eecb	Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-22 10:41:38 +01:00
Jerry Yu	dddf5a0e18	Refactor get_sig_alg_from_pk ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:47:19 +08:00
Jerry Yu	89107d1bc2	fix ci fail without RSA_C ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	406cf27cb5	fix various issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	848ecce990	fix wrong typo in function name ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:52 +08:00
Jerry Yu	07869e804c	fix psa crypto test fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	b02ee18e64	replace use_psa_crypto with psa_crypto_c ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	b6875bc17a	change rsa_pss salt type ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	704cfd2a86	fix comments and style issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	718a9b4a3f	fix doxgen fail ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	1d172a3483	Add pk_psa_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	8beb9e173d	Change prototype of pk_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	67eced0132	replace pk_sign with pk_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	d69439aa61	add mbedtls_pk_sign_ext ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	bfcfe74b4e	add signature algorithm debug helper ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Jerry Yu	919130c035	Add rsa_pss_rsae_sha256 support ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Gabor Mezei	1e64f7a643	Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C ... Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:54 +01:00
Gabor Mezei	1bf075fffd	Use SSL error codes ... The `psa_ssl_status_to_mbedtls` function is not only used for cipher operations so transalte to TLS error codes. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	adfeadc6e5	Extend PSA error translation ... Add new error codes to the PSA to mbedtls error translation. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	58db65354b	Use the PSA-based HKDF functions ... Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` functions in the HKDF handling. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Paul Elliott	b9af2db4cf	Add accessor for timing final delay ... Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-21 15:26:19 +00:00
Neil Armstrong	79daea25db	Handle and return translated PSA errors in ssl_cookie.c ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-21 12:05:51 +01:00
Neil Armstrong	2d5e343c75	Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard	f4042f076b	Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac ... TLS record HMAC	2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard	706f6bae27	Merge pull request #5518 from superna9999/5274-ecdsa-signing ... PK: ECDSA signing	2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard	472044f21e	Merge pull request #5525 from superna9999/5161-pk-rsa-encryption ... PK: RSA encryption	2022-03-21 09:57:38 +01:00
Ronald Cron	8d7afc642c	Merge pull request #5523 from ronald-cron-arm/one-flush-output-development ... TLS 1.3: One flush output	2022-03-21 08:44:04 +01:00
Neil Armstrong	62e6ea2c22	Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:39:49 +01:00
Neil Armstrong	17a0655c8d	Add documentation to find_ecdsa_private_key() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:27:38 +01:00
Neil Armstrong	05132ed490	md_alg is used in ecdsa_sign_wrap(), cleanup code ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:14:57 +01:00
Neil Armstrong	cb753a6945	Use mbedtls_eckey_info directly in ecdsa_sign_wrap() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:14:48 +01:00
Przemek Stekiel	711d0f5e29	Add implemetation of ECP keypair export function ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard	e5b53193e0	Merge pull request #5636 from mprse/tls_ecdh_2b ... TLS ECDH 2b: client-side static ECDH (1.2)	2022-03-18 11:36:53 +01:00
Neil Armstrong	29c0c040fc	Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() ... This requires moving the HMAC init after CIPHER init. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:10:09 +01:00
Neil Armstrong	9ebb9ff60c	Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:58 +01:00
Neil Armstrong	72c2f76c43	Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:36 +01:00
Neil Armstrong	36cc13b340	Use PSA defines for buffers in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:20 +01:00
Neil Armstrong	ae57cfd3e7	Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 10:00:10 +01:00
Neil Armstrong	28d9c631b8	Fix comments in PSA version of mbedtls_ct_hmac() ... Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 10:00:10 +01:00
Ron Eldor	183264cb95	Fix shared library link error with cmake on Windows ... Set the library path as the current binary dir Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard	8d4bc5eeb9	Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac ... HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC	2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard	15c0e39fff	Merge pull request #5519 from superna9999/5150-pk-rsa-decryption ... PK: RSA decryption	2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard	7c92fe966a	Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection ... TLS Cipher 2a: tickets: use PSA for protection	2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard	560ef5975c	Merge pull request #5613 from mprse/tls_ecdh_2a ... TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)	2022-03-17 09:29:41 +01:00
Przemek Stekiel	068a6b4013	ssl_check_server_ecdh_params():Adapt build flags ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-17 07:54:09 +01:00