mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-02-15 20:24:23 +01:00

Author	SHA1	Message	Date
Przemek Stekiel	4092ff9ba9	pem.c: add internal macro to increase code readability * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	829e97d029	Fix include order Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	76b753bbb7	Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled. So the build should not attempt to enable pem_pbkdf1. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	81799fd9d8	pem.c, test_suite_pem: fix dependency MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA->MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	be92bee58a	pem.c: Fix conditional compilation flags Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	a68d08f7d1	pem.c: adjust for bulid without md Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	de81028f00	Adjust dependencies in library/oid.c * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	fd18366965	Adjust declared dependencies in library/x509* * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Ronald Cron	f3f6b0a5c3	Merge pull request #6123 from yuhaoth/pr/finialize-tls13-serialize_session_save_load TLS 1.3:finalize tls13 serialize session save and load	2022-08-19 08:16:05 +02:00
Leonid Rozenboim	70dfd4c8ac	ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-18 14:39:37 -07:00
Tom Cosgrove	583816caaf	Be explicit about constant time bignum functions that must take a 0 or 1 condition value Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-18 14:09:18 +01:00
Dave Rodgman	92cd8642fa	Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a Remove encoding width suffix from Arm bignum assembly	2022-08-18 08:48:03 +01:00
Jerry Yu	e28d9745a1	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 15:44:03 +08:00
Jerry Yu	3419107e8d	Add checks for ticket and resumption_key fields From RFC 8446 and the definition of session, we should check the length. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 11:28:41 +08:00
Dave Rodgman	86c333e79e	Add explicit cast to satisfy compiler Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 16:57:26 +01:00
Jerry Yu	e36fdd676c	Change signature of tls13_session_save Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-17 21:50:25 +08:00
Dave Rodgman	392f714153	Fix type used for capturing TLS ticket generation time Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 12:38:24 +01:00
Dave Rodgman	a7448bf19d	Merge pull request #6141 from mpg/driver-hashes-rsa-v21 Driver hashes rsa v21	2022-08-16 09:52:39 +01:00
Janos Follath	cc93908b88	Bignum: Declare loop variable in loop head In the new bignum files (bignum_core.c, bignum_mod_raw.c and bignum_mod.c) the loop variables are declared in the loop head wherever this change is beneficial. There are loops where the loop variable is used after the end of the loop (this might not be good practice, but that is out of scope for this commit) and others where there are several loop variables and declaring them there would hurt readability. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 12:08:49 +01:00
Janos Follath	620c58ced9	Bignum: make const placement consistent Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:58:42 +01:00
Janos Follath	ed5c8d3d1e	Bignum: make modulus value const The modulus value won't change during normal operations, make this clear in the struct and the function signatures. This won't prevent the caller from modifying the passed buffer, but might give a hint and reinforces the message of the documentation. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:50:22 +01:00
Janos Follath	138f51c5c8	Fix alphabetic order in makefiles Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:38:30 +01:00
Gabor Mezei	fd65e82753	Rename structure elements Use better names for structure elements and adopting the convention of the other modules. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 18:09:12 +02:00
Gabor Mezei	c414ba3fc0	Simplify code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 17:59:53 +02:00
Gabor Mezei	5a5c0c5f0a	Move the declaration of variables to their scope of usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:40:09 +02:00
Gabor Mezei	7f93264ab1	Change struct element order Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:37:27 +02:00
Gabor Mezei	89e31460db	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:36:56 +02:00
Dave Rodgman	7b1be55484	Merge pull request #5993 from eliteraspberries/android-soname Allow non-versioned library soname.	2022-08-12 13:49:55 +01:00
Gabor Mezei	5f56df44f0	Remove redundant check Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 14:41:54 +02:00
Gabor Mezei	bf9da1dfb1	Do not read if output pointer is NULL Skip reading if output pointer is NULL even if the length of the input buffer is 0. The memory sanitizer will mark this as an error. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 14:11:56 +02:00
Mansour Moufid	6a8673092f	Allow non-versioned library soname. Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>	2022-08-12 11:02:01 +01:00
Janos Follath	6318468183	Improve bignum documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 17:42:59 +01:00
Janos Follath	a30b4e5692	Bignum: remove duplicate documentation from source These functions have full documentation in the header. Maintaing two copies does not worth the effort and having an out of sync reduced duplicate is not helpful. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 17:15:18 +01:00
Janos Follath	2ab2d3e3e9	Inline mpi_core_clear() This used to resize MPIs in the legacy interface, which is not needed/possible as the new interface has fixed size MPIs. Inlining this function makes the code easier to read and maintain, while there is no obvious drawback to it. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 16:16:49 +01:00
Janos Follath	56a10f97ba	Bignum: remove unnecessary NULL pointer checks A null pointer dereference, or null pointer plus small offset, is a clean runtime error in most environments. So it's not particularly useful to protect against this. While at it make a null pointer check that is actually necessary more robust. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 15:19:00 +01:00
Janos Follath	296ea66442	Bignum: clean up use of enums - Made use of enums in struct and function declaration - All enums are handled by switch case now - If the switch does nothing on default, omit the default case to make compiler warnings more powerful - The two enums are now disjoint and the value 1 is skipped to make mistakes easier to detect Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 14:58:29 +01:00
Jerry Yu	5c28e7aa0e	remove psk key when ephemeral selected ephemeral is selected, `handshake->psk` must be removed. Otherwise the encrypt key will be caculate fail. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	56acc9421c	Write key_share base on key_exchange mode. In ServerHello, write key share should base on key_exchange mode, not base on configuration. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	f0bad2554a	Continue check next psk key when binder mismatch with matched identity and mismatch binder, should check next psk key. Exit with error will break multi-psk cases. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	32e1370fbc	Add config check for pre_shared_key parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	e95c8af266	Align ciphersuite with psk key With OpenSSL and GnuTLS client, if the MAC of ciphersuite does not match selected binder, client will reject connection. This change is to select ciphersuite base on algo of psk binder. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	ccc68a466e	change handshake psk key type for tls13 PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is decided when create binder Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Ronald Cron	295d93ebe8	Add psk handshake with gnutls Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	40f3771e18	Add handshake psk export function. Rename `ssl_tls13_get_psk` and export the function. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Przemek Stekiel	71bf28bb34	Fix include file path Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	f98b57f231	Initialize status/ret to error value Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	2aae040615	make ret_from_status() global function and move it to has_info.[ch] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	712bb9c5af	Use more suitable function for checking if hash is supported Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	79b99f47a1	Fix definition of MD_OR_PSA macros The code will make the decision based on availability of MD, not of MD+this_hash. The later would only be possible at runtime (the hash isn't known until then, that's the whole point of MD), so we'd need to have both MD-based and PSA-based code paths in a single build, which would have a very negative impact on code size. So, instead, we choose based on the presence of MD, which is know at compile time, so we only have one of the two code paths in each build. Adjust the macros so that they match the logic of the code using them. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	077ba8489d	PKCS#1 v2.1 now builds with PSA if no MD_C Test coverage not there yet, as the entire test_suite_pkcs1_v21 is skipped so far - dependencies to be adjusted in a future commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	faa3b4e0c3	Get rid of md_info outside helper functions Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	35c09e4824	Introduce compute_hash() function This allows callers not to worry with md_info and makes it easier to provide a PSA version for when MD_C is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f701acc088	Extract common code into hash_mprime() This will also make it easier to provide a PSA-based version for when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f3a6755450	Simplify callers of mgf_mask() Some of them no longer need md_ctx, some of those no longer need the exit dance that was used to free it, or need it on a smaller scope. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	259c213545	Tune API of internal function mgf_mask in RSA This is a first step towards making a version of this function that uses PSA when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Dave Rodgman	8a9f88899d	Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code ssl_tls: avoid the appearance of a potential NULL dereferencing	2022-08-11 10:12:34 +01:00
kXuan	9ac6b28e27	ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed Since `11e9310` add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it should not init aes_ctx again in mbedtls_ctr_drbg_seed. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-11 16:38:45 +08:00
Janos Follath	d0895708e2	Bignum: move internal constants to headers Now that the check_names script allows it, we can do so. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-10 13:32:16 +01:00
kXuan	11e9310fd1	ctr_drbg: fix free uninitialized aes context Application may enabled AES_ALT and define mbedtls_aes_context by its own. The initial state of user-defined mbedtls_aes_context may not all byte zero. In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES context nested in the ctr_drbg context. And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES context without calling mbedtls_aes_init. If user-defined AES context requires an non-zero init, the mbedtls_aes_free call in mbedtls_ctr_drbg_free is illegal. This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init. So aes context will always be initialized to correct state. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-10 16:43:28 +08:00
Leonid Rozenboim	e9d8dcdbf5	ssl_tls: avoid the appearance of a potential NULL dereferencing Looking at the bigger picture it is clear that if `ssl->session` is NULL, there will be a failure much earlier, and that is well protected from, however, the practice of dereferencing a pointer which has not been verified in prior for validity goes against secure coding practices. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-09 12:34:30 -07:00
Janos Follath	c47c0569d4	Remove VALIDATE macros from bignum_core.c They are deprecated and are declared to be empty anyway. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:54:43 +01:00
Janos Follath	d1baedb786	Bignum: extract bignum_mod.h functions Extract functions declared in bignum_mod.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point This makes library/bignum_new.c empty and therefore it is deleted. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:44:53 +01:00
Janos Follath	0ded631879	Bignum: extract bignum_mod_raw.h functions Extract functions declared in bignum_mod_raw.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:34:54 +01:00
Janos Follath	3ca0775e59	Bignum: extract bignum_core.h functions Extract functions declared in bignum_core.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 11:45:47 +01:00
Dave Rodgman	f421d45869	Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled	2022-08-09 11:27:42 +01:00
Dave Rodgman	953ce3962f	Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 Add rsa pss rsae for tls12	2022-08-09 10:21:45 +01:00
Janos Follath	dae1147596	Improve Bignum documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-08 11:50:02 +01:00
Janos Follath	8ff0729dd7	Fix typos in Bignum documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-08 08:39:52 +01:00
Gabor Mezei	6666914b76	Revert "Move Bignum macros to common header" This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078. Reverting commit due the macros are meant to be local and not following the naming convention. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:10:51 +01:00
Gabor Mezei	37b06360b3	Add documentation for new bignum functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:10:51 +01:00
Gabor Mezei	c0b9304f92	Use value as numerical value instead of bitfield value Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	d8f5bc2d3d	Free the correct struct element Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	535f36d203	Unify parameter naming Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	e66b1d47ed	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	8b718b5a66	Add bounds check to residue input Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	23bdeca64d	Add core constant time comparison Unfortunately reusing the new function from the signed constant time comparison is not trivial. One option would be to do temporary conditional swaps which would prevent qualifying input to const. Another way would be to add an additional flag for the sign and make it an integral part of the computation, which would defeat the purpose of having an unsigned core comparison. Going with two separate function for now and the signed version can be retired/compiled out with the legacy API eventually. The new function in theory could be placed into either `library/constant_time.c` or `library/bignum_new.c`. Going with the first as the other functions in the second are not constant time yet and this distinction seems more valuable for new (as opposed to belonging to the `_core` functions. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	5f016650d7	Reuse Bignum core I/O functions Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	91dc67d31c	Allow (NULL, 0) as a representation of 0 - We don't check for NULL pointers this deep in the library - Accessing a NULL pointer when the limb number is 0 as a mistake is the very similar to any other out of bounds access - We could potentially mandate at least 1 limb representation for 0 but we either would need to enforce it or the implementation would be less robust. - Allowing zero limb representation - (NULL, 0) in particular - for zero is present in the legacy interface, if we disallow it, the compatibility code will need to deal with this (more code size and opportunities for mistakes) In summary, interpreting (NULL, 0) as the number zero in the core interface is the least of the two evils. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	4670f88991	Reuse Bignum helper functions Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	4614b9ad1b	Move Bignum macros to common header Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	f1d617deb8	Add tests for big endian core I/O The test case where there were extra limbs in the MPI failed and this commit contains the corresponding fix as well. (We used to use the minimum required limbs instead of the actual limbs present.) Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:06:31 +01:00
Janos Follath	ba5c139e4c	Add more validation to modulus life cycle Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Janos Follath	281ccda8a5	Clean up mpi_mod_init/free Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Janos Follath	5005edb36c	Fix typos Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	c5328cf9a6	Add a set of I/O functions for the modulus structure Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	b903070cec	Add a set of I/O functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	0c655572dc	Build the new bignum_new.c file Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	f049dbfe94	Add the new modulus and the residue structures Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gilles Peskine	b3edc1576c	Merge pull request #2602 from edsiper/crt-symlink x509_crt: handle properly broken links when looking for certificates	2022-08-03 13:05:29 +02:00
Gilles Peskine	07e7fe516b	Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve Validation remove and change in files related to curve in library	2022-08-03 13:05:16 +02:00
Gilles Peskine	7e1ee0f04b	Merge pull request #6114 from mman/development Use double quotes to include private header file psa_crypto_cipher.h	2022-08-03 13:04:57 +02:00
Martin Man	4741e0b56c	Use double quotes to include private header file psa_crypto_cipher.h Signed-off-by: Martin Man <mman@martinman.net> Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>	2022-08-02 12:44:35 +02:00
Aditya Patwardhan	3096f331ee	Fix missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled Added the changelog.d entry Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>	2022-08-02 11:15:18 +05:30
Dave Rodgman	919ff15ecf	Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020 Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined	2022-07-29 17:08:11 +01:00
Dave Rodgman	27036c9e28	Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments Fix a/an typos in doxygen and other comments	2022-07-29 12:59:05 +01:00
Jerry Yu	c3bf748dc7	fix vertical alignment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-29 10:27:17 +08:00
Jerry Yu	09a99fcf8a	Add rsa_pss_rsae_* sig algos for tls12 default Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	379b1ff3a5	remove useless comment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	95b743ca17	Rename get_pk_type_and_md_alg The function is for both tls12 and tls13 now. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	693a47ab1d	add rsa_pss_rsae_* support in tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Tuvshinzaya Erdenekhuu	86669de348	Broke 2 long lines Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-28 10:31:16 +01:00
Dave Rodgman	aba26d0099	Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new Remove use of SSL session compression	2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard	f6b8c3297a	Merge pull request #6065 from mpg/explore2 Driver-only hashes: RSA 1.5 and PK + strategy doc	2022-07-28 10:43:38 +02:00
Tom Cosgrove	ce7f18c00b	Fix a/an typos in doxygen and other comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-28 05:50:56 +01:00
Manuel Pégourié-Gonnard	68429fc44d	Fix a few more typos Update link while at it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-27 20:44:02 +02:00
Tuvshinzaya Erdenekhuu	22f3654324	Remove NULL pointer validation in ecp.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:21:48 +01:00
Tuvshinzaya Erdenekhuu	a891f83803	Re-introduce ENUM validation in ecjpake.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu	2b1ecdaf4e	Remove NULL pointer validation in ecjpake.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu	f69cac784a	Reintroduce enum validation ecdh.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:43:38 +01:00
Tuvshinzaya Erdenekhuu	7857caadcd	Remove NULL pointer validation in ecdh.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:40:47 +01:00
Tuvshinzaya Erdenekhuu	375950f119	Remove NULL pointer validations in ecdsa.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:28:20 +01:00
Thomas Daubney	31e03a8e15	Replace hard-coded zeroes for constant Replace two occurances of hard-coded zero for MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Thomas Daubney	54e38ea9cd	Remove remaining references to compression in docs Some references to compression exist in the docs. This commit removes those instances. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Thomas Daubney	20f89a9605	Remove uses of SSL compression Remove or modify current uses of session compression. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:03 +01:00
Manuel Pégourié-Gonnard	de9ffe37ab	Fix typos in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-26 10:20:52 +02:00
Ronald Cron	e579ece305	Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load TLS 1.3: Add serialize session save load I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123. Thus I am ok to merge it as it is.	2022-07-23 08:57:11 +02:00
Ronald Cron	340c559cb3	Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.	2022-07-23 08:50:45 +02:00
Jerry Yu	13ab81d5ac	Add handshake failure in pre_shared_key withou psk_kex_modes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:17:11 +08:00
Jerry Yu	bc7c1a4260	fix typo/format/name issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:09:40 +08:00
Jerry Yu	438ddd835b	Add tls13 session save/load Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	a66fecebe7	Add endpoint/ticket_flag field for session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	6f1db3fc92	fix format and potential non-PSK fail issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:05:59 +08:00
Jerry Yu	ce6ed7076a	Change the order of key_exchange determine Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:49:53 +08:00
Jerry Yu	ba9b6e9e53	fix unkown identity case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:45:05 +08:00
Jerry Yu	568ec2502a	fix format/name issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:27:34 +08:00
Jerry Yu	2f0abc94d8	fix typo/type/format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 19:34:48 +08:00
Ronald Cron	4beb870fa8	Merge pull request #6064 from xkqian/tls13_add_psk Add psk code to tls13 client side	2022-07-22 11:35:05 +02:00
Dave Rodgman	a948f0588c	Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4 bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5	2022-07-21 17:34:48 +01:00
Jerry Yu	77f0148e11	Add psk/psk_ephemeral key exchange check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 23:27:22 +08:00
Ronald Cron	32578b3bd0	Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket TLS 1.3:add tls13 write new session ticket Validated by the internal CI and Travis.	2022-07-21 16:17:35 +02:00
XiaokangQian	bee71453b2	Improve the buffer pointer check in write pre_shared key Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	7c12d31813	Refine comments for psk related code Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	8698195566	Address comments of various issues Improve comments Change coding style Rename functions Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	adab9a6440	Fix transcript issues and add cases against openssl Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	008d2bf80b	Address comments in psk client review Improve comments Refine cipher suite related code in psk Refine get_psk_offered() Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	eb69aee6af	Add psk code to tls13 client side Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard	73692b7537	Rework macros expressing dependencies Fix usage with sed: s/MBEDTLS_OR_PSA_WANT_$[A-Z_0-9]$/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/ s/MBEDTLS_USE_PSA_WANT_$[A-Z_0-9]$/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/ Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-21 12:11:53 +02:00
Jerry Yu	96a2e368dc	TLS 1.3: Add pre-shared-key multiple psk parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 18:00:13 +08:00
Jerry Yu	6119715e05	Change type cast to size_t Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:28:02 +08:00
Jerry Yu	1c9247cff4	TLS 1.3: Add pre_share_key last ext check From RFC, pre_share_key must be the last one. Add check for it. And with/without psk, it should be check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	352cd7db59	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	daf375aa8b	fix issues of check_binder_match Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	bb852029f4	fix naming issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	6e74a7e3c7	Add check return flags Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	997549353e	fix various code format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	032b15ce5e	Add write selected_identity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	1c105560b4	add offered psks parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	6dcd18d55b	export hdr checksum function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Ronald Cron	bc817bac76	TLS 1.3: Limit scope of tls13_kex_modes handshake field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-21 09:43:53 +02:00
Jerry Yu	fca4d579a4	fix various issues - unnecessary comments - format issue - improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 10:37:48 +08:00
Ronald Cron	799077177b	TLS 1.3: Use selected key exchange mode field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:58 +02:00
Ronald Cron	853854958f	TLS 1.3: Add selected key exchange mode field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:22 +02:00
Ronald Cron	7f9ccfeccc	TLS 1.3: Remove unnecessary key exchange mode check If there is a PSK involved in the key exchange and thus no certificate we do not go through the MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there is no reason to check that in the coordination function of that state. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:47:23 +02:00
Ronald Cron	2d8b7ac898	TLS 1.3: Fix selected key exchange mode check ECDHE operations have to be done in ephemeral and PSK-ephemeral key exchange mode, not just ephemeral key exhange mode. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:46:58 +02:00
Dave Rodgman	fa40b02da3	Remove use of lstat lstat is not available on some platforms (e.g. Ubuntu 16.04). In this particular case stat is sufficient. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 16:10:33 +01:00
Jerry Yu	6cb4fcd1a5	Remove key exchange mode check. This change does not meet RFC requirements. It should be revert after key exchange mode issue fixed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	e67bef4aba	Add tls13 write new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	251a12e942	Add dummy session save Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:40:59 +08:00
Dave Rodgman	7085aa42ee	Merge pull request #5896 from wernerlewis/aes_shallow_copy Refactor AES context to be shallow-copyable	2022-07-20 15:16:37 +01:00
Dave Rodgman	103f8b6506	Spelling and grammar improvements Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:08 +01:00
Dave Rodgman	935154ef04	Don't increase failure count for dangling symlinks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:07 +01:00
Eduardo Silva	e1bfffc4f6	x509_crt: handle properly broken links when looking for certificates On non-windows environments, when loading certificates from a given path through mbedtls_x509_crt_parse_path() function, if a symbolic link is found and is broken (meaning the target file don't exists), the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is not honoring the default behavior of just skip the bad certificate file and increase the counter of wrong files. The problem have been raised many times in our open source project called Fluent Bit which depends on MbedTLS: https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209 The expected behavior is that if a simple certificate cannot be processed, it should just be skipped. This patch implements a workaround with lstat(2) and stat(2) to determinate first if the entry found in the directory is a symbolic link or not, if is a simbolic link, do a proper stat(2) for the target file, otherwise process normally. Upon find a broken symbolic link it will increase the counter of not processed certificates. Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>	2022-07-20 14:36:12 +01:00
Jerry Yu	3afdf36de7	Add hash length check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 18:12:08 +08:00
Jerry Yu	0a430c8aaf	Rename resumption_key and the hardcode len `resumption_key` is better name. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	b14413804a	Remove ticket_flags It should be added later. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	08aed4def9	fix comments and time_t type issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a0446a0344	Add check_return flag Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	4e6c42a533	fix various issues - wrong typo - unnecessary comments/debug code - wrong location Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	cb3b1396f3	move resume psk ticket computation to end Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	af2c0c8dd6	fix various comment/format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	f8a4994ec7	Add tls13 new session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	c62ae5f539	Add new session ticket message check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a270f67340	Add tls13 session fields Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard	d82a9edc63	Rm now-duplicate helper function Again, the guards are slightly different, let's see in the CI if this causes any trouble. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	130fa4d376	Rm local helper now that a global one is available There is a small difference: the global function only works for hashes that are included in the build, while the old one worked for all hashes regardless of whether they were enabled or not. We'll see in the CI is this causes any issues. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	abac037a7b	Migrate from old inline to new actual function. This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/.c tests/suites/.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	4772884133	New internal module for managing hash information Using static inline functions is bad for code size; the function from md_internal.h was already used from 3 different C files, so already was copied at least 3 times in the library, and this would only get worse over time. Use actual functions, and also share the actual data between them. Provide a consistent set of operations. Conversion to/from human-readable string was omitted for now but could be added later if needed. In the future, this can be used to replace other similar (inline) functions that are currently scattered, including (but perhaps not limited to): - mbedtls_psa_translate_md() from psa_util.h - mbedtls_md_info_from_psa() (indirectly) from psa_crypto_hash.h - get_md_alg_from_psa() from psa_crypto_rsa.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Peter Korsgaard	c0546e351f	bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5 Fixes #1910 With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline assembly fails to build with GCC < 5 in PIC mode with the following error: include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’ This is because older GCC versions treated the x86 ebx register (which is used for the GOT) as a fixed reserved register when building as PIC. This is fixed by an improved register allocator in GCC 5+. From the release notes: Register allocation improvements: Reuse of the PIC hard register, instead of using a fixed register, was implemented on x86/x86-64 targets. This improves generated PIC code performance as more hard registers can be used. https://www.gnu.org/software/gcc/gcc-5/changes.html As a workaround, detect this situation and disable the inline assembly, similar to the MULADDC_CANNOT_USE_R7 logic. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2022-07-18 17:31:13 +01:00
Manuel Pégourié-Gonnard	1c402a4217	Remove macro that's no longer used It was only used in test_suite_pk which was fixed to no longer compute hashes in a temporary buffer. Also, it's not entirely clear is this macro was really a good idea: perhaps it's better for each user to have an explicit #if defined(MBEDTSL_USE_PSA_CRYPTO) and use either MBEDTLS_MD_MAX_SIZE or PSA_HASH_MAX_SIZE in each branch of that #if. So, removing it for the time being. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 12:49:19 +02:00
Ronald Cron	d5b1eb51db	Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext TLS 1.3: PSK: Add parser of psk kex mode ext on server side	2022-07-18 11:34:24 +02:00
Hanno Becker	907a367b50	Remove explicit width suffixes from Arm bignum assembly Within the M-profile of the Arm architecture, some instructions admit both a 16-bit and a 32-bit encoding. For those instructions, some assemblers support the use of the .n (narrow) and .w (wide) suffixes to force a choice of instruction encoding width. Forcing the size of encodings may be useful to ensure alignment of code, which can have a significant performance impact on some microarchitectures. It is for this reason that a previous commit introduced explicit .w suffixes into what was believed to be M-profile only assembly in library/bn_mul.h. This change, however, introduced two issues: - First, the assembly block in question is used also for Armv7-A systems, on which the .n/.w distinction is not meaningful (all instructions are 32-bit). - Second, compiler support for .n/.w suffixes appears patchy, leading to compilation failures even when building for M-profile targets. This commit removes the .w annotations in order to restore working code, deferring controlled re-introduction for the sake of performance. Fixes #6089. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-07-15 12:00:58 +01:00
Manuel Pégourié-Gonnard	f88b1b5375	Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros Currently just replacing existing uses, but the real point of having these conditions as a single macro is that we'll be able to use them in tests case dependencies, see next commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-15 12:08:14 +02:00
Jerry Yu	854dd9e23f	fix comment issue Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-15 14:38:38 +08:00
Jerry Yu	299e31f10e	fix various issue - remove unused test case - add alert message - improve readabitlity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-13 23:06:36 +08:00
Paul Elliott	af4b90db3f	Revert "Add missing library/psa_crypto_driver_wrappers.c" This reverts commit `c2a9387110` Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 11:30:17 +01:00
Paul Elliott	81c69b547a	Revert "Revert "Revert "Add generated files for 3.2.0 release""" This reverts commit `185d24ba0e`. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 11:29:34 +01:00
Jerry Yu	e19e3b9eb8	Add psk_key_exchange_modes parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:35 +00:00
Paul Elliott	cd08ba0326	Bump version to 3.2.1 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:55 +01:00
Dave Rodgman	c2a9387110	Add missing library/psa_crypto_driver_wrappers.c Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-12 10:51:55 +01:00
Dave Rodgman	185d24ba0e	Revert "Revert "Add generated files for 3.2.0 release"" This reverts commit `7adb8cbc0e`. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:44 +01:00
Manuel Pégourié-Gonnard	043c8c5de8	Add USE_PSA version of PK test functions While at it, also fix buffer size for functions that already depend on USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that use it or not depending on USE_PSA. The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function always uses MD - currently this is the case with pk_sign_verify_restart() as it is incompatible with USE_PSA anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard	5508673832	Add helper macros for dependencies based on USE_PSA For now in an internal header as it's the safest option and that way we can change whenever we want. Later on if we think the macros can be useful to applications as well then we can move them to a public location. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	3f4778995e	Rm dependency on MD in psa_crypto_rsa.c The previous commit made the PKCS#1v1.5 part of rsa.c independent from md.c, but there was still a dependency in the corresponding part in PSA. This commit removes it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	fe2b9b5397	Make mbedtls_oid_get_md_alg() always available This is a step towards building with RSA PKCS#1v1.5 without MD. Also loosen guards around oid data: the OID definitions clearly don't depend on our software implementation. We could simply have no dependency as this is just data. But for the sake of code size, let's have some guards so that people who don't use MD5, SHA1 or RIPEMD160 don't have to pay the price for them. Note: this is used for RSA (PKCS#v1.5) signatures among other things, an area that is not influenced by USE_PSA, so the guards should not depend on it either. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	f493f2ad1d	Use md_internal_get_size() in rsa.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	3356b89b64	Add missing guard around call to MD PKCS#1 v1.5 mostly does not need hash operations. This is a first step towards allowing builds with PKCS#1 v1.5 only (no v2.1) without MD. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	a370e06e30	Avoid dependency of PK on MD Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	d8a298e1fc	Add internal MD size getter Modules / tests that only need to get the size of a hash from its type, without actually computing a hash, need not depend on MD_C. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Paul Elliott	7adb8cbc0e	Revert "Add generated files for 3.2.0 release" This reverts commit `cb21f2eab3`. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 18:18:30 +01:00
Paul Elliott	cb21f2eab3	Add generated files for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	20362cd1ca	Bump library and so versions for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	f518f81d41	Ensure return for mbedtls_ssl_write_alpn_ext() is checked Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 12:37:47 +01:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Andrzej Kurek	21b50808cd	Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing Use a more straightforward condition to note that session resumption is happening. Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 03:26:55 -04:00
Werner Lewis	c1999d5746	Add fallback when rk unaligned with padlock Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-07-05 11:55:15 +01:00
Andrzej Kurek	92d7417d89	Formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Paul Elliott	072d2b094d	Add pem_free() to other error paths in pk_parse_public_key() Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-04 06:49:26 -04:00
Leonid Rozenboim	116f50cd96	Fix resource leaks These potential leaks were flagged by the Coverity static analyzer. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard	4d7af2aee0	Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection Permissions 2a: TLS 1.2 ciphersuite selection	2022-07-04 12:37:02 +02:00
Paul Elliott	41aa808a56	Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf Turn off stdio buffering with setbuf()	2022-07-04 10:12:22 +01:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Paul Elliott	c466ec2e73	Fix code formatting Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-01 16:43:25 +01:00
Neil Armstrong	971f30d917	Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 16:23:50 +02:00
Manuel Pégourié-Gonnard	8b8a1610f7	Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check Fix the wrong variable being used for TLS record size checks	2022-07-01 12:29:48 +02:00
Jerry Yu	52b7d923fe	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 18:12:44 +08:00
Neil Armstrong	96eceb8022	Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 18:05:05 +02:00
Gilles Peskine	da0913ba6b	Call setbuf when reading or writing files: library After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), except: * In ctr_drbg.c, in load_file(), because this is only used for DH parameters and they are not confidential data. * In psa_its_file.c, in psa_its_remove(), because the file is only opened to check its existence, we don't read data from it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:03:40 +02:00
Gilles Peskine	6497b5a1d1	Add setbuf platform function Add a platform function mbedtls_setbuf(), defaulting to setbuf(). The intent is to allow disabling stdio buffering when reading or writing files with sensitive data, because this exposes the sensitive data to a subsequent memory disclosure vulnerability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:01:40 +02:00
Ronald Cron	cb67e1a890	Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix Improve ASN.1 write tests	2022-06-30 15:42:16 +02:00
Paul Elliott	f6a56cf5ff	Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check TLS 1.3: Add missing overread check	2022-06-29 17:01:14 +01:00
Werner Lewis	7656a373b6	Reformat AES changes for readability Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Werner Lewis	dd76ef359d	Refactor AES context to be shallow-copyable Replace RK pointer in AES context with a buffer offset, to allow shallow copying. Fixes #2147. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Dave Rodgman	5b50f38f92	Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 Fix null pointer dereference in mpi_mod_int(0, 2)	2022-06-29 15:02:59 +01:00
Jerry Yu	2fe6c638e2	remove supported check from parse sig algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	959e5e030b	fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	660cb4209c	Remove pkcs1 from key cert and sig alg map Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	71b18844ff	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:19:49 +08:00
Jerry Yu	9d3e2fa372	Add negative tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:19:06 +08:00
Manuel Pégourié-Gonnard	2f244c43b4	Merge pull request #5980 from mprse/md_dep_fix Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()	2022-06-29 10:18:41 +02:00
Jerry Yu	c2e0493e6e	Add rsa_pkcs1 for cert sig match Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:31 +08:00
Jerry Yu	cc5391048e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:30 +08:00
Jerry Yu	ee28e7a21d	add tests for select sig alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:17:06 +08:00
Jerry Yu	aebaaaf527	add debug messages Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	430db6b6ff	Remove hack fix for server hybrid issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	a1255e6b8c	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	9bb3ee436b	Revert rsa_pss_rsae_* support for tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	53f5c15155	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	80dd5db808	Remove pkcs1 from certificate verify. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	d4a71a57a8	Add tls12 algorithms in hybrid mode client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	5ef71f2723	remove rsa_pkcs1_* from tls13 support list Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	f085678879	remove unnecessary check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	6272c4d4aa	Revert unnecessary space change Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	96ee23eb88	fix tls12 openssl/gnutls server fail To test version negotiation with tls12 OpenSSL/GnuTLS server, If `rsa_pss_rsae_` were sent to server before `rsa_pkcs_`, server will return `rsa_pss_rsae_` as key exchange sig alg. OpenSSL/GnuTLS can work with this case. mbedTLS will fail due to `rsa_pss_rsae_` unsupported. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	ba5e379697	Revert order of default sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	3f71ca0941	Remove rsa_pss_rsae_* from tls12 sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	0c6be8f863	move big function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	3896ac6e5b	fix ordered sig algs fail for openssl Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:06 +08:00
Jerry Yu	f3b46b5082	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:05 +08:00
Jerry Yu	d099cf0325	fix unused variable issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:47 +08:00
Jerry Yu	f55886a217	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	6babfee178	remove out of scope codes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	fb526693c1	Rename sig_alg cert_key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	f0cda410a4	remove default sig_hashes And add pss_rsae_* sig_algs to fix `Handshake TLS 1.3` test fails, which is part of `test_suite_ssl` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	08524c55f9	remove pkcs1_* support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	0ebce95785	create tls12/tls13 sig alg support check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:43 +08:00
Jerry Yu	f249ef7821	refactor get sig algo from pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:40 +08:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Gilles Peskine	d86abf2392	Merge pull request #5861 from wernerlewis/csr_subject_comma Fix output of commas and other special characters in X509 DN values	2022-06-28 21:00:49 +02:00
Glenn Strauss	999ef70b27	Add accessors to config DN hints for cert request mbedtls_ssl_conf_dn_hints() mbedtls_ssl_set_hs_dn_hints() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-28 12:43:59 -04:00
Neil Armstrong	9f1176a793	Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	9f4606e6d2	Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	0c9c10a401	Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	f7044eaec8	Fix name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Ronald Cron	e99ec7cb6a	Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc TLS 1.3: Fixes and add documentation Validated by the internal CI, no need to wait for the Open CI.	2022-06-28 12:16:17 +02:00
Gabor Mezei	96ae926572	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	5471912269	Move switching to handshake transform after sending CCS record Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	05ebf3be74	Revert "Do not encrypt CCS records" This reverts commit `96ec831385`. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:55:35 +02:00
Przemek Stekiel	4dc874453e	ssl_tls13_parse_certificate_verify(): optimize the code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-28 11:05:42 +02:00
Manuel Pégourié-Gonnard	273453f126	Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next Inline mbedtls_x509_dn_get_next() in x509.h	2022-06-28 10:13:58 +02:00
Ronald Cron	11b5332ffc	tls13: Fix certificate extension size write Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	81a334fc02	tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext() Some coding style alignement as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	7b8404608a	tls13: Rename ssl_tls13_write_hello_retry_request_coordinate Rename ssl_tls13_write_hello_retry_request_coordinate to ssl_tls13_prepare_hello_retry_request as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	fb508b8f21	tls13: Move state changes up to state main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	63dc463ed6	tls13: Simplify switch to the inbound handshake keys on server side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	5afb904022	tls13: Move out of place handshake field reset Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	828aff6ead	tls13: Rename server_hello_coordinate to preprocess_server_hello Rename server_hello_coordinate to preprocess_server_hello as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	db5dfa1f1c	tls13: Move ServerHello fetch to the ServerHello top handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	9d6a545714	tls13: Re-organize EncryptedExtensions message parsing code Align the organization of the EncryptedExtensions message parsing code with the organization of the other message parsing codes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	154d1b68d6	tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	c80835943c	tls13: Fix pointer calculation before space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	2827106199	tls13: Add missing buffer overread check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	b94854f8e3	Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests TLS 1.3: Enable and add tests	2022-06-28 09:15:17 +02:00
Glenn Strauss	01d2f52a32	Inline mbedtls_x509_dn_get_next() in x509.h Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-27 14:20:07 -04:00
Dave Rodgman	f5b7082f6e	Merge pull request #5811 from polhenarejos/bug_x448 Fix order value for curve x448	2022-06-27 13:47:24 +01:00
Werner Lewis	9b0e940135	Fix case where final special char exceeds buffer Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 12:01:22 +01:00
Przemek Stekiel	9e30fc94f3	Remove redundant spaces Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 12:48:35 +02:00
Werner Lewis	b33dacdb50	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:19:50 +01:00
Przemek Stekiel	6a5e01858f	ssl_tls13_parse_certificate_verify(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:53:13 +02:00
Przemek Stekiel	6230d0d398	mbedtls_x509_sig_alg_gets(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:19:04 +02:00
Ronald Cron	cf600bc07c	Comment fixes Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	2b1a43c101	tls13: Add missing overread check in Certificate msg parsing. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	ad8c17b9c6	tls: Add overread/overwrite check failure tracking Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	e3dac4aaa1	tls13: Add Certificate msg parsing tests with invalid vector lengths Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:42 +02:00
Ronald Cron	07040bb179	Merge pull request #5951 from xkqian/tls13_add_alpn Add ALPN extension to the server side	2022-06-27 08:33:03 +02:00
Ronald Cron	9738a8d0fd	Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks TLS 1.3: Fix certificate key usage checks	2022-06-27 08:32:17 +02:00
Paul Elliott	668b31f210	Fix the wrong variable being used for TLS record size checks Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-06-24 20:09:37 +01:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
XiaokangQian	0b776e282a	Change some comments for alpn Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard	93a7f7d7f8	Merge pull request #5954 from wernerlewis/x509_next_merged Add mbedtls_x509_dn_get_next function	2022-06-24 09:59:22 +02:00
XiaokangQian	95d5f549f1	Fix coding styles Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 05:42:15 +00:00
Przemek Stekiel	1b0ebdf363	Zeroize hkdf_label buffer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:22:49 +02:00
Przemek Stekiel	38ab400dc4	Adapt code to be consistent with the existing code - init status to error - use simple assignment to status - fix code style (spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:05:40 +02:00
XiaokangQian	c740345c5b	Adress review comments Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Gabor Mezei	96ec831385	Do not encrypt CCS records According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Gabor Mezei	7b39bf178e	Send dummy change_cipher_spec records from TLS 1.3 server Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Przemek Stekiel	d5ae365b97	Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Przemek Stekiel	88e7101d03	Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard	a82a8b9f4b	Mark internal int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:55 +02:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard	66b0d61718	Add comments when can_do() is safe to use Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	b64fb62ead	Fix unchecked return value from internal function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	e0469b5908	Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix Add a client hello cookie_len overflow test	2022-06-20 19:35:54 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Ronald Cron	30c5a2520e	tls13: Fix certificate key usage checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:49:52 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
Andrzej Kurek	755ddff25c	Fix print format in a debug message Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:32:02 -04:00
Andrzej Kurek	cbe14ec967	Improve variable extracting operations by using MBEDTLS_GET macros Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:17:28 -04:00
XiaokangQian	75fe8c7e54	Change place of ssl_tls13_check_ephemeral_key_exchange Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 09:42:45 +00:00
XiaokangQian	fb665a8452	Adress the comments about styles and pick_cert Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 03:57:21 +00:00
Andrzej Kurek	7cf872557a	Rearrange the session resumption code Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
Przemek Stekiel	69c4679b22	Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 11:13:32 +02:00
XiaokangQian	07aad0710c	Refine function name ssl_tls13_pick_key_cert Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 05:35:09 +00:00
XiaokangQian	81802f43a2	Select certificate base on the received signature list Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-13 03:58:06 +00:00
Gilles Peskine	321a08944b	Fix bug whereby 0 was written as 0200 rather than 020100 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:33 +02:00
Gilles Peskine	ae25bb043c	Fix null pointer dereference in mpi_mod_int(0, 2) Fix a null pointer dereference when performing some operations on zero represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or mbedtls_mpi_write_string() in base 2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 19:32:46 +02:00
Przemek Stekiel	75fe3fb1d7	psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-09 14:44:55 +02:00
Andrzej Kurek	b58cf0d172	Split a debug message into two - for clarity Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:53:59 -04:00
Andrzej Kurek	078e9bcda6	Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:47:33 -04:00
Dave Rodgman	11930699f1	Merge pull request #5827 from wernerlewis/time_utc Use ASN1 UTC tags for dates before 2000	2022-06-08 13:54:19 +01:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard	3a833271aa	Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA Feature psec-3207 move TLS13 hashing and hmac to psa	2022-06-08 11:53:35 +02:00
XiaokangQian	96287d98d8	Remove the certificate key check against the received signature Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 08:37:53 +00:00
pespacek	d9aaf768b5	Fixing CI complains. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-08 09:44:11 +02:00
XiaokangQian	9850fa8e8d	Refine ssl_tls13_pick_cert() Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 07:02:41 +00:00
pespacek	b06acd734b	Fixing PSA return status Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 13:07:21 +02:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Ronald Cron	209cae9c42	tls13: server: Fix state update in CLIENT_CERTIFICATE The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 10:58:22 +02:00
pespacek	670913f4dc	Fixing return value for ssl_tls13_write_certificate_body() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 10:53:39 +02:00
Andrzej Kurek	cfb01948c8	Add cookie parsing tests to test_suite_ssl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:29:15 -04:00
Andrzej Kurek	c8183cc492	Add missing sid_len in calculations of cookie sizes This could lead to a potential buffer overread with small MBEDTLS_SSL_IN_CONTENT_LEN. Change the bound calculations so that it is apparent what lengths and sizes are used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:28:56 -04:00
Gilles Peskine	364fd8bb71	More SSL debug messages for ClientHello parsing In particular, be verbose when checking the ClientHello cookie in a possible DTLS reconnection. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-06 14:25:41 -04:00
Dave Rodgman	5e03d9e601	Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support Allow building as a subdir	2022-06-06 14:11:06 +01:00
Przemek Stekiel	b57a44bf9b	is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:43 +02:00
Przemek Stekiel	cde3f783f5	Make info valid only after secret for HKDF-EXPAND + adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:02 +02:00
Przemek Stekiel	0586f4c4ea	Make salt mandatory for HKDF-EXTRACT + adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:25:43 +02:00
Przemek Stekiel	3e8249cde0	Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:15 +02:00
Przemek Stekiel	a29b488296	Optimize code by adding PSA_ALG_IS_ANY_HKDF macro Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:09 +02:00
XiaokangQian	129aeb9b0e	Update test cases and support sni ca override Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-02 09:29:18 +00:00
Przemek Stekiel	459ee35062	Fix typo and style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-02 11:16:52 +02:00
Werner Lewis	acd01e58a3	Use ASN1 UTC tags for dates before 2000 Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-01 16:24:28 +01:00
Gilles Peskine	8399cccd2e	Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access Fix uninitialised memory access in constant time functions	2022-06-01 11:42:51 +02:00
Gilles Peskine	09858ae664	Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa Deprecate mbedtls_cipher_setup_psa()	2022-05-31 10:56:52 +02:00
Jerry Yu	0a92d6c8eb	fix move state to handshake over fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 15:06:04 +08:00
Kazuyuki Kimura	b88dbdded6	fix issue #2020 Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined. Signed-off-by: Kazuyuki Kimura <kim@wing.ocn.ne.jp> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-30 17:55:07 +01:00
Dave Rodgman	a3344f7bac	Merge pull request #5767 from leorosen/avoid-null-args Avoid potentially passing NULL arguments	2022-05-30 11:40:21 +01:00
XiaokangQian	0557c94fef	Add back SNI related code to validate_certificate Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:10:53 +00:00
XiaokangQian	f2a942073e	Fix SNI test failure Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	9b2b7716b0	Change mbedtls_ssl_parse_server_name_ext base on comments Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	40a3523eb7	Add support of server name extension to server side Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	e7a5da597f	Remove SNI related code Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 00:59:29 +00:00
XiaokangQian	aca9048b5f	Change base on review Fix comments Add test cases for client authentication with empty certificate Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	989f06d52d	Change some comments base on review Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	63e713e8ab	Fix comments Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	c3017f620f	Remove useless guards and refine checking Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:10 +00:00
XiaokangQian	189ded2b07	Remove coordinate functions and change state machine in server side Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:46:13 +00:00
XiaokangQian	6b916b1616	Add client certificate parse and certificate verify Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:40:53 +00:00
Dave Rodgman	a636d1f192	Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc Enable static linking of the common runtime in MSVC	2022-05-25 14:47:58 +01:00
Dave Rodgman	32c995afa3	Merge pull request #5724 from Biswa96/cmake-mingw cmake: Fix runtime library install location in mingw	2022-05-25 13:34:43 +01:00
Paul Elliott	8fba70f66c	Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup TLS 1.3: Add Finished Message and wrapup	2022-05-25 12:02:06 +01:00
pespacek	3493587e05	FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() replaced withpsa_hash_compute() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:48 +02:00
pespacek	a1378105cf	FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. ssl_tls13_parse_certificate_verify() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:47 +02:00
Manuel Pégourié-Gonnard	69e348db85	Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa Permissions 1: create `mbedtls_pk_can_do_ext()`	2022-05-23 10:58:32 +02:00
Robert Shade	591e729b54	Allow building as a subdir Fixes #5688 Signed-off-by: Robert Shade <robert.shade@gmail.com>	2022-05-21 12:55:12 -04:00
Neil Armstrong	81d391f773	Check when usage == 0 in mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 09:26:16 +02:00
Neil Armstrong	b80785f1a4	Comment typo fix in mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-20 09:25:55 +02:00
Gilles Peskine	e4d3a6a4e8	Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls Remove Cipher dependencies in TLS	2022-05-19 21:02:12 +02:00
Paul Elliott	5260ce27ed	Fix uninitialised memory access in constant time functions Fix an issue reported by Coverity whereby some constant time functions called from the ssl decrypt code could potentially access uninitialised memory. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-05-19 18:23:24 +01:00
Dave Rodgman	afe149d76e	Merge pull request #5846 from bootstrap-prime/development Fix typos in documentation and constants with typo finding tool	2022-05-19 16:53:32 +01:00
Paul Elliott	4283a6b121	Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small Make psa_raw_key_agreement return BUFFER_TOO_SMALL	2022-05-19 16:06:02 +01:00
Neil Armstrong	084338d336	Change mbedtls_pk_can_do_ext() usage test logic for opaque keys Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-19 16:22:40 +02:00
Przemek Stekiel	03d948c47f	Refacor code for HKDF-Extract algorithm Solution provided by @mpg. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-19 11:45:20 +02:00
Przemek Stekiel	2fb0dcd403	psa_hkdf_input: use more suitable condition and add comments Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-19 10:34:37 +02:00
Jerry Yu	e3d67cb263	Improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 15:33:10 +08:00
Jerry Yu	fd5ea0458f	add compute application transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 14:29:48 +08:00
Jerry Yu	545432310d	remove zeorize from keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 11:23:25 +08:00
Jerry Yu	cc0a13fcf8	remove unnecessary empty line Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-19 10:14:24 +08:00
bootstrap-prime	6dbbf44d78	Fix typos in documentation and constants with typo finding tool Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>	2022-05-18 14:15:33 -04:00
Przemek Stekiel	b398d8693f	Update descryption of HKDF-Extract/Expand algs and fix comment Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-18 15:43:54 +02:00
Neil Armstrong	8395d7a37d	Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO \|\| SSL_PROTO_TLS1_3 Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:24:34 +02:00
Neil Armstrong	0fa8ce3498	TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	b818e16b29	Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	e3b0b8ab67	Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	93617245c3	Code style fixes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	689557ca12	Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	4f4f271850	In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	a8093f5c48	In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Neil Armstrong	801abb69a5	Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-18 13:19:29 +02:00
Jerry Yu	bb2d47d956	Remove not used state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	e8c1fca67c	move trafic set to generic Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	d6e253ded9	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 16:57:45 +08:00
Jerry Yu	4d8567fa9e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	03ed50ba6a	Add handshake wrapup Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	ff2269889d	Add client finished Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	27bdc7c6b6	Implement write server finish Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	69dd8d4091	tls13:finished:add dummy frame work Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Ronald Cron	9edf51d8cd	Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3 CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h. @RcColes if you eventually want to request some changes, they can be done in a follow-up PR.	2022-05-17 17:01:55 +02:00
Paul Elliott	a478441517	Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify TLS1.3:Add Certificate and CertificateVerify message on Server Side	2022-05-17 15:47:36 +01:00
Paul Elliott	114203814a	Better check for NULL pointer Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-05-17 15:01:20 +01:00
Neil Armstrong	bbb8b75f20	Fixup comment of mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 14:58:27 +02:00
Neil Armstrong	408f6a60a3	Add usage parameter to mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 14:23:20 +02:00
Neil Armstrong	dab56ba2bd	Fix typo in mbedtls_pk_can_do_ext() code documentation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-17 11:56:55 +02:00
Aurelien Jarno	c79ce88152	Fix a timing leak in ecp_mul_mxz() The bit length of m is leaked through through timing in ecp_mul_mxz(). Initially found by Manuel Pégourié-Gonnard on ecp_mul_edxyz(), which has been inspired from ecp_mul_mxz(), during initial review of the EdDSA PR. See: https://github.com/Mbed-TLS/mbedtls/pull/3245#discussion_r490827996 Fix that by using grp->nbits + 1 instead, which anyway is very close to the length of m, which means there is no significant performance impact. Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>	2022-05-16 23:15:07 +02:00
Gilles Peskine	3e56130fb9	psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH, the only algorithm that is currently implemented. Make it return the correct error code. The reason for the wrong error code is that ecdh.c returns MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL, but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the impact of the fix, handle this in the PSA layer. Fixes #5735. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-05-16 19:37:54 +02:00
Dave Rodgman	2a045325f9	Merge pull request #5766 from leorosen/fix-var-init Add missing local variable initialization	2022-05-16 14:47:00 +01:00
Gilles Peskine	9b7e29663f	Merge pull request #4211 from ccawley2011/mingw Fix compilation with MinGW32	2022-05-16 12:30:37 +02:00
Leonid Rozenboim	a3008e7e2e	Add missing local variable initialization These issues were flagged by Coverity as instances where a local variable may be used prior to being initialized. Please note that none of these changes fixes any particular bug, this is just an attempt to add more robustness. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-05-13 18:08:11 +01:00
Paul Elliott	dd428d3650	Fix incorrect error message Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-05-13 17:43:16 +01:00
Gabor Mezei	696956da24	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-13 17:02:19 +02:00
Gabor Mezei	0a4298bbe9	Remove unnecessary duble conversion Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-13 17:02:18 +02:00
Jerry Yu	b89125b81a	Add test without server certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-13 15:50:04 +08:00
Jerry Yu	23d1a256ec	fix hrr handler undefine fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 20:11:16 +08:00
Neil Armstrong	a88b15897d	Add implementation of mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-12 11:53:02 +02:00
Dave Rodgman	8b65420f42	Add comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-12 09:45:03 +01:00
Jerry Yu	5a26f3000d	Refactor cert exchange states Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	f1c3c4e77c	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	c6e6dbf2e7	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	4ff9e14356	Add server certificate verfiy Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:14 +08:00
Jerry Yu	1bff711a36	tls13:server:add server certificate writing Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:14 +08:00
Jerry Yu	83da34eb59	tls13:server:add dummy write certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:14 +08:00
Andrzej Kurek	5c65c5781f	Fix additional misspellings found by codespell Remaining hits seem to be hex data, certificates, and other miscellaneous exceptions. List generated by running codespell -w -L keypair,Keypair,KeyPair,keyPair,ciph,nd Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-05-11 21:25:54 +01:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Gabor Mezei	86acf05b1e	Update signiture algorithm handling Rename local variables and to simplify things use static_assert to determine if the default signiture algorithms are not fit into the SSL handshake structure. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	53a3b14823	Update documntation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	c1051b62aa	Remove `MBEDTLS_SSL_SIG_ALG_SET` macro Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	3631cf693a	Rename signiture algorithm macros to better suite with TLS 1.2 Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:19 +02:00
Gabor Mezei	24c7c2be08	Unify `MBEDTLS_TLS_SIG_NONE` macro definition for TLS 1.2 and 1.3 Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	a3d016ce41	Rename and rewrite `mbedtls_ssl_sig_hash_set_find` function Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name and rewrite to operate TLS signature algorithm identifiers. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	1226590c88	Explicitly set invalid value for the end of the signiture algorithm set Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	15b95a6c52	Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3 Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm. It is intended to use in common code of TLS 1.2 and 1.3. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	1a3be088bf	Reorder defines to use previous definitions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:18 +02:00
Gabor Mezei	078e803d2c	Unify parsing of the signature algorithms extension Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-05-11 14:29:08 +02:00
Przemek Stekiel	17520fe2c5	PSA: Add support for HKDF-Extend and HKDF-Expand algs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-11 12:17:03 +02:00
Manuel Pégourié-Gonnard	5479f5321a	Merge pull request #5772 from superna9999/5762-rsa-decrypt-pk RSA decrypt 1a: PK	2022-05-11 11:01:01 +02:00
Paul Elliott	d1a954d243	Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request TLS1.3: Add HelloRetryRequest Write	2022-05-10 17:25:33 +01:00
Dave Rodgman	4bfb007dcb	Handle platform differences in gmtime_s MSVC and C11 specify different arguments and return value meaning for gmtime_s. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-10 13:46:09 +01:00
Dave Rodgman	ad8dc480d4	Remove redundant comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-10 13:46:09 +01:00
Cameron Cawley	ea5496ceb3	Fix compilation with MinGW32 Signed-off-by: Cameron Cawley <ccawley2011@gmail.com>	2022-05-10 13:46:09 +01:00
Manuel Pégourié-Gonnard	42650260a9	Merge pull request #5783 from mprse/md_dep_v3 Fix undeclared dependencies: MD	2022-05-10 10:41:32 +02:00
Jerry Yu	f41553b662	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 22:20:30 +08:00
Manuel Pégourié-Gonnard	9bbb7bacae	Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks Unify non-opaque and opaque PSKs	2022-05-09 10:15:16 +02:00
Jerry Yu	ead5cce22c	improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:58:50 +08:00
Jerry Yu	4ca9140d43	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:55:39 +08:00
Jerry Yu	66d9e6f405	refactor next state of client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:11 +08:00
Jerry Yu	4833056833	fix ci test fails Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:11 +08:00
Jerry Yu	7f157eb31f	Change alert message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:11 +08:00
Jerry Yu	b8ac19a296	send alert when second hrr needed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:09 +08:00
Jerry Yu	6a2cd9ebf5	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:08 +08:00
Jerry Yu	b0ac10b4a8	Refactor hrr key_share Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:06 +08:00
Jerry Yu	49ca92892d	refactor HRR routine Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:05 +08:00
Jerry Yu	086edc2807	refactor parse key_share ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:04 +08:00
Jerry Yu	fbe3e64b76	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:03 +08:00
Jerry Yu	c1be19f226	misc:minor improvement Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:01 +08:00
Jerry Yu	23f7a6fc5c	share write_body between HRR and ServerHello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:01 +08:00
Jerry Yu	582dd069b7	Add HRR handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:01 +08:00
Jerry Yu	fe24d1c9f5	add named group debug helper Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:00 +08:00
Jerry Yu	93a13f2c38	Share magic word of HRR Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:48:59 +08:00
Jerry Yu	67a2c37039	tls13:hrr:add empty frame work Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:48:59 +08:00
XiaokangQian	aad9b0a286	Update code base on comments Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-09 01:11:21 +00:00
XiaokangQian	a987e1d2f8	Change state machine after encrypted extension and update cases Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	ec6efb98bc	Change variable name to output_len Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	cec9ae6259	Change the code places of CERTIFICATE_REQUEST Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	45c22201b3	Update test cases and encrypted extension state set Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	2f150e184f	Update status and add test cases for client certificate request Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	1f1f1e3372	Temp change to align with client/server hello style Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	9dc4450647	Fix commets issue about coding styles Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	eaf3651e31	Rebase and solve conflicts Change handshake_msg related functions Share the ssl_write_sig_alg_ext Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
Xiaofei Bai	5ee73d84a9	Address review comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-05-07 01:37:04 +00:00
Xiaofei Bai	9ca09d497f	Add writing CertificateRequest msg on server side Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-05-07 01:37:04 +00:00
Pol Henarejos	b101cb6111	Since the group is unloaded for all curves, it is better to initialize the group also for all curves. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-06 18:43:58 +02:00
Ronald Cron	25b1f5d2b7	Merge pull request #5545 from xffbai/tls13-write-enc-ext TLS1.3: add writing encrypted extensions on server side.	2022-05-06 13:54:45 +02:00
Przemek Stekiel	c1e41bb2b5	rsa.c: remove redundant include of md.h rsa.c includes rsa.h that includes md.h Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 11:42:18 +02:00
Przemek Stekiel	ef1fb4a3d3	Deprecate mbedtls_cipher_setup_psa() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 10:55:10 +02:00
Jerry Yu	ef2b98a246	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 16:40:05 +08:00
Jerry Yu	f86eb75c58	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-06 11:16:55 +08:00
Pol Henarejos	aa68d36234	Fix order value for curve x448. Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>	2022-05-05 19:22:29 +02:00
Neil Armstrong	8ecd66884f	Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-05 14:01:49 +02:00
Jerry Yu	e110d258d9	Add set outbound transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-05 19:59:59 +08:00
Werner Lewis	e59a531455	Fix memcpy() UB in mbedtls_asn1_named_data() Removes a case in mbedtls_asn1_named_data() where memcpy() could be called with a null pointer and zero length. A test case is added for this code path, to catch the undefined behavior when running tests with UBSan. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-05-04 11:45:06 +01:00
Neil Armstrong	80f6f32495	Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	044a32c4c6	Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	cd05f0b9e5	Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	e952a30d47	Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	61f237afb7	Remove PSA-only code dealing with non-opaque PSA key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	501c93220d	Import PSK as opaque PSA key for mbedtls_ssl_conf_psk() & mbedtls_ssl_set_hs_psk() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Neil Armstrong	b743d95051	Do not erase input key in psa_tls12_prf_psk_to_ms_set_key() When ALG_TLS12_PSK_TO_MS() is used, first derivation is correct but the following derivations output data is incorrect. This is because input key is erased in psa_tls12_prf_psk_to_ms_set_key() since commit `03faf5d2c1`. Fixes: `03faf5d2c1` ("psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage") Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:06:22 +02:00
Neil Armstrong	30beca35f1	Guard pk_opaque_rsa_decrypt() with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:02:37 +02:00
Jerry Yu	9da5e5a2f2	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 15:46:09 +08:00
Jerry Yu	de66d12afc	remove out couter reset Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:15:19 +08:00
Jerry Yu	39730a70cd	remove variable initial Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:14:04 +08:00
Jerry Yu	8937eb491a	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 12:12:14 +08:00
Neil Armstrong	6c26adc900	Do not make pk_opaque_rsa_decrypt() depend on MBEDTLS_RSA_C Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-02 14:43:04 +02:00
Neil Armstrong	1082818003	Implement PK Opaque RSA decrypt Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-02 09:14:58 +02:00
Manuel Pégourié-Gonnard	068a13d909	Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`	2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard	67397fa4fd	Merge pull request #5704 from mprse/mixed_psk_2cx Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK	2022-04-29 10:47:16 +02:00
Przemek Stekiel	169bf0b8b0	Fix comments (#endif flags) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-29 07:53:29 +02:00
Neil Armstrong	a1fc18fa55	Change mbedtls_pk_wrap_as_opaque() signature to specify alg, usage and key_enrollment_algorithm Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-28 13:27:59 +02:00
Gilles Peskine	8855e36030	Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup Cipher cleanup: abstract TLS mode	2022-04-28 12:33:38 +02:00
Przemek Stekiel	8a4b7fd7c3	Optimize code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-28 10:21:03 +02:00
Jerry Yu	ab452cc257	fix name issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-28 15:27:08 +08:00
Przemek Stekiel	8abcee9290	Fix typos Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-28 09:16:28 +02:00
Neil Armstrong	2230e6c06d	Simplify PSA transform->ivlen set in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-27 10:36:14 +02:00
Neil Armstrong	3bf040ed70	Reorganize PSA/!PSA code in mbedtls_ssl_ticket_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-27 10:35:28 +02:00
Gilles Peskine	301711e96e	Simplify mbedtls_ssl_get_base_mode Reduce the amount of ifdef's by making the USE_PSA_CRYPTO and non-USE_PSA_CRYPTO definitions independent. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-27 10:28:55 +02:00
Gilles Peskine	e108d987ea	Simplify mbedtls_ssl_get_mode Reduce the imbrications between preprocessor directives and C instructions. Handle encrypt-then-mac separately. No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-27 10:28:55 +02:00
Jerry Yu	4d3841a4d1	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-25 19:41:47 +08:00
Xiaofei Bai	cba64af50d	TLS1.3: add writing encrypted extensions Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-04-25 19:41:47 +08:00
Ronald Cron	eecd0d2fc3	Merge pull request #5679 from yuhaoth/pr/add-tls13-write-server-hello	2022-04-25 09:28:40 +02:00
Jerry Yu	e65d801580	fix undeclare error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-23 10:34:35 +08:00
Biswapriyo Nath	d7e0ee42b8	cmake: Fix runtime library install location in mingw This install DLLs in bin directory instead of lib. Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>	2022-04-22 20:59:50 +05:30
Biswapriyo Nath	0f2e87bdf5	cmake: Use GnuInstallDirs to customize install directories Replace custom LIB_INSTALL_DIR with standard CMAKE_INSTALL_LIBDIR variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if LIB_INSTALL_DIR is set. Signed-off-by: Biswapriyo Nath <nathbappai@gmail.com>	2022-04-22 20:59:28 +05:30
Gilles Peskine	2f8c2a5fc5	Merge pull request #5753 from tom-cosgrove-arm/fix-missing-prototypes-warnings-a64-sha256-sha512 Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration	2022-04-22 16:45:23 +02:00
Gilles Peskine	72b99edf31	Merge pull request #5381 from mpg/benchmark-ecc-heap Improve benchmarking of ECC heap usage	2022-04-22 16:43:11 +02:00
Jerry Yu	955ddd75a3	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 22:27:33 +08:00
Przemek Stekiel	99114f3084	Fix build flags for opaque/raw psk checks Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:34 +02:00
Przemek Stekiel	cb322eac6b	Enable support for psa opaque DHE-PSK key exchange on the server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	b293aaa61b	Enable support for psa opaque DHE-PSK key exchange on the client side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	14d11b0877	Enable support for psa opaque ECDHE-PSK key exchange on the server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:53:55 +02:00
Przemek Stekiel	19b80f8151	Enable support for psa opaque ECDHE-PSK key exchange on the client side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	51a1f36be0	setup_psa_key_derivation(): change salt parameter to other_secret Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	aeb710fec5	Enable support for psa opaque RSA-PSK key exchange on the server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	f2534ba69b	tls12_client: skip PMS generation for opaque RSA-PSK Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	c2033409e3	Add support for psa rsa-psk key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	ae4ed30435	Fix naming: random bytes are the seed (not salt) in derivation process Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Przemek Stekiel	1f02703e53	setup_psa_key_derivation(): add optional salt parameter Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Manuel Pégourié-Gonnard	55132c6a9a	Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context TLS ECDH 4: remove legacy context	2022-04-22 14:27:06 +02:00
Neil Armstrong	76b7407bd7	Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	f2c82f0a3b	Introduce MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM macro to determine if Encrypt-then-MAC with CBC is used in a ciphersuite Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	ccc074e44d	Use correct condition to use encrypt_then_mac in ssl_tls.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	d1be7674a4	Use PSA_BLOCK_CIPHER_BLOCK_LENGTH instead of PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	6b27c97a91	Rename mbedtls_get_mode() to mbedtls_ssl_get_mode() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	ab555e0a6c	Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	858581e81a	Remove cipher_info in mbedtls_ssl_ticket_setup() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	a0eeb7f470	Remove cipher_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	7fea33ea4d	Use mbedtls_get_mode_from_ciphersuite() in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	fe635e42c9	Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	4bf4c8675f	Introduce mbedtls_get_mode_from_ciphersuite() by reusing mbedtls_get_mode_from_transform() logic Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:59 +02:00
Neil Armstrong	136f8409df	Replace PSA/Cipher logic with mbedtls_get_mode_from_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:26 +02:00
Neil Armstrong	8a0f3e8cf0	Introduce mbedtls_ssl_mode_t & mbedtls_get_mode_from_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 14:25:26 +02:00
Jerry Yu	a09f5e98ef	fix build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:46:03 +08:00
Jerry Yu	cfc04b3541	Update comments in write server hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	e74e04af1a	Rename write supported_versions ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	d9436a1baa	remove guards for write_key_share Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	57d4841eda	fix write key_share issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:02 +08:00
Jerry Yu	637a3f1090	fix various issues typo issue, variable `ret` init value and remove finalize_server_hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	1c3e688df1	fix comments issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	349a61388b	fix write selected_version fail And rename write_supported_versions to write selected_version Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	fb9f54db8c	fix comments issue Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	89e103c54c	tls13: Share write ecdh_key_exchange function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	3bf2c6449d	tls13: write server hello compile pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	56404d70c4	tls13:server:Add finalize write_server_hello and dummy body Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	f4b27e4351	tls13:server:Add prepare write_server_hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	5b64ae9bad	tls13:server:Add base framework for serverhello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Ronald Cron	38b8aa4f63	Merge pull request #5539 from xkqian/add_client_hello_to_server Add client hello into server side	2022-04-22 10:26:00 +02:00
XiaokangQian	e8ff350698	Update code to align with tls13 coding standard Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-22 02:34:40 +00:00
Leonid Rozenboim	287527042b	Avoid potentially passing NULL arguments Several call sites flagged by Coverity that may potentially cause a pointer argument to be NULL. In two cases the issue is using a function call as a parameter to a second function, where the first function may return NULL, while the second function does not check for the NULL argument value. Remaining case is when static configuration is mixed with run-time decision, that could result in a data buffer argument being NULL. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-04-21 18:00:52 -07:00
Manuel Pégourié-Gonnard	70701e39b5	Merge pull request #5726 from mprse/mixed_psk_1_v2 Mixed PSK 1: Extend PSK-to-MS algorithm in PSA (v.2)	2022-04-21 17:11:52 +02:00
Manuel Pégourié-Gonnard	90c70146b5	Merge pull request #5728 from superna9999/5711-pk-opaque-rsa-pss-sign RSA-PSS sign 1: PK	2022-04-21 17:11:18 +02:00
XiaokangQian	4d3a60475c	Change default config version to development style Change-Id: I9c1088f235524211e727d03b96de8d82e60bd426 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 13:46:17 +00:00
XiaokangQian	4e8cd7b903	Remove useless selected_group Change-Id: I5fb76b5bf4b22d0231c17314783781f9e7c309a3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 13:30:18 +00:00
Neil Armstrong	13e76be02b	Reorganize & simplify mbedtls_pk_sign_ext() handling of wrapped RSA-PSS Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-21 12:08:52 +02:00
Przemek Stekiel	4e47a91d2e	Fix indentation issues Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	03faf5d2c1	psa_tls12_prf_psk_to_ms_set_key: clear buffers after usage Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	937b90febf	Add null check for pms allocation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	e47201b34a	rename: psa_tls12_prf_set_other_key->psa_tls12_prf_psk_to_ms_set_other_key and adapt code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
Przemek Stekiel	2503f7e4cb	Handle empty other secret when passed with input bytes Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-21 11:53:57 +02:00
XiaokangQian	060d867598	Update parse_key_share in server side and version config Change-Id: Ic91c061027d0ee4dca2055df21809cbb4388f3ef Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 09:24:56 +00:00
XiaokangQian	0a1b54ed73	Minor change the place of some functions Change-Id: I2626e68cf837d8ca4086cb35a8482cee315cde97 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-21 03:01:38 +00:00
XiaokangQian	75d40ef8cb	Refine code base on review Remove useless hrr code Share validate_cipher_suit between client and server Fix test failure when tls13 only in server side Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 11:05:24 +00:00
XiaokangQian	318dc763a6	Fix test failure issue and update code styles Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 09:43:51 +00:00
XiaokangQian	de33391fa0	Rebase and solve conflicts Change-Id: I7f838ff5b607fe5e6b68d74d0edc1def8fc9a744 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 08:49:42 +00:00
XiaokangQian	0803755347	Update code base on review comments Refine named_group parsing Refine cipher_suites parsing Remove hrr related part Share code between client and server side Some code style changes Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:50:14 +00:00
XiaokangQian	17f974c63e	Re-order the ciphersuite matching code in parse_client_hello Change-Id: I16d11bca42993d4abc2a1b19fa087366c591927c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	84823779ce	Only store the first group in ssl_tls13_parse_supported_groups_ext() Change-Id: I4427149aeb6eb453150e522e4c7b11187e2e3825 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	3f84d5d0cd	Update test cases and fix the test failure Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	b67384d05c	Fix coding style and comments styles Change-Id: Ifa37a3288fbb6b5206fc0640fa11fa36cb3189ff Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	f8ceb94fe7	Fix the parse_sig_alg_ext fail issue Change-Id: Ib31e0929c5b6868ab6c3023b20472321fc07ba3c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	8f9dfe41c0	Fix comments about coding styles and test cases Change-Id: I70ebc05e9dd9fa084d7b0ce724a25464c3425e22 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	cfd925f3e8	Fix comments and remove hrr related code Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	ed582dd023	Update based on comments Remove cookie support from server side Change code to align with coding styles Re-order functions of client_hello Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	4080a7f687	Change code style and some share functions Change variables and functions name style Refine supported_version Refine client hello parse Change-Id: Iabc1db51e791588f999c60db464326e2bdf7b2c4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	9b5d04b078	Share parse_key_share() between client and server Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c4b8c99a38	Rebase and solve conflicts and issues Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	8840888fbc	Fix some CI issues Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c5763b5efd	Change some code style Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	3207a32b1e	Fix unused parameter issue and not defined cookie issue Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7ac3ab3404	Add hello retry request count for server Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	a9c58419f2	Fix compile and test issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	7807f9f5c9	Add client hello into server side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	fd8cbda3ec	Remove ECDH code specific to TLS 1.3 ECDH operations in TLS 1.3 are now done through PSA. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	fd6193c285	ssl_tls13_client: Add downgrade attack protection Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Ronald Cron	217d699d85	Fix Doxygen marks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:28:51 +02:00
Paul Elliott	a2da9c7e45	Merge pull request #5631 from gstrauss/enum-tls-vers Unify internal/external TLS protocol version enums	2022-04-19 17:05:26 +01:00
Tom Cosgrove	c144ca6473	Hide unnecessarily public functions in SHA-256 and SHA-512 A64 acceleration Fixes #5752 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-04-19 13:52:24 +01:00
Hanno Becker	606cb1626f	Add comment explaining structure of UMAAL assembly Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:59:33 +01:00
Hanno Becker	d46d96cc3f	Add 2-fold unrolled assembly for umaal based multiplication Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:19:55 +01:00
Hanno Becker	63eb28c728	Use separate counters for 8-fold and single multiplication steps Compilers are likely to generate shorter assembly for loops of the form `while( cnt-- ) { ... }` rather than `for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs a subtract+compare+branch after each loop, while the former only needs decrement+branch). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Hanno Becker	eacf3b9eb4	Simplify organization of inline assembly for bignum Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-17 06:16:03 +01:00
Gilles Peskine	09dc05b880	Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail PSA: systematically test operation failure	2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard	63ed7cbf36	Merge pull request #5701 from hanno-arm/mpi_mul_hlp Make size of output in mpi_mul_hlp() explicit	2022-04-15 10:09:06 +02:00
Glenn Strauss	8315811ea7	Remove restrictive proto ver negotiation checks Overly restrictive protocol version negotiation checks might be "version intolerant". TLS 1.3 and DTLS 1.3 move the version to the "supported_versions" ClientHello extension. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	bbdc83b55b	Use mbedtls_ssl_protocol_version in public structs Use mbedtls_ssl_protocol_version in public structs, even when doing so results in a binary-incompatible change to the public structure (PR feedback from @ronald-cron-arm) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	cd78df6aa4	handshake->min_minor_ver to ->min_tls_version Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	041a37635b	Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks mbedtls no longer supports earlier TLS protocol versions Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read\|write)_version using tls_version remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Glenn Strauss	2dfcea2b9d	mbedtls_ssl_config min_tls_version, max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible on little-endian platforms, but is compatible on big-endian platforms. For systems supporting only TLSv1.2, the underlying values are the same (=> 3). New setter functions are more type-safe, taking argument as enum mbedtls_ssl_protocol_version: mbedtls_ssl_conf_max_tls_version() mbedtls_ssl_conf_min_tls_version() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:39:43 -04:00
Glenn Strauss	da7851c825	Rename mbedtls_ssl_session minor_ver to tls_version Store the TLS version instead of minor version number in tls_version. Note: struct member size changed from unsigned char to uint16_t Due to standard structure padding, the structure size does not change unless alignment is 1-byte (instead of 2-byte or more) Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is compatible on little-endian platforms, but not compatible on big-endian platforms. The enum values for the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4, respectively. Note: care has been taken to preserve serialized session format, which uses only the lower byte of the TLS version. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:57 -04:00
Glenn Strauss	07c641605e	Rename mbedtls_ssl_transform minor_ver to tls_version Store the TLS version in tls_version instead of minor version number. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:23:54 -04:00
Glenn Strauss	dff84620a0	Unify internal/external TLS protocol version enums Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 13:45:20 -04:00
Hanno Becker	3577131bb4	Reintroduce trimming of input in mbedtls_mpi_mul_int() Removing the trimming has significant memory impact. While it is clearly what we want to do eventually for constant-time'ness, it should be fixed alongside a strategy to contain the ramifications on memory usage. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-14 11:52:11 +01:00
Neil Armstrong	769dc05597	Remove bad dependency on MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED for ecdh_ctx guard Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-14 09:56:24 +02:00
Neil Armstrong	282750215c	Remove PSA only code from non-PSA code block code in ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:05:11 +02:00
Neil Armstrong	11d4945248	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:03:43 +02:00
Neil Armstrong	1f198d8dee	Simplify by moving ssl_check_server_ecdh_params in the ECDHE non-PSA compile-time block Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 15:02:30 +02:00
Neil Armstrong	913b364a52	Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 14:59:48 +02:00
Manuel Pégourié-Gonnard	6c242a01f7	Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics PK Opaque RSA sign	2022-04-13 09:55:42 +02:00
Hanno Becker	0dbf04a9a6	Remove unnecessary memory operations in p25519 quasireduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:53 +01:00
Hanno Becker	1772e05fca	Reduce the scope of local variable in mbedtls_mpi_mul_mpi() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:53 +01:00
Hanno Becker	da763de7d0	Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()" This reverts commit `808e666eee`. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-13 07:26:42 +01:00
Hanno Becker	127fcabb21	Fail gracefully upon unexpectedly large input to p25519 reduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 22:18:36 +01:00
Neil Armstrong	62d452baac	Implement PK Opaque RSA PSS signature Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 15:11:49 +02:00
Neil Armstrong	f3f46416e3	Remove ecdh_ctx variable, init & free when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:43:39 +02:00
Neil Armstrong	3ea01498d8	Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:41:50 +02:00
Neil Armstrong	a33a255dcf	Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:40:47 +02:00
Neil Armstrong	d8419ff390	Refactor to make PSA and non-PSA ECDH(E) client code exclusive Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:39:16 +02:00
Neil Armstrong	d91526c17f	Refactor to make PSA and non-PSA ECDH(E) server code exclusive Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard	927410ded3	Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)	2022-04-12 13:28:02 +02:00
Hanno Becker	bb04cb992f	Fix check in p25519 quasi-reduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:18:11 +01:00
Hanno Becker	d830feb256	Simplify check in p25519 quasi-reduction Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:10:19 +01:00
Hanno Becker	2ef0cff6c3	Fix size check in p25519 modular reduction The check was meant to precisely catch an underflow. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:02:05 +01:00
Hanno Becker	0235f7512f	Reduce scope of local variables in mpi_montmul() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:02:03 +01:00
Hanno Becker	9137b9c587	Note alternative implementation strategy in mbedtls_mpi_mul_int() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:01:58 +01:00
Hanno Becker	808e666eee	Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-12 11:01:57 +01:00
Przemek Stekiel	d7a28646bc	psa_tls12_prf_set_key(): add PSA_TLS12_PRF_STATE_OTHER_KEY_SET as a valid state Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:27:00 +02:00
Przemek Stekiel	a7695a2d76	psa_key_derivation_check_input_type(): handle PSA_KEY_DERIVATION_INPUT_OTHER_SECRET Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:27:00 +02:00
Przemek Stekiel	c8fa5a1bdd	psa_tls12_prf_psk_to_ms_set_key(): add support for other secret input Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-12 11:26:47 +02:00
Gilles Peskine	43b0943736	Merge pull request #1946 from hanno-arm/alert_reentrant Make mbedtls_ssl_send_alert_message() reentrant	2022-04-12 11:05:20 +02:00
Neil Armstrong	7624a5ae5e	Allow RSA PK Opaque keys for RSA-PSS signing Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 10:09:26 +02:00
Hanno Becker	53b3c607a0	Move `const` keyword prior to type name Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:46:30 +01:00
Hanno Becker	dfcb2d084b	Fix Doxygen for mbedtls_mpi_core_mla() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:44:15 +01:00
Hanno Becker	99ba4cc6d5	Remove Doxygen from mbedtls_mpi_core_mla() implementation Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 13:44:03 +01:00
Hanno Becker	efdc519864	Reintroduce though-to-be unused variable in correct place The variable is a local variable for the i386 bignum assembly only; introduce it as part of the start/finish macros. It can be noted that the variable is initialize to 0 within MULADDC_INIT, so there are no data dependencies across blocks of MULADDC_INIT/CORE/STOP. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 10:44:02 +01:00
Hanno Becker	5d4ceeb25c	Remove const qualifier for mutable local variable in mpi_mul_hlp() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:46:47 +01:00
Hanno Becker	284d778d28	Address review comments Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:19:24 +01:00
Hanno Becker	e9dd9a1f31	Use size_t for number of limbs Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 09:06:27 +01:00
Manuel Pégourié-Gonnard	eaf3086831	Merge pull request #1133 from RonEld/1805 Fix Shared Library compilation issue with Cmake	2022-04-11 09:31:59 +02:00
Hanno Becker	6454993e2e	Safeguard against calling p255 reduction with single-width MPI (In this case, there's nothing to do anyway since we only do a quasi-reduction to N+1 limbs) Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:35:58 +01:00
Hanno Becker	25bb732ea7	Simplify x25519 reduction using internal bignum MLA helper Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:48 +01:00
Hanno Becker	aef9cc4f96	Rename mpi_mul_hlp -> mbedtls_mpi_core_mla and expose internally This paves the way for the helper to be used from the ECP module Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-11 07:03:43 +01:00
Gilles Peskine	e1730e492d	Merge pull request #5708 from AndrzejKurek/timeless-struggles Remove the dependency on MBEDTLS_TIME_H from the timing module	2022-04-08 18:43:16 +02:00
Krzysztof Stachowiak	de6effa645	Change the MSVC static runtime CMake option name and moved it into the library directory Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 15:17:32 +01:00
Neil Armstrong	95a892311d	Comment decrypt & encrypt callback entries of mbedtls_pk_ecdsa_opaque_info as not relevant Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:51 +02:00
Neil Armstrong	7df6677c34	Remove now invalid comment in pk_opaque_ecdsa_can_do() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:13:06 +02:00
Neil Armstrong	56e71d4d1a	Update documentation of mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:12:42 +02:00
Neil Armstrong	eccf88fa48	Only accept RSA key pair in mbedtls_pk_setup_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-08 15:11:50 +02:00
Hanno Becker	5e18f74abb	Make alert sending function re-entrant Fixes #1916 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-04-08 12:16:43 +01:00
Andrzej Kurek	5735369f4a	Remove the dependency on MBEDTLS_HAVE_TIME from MBEDTLS_TIMING_C The timing module might include time.h on its own when on a suitable platform, even if MBEDTLS_HAVE_TIME is disabled. Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-08 04:41:42 -04:00
Glenn Strauss	236e17ec26	Introduce mbedtls_ssl_hs_cb_t typedef Inline func for mbedtls_ssl_conf_cert_cb() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-07 14:18:30 -04:00
Przemek Stekiel	e3ee221893	Free other secret in tls12_prf context Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:56 +02:00
Przemek Stekiel	23650286ac	Add psa_tls12_prf_set_other_key() function to store other secret input Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-07 15:41:46 +02:00
Neil Armstrong	c1152e4a0f	Handle and return translated PSA errors in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	7e1b4a45fa	Use PSA_BITS_TO_BYTES instead of open-coded calculation in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	295aeb17e6	Add support for RSA Opaque PK key in mbedtls_pk_write_pubkey_der() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	b980c9b48c	Add support for RSA in pk_opaque_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	ca5b55f0d1	Add support for RSA in mbedtls_pk_wrap_as_opaque() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 15:01:24 +02:00
Neil Armstrong	eabbf9d907	Add support for RSA PK Opaque key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-07 14:51:47 +02:00
Andrzej Kurek	714b6603e4	Remove dummy timing implementation Having such implementation might cause issues for those that expect to have a working implementation. Having a compile-time error is better in such case. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-07 07:44:04 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Hanno Becker	e141702551	Adjust mpi_montmul() to new signature of mpi_mul_hlp() A previous commit has changed the signature of mpi_mul_hlp, making the length of the output explicit. This commit adjusts mpi_montmul() accordingly. It also fixes a comment on the required size of the temporary value passed to mpi_montmul() (but does not change the call-sites). Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	74a11a31cb	Adjust mbedtls_mpi_mul_int() to changed signature of mpi_mul_hlp() A previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts mbedtls_mpi_mul_int() to this change. Along the way, we make the code simpler and more secure by not calculating the minimal limb-size of A. A previous comment indicated that this was functionally necessary because of the implementation of mpi_mul_hlp() -- if it ever was, it isn't anymore. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	fee261a505	Adjust mbedtls_mpi_mul_mpi() to new signature of mpi_mul_hlp() The previous commit has changed the signature of mpi_mul_hlp(), making the length of the output explicit. This commit adjusts the call-site in mbedtls_mpi_mul_mpi() to this new signature. A notable change to the multiplication strategy had to be made: mbedtls_mpi_mul_mpi() performs a simple row-wise schoolbook multiplication, which however was so far computed iterating rows from top to bottom. This leads to the undesirable consequence that as lower rows are calculated and added to the temporary result, carry chains can grow. It is simpler and faster to iterate from bottom to top instead, as it is guaranteed that there will be no carry when adding the next row to the previous temporary result: The length of the output in each iteration can be fixed to len(B)+1. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:34 +01:00
Hanno Becker	defe56928e	Make length of output explicit in mpi_mul_hlp() The helper `mpi_mul_hlp()` performs a multiply-accumulate operation `d += s * b`, where `d,b` are MPIs and `b` is a scalar. Previously, only the length of `s` was specified, while `d` was assumed to be 0-terminated of unspecified length. This was leveraged at the end of the core multiplication steps computingg the first `limb(s)` limbs of `d + s*b`: Namely, the routine would keep on adding the current carry to `d` until none was left. This can, in theory, run for an arbitrarily long time if `d` has a tail of `0xFF`s, and hence the assumption of `0`-termination. This solution is both fragile and insecure -- the latter because the carry-loop depends on the result of the multiplication. This commit changes the signature of `mpi_mul_hlp()` to receive the length of the output buffer, which must be greater or equal to the length of the input buffer. It is _not_ assumed that the output buffer is strictly larger than the input buffer -- instead, the routine will simply return any carry that's left. This will be useful in some applications of this function. It is the responsibility of the caller to either size the output appropriately so that no carry will be left, or to handle the carry. NOTE: The commit leaves the library in a state where it cannot be compiled since the call-sites of mpi_mul_hlp() have not yet been adjusted. This will be done in the subsequent commits. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:59:29 +01:00
Hanno Becker	e7f14a3090	Remove unused variable in mpi_mul_hlp() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-04-06 06:11:26 +01:00
Gilles Peskine	a9b6c8074a	Fix psa_mac_verify() returning BUFFER_TOO_SMALL It doesn't make sense for psa_mac_verify() to return PSA_ERROR_BUFFER_TOO_SMALL since it doesn't have an output buffer. But this was happening when requesting the verification of an unsupported algorithm whose output size is larger than the maximum supported MAC size, e.g. HMAC-SHA-512 when building with only SHA-256 support. Arrange to return PSA_ERROR_NOT_SUPPORTED instead. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:03:39 +02:00
Gilles Peskine	695c4cb7ea	If a cipher algorithm is not supported, fail during setup In some cases, a cipher operation for an unsupported algorithm could succeed in psa_cipher_{encrypt,decrypt}_setup() and fail only when input is actually fed. This is not a major bug, but it has several minor downsides: fail-late is harder to diagnose for users than fail-early; some code size can be gained; tests that expect failure for not-supported parameters would have to be accommodated to also accept success. This commit at least partially addresses the issue. The only completeness goal in this commit is to pass our full CI, which discovered that disabling only PSA_WANT_ALG_STREAM_CIPHER or PSA_WANT_ALG_ECB_NO_PADDING (but keeping the relevant key type) allowed cipher setup to succeed, which caused failures in test_suite_psa_crypto_op_fail.generated in component_test_psa_crypto_config_accel_xxx. Changes in this commit: * mbedtls_cipher_info_from_psa() now returns NULL for unsupported cipher algorithms. (No change related to key types.) * Some code that is only relevant for ECB is no longer built if PSA_WANT_ALG_ECB_NO_PADDING is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:03:39 +02:00
Gilles Peskine	0c3a071300	Make psa_key_derivation_setup return early if the key agreement is not supported Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 15:00:01 +02:00
Gilles Peskine	0cc417d34b	Make psa_key_derivation_setup return early if the hash is not supported Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 14:58:39 +02:00
Gilles Peskine	9efde4f2ec	Simplify is_kdf_alg_supported in psa_key_derivation_setup_kdf No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 14:57:20 +02:00
Przemek Stekiel	8583627ece	psa_ssl_status_to_mbedtls: add conversion of PSA_ERROR_BUFFER_TOO_SMALL Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-05 10:50:53 +02:00
Neil Armstrong	1039ba5c98	Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:33:01 +02:00
Neil Armstrong	ede381c808	Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:33:01 +02:00
Neil Armstrong	3cae167e6a	Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	e18ff952a7	Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	b7ca76b652	Use intermediate pointer for readability and rename PMS pointer in ECHDE-PSK PSA version of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fdf20cb513	Fix command indentation in ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	2d63da9269	Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	d6e2759afb	Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fb0a81ece9	Return PSA translated errors in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	5a1455d8d5	Remove useless braces in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	3bcef08335	Update comments in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	549a3e4737	Initialize uninitialized variable in ECHDE-PSK part of ssl_parse_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	fc834f2e2c	Introduce content_len_size variable in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:53 +02:00
Neil Armstrong	0bdb68a242	Introduce zlen size variable in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	d8420cad31	Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	c530aa6b4e	Return PSA translated errors in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:52 +02:00
Neil Armstrong	b9f319aec1	Remove useless braces in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:51 +02:00
Neil Armstrong	2540045542	Update comments in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	bc5e8f9dd0	Initialize uninitialized variables in ECHDE-PSK part of ssl_write_client_key_exchange() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	039db29c7d	Implement PSA server-side ECDHE-PSK Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:07 +02:00
Neil Armstrong	868af821c9	Implement PSA client-side ECDHE-PSK Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-05 10:29:06 +02:00
Przemek Stekiel	a9f9335ee9	ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check This check can be removed as if the buffer is too small for the key, then export will fail. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-04 17:32:30 +02:00
Neil Armstrong	e88d190f2e	Set ecdh_psa_privkey_is_external to 1 right after setting ecdh_psa_privkey in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:27:57 +02:00
Neil Armstrong	f716a700a1	Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:23:46 +02:00
Manuel Pégourié-Gonnard	de68e39ddf	Merge pull request #5568 from superna9999/5159-pk-rsa-verification PK: RSA verification	2022-04-04 11:23:33 +02:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard	33a9d61885	Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors Accessors to own CID within mbedtls_ssl_context	2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard	6a25159c69	Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations HKDF 2: use internal implementations in TLS 1.3	2022-04-01 11:15:29 +02:00
Manuel Pégourié-Gonnard	451114fe42	Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined	2022-04-01 10:04:56 +02:00
Paul Elliott	0113cf1022	Add accessor for own cid to ssl context Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-31 19:21:41 +01:00
Ronald Cron	11218dda96	ssl_client.c: Fix unused parameter Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Ronald Cron	bdb4f58cea	Add and update documentation of some minor version fields Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:24:59 +02:00
Ronald Cron	82c785fac3	Make handshake::min_minor_ver client only Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 15:44:41 +02:00
Neil Armstrong	91477a7964	Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	1335222f13	Return translated PSA error in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	f788253ed3	Fix comment typo in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	80325d00cf	Allow ECDSA PK Opaque keys for ECDH Derivation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	104a7c1d29	Handle Opaque PK EC keys in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	8113d25d1e	Add ecdh_psa_shared_key flag to protect PSA privkey if imported Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Neil Armstrong	5cd5f76d67	Use mbedtls_platform_zeroize() in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	4f33fbc7e9	Use PSA define for max EC key pair size in ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	306d6074b3	Fix indentation issue in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	062de7dd79	Use PSA_BITS_TO_BYTES instead of open-coded calculation in PSA version of ssl_get_ecdh_params_from_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Neil Armstrong	1f4b39621b	Implement PSA server-side ECDH-RSA/ECDSA Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:23:12 +02:00
Ronald Cron	6476726ce4	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 14:13:57 +02:00
Ronald Cron	a980adf4ce	Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 TLS 1.2/1.3 version negotiation - 1	2022-03-31 11:47:16 +02:00
Ronald Cron	ba120bb228	ssl_tls13_client.c: Fix ciphersuite final validation As we may offer ciphersuites not compatible with TLS 1.3 in the ClientHello check that the selected one is compatible with TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	8fdad9e534	ssl_tls12_client.c: Remove duplicate of ciphersuite validation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	757a2abfe2	ssl_client.c: Extend and export ciphersuite validation function Extend and export ciphersuite validation function to be able to use it in TLS 1.2/3 specific code. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	f735cf1f0f	ssl_tls.c: Fix ciphersuite selection regarding protocol version Use the actual minimum and maximum of the minor version to be negotiated to filter ciphersuites to propose rather than the ones from the configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:35:33 +02:00
Ronald Cron	9847338429	ssl_tls13_client.c: Add check in supported_versions parsing Add check in ServerHello supported_versions parsing that the length of the extension data is exactly two. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:33:41 +02:00
Ronald Cron	1fa4f6863b	ssl_tls.c: Return in error if default config fails Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	a77fc2756e	ssl_tls13_client.c: versions ext writing : Fix available space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	37bdaab64f	tls: Simplify the logic of the config version check and test it Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:26:58 +02:00
Ronald Cron	3cffc5ccb1	tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 21:59:44 +02:00
Ronald Cron	150d579d7a	ssl_client.c: Improve coding style Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 21:58:50 +02:00
Neil Armstrong	e451295179	Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:41:12 +02:00
Neil Armstrong	253e9e7e6d	Use mbedtls_rsa_info directly in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	ea54dbe7c2	Fix comment typo in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	19e6bc4c9f	Use new PSA to mbedtls PK error mapping functions in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	8a44bb47ac	Handle INVALID_SIGNATURE instead of INVALID_PADDING in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	82cf804e34	Fix 80 characters indentation in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	6baea78072	Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	a33280af6c	Check psa_destroy_key() return in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	059a80c212	Map INVALID_PADDING from PSA to MbedTLS error in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Neil Armstrong	52f41f8228	PK: RSA verification PSA wrap implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:39:07 +02:00
Ronald Cron	da41b38c42	Improve and fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard	3304f253d7	Merge pull request #5653 from paul-elliott-arm/handshake_over Add mbedtls_ssl_is_handshake_over()	2022-03-30 12:16:40 +02:00
Gabor Mezei	e42d8bf83b	Add macro guard for header file Some of the macros are used by the test data files and must be moved before the macros guard. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard	abed05f335	Merge pull request #5652 from arturallmann/issue-commit Fix comment typo in threading.c	2022-03-30 10:01:24 +02:00
Ronald Cron	8ecd9937a9	ssl_client.c: Fix state change for DTLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f660655b84	TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e71639d39b	Simplify TLS major version default value setting Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	dbe87f08ec	Propose TLS 1.3 and TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	9f0fba374c	Add logic to switch to TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	5f4e91253f	ssl_client.c: Add DTLS ClientHello message sending specifics Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	4079abc7d1	ssl_client.c: Adapt extensions writing to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	df823bf39b	ssl_client.c: Re-order partially extension writing Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:57:54 +02:00
Ronald Cron	42c1cbf1de	ssl_client.c: Adapt compression methods comment to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:56:58 +02:00
Paul Elliott	571f1187b6	Merge pull request #5642 from mprse/ecp_export Add ECP keypair export function	2022-03-29 17:19:04 +01:00
Artur Allmann	3f396152b7	Fix typo "phtreads" to "pthreads" Closes issue #5349 Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>	2022-03-29 17:43:56 +02:00
Ronald Cron	d491c2d779	ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	a874aa818a	ssl_client.c: Add DTLS 1.2 cookie support Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	021b1785ef	ssl_client.c: Adapt session id generation to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	58b803818d	ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:50 +02:00
Gabor Mezei	cb5ef6a532	Remove duplicated includes Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:10:01 +02:00
Gabor Mezei	55c49a3335	Use proper macro guard Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:09:15 +02:00
Gabor Mezei	29e7ca89d5	Fix typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:49 +02:00
Gabor Mezei	c09437526c	Remove commented out code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:15 +02:00
Ronald Cron	1614eb668c	ssl_client.c: Adapt TLS version writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	86a477f5ee	ssl_client.c: Adapt initial version selection to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	5456a7f89c	ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	71c2332860	ssl_client.c: Rename TLS 1.3 ClientHello writing functions Rename TLS 1.3 ClientHello writing functions aiming to support TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Dave Rodgman	1c41501949	Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal SECLIB-667: Accelerate SHA-512 with A64 crypto extensions	2022-03-29 15:34:12 +01:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	12dcdf0d6e	ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4e263fd49c	ssl_tls12_client.c: Simplify TLS version in encrypted PMS This can only be TLS 1.2 now in this structure and when adding support for TLS 1.2 or 1.3 version negotiation the highest configured version can be TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90f012037d	ssl_tls12_server.c: Simplify TLS version check in ClientHello The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8457c12127	ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	b894ac7f99	ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90915f2a21	ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version ssl_tls12_client.c contains only TLS 1.2 specific code thus remove some checks on the minor version version being MBEDTLS_SSL_MINOR_VERSION_3. No aim for completeness, ssl_parse_server_hello() is not reworked here for example. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	a25cf58681	ssl_tls.c: Remove one unnecessary minor version check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	c2f13a0568	ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() Modify mbedtls_ssl_set_calc_verify_md() taking into account that it is an TLS 1.2 only function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4dcbca952e	ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the "if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive as it is specific to TLS 1.2. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	81591aa0f3	ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param ssl_set_handshake_prfs() is TLS 1.2 specific and only called from TLS 1.2 only code thus no need to pass the TLS minor version of the currebt session. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	f12b81d387	ssl_tls.c: Fix PSA ECDH private key destruction In TLS 1.3, a PSA ECDH private key may be created even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We must destroy this key if still referenced by an handshake context when we free such context. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8540cf66ac	ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose PKCS1 v1.5 signatures with SHA_384/512 not only SHA_256. There is no point in not proposing them if they are available. In TLS 1.3 those could be useful for certificate signature verification. In hybrid TLS 1.2/1.3 this allows to propose for TLS 1.2 the same set of signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	60ff79424e	ssl_tls13_client.c: alpn: Miscellanous minor improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	13d8ea1dd9	ssl_tls13_client.c: alpn: Loop only once over protocol names This has although the benefit of getting rid of a potential integer overflow (though very unlikely and probably harmless). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	a0855a6d13	ssl_tls13_client.c: alpn: Add missing return value assignment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	de1adee51a	Rename ssl_cli/srv.c Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard	39f2f73e69	Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing Restore full TLS compatibility testing	2022-03-28 18:31:17 +02:00
Ronald Cron	e44d8e7eea	Merge pull request #5369 from xkqian/add_2nd_client_hello Add 2nd client hello	2022-03-28 12:18:41 +02:00
Przemek Stekiel	ab5274bb19	Remove parameters validation using ECP_VALIDATE_RET Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-28 07:23:08 +02:00
Gabor Mezei	ed6d6589b3	Use hash algoritm for parameter instead of HMAC To be compatible with the other functions `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` use hash algorithm for parameter. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:28:06 +01:00
Gabor Mezei	07732f7015	Translate from mbedtls_md_type_t to psa_algorithm_t Do the translation as early as possible from mbedtls_md_type_t to psa_algorithm_t. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 17:04:19 +01:00
Gabor Mezei	5d9a1fe9e9	PSA code depends on MBEDTLS_SSL_PROTO_TLS1_3 With TLS 1.3 support MBEDTLS_PSA_CRYPTO_C is enabled so PSA support is always enabled. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-26 15:47:15 +01:00
Ronald Cron	fb39f15fa1	ssl_tls.c: Use ETM status only in CBC mode case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Ronald Cron	862902dd57	ssl_srv.c: Mark ETM as disabled if cipher is not CBC Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS 1.2 server only for the CBC cipher mode thus make it clear in the SSL context. The previous code was ok as long as the check of the ETM status was done only in the case of the CBC cipher mode but fragile as #5573 revealed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard	cefa904759	Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor Accessor for mbedtls_timing_delay_context final delay	2022-03-25 09:14:41 +01:00
XiaokangQian	20438976f9	Change comments and styles base on review Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 08:09:29 +00:00
XiaokangQian	c02768a399	Replace ssl->handshake with handshake in write_cookie_ext() Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9b93c0dd8d	Change cookie parameters for dtls and tls 1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	25c9c9023c	Refine cookie len to fix compile issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	9deb90f74e	Change parameter names and code style Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	5e3c947841	Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	233397ef88	Update code base on comments Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data Change code styles and comments Fix cookie write issues Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
XiaokangQian	0b64eedba8	Add cookies write in client hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
Ronald Cron	90045241e7	Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify TLS1.3: Fix incorrect check for certificate verify	2022-03-25 08:35:41 +01:00
Jerry Yu	6c6f10265d	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-25 11:09:50 +08:00
Paul Elliott	27b0d94e25	Use mbedtls_ssl_is_handshake_over() Switch over to using the new function both internally and in tests. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-24 14:43:52 +00:00
Jerry Yu	bd1b3278b1	Remove useless code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-24 13:07:28 +08:00
Tom Cosgrove	b7f5b97650	Minor changes to sha256.c to bring it in line with sha512.c Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:56 +00:00
Tom Cosgrove	87fbfb5d82	SECLIB-667: Accelerate SHA-512 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8.2-a+sha3. The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. The SHA-512 implementation was originally written by Simon Tatham for PuTTY, under the MIT licence; dual-licensed as Apache 2 with his kind permission. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-23 21:40:53 +00:00
Jerry Yu	e26acee896	Refactor guards for sig algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 21:01:33 +08:00
Jerry Yu	f8aa9a44aa	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard	5e4bf95d09	Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies MD: HMAC in DTLS cookies	2022-03-23 13:05:24 +01:00
Jerry Yu	8c3388620d	create sig_alg decode function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 13:34:04 +08:00
Jerry Yu	0c23fc39c3	fix various guards issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:20:01 +08:00
Jerry Yu	7533982f68	guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 12:06:31 +08:00
Jerry Yu	e010de4be3	Rename ctx to rsa_ctx Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:45:55 +08:00
Jerry Yu	fb0621d841	fix pk_sign_ext issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-23 11:42:06 +08:00
Jerry Yu	cef3f33012	Guard rsa sig algs with rsa_c and pkcs1_v{15,21} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 23:16:42 +08:00
Jerry Yu	e91a51a539	Refactor get_sig_alg_from pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:42:50 +08:00
Jerry Yu	bf455e7516	rename pk_psa_rsa_sign_ext param Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 21:39:41 +08:00
Jerry Yu	3616533d26	tls13:remove ec check from validate certification Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 19:46:05 +08:00
Neil Armstrong	488a40eecb	Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-22 10:41:38 +01:00
Jerry Yu	dddf5a0e18	Refactor get_sig_alg_from_pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:47:19 +08:00
Jerry Yu	89107d1bc2	fix ci fail without RSA_C Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	406cf27cb5	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:53 +08:00
Jerry Yu	848ecce990	fix wrong typo in function name Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:14:52 +08:00
Jerry Yu	07869e804c	fix psa crypto test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	b02ee18e64	replace use_psa_crypto with psa_crypto_c Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	b6875bc17a	change rsa_pss salt type Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	704cfd2a86	fix comments and style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:35 +08:00
Jerry Yu	718a9b4a3f	fix doxgen fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	1d172a3483	Add pk_psa_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	8beb9e173d	Change prototype of pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	67eced0132	replace pk_sign with pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	d69439aa61	add mbedtls_pk_sign_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	bfcfe74b4e	add signature algorithm debug helper Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Jerry Yu	919130c035	Add rsa_pss_rsae_sha256 support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Gabor Mezei	1e64f7a643	Use MBEDTLS_USE_PSA_CRYPTO macro guard for testing instead of MBEDTLS_PSA_CRYPTO_C Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:54 +01:00
Gabor Mezei	1bf075fffd	Use SSL error codes The `psa_ssl_status_to_mbedtls` function is not only used for cipher operations so transalte to TLS error codes. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	adfeadc6e5	Extend PSA error translation Add new error codes to the PSA to mbedtls error translation. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Gabor Mezei	58db65354b	Use the PSA-based HKDF functions Use the `mbedtls_psa_hkdf_extract` and `mbedtls_psa_hkdf_expand` functions in the HKDF handling. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-21 17:00:53 +01:00
Paul Elliott	b9af2db4cf	Add accessor for timing final delay Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-21 15:26:19 +00:00
Neil Armstrong	79daea25db	Handle and return translated PSA errors in ssl_cookie.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-21 12:05:51 +01:00
Neil Armstrong	2d5e343c75	Use inline PSA code instead of using ssl_cookie_hmac in mbedtls_ssl_cookie_write() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-21 11:39:52 +01:00
Manuel Pégourié-Gonnard	f4042f076b	Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac TLS record HMAC	2022-03-21 11:36:44 +01:00
Manuel Pégourié-Gonnard	706f6bae27	Merge pull request #5518 from superna9999/5274-ecdsa-signing PK: ECDSA signing	2022-03-21 09:57:57 +01:00
Manuel Pégourié-Gonnard	472044f21e	Merge pull request #5525 from superna9999/5161-pk-rsa-encryption PK: RSA encryption	2022-03-21 09:57:38 +01:00
Ronald Cron	8d7afc642c	Merge pull request #5523 from ronald-cron-arm/one-flush-output-development TLS 1.3: One flush output	2022-03-21 08:44:04 +01:00
Neil Armstrong	62e6ea2c22	Avoid spurious write to *olen in PSA version of rsa_encrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:39:49 +01:00
Neil Armstrong	17a0655c8d	Add documentation to find_ecdsa_private_key() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:27:38 +01:00
Neil Armstrong	05132ed490	md_alg is used in ecdsa_sign_wrap(), cleanup code Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:14:57 +01:00
Neil Armstrong	cb753a6945	Use mbedtls_eckey_info directly in ecdsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 15:14:48 +01:00
Przemek Stekiel	711d0f5e29	Add implemetation of ECP keypair export function Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-18 13:52:26 +01:00
Manuel Pégourié-Gonnard	e5b53193e0	Merge pull request #5636 from mprse/tls_ecdh_2b TLS ECDH 2b: client-side static ECDH (1.2)	2022-03-18 11:36:53 +01:00
Neil Armstrong	29c0c040fc	Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() This requires moving the HMAC init after CIPHER init. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:10:09 +01:00
Neil Armstrong	9ebb9ff60c	Reduce HMAC buffer usage in PSA version of mbedtls_ct_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:58 +01:00
Neil Armstrong	72c2f76c43	Assume MAC key length is always exactly the output size in PSA version of mbedtls_ct_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:36 +01:00
Neil Armstrong	36cc13b340	Use PSA defines for buffers in PSA version of mbedtls_ct_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:09:20 +01:00
Neil Armstrong	ae57cfd3e7	Use psa_ssl_status_to_mbedtls in PSA version of mbedtls_ct_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 10:00:10 +01:00
Neil Armstrong	28d9c631b8	Fix comments in PSA version of mbedtls_ct_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 10:00:10 +01:00
Ron Eldor	183264cb95	Fix shared library link error with cmake on Windows Set the library path as the current binary dir Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-17 12:07:50 +00:00
Manuel Pégourié-Gonnard	8d4bc5eeb9	Merge pull request #5481 from gabor-mezei-arm/5401_implement_hkdf_extract_based_on_psa_hmac HKDF 1a: Implement Extract in TLS 1.3 based on PSA HMAC	2022-03-17 11:55:48 +01:00
Manuel Pégourié-Gonnard	15c0e39fff	Merge pull request #5519 from superna9999/5150-pk-rsa-decryption PK: RSA decryption	2022-03-17 11:02:13 +01:00
Manuel Pégourié-Gonnard	7c92fe966a	Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection TLS Cipher 2a: tickets: use PSA for protection	2022-03-17 09:50:09 +01:00
Manuel Pégourié-Gonnard	560ef5975c	Merge pull request #5613 from mprse/tls_ecdh_2a TLS ECDH 2a: server-side ECDHE-ECDSA and ECDHE-RSA (1.2)	2022-03-17 09:29:41 +01:00
Przemek Stekiel	068a6b4013	ssl_check_server_ecdh_params():Adapt build flags Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-17 07:54:09 +01:00
Neil Armstrong	da1d80db19	Use mbedtls_rsa_info directly in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:36:32 +01:00
Neil Armstrong	7b1dc85919	Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:36:06 +01:00
Neil Armstrong	6b03a3de5c	Use mbedtls_rsa_info directly in rsa_decrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:31:07 +01:00
Neil Armstrong	8e80504b46	Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-16 15:30:31 +01:00
Gabor Mezei	103e08aab9	Fix return value handling Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 13:45:41 +01:00
Przemek Stekiel	561a42392a	ssl_parse_signature_algorithm(): refactor PSA CRYPTO code - use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary(). - add check for ECDH curve type in server's certificate Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 13:16:24 +01:00
Gabor Mezei	5b8b890a61	Check PSA functions' return value before converting Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 12:56:58 +01:00
Gabor Mezei	36c9f51ef2	Use size_t instead of int to silence compiler warnings Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 12:55:32 +01:00
Gabor Mezei	4f4bac7e22	Remove blank lines Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-16 12:54:27 +01:00
Przemek Stekiel	dd482bfd6a	Modify own_pubkey_max_len calculation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:43:22 +01:00
Przemek Stekiel	a4e15cc0d5	Fix comment: add fields size Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:32:42 +01:00
Przemek Stekiel	855938e17d	Move mbedtls_ecdh_setup() to no-psa path Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:29:29 +01:00
Przemek Stekiel	338b61d6e4	Fix code style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 11:24:09 +01:00
Przemek Stekiel	d905d33488	ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 09:50:56 +01:00
Przemek Stekiel	ea4000f897	ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-16 09:49:33 +01:00
Dave Rodgman	2cecd8aaad	Merge pull request #3624 from daxtens/timeless RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test	2022-03-15 16:43:19 +00:00
Przemek Stekiel	ce1d792315	Remove duplicated code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 16:16:25 +01:00
Neil Armstrong	169e61add6	Zeroise stack buffer containing private key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-14 14:26:49 +01:00
Neil Armstrong	3aca61fdfc	Zeroise stack buffer containing private key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-14 14:24:48 +01:00
Dave Rodgman	868d38f50f	Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal SECLIB-667: Accelerate SHA-256 with A64 crypto extensions	2022-03-14 12:57:37 +00:00
Przemek Stekiel	fc91a1f030	Use PSA for private key generation and public key export only for ECDHE keys This should be cleaned when server-side static ECDH (1.2) support is added (#5320). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 12:05:27 +01:00
Przemek Stekiel	a21af3da00	Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() ) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 10:09:13 +01:00
Przemek Stekiel	0a60c129de	Add intermediate variables to increase code readability Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 09:54:51 +01:00
Przemek Stekiel	e9f00445bc	Destroy ecdh_psa_privkey on failure Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 09:42:32 +01:00
Przemek Stekiel	130c4b5567	Use PSA version of key agreement only for ECDHE keys This should be cleaned when server-side static ECDH (1.2) support is added (#5320). Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard	c11bffe989	Merge pull request #5139 from mprse/key_der_ecc PSA: implement key derivation for ECC keys	2022-03-14 09:17:13 +01:00
Gilles Peskine	81d903f5aa	Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing feat: MD: X.509 hashing	2022-03-10 20:16:43 +01:00
Gilles Peskine	afb482897b	Merge pull request #5292 from mprse/asym_encrypt Driver dispatch for PSA asymmetric encryption + RSA tests	2022-03-10 20:07:38 +01:00
Gabor Mezei	49c8eb3a5a	Enable chachcapoly cipher for SSL tickets Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Gabor Mezei	2a02051286	Use PSA in TLS ticket handling Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Gabor Mezei	e6d867f476	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 15:04:58 +01:00
Ronald Cron	a8b38879e1	Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:17 +01:00
Ronald Cron	7a94aca81a	Move state change from CLIENT_CERTIFICATE to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data server certificate selection callback	2022-03-10 11:51:42 +01:00
Przemek Stekiel	fd32e9609b	ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-09 16:01:59 +01:00
Przemek Stekiel	b6ce0b6cd8	ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-09 16:01:50 +01:00
Ronald Cron	5bb8fc830a	Call Certificate writing generic handler only if necessary Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3f20b77517	Improve comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	00d012f2be	Fix type of force_flush parameter Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9f55f6316e	Move state change from CSS states to their main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3addfa4964	Move state change from WRITE_CLIENT_HELLO to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9df7c80c78	TLS 1.3: Always go through the CLIENT_CERTIFICATE state Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:50:08 +01:00
Paul Elliott	17f452aec4	Merge pull request #5448 from lhuang04/tls13_alpn Port ALPN support for tls13 client from tls13-prototype	2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Przemek Stekiel	c85f0912c4	psa_crypto.c, test_suite_psa_crypto.function: fix style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-08 11:37:54 +01:00
Gilles Peskine	44311f5c98	Merge pull request #5571 from superna9999/5162-pk-rsa-signing PK: RSA signing	2022-03-07 17:09:14 +01:00
Gilles Peskine	15364ffb03	Merge pull request #5579 from SiliconLabs/erase_secret_before_free Erase secrets in allocated memory before freeing said memory	2022-03-07 17:04:04 +01:00
Neil Armstrong	6d5baf5f1e	Use PSA MAC verify API in mbedtls_ssl_cookie_check() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	be52f500c8	Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	7cd0270d6c	Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	2217d6f825	Generate cookie MAC key with psa_generate_key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
pespacek	b9ca22dead	Improving readability of x509_crt and x509write_crt for PR Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:59:44 +01:00
pespacek	d924e55944	Improving readability of x509_crt and x509write_crt Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:31:54 +01:00
Przemek Stekiel	7fc0751f78	Restore build options for mbedtls_ecc_group_of_psa() and related functions Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-06 20:43:46 +01:00
Neil Armstrong	77b69ab971	Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:45 +01:00
Neil Armstrong	23d34ce372	Use PSA HMAC API in ssl_cookie_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:45 +01:00
Neil Armstrong	d633201279	Import PSA HMAC key in mbedtls_ssl_cookie_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:18 +01:00
Andrzej Kurek	09e803ce0d	Provide a dummy implementation of timing.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	108bf520e0	Add a missing guard for time.h in net_sockets.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Daniel Axtens	f071024bf8	Do not include time.h without MBEDTLS_HAVE_TIME MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()." If that is not defined, do not attempt to include time.h. A particular problem is platform-time.h, which should only be included if MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it should be refactored to have the check inside the header. Signed-off-by: Daniel Axtens <dja@axtens.net>	2022-03-04 05:07:45 -05:00
Neil Armstrong	bca99ee0ac	Add PSA key in mbedtls_ssl_cookie_ctx Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 10:20:20 +01:00
Neil Armstrong	e87804920a	Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:54:16 +01:00
Neil Armstrong	b556a42656	Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	f47135756c	Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	0d46786034	Fix style issue in rsa_decrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	f1b564bb8d	Check psa_destroy_key() return in rsa_decrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	18f43c7304	PK: RSA decrypt PSA wrap implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:52:47 +01:00
Neil Armstrong	e4edcf761d	Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:46:41 +01:00
Neil Armstrong	ff70f0bf77	Check psa_destroy_key() return in rsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	edcc73c992	Fix 80 characters indentation in ecdsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	dab14de96a	Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	15021659d1	Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	5874aa38f7	Fix style issue in find_ecdsa_private_key() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	cf5a215a43	Check psa_destroy_key() return in rsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	e960690b89	PK: ECDSA signing PSA wrap implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:44:06 +01:00
Neil Armstrong	db69c5213f	Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:41:23 +01:00
Neil Armstrong	66fa769ae8	Fix 80 characters indentation in rsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	4b1a059f7d	Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	48a9833cdf	Check psa_destroy_key() return in rsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	e4f28688fd	Fix comment typo in rsa_sign_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	9854568204	PK: RSA signing PSA wrap implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:39:39 +01:00
Neil Armstrong	3770e2483f	Use new PSA to mbedtls PK error mapping functions in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:37:33 +01:00
Neil Armstrong	deb4bfb2b9	Use now shared RSA_PUB_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	9dccd866c3	Check psa_destroy_key() return in ecdsa_verify_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	7dd3b20d36	Check psa_destroy_key() return in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	ac014ca5d9	Fix comment typos in rsa_encrypt_wrap() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Neil Armstrong	96a16a429b	PK: RSA encrypt PSA wrap implementation Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-03 16:33:39 +01:00
Gilles Peskine	1f13e984ad	Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls Rename, move and refine PSA to mbedtls PK errors mappings	2022-03-03 13:30:29 +01:00
Gilles Peskine	d929dbbb25	Merge pull request #5368 from mfil/feature/additional_md_getters Add function to get message digest info from context	2022-03-02 16:44:26 +01:00
Gilles Peskine	e8c8300190	Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes Move max sizes of RSA & EC DER keys into public header	2022-03-02 16:41:53 +01:00
Neil Armstrong	6828d8fdc4	Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:11 +01:00
Neil Armstrong	6958bd0206	Clean aux_out in PSA version of mbedtls_ct_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:11 +01:00
Neil Armstrong	4313f55a13	Simplify error handling of PSA mac operationsg in ssl_msg.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:04 +01:00
Neil Armstrong	321116c755	Remove spurious debug in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:06:15 +01:00
Przemek Stekiel	e894c5c4a5	Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-02 08:45:56 +01:00
Paul Elliott	06898650f9	Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify TLS1.3: Add write client Certificate and CertificateVerify	2022-03-01 18:42:00 +00:00
Przemek Stekiel	15565eeb59	Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 17:01:39 +01:00
Neil Armstrong	19915c2c00	Rename error translation functions and move them to library/pk_wrap.* Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 15:21:02 +01:00
Przemek Stekiel	a81aed2dae	Clean up init values of psa crypto status and fix switch default case Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 15:13:30 +01:00
Przemek Stekiel	f110dc05be	Clenup conditional compilation flags. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 14:48:05 +01:00
Przemek Stekiel	dcab6ccb3b	Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-01 14:29:49 +01:00
Neil Armstrong	0f49f83625	Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 10:05:33 +01:00
Neil Armstrong	e9ecd27890	Rename max sizes of RSA & EC DER keys defines Rename to match the required pattern of defines: '^(MBEDTLS\|PSA)_[0-9A-Z_]*[0-9A-Z]$' Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 10:03:21 +01:00
Neil Armstrong	e0326a6acc	Move max sizes of RSA & EC DER keys into private pkwrite.h Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-01 09:58:58 +01:00
Glenn Strauss	6989407261	Add accessor to retrieve SNI during handshake Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Glenn Strauss	36872dbd0b	Provide means to reset handshake cert list Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert() only provided a way to append to the handshake certificate list, without providing a way to replace the handshake certificate list. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:48 -05:00
Glenn Strauss	2ed95279c0	Add server certificate selection callback https://github.com/ARMmbed/mbedtls/issues/5430 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 17:31:49 -05:00
Neil Armstrong	e858996413	Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() Due to mbedtls_ct_hmac() implementation the decryption MAC key must be exportable. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:17:50 +01:00
Neil Armstrong	2968d306e4	Implement mbedtls_ct_hmac() using PSA hash API Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:50 +01:00
Neil Armstrong	cf8841a076	Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	26e6d6764e	Use PSA MAC API in mbedtls_ssl_encrypt/decrypt_buf() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	0760ade761	Setup & Import HMAC keys in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Steven Cooreman	cd5be32191	Erase secrets in allocated memory before freeing said memory Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2022-02-25 11:14:59 +01:00
Andrzej Kurek	a0237f86d3	Add missing key destruction calls in ssl_write_client_key_exchange Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-25 04:36:40 -05:00
Tom Cosgrove	7e7aba8c9d	Rename mbedtls_a64_crypto_sha256_check_support() to mbedtls_a64_crypto_sha256_determine_support() The Mbed TLS coding standard specifies that "check" functions must return 0 for success (i.e. feature present), while "has" functions should return 1 for true. Since we were using "check" to do the actual check, and "has" to get the cached value, having inverted values here would be confusing. Therefore, rename "check" to "determine", as that's what those functions are doing. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-02-24 08:33:11 +00:00
Jerry Yu	71f36f1d2e	change alert message type Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 17:34:29 +08:00
Neil Armstrong	39b8e7dde4	Add, Initialize & Free HMAC keys in mbedtls_ssl_transform Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-23 09:24:57 +01:00
Jerry Yu	0b7b101b3b	fix warnings Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 12:26:48 +08:00
Jerry Yu	2ff6ba1df0	Remove rsa_pss_rsae_sha256 support. Sign rsa is not thread safe. Remove it from current code. And a thread-safe version should be re-introduce in future. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 10:38:25 +08:00
Przemyslaw Stekiel	91ebfc0402	Adapt compilation flags for ECC key derivation Use conditional compilation flags for building ECC key derivation code consistent with flags used for mbedtls_ecc_group_of_psa(). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 15:50:30 +01:00
Neil Armstrong	3f9cef4547	Remove actual and use new PSA to mbedtls PK errors mapping functions Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 15:44:39 +01:00
Neil Armstrong	ea761963c5	Add specialized PSA to mbedtls PK/RSA error mapping function Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 14:37:00 +01:00
Neil Armstrong	cd501f406e	Add specialized PSA to mbedtls PK/ECDSA error mapping function Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 14:37:00 +01:00
Neil Armstrong	a3fdfb4925	Introduce new PSA to mbedtls PK error mapping function Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel	76960a7217	mbedtls_mpi_read_binary() document that function guarantees to return an MPI with exactly the necessary number of limbs and remove redundant call to mbedtls_mpi_grow() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	aeaa4f0651	Code optimization - fix codding style - fix comments and descriptions - add helper function for montgomery curve - move N-2 calculation outside the loop - fix access to <data> bytes: data[x] -> (data)[x] Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	6d3d18b2dc	psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code Perform the following optimizations: - fix used flags for conditional compilation - remove redundant N variable - move loop used to generate valid k value to helper function - fix initial value of status - fix comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	924815982a	Workaround for VS compiler build error The following error was reported by CI for win32/release builds: 37>Done Building Project "C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\gen_entropy.vcxproj.metaproj" (Rebuild target(s)). 67>c:\builds\workspace\mbed-tls-pr-head_pr-5139-head\worktrees\tmp_nn5muy8\library\psa_crypto.c(4840): fatal error C1001: An internal error has occurred in the compiler. [C:\builds\workspace\mbed-tls-pr-head_PR-5139-head\worktrees\tmp_nn5muy8\visualc\VS2010\key_ladder_demo.vcxproj] (compiler file 'f:\dd\vctools\compiler\utc\src\p2\main.c', line 228) To work around this problem, try simplifying or changing the program near the locations listed above. Please choose the Technical Support command on the Visual C++ Help menu, or open the Technical Support help file for more information Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	e33ae7186e	psa_crypto.c: adapt macros Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	dc215f4b97	Simplify calculations for clear mask Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	d80b6ed46d	Use loop instead goto and fix misleading variable name Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	dc8d7d9211	fix mbedtls/psa status code mismatch Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	871a336028	Remove redundant psa_generate_derived_ecc_key_weierstrass_check_config() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	aaa1ada086	psa_generate_derived_ecc_key_weierstrass_check_config: Build only when ECC enabled Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:27 +01:00
Przemyslaw Stekiel	50fcc535e5	Add Weierstrass curve/bits consistancy check + negative test vectors Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel	58ce8d8fb6	Add support for Montgomery curves Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel	705fb0f918	Only Weierstrass curves supported Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:35:26 +01:00
Przemyslaw Stekiel	c6e4c512af	psa_crypto.c: fix warning on windows compiler Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	1dfd1224dc	psa_generate_derived_ecc_key_helper: compile only when ECC is supported Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	653481632e	psa_generate_derived_ecc_key_helper: fix bugs found during testing Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	d8cdcba970	Move derivation of ECC private key to helper function and refactor code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Przemyslaw Stekiel	1608e33606	PSA: implement key derivation for ECC keys Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-22 13:26:46 +01:00
Jerry Yu	782720787f	Refactor write_certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:28:13 +08:00
Jerry Yu	2124d05e06	Add sha384 and sha512 case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	d66409ae92	Add non support sig alg check and test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	c8d8d4e01a	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7db5b8f68c	add rsa_pss_rsae_sha256 write support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	3391ac00d3	fix various issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	ca133a34c5	Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	537530d57a	Add certificate request echo Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	3e536442f5	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	a23b9d954c	fix undefine error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7399d0d806	refactor write certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	1bb5a1ffe3	Implement received sig_algs check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	32e0c2d526	fix server only build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	90f152dfac	fix psk only build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	72637c734b	fix write certificate fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	8511f125af	Add certificteVerify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	5cc3506c9f	Add write certificate and client handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	566c781290	Add dummy state for client_certifiate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Ronald Cron	4579a972bf	Merge pull request #5426 from gilles-peskine-arm/ssl-get-version-3.1 Add accessors to mbedtls_ssl_context: user data, version ABI-API-checking fails which was expected as this PR adds a new field in mbedtls_ssl_context and mbedtls_ssl_config.	2022-02-21 17:03:24 +01:00
Manuel Pégourié-Gonnard	e3a2dd787e	Merge pull request #5521 from AndrzejKurek/rsa-pss-use-psa Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO	2022-02-21 16:58:57 +01:00
Gabor Mezei	d860e0f18b	Add comment Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	0e7c6f4961	Check return value of psa_destroy_key Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	26c6741c58	Add better name for variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	320d21cecf	Update documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:39 +01:00
Gabor Mezei	c5efb8e58b	Use PSA error code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:46:38 +01:00
Gabor Mezei	89c1a95f8f	Delete leftover code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:59 +01:00
Gabor Mezei	b1f53976ee	Add documentation for mbedtls_psa_hkdf_extract Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:59 +01:00
Gabor Mezei	62bf024025	Make the mbedtls_psa_hkdf_extract function more PSA compatible Change the return value to `psa_status_t`. Add `prk_size` and `prk_len` parameters. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:42:57 +01:00
Gabor Mezei	9f4bb319c9	Implement HKDF extract in TLS 1.3 based on PSA HMAC Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-21 15:23:29 +01:00
Gilles Peskine	66971f8ab1	Add prototype for automatically generated debug helper Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	c63a1e0e15	Fix mbedtls_ssl_get_version() for TLSv1.3 Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	e1a0c25f71	New function to access the TLS version from a context as an enum Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Tom Cosgrove	b9987fc344	Handle MBEDTLS_SHA256_USE_A64_* on Windows on ARM64 too Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-02-21 12:26:11 +00:00
Paul Elliott	436b72690d	Merge pull request #5362 from yuhaoth/pr/enable-tls13-only-build TLS1.3:Enable tls13 only build	2022-02-21 11:22:37 +00:00
Tom Cosgrove	f3ebd90a1c	SECLIB-667: Accelerate SHA-256 with A64 crypto extensions Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be specified. If used, it is necessary to compile with -march=armv8-a+crypto. The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms continue to work, and are mutually exclusive with A64_CRYPTO. There should be minimal code size impact if no A64_CRYPTO option is set. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-02-21 08:37:26 +00:00
Manuel Pégourié-Gonnard	9b545c04f7	Merge pull request #5520 from gabor-mezei-arm/5402_implement_hkdf_expand_based_on_psa_hmac HKDF 1b: Implement Expand in TLS 1.3 based on PSA HMAC	2022-02-21 09:30:31 +01:00
Jerry Yu	f1b23caa4e	move wrong comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	18621dfd23	remove extra empty line Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	50f2f703a7	remove extra guards Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	840fbb2817	guards populate_transform reference Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	4f9e3efbeb	move session_save/load_tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d9d91da7c7	move sig_hash_* Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	ee40f9d4b3	move get_key_exchange_md_tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	9bccc4c63f	move populate_transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	e93ffcd2c7	move tls_prf_get_type Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	392112c058	move tls12prf_from_cs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	0b3d7c1ea1	move parse_finished Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	3c8e47bbbf	move write_finished Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	2a9fff571d	move wrapup Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	aef0015ba0	move wrapup_free_hs_transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	b7ba49ef74	move calc_finished_tls_sha384 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	615bd6f5b9	move calc_finished_tls_sha256 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d952669ad8	move write_certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	c2c673da59	move resend_hello_request Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	ce3dca4175	move psk_derive_premaster Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	c1cb384708	move calc_verify_tls_sha384 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	8392e0dae4	move calc_verify_tls_sha256 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d62f87e151	move derive_keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	2a7b5ac791	move compute_master Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	d6ab235972	move use_opaque_psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	f009d86186	move set_handshake_prfs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	dc7bd17d11	move tls_prf_sha256/384 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	ed14c93008	add static prototypes prepare for moving functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	53d23e2c95	Guards tls_prf functions with TLS1_2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c73c618094	Wrap function not used by test_tls13_only Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_tls13_generic.c	2022-02-21 09:06:00 +08:00
Jerry Yu	bef175db96	Wrap derive_keys with TLS1_2 option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	cc43c6bee5	fix coding style issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	e754193e87	Remove guard inside ssl_srv.c Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	fb4b6478ee	tls13_only: improve guards of files. To improve readability of the preprocess guards. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	db8c48aaff	tls13_only:Remove unnecessary functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	7d2396332d	fix wrong setting of max_minor version Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c5aef88be6	tls13_only: guard ssl_{cli,srv}.c with TLS1_2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c10f6b4735	tls13_only: simple test pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c3091b1c8c	tls13_only: compile pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Andrzej Kurek	d70fa0e327	Restructure error handling in mbedtls_pk_verify_ext Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-17 10:51:15 -05:00
pespacek	3015148ae6	Improving readability Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-17 16:08:23 +01:00
Gabor Mezei	8e3602569b	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard	4fa604cc3b	Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 feat: Update test_suite_psa_its to NOT use UID=0	2022-02-17 11:49:33 +01:00
Gilles Peskine	57b1ff39c2	Merge pull request #5377 from hanno-arm/ecp_add_mixed_fewer_mpis Minor improvements to ECC arithmetic subroutines	2022-02-17 10:27:18 +01:00
Manuel Pégourié-Gonnard	3d1f8b9c00	Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO	2022-02-16 17:33:47 +01:00
Andrzej Kurek	59550537f0	Change signature_length type to size_t Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-16 07:46:42 -05:00
Andrzej Kurek	4a953cdd9f	pk: properly handle signatures in larger buffers when using PSA As stated in function documentation. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-16 06:13:35 -05:00
Gabor Mezei	8d5a4cbfdb	Check return value of psa_destroy_key Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-15 16:23:17 +01:00
Gabor Mezei	833713c35c	Add better name for variable Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-15 16:16:08 +01:00
Andrzej Kurek	8666df6f18	Add signature length mismatch handling when using PSA in pk_verify_ext Introduce a regression test for that too. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-15 08:23:02 -05:00
Andrzej Kurek	90ba2cbd0a	Cosmetic changes to return placement and variable naming Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard	a1b506996d	Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref Ensure ctr_drbg is initialised every time in fuzz_server	2022-02-15 10:31:03 +01:00
Ronald Cron	b788c044b7	Use PSA status to Mbed TLS error code conversion function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard	e14b644f4d	Merge pull request #5456 from mpg/cleanup-ecdh-psa Cleanup PSA-based ECDHE in TLS 1.2	2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel	0f5ecefbe9	Clean up the code - remove redundant local buffer - fix code style Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-15 08:53:36 +01:00
Przemyslaw Stekiel	4b3fff43a8	Destroy ecdh_psa_privkey on HRR Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-15 08:53:26 +01:00
Przemyslaw Stekiel	169f115bf0	ssl_client2: init psa crypto for TLS 1.3 build Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 17:15:04 +01:00
lhuang04	86cacac91a	Port ALPN support for tls13 client from tls13-prototype Summary: Port ALPN implementation of tls13 client from [tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124). Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-02-14 08:03:32 -08:00
pespacek	a6e955e729	X.509: x509write_crt_set_key_identifier created Function mbedtls_x509write_crt_set_key_identifier was implemented to provide functionality of both mbedtls_x509write_crt_set_authority_key_identifier and mbedtls_x509write_crt_set_subject_key_identifier. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:20:57 +01:00
pespacek	a7a646986f	Improving readability Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:18:43 +01:00
pespacek	b9f07a79a7	Changing buffer size checks. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:13:26 +01:00
pespacek	3110c7b340	Changing error codes. Change from MBEDTLS_ERR_ERROR_GENERIC_ERROR to MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED where PSA crypto is used. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-14 15:07:41 +01:00
PeterSpace	c2774a3ad4	Update library/psa_its_file.c Signed-off-by: pespacek <peter.spacek@silabs.com> Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>	2022-02-14 12:24:56 +01:00
Przemyslaw Stekiel	4f419e55a1	ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:19:53 +01:00
Przemyslaw Stekiel	c0824bfb11	Change mbedtls_ssl_tls13_key_schedule_stage_handshake() to use psa_raw_key_agreement() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:19:45 +01:00
Przemyslaw Stekiel	6d6aabdb0d	Remove unused function: ssl_tls13_check_ecdh_params() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:13:10 +01:00
Przemyslaw Stekiel	9e23ddb09d	Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 10:13:00 +01:00
Ronald Cron	f6893e11c7	Finalize PSA hash operations in TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-11 16:10:34 +01:00
Przemyslaw Stekiel	ea859c24b7	Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA Generate ECDH private key using psa_generate_key() Export the public part of the ECDH private key using psa_export_public_key() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-11 15:17:05 +01:00
Paul Elliott	00738bf65e	Ensure ctr_drbg is initialised every time ctr_drbg is a local variable and thus needs initialisation every time LLVMFuzzerTestOneInput() is called, the rest of the variables inside the if(initialised) block are all static. Add extra validation to attempt to catch this issue in future. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-02-10 18:38:53 +00:00
Przemyslaw Stekiel	b15f33d496	Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3 These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-10 15:24:27 +01:00
Gabor Mezei	9607ab4dbd	Prevent function not used compilation error Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-10 10:57:24 +01:00
Gabor Mezei	a3eecd242c	Implement HKDF expand in TLS 1.3 based on PSA HMAC Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-02-10 10:57:23 +01:00
Glenn Strauss	a941b62985	Create public macros for ssl_ticket key,name sizes Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 15:28:28 -05:00
Glenn Strauss	a950938ff0	Add mbedtls_ssl_ticket_rotate for ticket rotation. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:15 -05:00
Andrzej Kurek	7db1b78fff	Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO Duplicate a test case but with a different expected error due to error translation to and from PSA. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-02-09 14:13:44 -05:00
Jerry Yu	7840f81303	fix client_auth fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard	62b49cd06a	Merge pull request #5472 from yuhaoth/pr/move-client-auth Move client_auth to handshake	2022-02-09 10:57:00 +01:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Xiaofei Bai	7c8b6a97b9	Update CertificateRequest skip condition Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 15:21:13 +00:00
Jerry Yu	5c7d1cce97	fix typo error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 21:08:29 +08:00
Jerry Yu	2d9a694088	change type of client_auth Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 21:07:10 +08:00
pespacek	e990100ddb	BUGFIX: psa_its_set now rejects UID = 0 Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-08 14:05:41 +01:00
pespacek	7599a7744e	X.509: use PSA for hashing under USE_PSA_CRYPTO When MBEDTLS_USE_PSA_CRYPTO is enabled, use psa_hash_xxx rather than mbedtls_md_xxx. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-02-08 11:27:42 +01:00
Xiaofei Bai	c234ecf695	Update mbedtls_ssl_handshake_free() and address review comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard	45c5768a74	Merge pull request #5434 from mprse/tls_use_psa TLS Cipher: use PSA crypto	2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard	5d6053f548	Fix a typo Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-08 10:26:19 +01:00
Xiaofei Bai	51f515a503	update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 07:28:04 +00:00
Jerry Yu	0ff8ac89f5	fix comments issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel	c499e33ed0	ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard	ff229cf639	Add debug message for wrong curve The non-PSA path has a debug message here, so let's have a similar one in the PSA case - just add the curve ID to be a bit more informative. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard	422370d633	Improve a comment and fix some whitespace Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel	c8a06feae6	ssl_msg.c: Optimize null/stream cipher decryption/encryption Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel	98ef6dca68	Remove redundant new lines Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel	6928a5164d	Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	8c010eb467	Fix comments, code style, remove debug code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	6b2eedd25f	ssl_msg.c: add debug code for psa failures Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard	141be6cc7f	Fix missing check on server-chosen curve We had this check in the non-PSA case, but it was missing in the PSA case. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	0d63b84fa4	Add mbedtls_ssl_check_curve_tls_id() (internal) This can be used to validate the server's choice of group in the PSA case (this will be done in the next commit). Note that new function doesn't depend on ECP_C, as it only requires mbedtls_ssl_get_groups(), which is always available. As a general rule, functions for defining and enforcing policy in the TLS module should not depend on low-level modules but work with TLS-level identifiers are much as possible, and this new function follows that principle. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	3caa0edb9b	Remove dead preprocessor code There's no way currently (see below regarding the future) that ECC-based key exchanges are enabled without ECP_C being defined. So, the #if was fully redundant with the checks surrounding the function, as it always evaluated to true. The situation arose as, in the old days (before Mbed TLS 2.0), mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back then) was optional, controlled by its own compile-time option POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by that. When it was made non-optional, a blind s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in stupid situations like this with redundant checks for ECP_C. Note regarding the future: at some point it will be possible to compile with ECC-based key exchanges but without ECP_C. This doesn't change anything to the reasoning above: mbedtls_ssl_check_curve() will be available in all builds where ECC is used; it will just need a new definition (with new guards), but that doesn't change anything for its callers. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	4a0ac1f160	Remove mbedtls_psa_tls_ecpoint_to_psa_ec() Same reasons as for the previous commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard	58d2383ef4	Remove mbedtls_psa_tls_psa_ec_to_ecpoint() Initially this function was doing something because the output format of psa_export_public() didn't match the ECPoint format that TLS wants. Then it became a no-op then the output format of psa_export_public() changed, but it made sense to still keep the function in case the format changed again. Now that the PSA Crypto API has reached 1.0 status, this is unlikely to happen, so the no-op function is no longer useful. Removing it de-clutters the code a bit; while at it we can remove a temporary stack buffer (that was up to 133 bytes). It's OK to remove this function even if it was declared in a public header, as there's a warning at the top of the file saying it's not part of the public API. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard	e5119898e4	Improve a comment Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel	d66387f8fa	Init psa status to PSA_ERROR_CORRUPTION_DETECTED Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel	b97556e8d1	mbedtls_ssl_encrypt/decrypt_buf: remove dead code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel	f9cd60853f	ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard	9cb7b8d263	Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug	2022-02-01 09:21:27 +01:00
Tautvydas Žilys	40fc7da101	Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1. Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>	2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel	77aec8d181	Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel	be47ecf5e2	mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel	2c87a200a3	ssl_write_encrypt_then_mac_ext(): adapt to psa crypto Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	89dad93a78	Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	399ed51185	Fix condition in mbedtls_ssl_get_record_expansion Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	e5c2238a99	Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	f57b45660d	Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. New function name: mbedtls_ssl_cipher_to_psa(). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	1d714479a3	mbedtls_ssl_get_record_expansion: rework switch statement for psa As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	e88477844c	Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version mode == MBEDTLS_MODE_CCM \|\| mode == MBEDTLS_GCM \|\| mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	221b52791e	ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	9b22c2b1e6	Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	6be9cf542f	Cleanup the code Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	d4eab57933	Skip psa encryption/decryption for null cipher Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	ce09e7d868	Use psa_status_to_mbedtls() for psa error case Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	fe7397d8a7	Fix key attributes encrypt or decrypt only (not both) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	dd7b501c92	Move PSA init after taglen is set Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	e87475d834	Move psa_status_to_mbedtls to ssl_misc.h Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	8398a67e31	Fix description of the translation function Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	1fe065b235	Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	2e9711f766	mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	b37fae122c	mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	76e1583483	Convert psa status to mbedtls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	11a33e6d90	Use PSA_BITS_TO_BYTES macro to convert key bits to bytes Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ae77b0ab28	mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ffccda45df	ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ce37d11c67	mbedtls_ssl_transform_free(): fix destruction of psa keys Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	8f80fb9b1d	Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	44187d7a3e	Extend mbedtls_ssl_transform struct for psa keys and alg Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	430f337b49	Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Paul Elliott	a9f32fbb21	Merge pull request #5382 from lhuang04/tls13_f_export_keys Swap the client and server random for TLS 1.3 f_export_keys	2022-01-28 12:09:19 +00:00
Xiaofei Bai	6d42bb430c	Update mbedtls_ssl_handshake_free() Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard	f7d704dbd2	Avoid dead code in some configurations Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-28 10:05:56 +01:00
Xiaofei Bai	f5b4d25cfa	Add received_sig_algs member to struct mbedtls_ssl_handshake_params Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 06:37:15 +00:00
Jerry Yu	fb28b88e26	move client_auth to handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-28 11:05:58 +08:00
lhuang04	a3890a3427	Swap the client and server random for TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-01-27 06:00:43 -08:00
XiaokangQian	8499b6ce25	Only free verify_cookie in tls 1.3 case. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 09:00:11 +00:00
Xiaofei Bai	82f0a9a1db	Rebase and address review comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-27 07:53:52 +00:00
XiaokangQian	a909061c2a	Refine HRR parse successfully message in test cases Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 03:48:27 +00:00
XiaokangQian	34909746df	Change cookie free code and some comments Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 02:25:04 +00:00
Tautvydas Žilys	60165d7708	Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug. Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>	2022-01-26 15:44:10 -08:00
XiaokangQian	52da558103	Change code base on comments Align the alert type in parse_server_hello Remove MBEDTLS_SSL_COOKIE_C guard Enable cookie for both DTLS and TLS1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	aec1f3e913	Cookie fields are used only by DTLS 1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	b119a35d07	Refine fatal alert in parse_server_hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	d59be77ce7	Refine code based on comments Add comments for parse hrr key share and cookie Change variable names based on RFC8466 Refine fatal allerts in parse server hello and hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	0ece998287	Refine code in mbedtls_ssl_reset_transcript_for_hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	f1e7d12cb6	Fix compile issues in mbedtls_ssl_session_reset_msg_layer Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	43550bd761	Prepare function to parse hrr cookie extension Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	2b01dc30cb	Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	355e09ae9d	Change code base on comments Change functions name Change some comments Improve hrr test case for gnutls Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	53f20b71c5	Improve ssl_tls13_parse_server_hello Avoid coping random bytes in hrr Send illegal parameter alert when cipher suite mismatch Send illegal parameter alert when supported_version not exist Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	d9e068e10b	Change code based on comments Align coding styles Add hrr parameter for ssl_tls13_parse_server_hello Add reset steps for SHA384 in HRR Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	8945db36ab	Reduce paramter hrr from ssl_tls13_parse_server_hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	b48894eca4	Add buffer check for named group Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	16acd4b3e4	Reject the second HRR earlier and align naming styles Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	b851da8a44	Re-construct the code to merge hello and hrr based on comments Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	0b56a8f85c	Replace curve_list with group_list and add update test scripts Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	51eff22c9b	Align oode style with server hello parse Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	647719a172	Add hello retry request in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:50:06 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	de3f13e0b8	update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	f6d3696eda	fix test failures Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	a0ab777cfc	update based on comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	e1e344213a	Add TLS1.3 process certificate request Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:52 +00:00
Ronald Cron	f51b79c297	Merge pull request #5355 from yuhaoth/pr/remove-duplicate-sig-alg-ext Remove duplicate write signature algorithms extension The failure of ABI-API-checking is expected.	2022-01-26 10:05:26 +01:00
Jerry Yu	ed5e9f431d	Change ecdsa sig_algs order for tls1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-26 12:41:12 +08:00
Manuel Pégourié-Gonnard	9d95d81eae	Merge pull request #5359 from hanno-arm/mpi_montmul_remove_dead_code Remove redundant write operation in Montgomery multiplication	2022-01-25 13:00:19 +01:00
Jerry Yu	0b994b8061	fix typo error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 17:22:12 +08:00
Jerry Yu	53037894ab	change the defaut sig_algs order Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	18c833e2eb	fix tls1_2 only sig_algs order issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	f377d644f5	Refactor duplicate check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	6ade743a43	Add mbedtls_printf alias for !PLATFORM_C Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	370e146acb	fix comments issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	909df7b17b	Refactor *_sig_algs tables Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	b476a44fc6	Add static assert check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	971988528d	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	941e07ff02	fix test_no_platform fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1a8b481ce6	Remove duplicated signature algorithm in default settings Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	600ded7ea5	Reserve end tag space at sig_algs_len init. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	a68dca24ee	move overflow inside loop Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	8afd6e4308	fix typo issues in comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	eb821c6916	remove check_sig_hash Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	24811fb2e0	replace check_sig_hash with is_offered Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1bab301c0d	Add signature algorithm supported check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	7ddc38cedb	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	4131ec1260	Add signature algorithm length check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	a69269a711	change sig_algs_len unit to byte Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	713013fa80	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	e12f1ddcfa	fix check names fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	11f0a9c2c4	fix deprecated-declarations error replace sig_hashes with sig_alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	6106fdc085	fix build fail without TLS13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	f017ee4203	merge write sig_alg of tls12 and tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_misc.h	2022-01-25 12:46:17 +08:00
Jerry Yu	1abd1bc22f	Change write_sig_alg_ext of tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	2d0bd32982	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	0e5bcb6bf5	Replace directly access for sig_hashes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	08e2ceae18	Remove directly access for tls13_sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	afdfed16d0	add get sig_algs helper function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	18cd43909b	Align signature_algorithms extension name Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Dave Rodgman	b032685543	Merge pull request #5309 from gilles-peskine-arm/pkparse-pkcs8-unencrypted-no-alloc mbedtls_pk_parse_key: don't allocate if not needed	2022-01-24 10:03:48 +00:00
Gilles Peskine	6d6d93ea4a	Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup Detect invalid tag lengths in psa_aead_setup	2022-01-21 21:46:37 +01:00
Gilles Peskine	fe271b9c92	Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly	2022-01-21 21:46:08 +01:00
Andrzej Kurek	f881601c91	Detect invalid tag lengths in psa_aead_setup Read tag lengths from the driver and validate against preset values. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-20 07:40:12 -05:00
Manuel Pégourié-Gonnard	d2da19b8eb	Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO	2022-01-18 09:16:25 +01:00
Ronald Cron	188ed19456	Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext Remove duplicate function for writing supported_groups extension	2022-01-17 09:13:14 +01:00
Andrzej Kurek	63439eda62	Return an error for IV lengths other than 12 with ChaCha20+Poly1305 The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-14 16:31:54 +01:00
Andrzej Kurek	33ca6af8a3	Return an error for IV lengths other than 12 with ChaCha20 The implementation was silently overwriting the IV length to 12 even though the caller passed a different value. Change the behavior to signal that a different length is not supported. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard	73839e02a7	Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat Reset dhm_P and dhm_G if config call repeated; avoid memory leak	2022-01-14 10:41:06 +01:00
Bence Szépkúti	aa3a6e4ea7	Fix brace placement Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-13 16:26:03 +01:00
Bence Szépkúti	39fb9d170b	Rename helper function to psa_aead_check_algorithm Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-13 14:33:45 +01:00
Jerry Yu	d491ea4f18	fix comment issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-13 16:15:25 +08:00
Glenn Strauss	8f52690956	Add accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-13 00:05:48 -05:00
Jerry Yu	b925f21806	fix comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 11:17:02 +08:00
Jerry Yu	f0fede56a6	minor performance improvement Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 10:57:47 +08:00
Jerry Yu	1510cea0f3	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 10:56:49 +08:00
Jerry Yu	3ad14ac9e9	Add named group IANA value check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 17:13:16 +08:00
Jerry Yu	f46b016058	skip some extensions if ephemeral not enabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 16:28:00 +08:00
Jerry Yu	63282b4321	Refactor write supported group Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 15:43:53 +08:00
Hanno Becker	bae3023576	Make more use of helper function for init/free of MPI array Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-11 05:06:54 +00:00
Jerry Yu	7f029d8a94	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 11:08:53 +08:00
Przemyslaw Stekiel	2ecfd57b93	psa_asymmetric_decrypt: move build-in impl to mbedtls_psa_asymmetric_decrypt Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel	71284eabdb	psa_asymmetric_decrypt: add test driver impl Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:06 +01:00
Przemyslaw Stekiel	8d45c00759	psa_asymmetric_decrypt: access the key store and call driver dispatch Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel	234f318bd7	psa_asymmetric_encrypt: move build-in impl to mbedtls_psa_asymmetric_encrypt Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel	b6a6650a64	psa_asymmetric_encrypt: add test driver impl Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Przemyslaw Stekiel	19e6142214	psa_asymmetric_encrypt: access the key store and call driver dispatch Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-10 12:55:05 +01:00
Hanno Becker	466df6e713	Introduce helper function for init/free of MPI array Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-10 11:24:42 +00:00
Hanno Becker	ac4d4bc97c	Improve documentation of ECP module Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-09 06:34:04 +00:00
Hanno Becker	ee95f6c4c9	Don't allow Z coordinate being unset in ecp_add_mixed() Previously, ecp_add_mixed(), commputing say P+Q, would allow for the Q parameter to have an unset Z coordinate as a shortcut for Z == 1. This was leveraged during computation and usage of the T-table (storing low multiples of the to-be-multiplied point on the curve). It is a potentially error-prone corner case, though, since an MPIs with unset data pointer coordinate and limb size 0 is also a valid representation of the number 0. As a first step towards removing ECP points with unset Z coordinate, the constant time T-array getter ecp_select_comb() has previously been modified to return 'full' mbedtls_ecp_point structures, including a 1-initialized Z-coordinate. Similarly, this commit ... - Modifies ecp_normalize_jac_many() to set the Z coordinates of the points it operates on to 1 instead of freeing them. - Frees the Z-coordinates of the T[]-array explicitly once the computation and normalization of the T-table has finished. As a minimal functional difference between old and new code, the new code also frees the Z-coordinate of T[0]=P, which the old code did not. - Modifies ecp_add_mixed() to no longer allow unset Z coordinates. Except for the post-precomputation storage form of the T[] array, the code does therefore no longer use EC points with unset Z coordinate. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-09 05:52:40 +00:00
Bence Szépkúti	08f34656cb	Return the same error in multipart and single shot AEAD psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or psa_aead_decrypt(). The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT in the case that the supplied algorithm is not an AEAD one. Also move these shared checks to a helper function, to reduce code duplication and ensure that the functions remain in sync. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-01-07 19:36:07 +01:00
Hanno Becker	c27a0e0093	Add more wrappers for ECP MPI operations Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-06 09:21:50 +00:00
Hanno Becker	595616e5cd	Add more wrappers for internal ECP coordinate operations Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-06 05:12:02 +00:00
Hanno Becker	6a28870b1e	Make ecp_select_comb() create valid EC point with Z coordinate set ecp_select_comb() did previously not set the Z coordinate of the target point. Instead, callers would either set it explicitly or leave it uninitialized, relying on the (only partly upheld) convention that sometimes an uninitialized Z value represents 1. This commit modifies ecp_select_comb() to always set the Z coordinate to 1. This comes at the cost of memory for a single coordinate, which seems worth it for the increased robustness. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-06 04:46:45 +00:00
Manuel Pégourié-Gonnard	6ced002a69	Count allocs without side-effects At the end of the benchmark program, heap stats are printed, and these stats will be wrong if we reset counters in the middle. Also remove the function to reset counters, in order to encourage other programs to behave correctly as well. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-05 10:08:59 +01:00
Hanno Becker	30838868ac	Keep temporaries across iterations of ecp_double_add_mxz() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-05 06:09:42 +00:00
Manuel Pégourié-Gonnard	35415a0c46	Add counter access to memory debug API Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-01-04 10:23:34 +01:00
Hanno Becker	3b29f2194b	Keep temporaries across iterations of ecp_add_mixed() This saves heap operations Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:34:14 +00:00
Hanno Becker	a7f8edd709	Keep temporaries across iterated invocations of ecp_double_jac() This reduces the number of heap operations. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:29:46 +00:00
Hanno Becker	28ccb1cc90	Reduce number of local MPIs from 9 to 4 in ecp_double_add_mxz() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:15:14 +00:00
Hanno Becker	376dc89519	Reorder ops in ecp_double_add_mxz() to indicate redundant local MPIs Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 07:14:07 +00:00
Hanno Becker	0d629791e9	Remove local MPI from ecp_randomize_jac() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:45:49 +00:00
Hanno Becker	885ed403c9	Introduce wrapper for modular squaring This paves the way for dedicated squaring implementations. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:43:50 +00:00
Hanno Becker	b8442cd9c6	Remove another local MPI from ecp_normalize_jac_many() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:42 +00:00
Hanno Becker	02a999b91a	Remove local MPI from ecp_normalize_jac_many() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:42 +00:00
Hanno Becker	838b715fcc	Add comment on input/output aliasing in ecp_add_mixed() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:42 +00:00
Hanno Becker	ce29ae84dd	Introduce macro wrappers for ECC modular arithmetic This improves readibility and prepares for further changes like the introduction of a single double-width temporary for ECP arithmetic. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-04 06:32:39 +00:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Hanno Becker	76f897d699	Reduce number of temporary MPIs in ECP normalization Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-02 12:47:34 +00:00
Hanno Becker	02b35bd00a	Introduce wrapper for modular multiplication with single-width const Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-01 06:54:25 +00:00
Hanno Becker	5c8ea307b8	Reduce number of local MPIs in ECP mixed point addition `ecp_add_mixed()` and `ecp_double_jac()` are the core subroutines for elliptic curve arithmetic, and as such crucial for the performance of ECP primitives like ECDHE and ECDSA. This commit provides a very slight simplification and performance and memory usage improvement to `ecp_add_mixed()` by removing the use of three temporary MPIs used for coordinate calculations. Where those variables were used, the code now writes directly to the coordinate MPIs of the target elliptic curve point. This is a valid change even if there is aliasing between input and output, since at the time any of the coordinate MPIs in question is written, the corresponding coordinates of both inputs are no longer read. (The analogous change in `ecp_double_jac()` can not be made since this property does not hold for `ecp_double_jac()`.) Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-01-01 06:16:16 +00:00
Max Fillinger	0bb38336a5	Add function to get md info from md context Signed-off-by: Max Fillinger <max@max-fillinger.net>	2021-12-28 16:32:00 +01:00
Jerry Yu	ffef9c52d4	fix alignment issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-24 22:31:08 +08:00
Hanno Becker	9a83443af2	Remove redundant write operation in Montgomery multiplication This commit removes code from the Montgomery multiplication routine `mpi_montmul()` which seems to serve no purpose. Details: `mpi_montmul()` uses a temporary storage `T` for intermediate results which is assumed to be of twice the size as the inputs to be multiplied, and which is used as follows: After the i-th (i=0,1,...) iteration, the n-limb word starting at `T->p + i + 1` contains the Montgomery multiplication of B with the limbs 0,..,i of A, and the variable `d` points to `T->p + i + 1`. In particular, after `n` iterations, `T->p + n` holds the full multiplication (subject to conditional subtraction). As a consequence of this way of using the temporary `T`, the contents of `{T->p, ..., T->p + i}` are irrelevant after the i-th iteration. Nonetheless, the code copies `A[i]` to `T->p[i]` at the end of the i-th iterations, which is redundant and can be removed. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-12-22 11:23:27 +00:00
Jerry Yu	136320ba0b	fix ci fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 17:09:00 +08:00
Jerry Yu	1ea9d10687	fix test_ref_configs build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 14:52:38 +08:00
Glenn Strauss	cee11296aa	Reset dhm_P and dhm_G if config call repeated Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated to avoid leaking memory. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2021-12-20 20:24:56 -05:00
Jerry Yu	1753261083	change write_supported_groups_ext prototype Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:32:09 +08:00
Jerry Yu	9d555ac003	Remove TLS12 version write_supported_group_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:27:58 +08:00
Jerry Yu	7581c11fc7	Remove tls13_write_supported_groups_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:25:41 +08:00
Jerry Yu	ba07342cd6	Add generic write_supported-groups_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:22:15 +08:00
Jerry Yu	b47d0f893e	Replace SUPPORTED_ELLIPTIC_CURVES with SUPPORTED_GROUPS According to RFC7919 and RFC8442 , they are same. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 17:38:50 +08:00
Archana	4a9e02632a	Review comments addressed * Updated the default argument to create less noise with argument passing. * Reworded ChangeLog to match MbedTLS documentation/ announcement requirements Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 13:37:37 +05:30
Archana	c08248d650	Rename the template file from .conf to .jinja Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:35:15 +05:30
Archana	e03960e460	Restructure Python script to use argparse and main Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-19 10:34:59 +05:30
Archana	b32eafff51	Add psa_crypto_driver_wrappers.c to .gitignore Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 13:29:10 +05:30
Archana	6f21e45b78	Fix Pylint errors and improve Python script Pylint errors are fixed. The Python script is improved to take default arguments when not passed (eg invoked from root of the tree) check-generated-files.sh and CMakeLists.sh updated. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 13:28:59 +05:30
Archana	a8939b6da3	Restructure scripts' folder alignment Moved python script generate_driver_wrappers.py under scripts and corresponding template file under script/data_files. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:57:15 +05:30
Archana	1f1a34a226	Rev 1.0 of Driver Wrappers code gen The psa_crypto_driver_wrappers.c is merely rendered with no real templating in version 1.0. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 12:22:06 +05:30
Archana	68eb2ac960	Deleted psa_crypto_driver_wrappers.c The file psa_crypto_driver_wrappers.c is deleted to be autogenerated. Updated psa_crypto_driver_wrappers.h, this file only contains the prototypes for the driver wrappers, we don't expect this to be auto generated. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-12-18 10:51:52 +05:30
Dave Rodgman	77d778eee2	Merge branch 'development' into mbedtls-3.1.0_merge_into_release	2021-12-17 10:01:53 +00:00
Dave Rodgman	b8c3301b80	Revert "Add generated files" This reverts commit `4e62cbc322`.	2021-12-17 09:44:04 +00:00
Gilles Peskine	863b96a21b	Add copyright notice to ssl_debug_helpers* Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-16 10:04:58 +01:00
Gilles Peskine	1a1e78fa55	Remove comments indicating that the file was automatically generated Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:58:22 +01:00
Gilles Peskine	923d5c9e3c	Rename ssl_debug_helpers.h It's no longer generated, so rename it accordingly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:56:54 +01:00
Gilles Peskine	ccbc318fc5	Remove generation of ssl_debug_helpers_generated.h It's now under version control and meant to be updated manually. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:55:37 +01:00
Gilles Peskine	09f1ee68b6	Commit header file Having an automatically generated header file makes it harder to have working build scripts. The content of ssl_debug_helpers_generated.h isn't likely to change often, so we can update it manually. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-15 12:55:33 +01:00
Ronald Cron	4e62cbc322	Add generated files Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 09:02:53 +01:00
Ronald Cron	17b1e2f6c3	Bump version to 3.1.0 Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17 + fix of build_info.h Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 09:02:53 +01:00
Ronald Cron	9ed3873905	psa: driver wrapper: cipher: Fix unused variable warning Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-14 18:11:06 +01:00
Ronald Cron	8188d19b0e	Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr	2021-12-14 10:58:18 +01:00
Gilles Peskine	12e27d4c5b	List ssl_debug_helpers_generated.h in generated files Running `generate_ssl_debug_helpers.py` generates both `ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`. List the `.h` file as well as the `.c` file in `check-generated-files.sh` so that `check-generated-files.sh -u` will complain if it isn't up to date. List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when to wait until the `.h` file is present. In `Makefile`, declare the `.c` file as depending on the `.h` file for order. This way, a dependency for either will wait until the `.h` file is present, and since the `.h` file is generated after the `.c` file, this guarantees that the `.c` file is present. This fixes random failures of `make -j` from a fresh checkout. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-14 00:19:47 +01:00
Gilles Peskine	32d2a58cc2	Merge pull request #5325 from gilles-peskine-arm/zeroize-tag-3.1 Zeroize expected MAC/tag intermediate variables	2021-12-13 19:09:30 +01:00
Gilles Peskine	cd74298c83	mbedtls_cipher_check_tag: jump on error for more robustness to refactoring Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 17:01:25 +01:00
Gilles Peskine	a5c18512b9	Merge pull request #5155 from paul-elliott-arm/pcks12_fix Fixes for pkcs12 with NULL and/or zero length password	2021-12-13 14:52:36 +01:00
Gilles Peskine	a4174312da	Initialize hash_len before using it Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 14:38:40 +01:00
Gilles Peskine	14d5fef6b7	PKCS#1v1.5 signature: better cleanup of temporary values Zeroize temporary buffers used to sanity-check the signature. If there is an error, overwrite the tentative signature in the output buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:37:55 +01:00
Gilles Peskine	f0fd4c3aee	mbedtls_ssl_parse_finished: zeroize expected finished value on error Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:36:15 +01:00
Gilles Peskine	c2f7b75a71	mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:35:08 +01:00
Gilles Peskine	60aebec47e	PSA hash verification: zeroize expected hash on hash mismatch Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:33:18 +01:00
Gilles Peskine	e7835d92c1	mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:32:43 +01:00
Dave Rodgman	050ad4bb50	Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac Check HMAC return values	2021-12-13 10:51:27 +00:00
Gilles Peskine	ecf6bebb9c	Catch failures of md_hmac operations Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that their return values should be checked. Do check the return values in our code. We were already doing that everywhere for hash calculations, but not for HMAC calculations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 15:00:57 +01:00
Gilles Peskine	d5ba50e239	Zeroize local MAC variables Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption, this is just good hygiene but probably not needed for security since the data protected by the MAC that could leak is about to be transmitted anyway. In DTLS decryption, this could be a security issue since an adversary could learn the MAC of data that they were trying to inject. At least with encrypt-then-MAC, the adversary could then easily inject a datagram with a corrected packet. TLS would still be safe since the receiver would close the connection after the bad MAC. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 14:59:45 +01:00
Gilles Peskine	0ca219575a	mbedtls_pk_parse_key: don't allocate if not needed mbedtls_pk_parse_key() makes a temporary copy of the key when it calls pk_parse_key_pkcs8_encrypted_der(), because that function requires a writable buffer. pk_parse_key_pkcs8_encrypted_der() always rejects an empty password, so skip calling it in that case, which allows us to skip the allocation as well. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-10 17:36:37 +01:00
Ronald Cron	db6adc5aad	ssl: Fix some compilation guards for TLS 1.3 signature algorithms Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 14:25:35 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Dave Rodgman	76a2b306ac	Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated Add debug helpers generated	2021-12-10 11:56:55 +00:00
Manuel Pégourié-Gonnard	4525cce691	Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done TLS1.3 MVP: Erase secrets when they are not necessary anymore.	2021-12-10 12:48:25 +01:00
Ronald Cron	6b07916e40	Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client Add initial support for "Middlebox Compatibility Mode"	2021-12-10 11:58:05 +01:00
Jerry Yu	a5563f6115	move position of base_key init Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 18:14:36 +08:00
Jerry Yu	b737f6a9be	move base_key init Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 17:55:59 +08:00
Ronald Cron	574ace48d8	Remove unnecessary blank line Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 10:27:25 +01:00
Jerry Yu	9c07473ebc	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 17:12:43 +08:00
Jerry Yu	889b3b76da	fix clang build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:57:45 +08:00
Jerry Yu	d05e1cec4b	fix build fail on `check_*` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:03 +08:00
Jerry Yu	e6369b0061	fix test_cmake_as_package fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:03 +08:00
Jerry Yu	eb96fb508e	Add cmake generator Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:03 +08:00
Jerry Yu	e3b3412bc4	Add tests for enum helper Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:45:52 +08:00
Jerry Yu	e78ee99624	add enum value to string helpers Only add helpers for enum in `ssl.h`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:43:30 +08:00
Jerry Yu	4a2fa5d0aa	Move erase handshake secrets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:37:14 +08:00
Jerry Yu	27224f58be	fix coding style issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	5132771f5f	Revert "fix possible security leak for counter" This reverts commit 8aab77e11e2aebec09dc9d682b16373771471fe0. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	7ca3054795	move zerioize tls13_hs_secrets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	23ab7a46a3	move zeroize master secrets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	2c70a39d97	move zeroize randbytes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	bdfd01835a	fix compile break after merge Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	a986e9faac	Clean handshake secrets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	d103bdb01d	Clean randbytes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	745db226db	fix possible security leak for counter Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Gilles Peskine	d5b2a59826	Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm PSA Multipart AEAD CCM Internal implementation and tests.	2021-12-09 14:49:42 +01:00
Ronald Cron	d4c64027a5	tls13: Move state transition after sending CCS to ssl_tls13_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	49ad6197ca	Add injection of dummy's ChangeCipherSpec for middlebox compatibility Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	7e38cba993	Add incoming ChangeCipherSpec filtering in TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard	c38c1f2411	Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 Reorder structure fields to maximize usage of immediate offset access	2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard	d7d740eb6e	Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions Move base64 constant-time functions to the new module	2021-12-09 12:40:18 +01:00
Manuel Pégourié-Gonnard	b873577fc3	Merge pull request #5240 from duckpowermb/development [session] fix a session copy bug	2021-12-09 09:23:23 +01:00
Gilles Peskine	cfe74a37b9	mbedtls_ssl_handshake_params: move ecrs_ctx back further "mbedtls_ssl_handshake_params: reorder fields to save code size" moved this filed earlier along with byte-sized fields that should be in the 128-element access window on Arm Thumb. This took away precious room in the 128-byte window. Move it back further out. Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2860 -> 2816 (diff: 44) library/ssl_msg.o: 3080 -> 3076 (diff: 4) library/ssl_srv.o: 3340 -> 3300 (diff: 40) library/ssl_tls.o: 6546 -> 6478 (diff: 68) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-08 18:38:51 +01:00
Gilles Peskine	41139a2541	mbedtls_ssl_handshake_params: move group_list earlier to save code size Placing group_list earlier seems to help significantly, not just as a matter of placing it in the 128-element (512-byte) access window. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19559 -> 19551 (diff: 8) library/ssl_msg.o: 24690 -> 24674 (diff: 16) library/ssl_srv.o: 20418 -> 20406 (diff: 12) library/ssl_tls.o: 20555 -> 20519 (diff: 36) library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4) library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4) Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 2864 -> 2860 (diff: 4) library/ssl_tls.o: 6566 -> 6546 (diff: 20) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-08 18:26:55 +01:00
Ronald Cron	1865585eab	Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests	2021-12-08 14:56:39 +01:00
Manuel Pégourié-Gonnard	5d9f42200f	Merge pull request #861 from ronald-cron-arm/fix-aead-nonce psa: aead: Fix invalid output buffer usage in generate_nonce()	2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard	39c2aba920	Merge pull request #849 from ronald-cron-arm/fix-cipher-iv Avoid using encryption output buffer to pass generated IV to PSA driver	2021-12-08 13:30:06 +01:00
Gilles Peskine	392113434a	Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x Forward port to 3.x: Introduce PSA test driver library to test PSA configuration	2021-12-07 12:52:20 +01:00
Ronald Cron	0b4d12313a	Remove assertion on local nonce buffer size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-07 10:45:00 +01:00
Ronald Cron	a393619dc2	Change test on local nonce buffer size to an assertion Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-07 09:25:20 +01:00
Dave Rodgman	351c71b7f2	Fix builds when config.h only defines MBEDTLS_BIGNUM_C Fixes #4929 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-06 17:50:53 +00:00
Jerry Yu	6eaa41c15e	Fix overflow error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Ronald Cron	f467d6306c	psa: Fix obsolete code guard Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	fd25ddbf58	psa: Fix and improve comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	0266cfed51	psa: Remove test code in the library The current testing of the PSA configuration is based on test code located in the library itself. Remove this code as we are moving to using a test library instead. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	40170d9516	tests: Rename test driver entry points Rename test driver entry points to libtestdriver1_<name of the Mbed TLS entry point>. This aligns with the renaming of all Mbed TLS APIs for the test driver library (that will be put in place in the following commits) to avoid name conflicts when linking it with the Mbed TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	5601cd2cf1	psa: test driver: Move driver test entry points prototypes In preparation of the driver test entry points to be provided by a test driver library, move their prototypes to tests directory. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	9ba7691bf7	psa: Add driver initialization and termination Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	7a55deb5a8	psa: Fix unused variable warnings Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	89b4aa7efc	psa: asymmetric_encrypt/decrypt: Improve error code consistency In psa_asymmetric_encrypt/decrypt(), always return PSA_ERROR_INVALID_ARGUMENT if the key is a PSA key and the algorithm is not a PSA algorithm we know about, whether RSA is supported or not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:27 +01:00
Ronald Cron	73c9d9e254	psa: driver: Reduce the scope of test driver entry points Define test driver entry points that provide an alternative to Mbed TLS driver entry points only when the PSA configuration is used. Their purpose is only to test the PSA configuration thus there is no good reason to use them out of this scope. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-06 07:50:18 +01:00
Ronald Cron	69a63426af	psa: Fix the size of hash buffers Fix the size of hash buffers for PSA hash operations. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-03 18:55:33 +01:00
Ronald Cron	56f7897e7d	psa: Fix hash and mac operation type The test entry points defined in psa_crypto_hash.c and psa_crypto_mac.c are supposed to be exact clones of the Mbed TLS driver entry points. Thus the operation type should be the Mbed TLS operation type not a test one. There was no compilation error as the hash and cipher operation test types are currently equal to the Mbed TLS ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-03 18:55:33 +01:00
Ronald Cron	81ca97e080	tests: psa driver: Align RSA/ECP sign/verify hash dispatch Align RSA/ECP sign/verify hash dispatch with the corresponding code of the library. The library code was modified recently but not the test code one and these modifications ease the following work. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-03 18:55:33 +01:00
Ronald Cron	a72b12defb	tests: psa: driver: mac: Remove opaque entry points in library Opaque test entry points will be implemented only in test code. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-03 18:55:33 +01:00
Ronald Cron	170067043f	psa: Fix unused variable warnings Fix unused variable warnings when no AEAD algorithm is enabled in the build. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-03 18:55:24 +01:00
Paul Elliott	2fd6b61420	Remove incorrect hashing Incorrect interpretation of 'empty' Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-02 18:03:12 +00:00
Paul Elliott	7298bef693	Add explanation for safety in function Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-02 17:51:34 +00:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Gilles Peskine	ec45c1e174	mbedtls_ssl_handshake_params: reorder fields to save code size Reorder fields mbedtls_ssl_handshake_params in order to save code on Arm Thumb builds. The general idea is to put often-used fields in the direct access window of 128 elements from the beginning of the structure. The reordering is a human selection based on a report of field offset and use counts, and informed by measuring the code size with various arrangements. Some notes: * This is the same reordering as the corresponding commit in #5189 for 2.2x. * I moved most byte-sized fields at the beginning where they're sure to be in the direct access window. * I moved buffering earlier because it can be around the threshold depending on the configuration, and it's accessed in a lot of places. * I moved several fields, including update_checksum and friends, early so that they're guaranteed to be in the early access window. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19763 -> 19687 (diff: 76) library/ssl_msg.o: 24874 -> 24834 (diff: 40) library/ssl_srv.o: 20754 -> 20562 (diff: 192) library/ssl_tls.o: 21003 -> 20907 (diff: 96) library/ssl_tls13_client.o: 7284 -> 7272 (diff: 12) library/ssl_tls13_generic.o: 4749 -> 4721 (diff: 28) library/ssl_tls13_keys.o: 5133 -> 5077 (diff: 56) Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT + MBEDTLS_ECP_RESTARTABLE): library/ssl_cli.o: 3000 -> 2936 (diff: 64) library/ssl_msg.o: 3084 -> 3080 (diff: 4) library/ssl_srv.o: 3428 -> 3400 (diff: 28) library/ssl_tls.o: 6754 -> 6730 (diff: 24) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-29 12:18:09 +01:00
Gilles Peskine	55490d4e1f	mbedtls_ssl_handshake_params: use bytes for some small values Replace bitfields mbedtls_ssl_handshake_params by bytes. This saves some code size, and since the bitfields weren't group, this doesn't increase the RAM usage. Replace several ints that only store values in the range 0..255 by uint8_t. This can increase or decrease the code size depending on the architecture and on how the field is used. I chose changes that save code size on Arm Thumb builds and will save more after field reordering. Leave the bitfields in struct mbedtls_ssl_hs_buffer alone: replacing them by uint8_t slightly increases the code size. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/ssl_cli.o: 19759 -> 19763 (diff: -4) library/ssl_srv.o: 20790 -> 20754 (diff: 36) library/ssl_tls13_keys.o: 5153 -> 5133 (diff: 20) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-29 12:01:39 +01:00
Ronald Cron	cae5909053	psa: aead: Fix invalid output buffer usage in generate_nonce() Don't use the output buffer in psa_aead_generate_nonce() to pass the generated nonce to the driver as a local attacker could potentially control it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-11-29 08:43:15 +01:00
吴敬辉	0b71611c80	[session] fix a session copy bug fix a possible double reference on 'ticket' when peer_cert/peer_cert_digest calloc failed. Signed-off-by: 吴敬辉 <11137405@vivo.com>	2021-11-29 10:50:04 +08:00
Gabor Mezei	a09697527b	Add documentation for the functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:25:14 +01:00
Gabor Mezei	14d5fac11d	Unify function parameters Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:23:26 +01:00
Gabor Mezei	c0d8dda60d	Make mbedtls_ct_uchar_mask_of_range function static Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:20:36 +01:00
Gabor Mezei	d77b86cc5b	Delete base64_invasive.h due to functions are moved to the constant-time module Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:20:02 +01:00
Gabor Mezei	358829abc9	Move mbedtls_ct_base64_dec_value function to the constant-time module Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:14:52 +01:00
Gabor Mezei	9a4074aa1e	Move mbedtls_ct_base64_enc_char function to the constant-time module Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:14:21 +01:00
Gabor Mezei	28d611559e	Move mbedtls_ct_uchar_mask_of_range function to the constant-time module Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 17:09:38 +01:00
Gabor Mezei	b8d78926eb	Rename functions to have suitable name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-26 16:51:18 +01:00
Ronald Cron	c6e6f50d47	psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt() Don't use the output buffer in psa_cipher_encrypt() to pass the generated IV to the driver as local attacker could potentially control it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-11-26 15:46:20 +01:00
Ronald Cron	9b67428e22	psa: cipher: Add IV parameters to cipher_encrypt entry point Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-11-26 15:46:20 +01:00
Ronald Cron	2391952a4c	psa: cipher: Align APIs execution flow Align the execution of cipher one-shot APIs with that of cipher multi-part APIs: always exit through the exit-labelled section. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-11-26 15:46:20 +01:00
Ronald Cron	2fb9052838	psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv() Don't use the output buffer in psa_cipher_generate_iv() to pass the generated IV to the driver as local attacker could potentially control it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-11-26 15:46:20 +01:00
Gilles Peskine	8716f17961	Tweak whitespace for readability Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-26 12:47:55 +01:00
Gilles Peskine	2d8a182407	PSA global data: move fields around to save code size Move fields around to have fewer accesses outside the 128-element Thumb direct access window. Make the same change as in 2.27+, for the same small benefit. Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build): library/psa_crypto.o: 16434 -> 16414 (diff: 20) Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-26 12:46:28 +01:00
Xiaofei Bai	6dc90da740	Rebased on `74217ee` and add fixes Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:12:43 +00:00
Xiaofei Bai	9539501120	Rebase and add fixes Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:09:26 +00:00
Xiaofei Bai	feecbbbb93	Fix some variable names in code comment Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Xiaofei Bai	89b526da3e	Fix some more variables names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Xiaofei Bai	b7972840fd	Fix variable names in ssl_tls13_keys.* Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Xiaofei Bai	eef150418f	Fix variable names in ssl_tls13_generic/client.c Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
XiaokangQian	4d2329fd8a	Change code based on reviews Remove support signature PKCS1 v1.5 in CertificateVerify. Remove useless server states in test script Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-25 02:21:16 +00:00
XiaokangQian	a83014db4a	TLS1.3: Add signature scheme pkcs1 v1.5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-25 02:21:16 +00:00
Gilles Peskine	e2d707fea5	Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module Move constant-time functions into a separate module	2021-11-24 19:33:00 +01:00
Ronald Cron	b92b88cc4c	Merge pull request #5127 from xkqian/xkqian/pr/add_rsa_pss_rsae Xkqian/pr/add rsa pss rsae	2021-11-24 14:22:30 +01:00
Gabor Mezei	685472bfb6	Update function name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-24 11:17:36 +01:00
Gabor Mezei	be7b21da22	Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module	2021-11-24 10:44:13 +01:00
Gilles Peskine	0c9f058504	Merge pull request #5213 from tom-cosgrove-arm/pr_4950 Fix GCM calculation with very long IV	2021-11-22 22:22:37 +01:00
XiaokangQian	4b82ca1b70	Refine test code and test scripts Change client test code to support rsa pss signatures Add test cases for rsa pss signature in ssl-opt.sh Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
XiaokangQian	82d34ccf47	Add signature scheme rsa pss Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
Paul Elliott	4086bdbe37	Better fix for empty password / salt Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-18 22:39:16 +00:00
Manuel Pégourié-Gonnard	146247de71	Merge pull request #5172 from bensze01/invalid_nonce_error PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported	2021-11-18 09:41:12 +01:00
Ronald Cron	ac00659480	Merge pull request #5121 from yuhaoth/pr/add-wrapup-and-hello-test TLS1.3 MVP: Add finialize states and simplest test	2021-11-18 09:11:53 +01:00
Bence Szépkúti	6d48e20d4b	Indicate nonce sizes invalid for ChaCha20-Poly1305 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-11-17 18:06:11 +01:00
Bence Szépkúti	357b78e42c	Indicate if we know that a nonce length is invalid This restores the behaviour found in the previously released versions and development_2.x. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-11-17 18:06:04 +01:00
Manuel Pégourié-Gonnard	5a57a51ea5	Merge pull request #5180 from daverodgman/key_derivation_output_key_error_code Improve PSA error return code for psa_key_derivation_output_key	2021-11-17 13:09:37 +01:00
Jerry Yu	a6e6c27bd3	Grouplize tls1_3 special functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 17:54:13 +08:00
Jerry Yu	cfe64f0b24	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 16:03:06 +08:00
Jerry Yu	378254d3e3	Implement handshake wrapup Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 16:03:06 +08:00
XiaokangQian	3ce4d51c11	Move set_outbound_transform to finalize server finished. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-17 02:11:36 +00:00
Dave Rodgman	d69da6c3c3	Improve PSA error return code psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED If psa_key_derivation_output_key() is called on an operation which hasn't been set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return PSA_ERROR_NOT_PERMITTED if the operation state is ok for psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not ok to output a key. Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED only when psa_key_derivation_output_bytes() is possible, but this is clumsier to implement. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-11-16 16:03:31 +00:00
XiaokangQian	a3087e881e	Fix finished message decryption fail issue Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-16 02:38:45 +00:00
XiaokangQian	9ec8fcfddd	Improve failure messag for calculating verify data Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 08:24:08 +00:00
XiaokangQian	dce82245ac	Fix the compile issue about prepare message Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 06:01:26 +00:00
XiaokangQian	0fa6643eb5	Align coding stles and remove useless code Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	35dc625e37	Move the location of functions Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	8773aa0da9	Align coding styles in generic for client finish Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	cc90c94413	Rebase and change code Solve conflicts. Rename functions Align coding style Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	e1655e4db8	Change naming styles and fix ci failure Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	c00ba81310	Remove MBEDTLS_SSL_NEW_SESSION_TICKET in TLS1.3 MVP Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	eab1023dbf	Fix some compiling errors for name mismatch Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
XiaokangQian	74af2a827e	TLS1.3: Add client finish processing in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-15 03:37:11 +00:00
Ronald Cron	bb41a88f2e	Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header TLS1.3 :fix memory leak and version header	2021-11-12 13:49:26 +01:00
Ronald Cron	28777db226	Merge pull request #4952 from xkqian/add_server_finished Add server finished	2021-11-12 12:30:10 +01:00
Paul Elliott	853c0da8de	Fix for pkcs12 with NULL or zero length password Previously passing a NULL or zero length password into either mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate loop, and it was also possible to pass a NULL password, with a non-zero length, which would cause memory corruption. I have fixed these errors, and improved the documentation to reflect the changes and further explain what is expected of the inputs. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-11-11 19:26:37 +00:00
XiaokangQian	a4c99f2c2d	Remove useless blank line Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-11 06:46:35 +00:00
XiaokangQian	c13f935c05	Align code styles of indent and so on Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-11 06:13:22 +00:00
XiaokangQian	3306284776	Change code base on comments Remove client certificate verify in tests. Change the layout of structure to fix abi_api check issues. Add comments of Finished. Align with the coding styles. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-11 03:37:45 +00:00
Tom Cosgrove	0eedd36557	Serialise builds of the .a files on Windows This is a workaround for an issue with mkstemp() in older MinGW releases that causes simultaneous creation of .a files in the same directory to fail. Fixes #5146 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2021-11-10 11:15:46 +00:00
Manuel Pégourié-Gonnard	087f04783d	Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag PSA CCM*-no-tag	2021-11-10 10:18:55 +01:00
XiaokangQian	d0aa3e9307	Inprove code base on review comments Change debug messag for server finished. Change name of generate_application_keys. Remove the client vertificate tests from ssl-opt.sh. Add test strings for server finished in ssl-opt.sh. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 06:17:40 +00:00
XiaokangQian	57b2aff8a8	Align the union size Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 03:12:11 +00:00
XiaokangQian	aaa0e197a8	Change the alignment and names of functions and a macro Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 03:07:04 +00:00
XiaokangQian	c5c39d5800	Change code for styles and comments .etc Remove useless code in union. Rename functions and parameters. Move definitions into othe files. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	44c38f7e36	Chande debug message in finished and rename finalize functions Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	b51f8841c4	Change comments for export_keys callback Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	ac0385c08f	Change code based on comments Move set_state function into client Add back export_key callback function in generate application keys Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	8903bd97b0	Change some naming style issues and remove useless code Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	1aef02ee20	Fix initialized issues and remove useless code Fix the variable not inialized issue, remove the client certificate related code, remove early data related code. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	61bdbbc18b	Add cleanup in functions for secure reason Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	f26f6ade0c	Rebase and solve conflicts Remove the double definition and change name Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	f13c56032f	Revert some changes about tls13 and macros There is one PR #4988 to change it in the future Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	7c91705e21	Remove support for MBEDTLS_SSL_EXPORT_KEYS Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	46c6fc74f1	Fix compile issue about MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	a763498490	Change code based on commetns Focus on the code style, naming rule,etc. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	4cab0240c7	Change coding style Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:23 +00:00
XiaokangQian	aa5f5c1f5d	TLS1.3: Add server finish processing in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 01:47:22 +00:00
Ronald Cron	91fe315c69	Merge pull request #5134 from xffbai/add-hostname-ext TLS1.3 Add hostname extension	2021-11-09 12:28:14 +01:00
Xiaofei Bai	f36e1677b1	Fix alignment Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-09 09:28:25 +00:00
Xiaofei Bai	6f435f07d2	Fix compile error Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-09 04:08:32 +00:00
Xiaofei Bai	58afdba887	Fix typo and remove wrapper Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-09 03:10:05 +00:00
Jerry Yu	a1a568c2f6	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-09 10:17:21 +08:00
Ronald Cron	260f5d9413	Merge pull request #4953 from yuhaoth/pr/add-tls13-read-certificate-verfify TLS1.3: CertificateVerify:add tls13 read certificate verfify	2021-11-08 09:36:35 +01:00
Jerry Yu	1ca80f7ca5	fix comment issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-08 10:45:16 +08:00
Gilles Peskine	c756b5f9fa	Merge pull request #5126 from haampie/fix/DT_NEEDED_for_shared_libraries DT_NEEDED for shared builds in makefile	2021-11-05 12:04:29 +01:00
Xiaofei Bai	15a56813a2	TLS1.3 Add hostname extention Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-05 10:52:12 +00:00
Manuel Pégourié-Gonnard	8a232d231a	Merge pull request #4966 from gilles-peskine-arm/missing-psa-macros Add missing PSA macros	2021-11-05 10:08:58 +01:00
Jerry Yu	5398c10b89	Add return value check for cerificate verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-05 13:32:38 +08:00
Harmen Stoppels	fcb4fb71e3	Reorder linker flags Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>	2021-11-04 17:34:27 +01:00
Harmen Stoppels	70842950fd	Restore the whitespace Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>	2021-11-04 13:09:02 +01:00
Gilles Peskine	f4ecf305fe	Fix copypasta in #endif comment Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-03 18:27:22 +01:00
Gabor Mezei	642eeb2879	Fix documentation and comments Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-11-03 16:13:32 +01:00
Gilles Peskine	f7b4137e69	Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH The current definition of PSA_ALG_IS_HASH_AND_SIGN includes PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly follow the hash-and-sign paradigm: the algorithm does not encode a hash algorithm that is applied prior to the signature step. The definition in fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature step isn't to apply the hash encoded in the algorithm). In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero output to be PSA_ALG_IS_HASH_AND_SIGN. Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a global replacement. ``` git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' \| xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g' ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-03 15:48:15 +01:00
Gilles Peskine	e7be73d579	Use the new macro PSA_HASH_BLOCK_LENGTH Replace an equivalent internal function. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-11-03 15:47:03 +01:00
Mateusz Starzyk	e6d3edaf32	Add missing PSA_ALG_IS_SIGN_HASH macro. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-11-03 15:47:03 +01:00
Harmen Stoppels	01ef723bba	DT_NEEDED for shared builds in makefile The makefile build specifies -L. -lmbedx509 -lmbedcrypto flags first, and only then object files referencing symbols from those libraries. In this order the linker will not add the linked libraries to the DT_NEEDED section because they are not referenced yet (at least that happens for me on ubuntu 20.04 with the default gnu compiler tools). By first specifying the object files and then the linked libraries, we do end up with libmbedx509 and libmbedcrypto in the DT_NEEDED sections. This way running dlopen(...) on libmedtls.so just works. Note that the CMake build does this by default. Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>	2021-11-03 01:06:11 +01:00
Manuel Pégourié-Gonnard	0dbe1dfa1c	Merge pull request #4859 from brett-warren-arm/supported_groups Add mbedtls_ssl_conf_groups to API	2021-11-02 10:49:09 +01:00
Jerry Yu	ba9c727e94	fix memory leak issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-30 20:23:45 +08:00
Jerry Yu	47413c2c8f	fix wrong version header for tls1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-30 20:23:37 +08:00
Manuel Pégourié-Gonnard	4313d3ac87	Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt PSA: fix salt length for PSS verification	2021-10-29 16:36:36 +02:00
Brett Warren	14efd33a6c	Convert TLS1.3 functions to get_supported_groups Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 15:13:48 +01:00
Brett Warren	01f3dae3f3	Refactor elliptic curve extension for NamedGroups The refactoring is needed for the group api to work properly. Code is modified to use mbedtls_get_supported_groups instead of direct access so that both deprecated and new api are useable. Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 14:07:46 +01:00
Jerry Yu	6f87f2521c	Refactor ssl_tls13_parse_certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 20:15:03 +08:00
Jerry Yu	d0fc585b7e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	0b32c502a4	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	da8cdf2fa9	Remove certificate_verify_coordinate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	982d9e5db2	Add ssl_tls13_sig_alg_is_offered To keep consistent with cipher_suite check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	133690ccef	Refactor hash computation Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	26c2d11802	Fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	30b071cb66	tls13:Add certificate verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Jerry Yu	0bbb39786d	tls13: add labels add client and server cv magic words Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 19:57:55 +08:00
Brett Warren	e0edc8407b	Add mbedtls_ssl_conf_groups to API mbedtls_ssl_conf_groups allows supported groups for key sharing to be configured via their IANA NamedGroup ID. This is added in anticipation of PQC and Hybrid key sharing algorithms being integrated into Mbed TLS. mbedtls_ssl_conf_curves is deprecated in favor of mbedtls_ssl_conf_groups. handshake_init has been modified to translate and copy curves configured via conf_curves into a heap allocatied array of NamedGroup IDs. This allows the refactoring of code interacting with conf_curve related variables (such as curve_list) to use NamedGroup IDs while retaining the deprecated API. Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 11:27:00 +01:00
Ronald Cron	f660c7c923	Merge pull request #4993 from xffbai/add-tls13-read-certificate TLS1.3: add tls1_3 read certificate	2021-10-29 12:25:44 +02:00
Manuel Pégourié-Gonnard	136819fe6e	Merge pull request #4959 from gilles-peskine-arm/psa-add-aria Add ARIA to the PSA API	2021-10-29 09:38:06 +02:00
Xiaofei Bai	f93cbd2674	fix some format issues Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-10-29 02:39:30 +00:00
Jerry Yu	d2674314a3	Restore certificate_request state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 10:14:29 +08:00
Jerry Yu	b640bf6c15	fix CI build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 10:05:32 +08:00
Paul Elliott	82d2dc24bb	Remove redundant blank line Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-28 16:38:29 +01:00
Jerry Yu	83bb13101a	fix format warning Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-28 22:16:33 +08:00
Jerry Yu	7aa7186022	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-28 21:41:30 +08:00
Jerry Yu	a93ac116c8	Remove certificate_request state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-28 21:36:03 +08:00
Xiaofei Bai	ff45602c74	Add local variable verify_result Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-10-28 21:28:08 +08:00
Xiaofei Bai	10aeec0685	Fix a build error Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-10-28 21:28:08 +08:00
Xiaofei Bai	79595acf3f	Update based on review comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-10-28 21:28:08 +08:00
Xiaofei Bai	947571efff	add tls1_3 read certificate Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-10-28 21:28:08 +08:00
Ronald Cron	7cd24ded48	Merge pull request #5114 from yuhaoth/pr/add-get-uint24 Add GET/PUT_UINT24_BE/LE	2021-10-28 13:57:57 +02:00
Ronald Cron	cf1f376b24	Merge pull request #4937 from xkqian/add_tls13_encrypted_extension The rebase after the two approvals was simple enough to need only one reviewer.	2021-10-28 09:34:56 +02:00
Manuel Pégourié-Gonnard	4c9313fcd9	Merge pull request #4514 from mpg/generated-files-cmake Generated files cmake	2021-10-28 09:23:41 +02:00
Jerry Yu	29287a46d2	fix wrong para name in doxygen comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-28 10:26:13 +08:00
XiaokangQian	ab7f50d638	Change macro names and add test script for extensions Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:54:39 +00:00
XiaokangQian	7b2d4efee8	Change the buffer boundary check and alert type Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	8db25fffb4	Encrypted Extensions: Change extensions length check Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	97799ac27b	Encrypted Extensions: Align code style and some check logic Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	08da26c58f	Refine encrypted extensions parse function Change arguments of API. Send different messages base on extensions types. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	140f0459ed	Encrypted Extension: Align the code style of buffer pointer Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	e87e5924c9	Fix some issues such as naming mismatch based on comments. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	c1fe000cfd	TLS1.3: Solve check name issue-macro definition Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
XiaokangQian	2d5c72be0b	TLS1.3: Add Encrypted Extensions Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:49:37 +00:00
Ronald Cron	5893246066	Merge pull request #4919 from yuhaoth/pr/add-tls13-server-hello-parser TLS1.3:ServerHello:Add parse server hello function	2021-10-27 18:27:27 +02:00
Jerry Yu	f3f5c210cb	fix comments issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-27 17:05:49 +08:00
Mateusz Starzyk	4cb9739038	Use separate MBEDTLS_MODE for the CCM*. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-10-27 10:42:31 +02:00
Jerry Yu	643d11606a	Add GET/PUT_UINT24_BE/LE Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-27 13:55:37 +08:00
Jerry Yu	e6d7e5cef6	move CLIENT/SERVER_HELLO_RANDOM_LEN to `ssl_misc.h` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-26 11:10:15 +08:00
Gilles Peskine	ac253ea32b	Fix copypasta in comment Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:15:20 +02:00
Gilles Peskine	c1776a01d2	Move declarations of testing-only base64 functions to their own header Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:15:13 +02:00
Gilles Peskine	d7d3279fdf	Expose internal base64 functions for testing Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	8635e2301f	mask_of_range: simplify high comparison To test c <= high, instead of testing the sign of (high + 1) - c, negate the sign of high - c (as we're doing for c - low). This is a little easier to read and shaves 2 instructions off the arm thumb build with arm-none-eabi-gcc 7.3.1. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	67468e81a6	Base64 decode: simplify local variables (n) n was used for two different purposes. Give it a different name the second time. This does not seem to change the generated code when compiling with optimization for size or performance. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	2c4a3686bb	Base64 encoding: use ranges instead of tables Instead of doing constant-flow table lookup, which requires 64 memory loads for each lookup into a 64-entry table, do a range-based calculation, which requires more CPU instructions per range but there are only 5 ranges. I expect a significant performance gain (although smaller than for decoding since the encoding table is half the size), but I haven't measured. Code size is slightly smaller. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	1121cd29b6	Base64 decode: simplify local variables Document what each local variable does when it isn't obvious from the name. Don't reuse a variable for different purposes. This commit has very little impact on the generated code (same code size on a sample Thumb build), although it does fix a theoretical bug that 2^32 spaces inside a line would be ignored instead of treated as an error. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	ab04335052	Base64 decoding: use ranges instead of tables Instead of doing constant-flow table lookup, which requires 128 memory loads for each lookup into a 128-entry table, do a range-based calculation, which requires more CPU instructions per range but there are only 5 ranges. Experimentally, this is ~12x faster on my PC (based on programs/x509/load_roots). The code is slightly smaller, too. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	b553eaabea	Base64 decoding: don't use the table for '=' Base64 decoding uses equality comparison tests for characters that don't leak information about the content of the data other than its length, such as whitespace. Do this with '=' as well, since it only reveals information about the length. This way the table lookup can focus on character validity and decoding value. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-25 22:09:12 +02:00
Gilles Peskine	4fa0725936	Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation Remove output buffer limitation for PSA with GCM.	2021-10-25 19:37:33 +02:00
David Horstmann	a8d1406107	Rename DEV_MODE to GEN_FILES GEN_FILES is a bit clearer as it describes what the setting does more precisely. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard	e90e405e15	Introduce "Dev mode" option When the option is On, CMake will have rules to generate the generated files using scripts etc. When the option is Off, CMake will assume the files are available from the source tree; in that mode, it won't require any extra tools (Perl for example) compared to when we committed the files to git. The intention is that users will never need to adjust this option: - in the development branch (and features branches etc.) the option is always On (development mode); - in released tarballs, which include the generated files, we'll switch the option to Off (release mode) in the same commit that re-adds the generated files. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard	65a7203119	Allow cmake to generate version_features.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-25 13:16:03 +01:00
Manuel Pégourié-Gonnard	cbdedc54b9	Allow cmake to generate error.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-25 13:16:03 +01:00
Jerry Yu	188468b5f4	Add reference link for Random definition Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:48:24 +08:00
Jerry Yu	ad3a113fc6	Remove MBEDTLS_SSL_EXPORT_KEYS It is always on now in `development` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:46:43 +08:00
Jerry Yu	7a186a0cbf	fix comment issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	337d5318ae	replace md_max_size with tls13_md_max_size Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	745bb616a4	Fix format issue and enhance test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	193f0e7449	fix build fail on tls1_3_md_max_size Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	b85277e3af	Address various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	435208a949	Improve generate_handshake_keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	f532bb2577	Change MD size for tls13 keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	c068b6671e	Rename tls13 prefix to fix coding issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	4a1733831e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	f0ac2352d6	Refactor key_schedule_stage_handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	5ccfcd4ca1	Add local variable to represent handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	de4fb2cc34	Apply check read ptr macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	fd532e506b	fix set key exchange mode issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	0b17784932	Add finalize function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	e1b9c297b9	Add read_server_hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	1efa815db7	tls13: add ecdh_read_public Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	a0650ebb9d	tls13: add handshake key schedule Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	61e35e0047	tls13: add generate handshake keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Mateusz Starzyk	594215be6e	Add support for CCM*-no-tag to PSA. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-10-21 11:33:41 +02:00
Mateusz Starzyk	bb2ced33dd	Ignore plaintext length for CCM*-no-tag. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-10-21 11:33:37 +02:00
Gabor Mezei	22c9a6fccc	Rename internal header constant_time.h to constant_time_internal.h Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 12:15:20 +02:00
Gabor Mezei	90437e3762	Rename constant-time functions to have mbedtls_ct prefix Rename functions to better suite with the module name. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 11:59:27 +02:00
Gabor Mezei	116cd6a6b4	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 11:18:37 +02:00
Gabor Mezei	6a426c9f9f	Bind functions' availability for config options Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 11:17:43 +02:00
Gilles Peskine	9202ba37b1	Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x Clean up some remnants of TLS pre-1.2 support	2021-10-19 21:59:15 +02:00
Gabor Mezei	765862c4f3	Move mbedtls_cf_memcmp to a new public header Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-19 12:22:25 +02:00
Gabor Mezei	291df7bbab	Add macro guard for header file Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-19 11:27:17 +02:00
Gabor Mezei	e212379810	Bind functions' availability for config options Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 19:38:02 +02:00
Gilles Peskine	6210320215	Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on	2021-10-18 17:53:56 +02:00
Gilles Peskine	bf21c07923	Merge pull request #5072 from mprse/issue_5065 Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065	2021-10-18 17:51:50 +02:00
Gabor Mezei	949455892f	Remove unused function Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 17:02:29 +02:00
Gabor Mezei	a2d0f90c5a	Make functions static These functions are only used as an auxiliary function for constant-time functions. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 16:56:50 +02:00
Gabor Mezei	a316fc8eb0	Update documentation and comments Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 16:39:13 +02:00
Gabor Mezei	63bbba5c13	Rename and reorder function parameters Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 16:39:13 +02:00
Gabor Mezei	7013f62ee5	Use condition for not sensitive data Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 16:39:13 +02:00
Gabor Mezei	eab90bcc36	Move implementation specific comment This comment is about how the functions are implemented, not about their public interface, so it doesn't belong in the header file. It applies to everything in constant_time.c so moved there. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 16:39:13 +02:00
Gabor Mezei	1e64261da5	Make mbedtls_cf_size_mask_lt function static The mbedtls_cf_size_mask_lt is solely used as an auxiliary function for mbedtls_cf_size_mask_ge. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-18 16:39:13 +02:00
Gilles Peskine	7637ab0d8b	Merge pull request #5037 from mprse/issue_4551 Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key	2021-10-18 10:39:21 +02:00
Gilles Peskine	2bb5e9c973	Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0 Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents	2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel	4cad4fc8a9	psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065 ) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-13 14:04:36 +02:00
Ronald Cron	e3e16d5d67	Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes TLS1.3:add read ptr and handshake kex modes CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.	2021-10-11 19:23:12 +02:00
Ronald Cron	e23bba04ee	Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils TLS 1.3: ServerHello: add utils functions used by ServerHello Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.	2021-10-11 11:01:11 +02:00
Jerry Yu	e4eefc716a	Improve document for chk_buf_read_ptr Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-09 10:40:40 +08:00
Gilles Peskine	f6892dec2a	Readability improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-08 16:28:32 +02:00
Jerry Yu	fd320e9a6e	Replace zeroize with memset Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 21:52:41 +08:00
Jerry Yu	88b756bacb	move tls1_3 max md size It should be internal definition Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 18:41:38 +08:00
Jerry Yu	d1ab262844	define max md size for tls1_3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 16:19:24 +08:00
Jerry Yu	205fd82f7e	fix check_name fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 16:16:24 +08:00
Jerry Yu	ae0b2e2a2f	Rename counter_len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 15:40:14 +08:00
Jerry Yu	c1ddeef53a	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 15:40:14 +08:00
Jerry Yu	dca3d5ddf9	fix document issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 14:19:29 +08:00
Jerry Yu	0cabad375b	fix doxygen parameter wrong Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 14:00:29 +08:00
Jerry Yu	adf861aad4	Address kex_modes check function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 14:00:29 +08:00
Jerry Yu	e15e665cfb	fix comments and check return issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 14:00:29 +08:00
Jerry Yu	1b7c4a464c	tls13: add key exchange modes in handshake params Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 14:00:29 +08:00
Jerry Yu	34da3727d6	Add check read ptr macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 14:00:29 +08:00
Paul Elliott	e193ea8cb9	Add Multipart AEAD CCM internal implementation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-07 18:06:03 +01:00
Przemyslaw Stekiel	c0fe820dc9	psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-07 11:08:56 +02:00
Gilles Peskine	b9b817e977	Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for verification that it produces when signing, as documented. Fixes #4946. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-05 14:26:25 +02:00
Mateusz Starzyk	c48f43b44d	Fix PSA AEAD GCM's update output buffer length verification. Move GCM's update output buffer length verification from PSA AEAD to the built-in implementation of the GCM. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-10-04 13:54:55 +02:00
Mateusz Starzyk	f28261fc14	Remove output buffer limitation for PSA with GCM. The requirement of minimum 15 bytes for output buffer in psa_aead_finish() and psa_aead_verify() does not apply to the built-in implementation of the GCM. Alternative implementations are expected to verify the length of the provided output buffers and to return the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the buffer length is too small. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-10-04 13:54:54 +02:00
Gilles Peskine	023aa11760	Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB Fix test gap: mbedtls_cipher_setup_psa() with ECB	2021-10-01 14:49:10 +02:00
openluopworld	eab65acca4	bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly. An initialization vector IV can have any number of bits between 1 and 2^64. So it should be filled to the lower 64-bit in the last step when computing ghash. Signed-off-by: openluopworld <luopengxq@gmail.com>	2021-10-01 17:57:11 +08:00
LuoPeng	eb009232c0	Update library/gcm.c Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com> Signed-off-by: openluopworld <luopengxq@gmail.com>	2021-10-01 17:57:11 +08:00
XiaokangQian	05420b120b	TLS1.3: Add useful comments based on RFC8446 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-09-30 06:15:18 +00:00
XiaokangQian	16c61aa738	TLS1.3: Alignment coding styles based on comments Fix kinds of alignment issues in fetch handshake messages. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-09-30 02:14:23 +00:00
XiaokangQian	6b226b0874	Add fetch_hand_message in generic This function is one common function in generic file, get it from the encrypted extension and submit one patch independently. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-09-30 02:14:23 +00:00
Andrzej Kurek	a72fe641cc	Do not zeroize the ssl context if a key exporting function is set Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 17:08:31 -04:00
Ronald Cron	cd51e76583	Merge pull request #4338 from paul-elliott-arm/psa-m-aead Implement multipart PSA AEAD	2021-09-29 22:48:33 +02:00
Andrzej Kurek	324f72ec9c	Fix a bug where the ssl context is used after it's nullified When not using DEBUG_C, but using the DTLS CID feature - a null pointer was accessed in ssl_tls.c. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:52 -04:00
Andrzej Kurek	5902cd64e2	Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on This option only gated an ability to set a callback, but was deemed unnecessary as it was yet another define to remember when writing tests, or test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:42 -04:00
Paul Elliott	60116aee9e	Invert logic on nonce length tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-29 14:40:16 +01:00
Paul Elliott	355f59edbe	Fix formatting issues Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-29 14:40:16 +01:00
Paul Elliott	e716e6c00b	Switch cipher enabled macros Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_ macros, as code was moved from the internal drivers to the PSA Core. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-29 14:40:16 +01:00
Przemyslaw Stekiel	80c6a8e1a6	Add PSA support for MBEDTLS_CIPHER_AES_128_ECB Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-09-29 12:39:21 +02:00
Gilles Peskine	bfe3d87f24	Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd	2021-09-29 12:37:09 +02:00
Jerry Yu	d96a5c2d86	Fix wrong usage of counter len macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-29 17:46:51 +08:00
gabor-mezei-arm	5b3a32d883	Fix missing includes Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-29 10:53:55 +02:00
Manuel Pégourié-Gonnard	1869377146	Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers add tls13 client dummy state handlers and improve dispatch test	2021-09-29 10:45:16 +02:00
Paul Elliott	baff51c8b7	Make sure nonce length checks use base algorithm Nonce length checks are now being used in the oneshot AEAD code as well, which passes variant algorithms, not the base version, so need to convert to base if necessary. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-28 17:47:24 +01:00
gabor-mezei-arm	90d96cc741	Add documentation for the functions Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 17:07:51 +02:00
gabor-mezei-arm	b11a56e34c	Unify equality checker functions return value The equality checker functions always return 0 or 1 value, thus the type of return value can be the same dispite of the size of the parameters. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:42:19 +02:00
gabor-mezei-arm	9cb55698aa	Propagate usage of mask generation functions Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:42:19 +02:00
gabor-mezei-arm	396438c57b	Unify mask generation functions Generate all-bits 0 or all bits 1 mask from a value instead of from a bit. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:42:19 +02:00
gabor-mezei-arm	87ac5bef97	Unify function parameters Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:42:16 +02:00
gabor-mezei-arm	4602564d7a	Unify memcmp functions Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:33:47 +02:00
gabor-mezei-arm	2dcd7686ce	Typo: Unify indentation of function parameters Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:33:44 +02:00
gabor-mezei-arm	fdb71183f8	Move mbedtls_cf_rsaes_pkcs1_v15_unpadding function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:45 +02:00
gabor-mezei-arm	bef600f27e	Move the constant-time part of mbedtls_rsa_rsaes_pkcs1_v15_decrypt to a function Tne unpadding part of `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` function is contant-time therefore it moved to a separate function to be prepared for moving to the contant-time module. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	65cefdbfcb	Create mbedtls_cf_size_if function Add a constant-time function with size_t parameter for choosing between two integer values, like the ?: ternary operator. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	c29a3da599	Move mbedtls_mpi_lt_mpi_ct function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	5c97621215	Move mbedtls_mpi_safe_cond_swap function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	40a4925128	Move mbedtls_mpi_safe_cond_assign function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	9c1203fd67	Delete ssl_invasive.h due to duplicated function declarations All function declaration provided by ssl_invasive.h is needed only for testing purposes and all of them are provided by constant_time.h as well. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	1349ffde84	Move mbedtls_cf_hmac function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	0e7f71e1a9	Move mbedtls_cf_memcpy_offset function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	dee0fd33f1	Move mbedtls_cf_memcpy_if_eq function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:43 +02:00
gabor-mezei-arm	394aeaaefb	Move mbedtls_cf_mem_move_to_left function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:41 +02:00
gabor-mezei-arm	be8d98b0be	Move mbedtls_cf_mpi_uint_cond_assign function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:23:57 +02:00
gabor-mezei-arm	d3230d533c	Move mbedtls_cf_cond_select_sign function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:21:10 +02:00
gabor-mezei-arm	b2dbf2c113	Move mbedtls_cf_uint_if function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:21:10 +02:00
gabor-mezei-arm	3f90fd540a	Move mbedtls_cf_mpi_uint_lt function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:21:10 +02:00
gabor-mezei-arm	84dc02c8f5	Remove module dependency Elinimate macros defined by modules locally in the functions that are moving to the new constant-time module. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:21:10 +02:00
gabor-mezei-arm	5a85442604	Move mbedtls_cf_size_gt function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:21:09 +02:00
gabor-mezei-arm	8d1d5fd204	Move mbedtls_cf_size_bool_eq function to the constant-time module There were multiple functions called mbedtls_cf_size_bool_eq. They had exactly the same behavior, so move the one in bignum.c and remove the other. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:20:07 +02:00
gabor-mezei-arm	16fc57bcc4	Move mbedtls_cf_size_mask_ge function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	c76227d808	Move mbedtls_cf_size_mask_lt function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	3733bf805a	Move mbedtls_cf_size_mask function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	340948e4a5	Move mbedtls_cf_uint_mask function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	db9a38c672	Move contatnt-time memcmp functions to the contant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	9fa43ce238	Rename function to have suitable name Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:14:47 +02:00
Paul Elliott	814f0c5fb1	Remove check for lack of supported ciphers Add comment explaining (currently) empty function. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-28 14:42:36 +01:00
Paul Elliott	946c920475	Add safety for nonce length to internal driver Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-28 14:42:36 +01:00
Jerry Yu	d9a94fe3d0	Add counter length macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-28 20:10:26 +08:00
Jerry Yu	6ca7c7fd6b	Remove useless variables Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-28 18:51:40 +08:00
Paul Elliott	bb0f9e1740	Move all nonce length checks to PSA Core Remove duplicated code from oneshot API Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-28 11:16:27 +01:00
Paul Elliott	dff6c5d963	Restore internal driver for aead_set_lengths Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-28 11:16:27 +01:00
Jerry Yu	ad8d0bad10	Keep consistency order. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-28 17:58:26 +08:00
Jerry Yu	d52398d31f	fix double underscore fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-28 16:13:44 +08:00
Paul Elliott	4ed1ed18d2	Move nonce size checking to PSA Core Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-27 18:24:11 +01:00
Paul Elliott	325d374e3d	Move set lengths checking to PSA Core Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-27 18:24:11 +01:00
Paul Elliott	c78833abc7	Add reminder of assumption to documentation Key size is not verified by this function, but by the level above it. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-27 16:00:40 +01:00
Gilles Peskine	7820a574f1	Catch failures of AES or DES operations Declare all AES and DES functions that return int as needing to have their result checked, and do check the result in our code. A DES or AES block operation can fail in alternative implementations of mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT), mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT), mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT), mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT). A failure can happen if the accelerator peripheral is in a bad state. Several block modes were not catching the error. This commit does the following code changes, grouped together to avoid having an intermediate commit where the build fails: * Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h. * Fix all places where this causes a GCC warning, indicating that our code was not properly checking the result of an AES operation: * In library code: on failure, goto exit and return ret. * In pkey programs: goto exit. * In the benchmark program: exit (not ideal since there's no error message, but it's what the code currently does for failures). * In test code: TEST_ASSERT. * Changelog entry. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-27 16:22:08 +02:00
Jerry Yu	148165cc6f	Remove psa version of get_handshake_transcript Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	957f0fa1f7	Add length macro for in_ctr Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	e06f4532ef	remove useless code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	4836952f9d	fix tls1_3 prefix issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	92c1ca221f	fix likely typos error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	b65eb2f3cf	Revert "tls13: add generate handshake keys" This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	5243142476	Add macro for length of input counter Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	e3131ef7f3	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	a63de352dc	Revert "tls13: add ecdh_read_public" This reverts commit 6a9d2ee4df88028e352e50d4f48687ce5b0f26ac. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	000f976070	Rename get_handshake_transcript - Remove tls13 prefix - Remove TLS1_3 macro wrap Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	c7875b5f11	add set in/out transform utils Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	d3f73349a7	tls13: add ecdh_read_public Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	7bea4bac96	tls13: add checksum of handshake message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	4925ef5da1	tls13: add generate handshake keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	89ea321d96	tls13: add key_schedule_stage_early_data Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	24c0ec31f9	tls13: add get_handshake_transcript Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	3bf1f97a0e	fix various issue on pending send alert Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Jerry Yu	bbd5a3fded	fix pending_alert issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Jerry Yu	394ece6cdd	Add function for set pending alert flag Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Jerry Yu	e7047819ee	add pend fatal alert Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Jerry Yu	e86cd65754	fix unused-variable fail without MBEDTLS_DEBUG_C Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	860b4ee42e	Rename `_read_` to `_process_` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	6e81b27003	Add client state number check It is temporary check. If any change on `mbedtls_ssl_states`, please double check those tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	435756ffc0	Keep consistent order in dummy functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	6c983524a8	Move msvc compatible fix to `common.h` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	687101b2e6	tls13: add dummy state machine handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Gilles Peskine	aafb21f320	Merge pull request #4968 from davidhorstmann-arm/fix-aarch64-asm-constraints Fix aarch64 assembly for bignum multiplication	2021-09-27 09:01:15 +02:00
Paul Elliott	71b0567c87	Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge Also fiixed the following merge problems: crypto_struct.h : Added MBEDTLS_PRIVATE to psa_aead_operation_s members (merge conflict) psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish call (change of API during development) Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-24 11:18:13 +01:00
Ronald Cron	f2cb19f921	Merge pull request #4891 from yuhaoth/pr/enable-key-exchange-in-client-hello TLS1.3: Client Hello : Add extensions and test case.	2021-09-23 18:45:01 +02:00
Paul Elliott	90fdc117dd	Make NULL tag check more explicit Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-22 22:34:17 +01:00
Paul Elliott	70618b22a9	Change sizeof to variable rather than struct Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-22 22:34:17 +01:00
David Horstmann	11c81df707	Fix aarch64 assembly for bignum multiplication Add memory constraints to the aarch64 inline assembly in MULADDC_STOP. This fixes an issue where Clang 12 and 13 were generating non-functional code on aarch64 platforms. See #4962, #4943 for further details. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2021-09-22 18:31:35 +01:00
LuoPeng	e3f23091d2	Merge branch 'ARMmbed:development' into development	2021-09-22 23:36:15 +08:00
Manuel Pégourié-Gonnard	a0b4b0c3cd	Clean up some remnants of TLS pre-1.2 support Now that support for earlier version have been removed, we no longer need to care about them. Since TLS 1.3 is being gradually introduced, we might still need a version check in some places - but here the function is called ssl_tls12_populate_tranform() and TLS 1.3 has its own function mbedtls_ssl_tls13_populate_transform(), so when this function is called we just know we're using TLS 1.2. Reviewer hint: use the -b option of git diff / git show Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 14:12:59 +02:00
Gilles Peskine	f0f2294f57	Merge pull request #4708 from mstarzyk-mobica/ccm_chunked Ccm chunked - enable multipart CCM in PSA	2021-09-21 13:46:52 +02:00
Gilles Peskine	6c12a1e9f2	Add ARIA to the PSA API Use the encoding from an upcoming version of the specification. Add as much (or as little) testing as is currently present for Camellia. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-21 11:59:39 +02:00
Gilles Peskine	304689e4c4	Merge pull request #4947 from gilles-peskine-arm/muladdc-amd64-memory-development Fix x86_64 assembly for bignum multiplication	2021-09-20 22:23:49 +02:00
Gilles Peskine	93cb6111ba	Merge pull request #4878 from SiliconLabs/remove_dependency_4877 Remove dependency of built-in keys on storage	2021-09-20 22:20:16 +02:00
Paul Elliott	ec95cc9489	Add safety for NULL tag being passed to finish Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 22:39:06 +01:00
Paul Elliott	8ff74217e4	Add comment explaining finish output size Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:17 +01:00
Paul Elliott	4c916e8d74	Improve comment on buffer clearing Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:17 +01:00
Paul Elliott	69bf5fc901	Const correctness Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:17 +01:00
Paul Elliott	70f447dfe5	Replace individual zeroization with memset Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:17 +01:00
Paul Elliott	eac6c757a2	Make nonce length check return error where it can Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:16 +01:00
Paul Elliott	12acb6bb4c	Remove missed references to aead_verify from docs Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:16 +01:00
Paul Elliott	b183d56b5f	Use safer size for tag checking Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:16 +01:00
Paul Elliott	06b6b8c8d6	Add missing zeroize for sensitive tag data. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-19 18:43:16 +01:00
openluopworld	08fd463ee4	bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly An initialization vector IV can have any number of bits between 1 and 2^64. So it should be filled to the lower 64-bit in the last step when computing ghash. Signed-off-by: openluopworld <luopengxq@gmail.com>	2021-09-19 11:20:03 +08:00
openluopworld	6c8183f0c9	bugfix: if the len of iv is not 96-bit, ghash is used to compute y0. An initialization vector IV can have any number of bits between 1 and 2^64. So it should be filled to the lower 64-bit in the last step when computing ghash. Signed-off-by: openluopworld <luopengxq@gmail.com>	2021-09-17 22:20:07 +08:00
openluopworld	2beb5f302a	bugfix: if the len of iv is not 96-bit, ghash is used to compute y0. An initialization vector IV can have any number of bits between 1 and 2^64. So it should be filled to the lower 64-bit in the last step when computing ghash. Signed-off-by: openluopworld <luopengxq@gmail.com>	2021-09-17 18:20:37 +08:00
Jerry Yu	388bd0d53c	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-15 22:06:11 +08:00
Gilles Peskine	d337fbc4cb	x86_64 MULADDC assembly: add missing constraints about memory MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is repeated up to 16 times, and %%rsi and %%rdi are s and d on entry respectively. Hence the complete asm statement reads 16 64-bit words from memory starting at s, and writes 16 64-bit words starting at d. Without any declaration of modified memory, Clang 12 and Clang 13 generated non-working code for mbedtls_mpi_mod_exp. The constraints make the unit tests pass with Clang 12. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-15 15:51:43 +02:00
Jerry Yu	dd1fb9e37e	add mbedtls_ecdh_setup_no_everest Setup ecdh without everest for TLS1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-15 11:10:15 +08:00
Jerry Yu	bdc71888fc	Remove restartable and everest from tls1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-14 19:33:31 +08:00
Janos Follath	cacec723c8	Merge pull request #4938 from gilles-peskine-arm/psa_cipher_update_ecp-unused_parameter Fix parameter set but unused on psa_cipher_update_ecb	2021-09-13 13:55:38 +01:00
Gilles Peskine	d87d87371f	Fix the size in bytes Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-13 12:21:22 +02:00
Gilles Peskine	1716f32864	psa_cipher_update_ecb: remove parameter output_size This parameter was set but not used, which was pointless. Clang 14 detects this and legitimately complains. Remove the parameter. This is an internal function, only called once. The caller already has a sufficient check on the output buffer size which applies in more cases, so there is no real gain in robustness in adding the same check inside the internal function. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-13 09:46:41 +02:00
Gilles Peskine	55dffe58a0	Document the internal function psa_cipher_update_ecb Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-13 09:33:28 +02:00
Jerry Yu	335aca9c52	fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-12 20:18:56 +08:00
Jerry Yu	72fc69bd40	fix typo error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-10 10:23:37 +08:00
Archana	9d17bf4215	Styling and refactoring Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-10 07:16:08 +05:30
Archana	374fe5b8d2	Handle zeroed attributes key bits and type in copy The target attributes for key copy could have key bits and type zeroed. If so, they need to be overwritten/ inherited from the source key. This is now forcefully overwritten after validating the optional attributes. As a result assigning attributes type and bits after copy are no longer necessary. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-09 10:09:19 +05:30
Archana	449608bc61	Code style improvements Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-08 22:04:13 +05:30
Archana	8a180368fb	Add opaque test driver support for copy key A minimal test driver extension is added to support copy of opaque keys within the same location. Test vector support is extended to cover opaque keys. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-08 22:04:07 +05:30
Archana	6ed4bda2c6	pre-existing validation extended The validation against key width and max key bits is extended to all key types from the existing validation for only symmetric keys. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-08 22:04:00 +05:30
Archana	4d7ae1d8cf	Add test driver support for opaque key import -Add test driver support to import/export while wrapping keys meant to be stored in the PSA core as opaque( emulating an SE without storage ). -Export validate_unstructured_key_bit_size as psa_validate_unstructured_key_bit_size, thereby changing its scope. -Improve the import/export test cases in test_suite_psa_crypto to also cover opaque keys, thereby avoiding duplication. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-08 22:03:54 +05:30
Archana	d8a83dc172	Sizing of key buffer for opaque keys Create a new sizing function for determining the size required for key storage based on the input key data. This is required for key imports where the key length might need to be derived from the data. Signed-off-by: Archana <archana.madhavan@silabs.com>	2021-09-08 22:03:48 +05:30
Ronald Cron	3b097eb68f	psa: Remove psa_key_slot_is_external() Remove psa_key_slot_is_external() that is not used anymore. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-08 22:03:41 +05:30
Ronald Cron	9b8b69c30a	psa: Remove buggy report of RSA public exponent for opaque keys The report of RSA public exponent for opaque keys is not supported. Do not attempt to compute the RSA public exponent of an RSA opaque key associated to a driver implementing the new driver interface when MBEDTLS_PSA_CRYPTO_SE_C is disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-08 22:03:32 +05:30
Ronald Cron	512ad81318	psa: Fix slot number key attribute Slot number key attribute is specific of dynamically registered drivers and should thus not be computed/ returned in case of keys associated to drivers implementing the new unified driver interface. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-08 22:03:26 +05:30
Ronald Cron	ddae0f5642	Clarify psa_get_and_lock_transparent_key_slot_with_policy() purpose Clarify the purpose of psa_get_and_lock_transparent_key_slot_with_policy() and define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled for the purpose of static drivers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-09-08 22:03:20 +05:30
Jerry Yu	7c522d4941	Remove ecp_c undefine routines Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 17:55:09 +08:00
Jerry Yu	b60e3cf424	fix various issues - format problems - name conversion issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 16:41:02 +08:00
Jerry Yu	56fc07f7ae	add key_share extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 10:37:20 +08:00
Jerry Yu	7236994aa9	add signature algorithms extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 09:52:15 +08:00
Jerry Yu	6b64fe31ce	add supported groups extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 09:52:15 +08:00
Jerry Yu	e226cef124	Add NamedGroup IANA values and helper functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 09:52:15 +08:00
Jerry Yu	26f4d15d13	Add key exchange modes helper functions Add helper functions for `tls13_kex_modes` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 09:52:15 +08:00
Jerry Yu	7533635e5a	Change dummy extension return With error return, server can not receive Client Hello message. If received , we can test current status. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 09:52:15 +08:00
Jerry Yu	fec982eacc	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-07 17:26:06 +08:00
Jerry Yu	4e388286af	fix usage of iteration Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-06 21:28:08 +08:00
Jerry Yu	bbe09526b7	fix name conversion issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-06 21:17:54 +08:00
Mateusz Starzyk	5d7f6b1fd5	Remove rendundat ctx->add_len check. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-09-06 12:09:34 +02:00
Jerry Yu	dbfb7bd873	fix various issues - wrong cipher suite filter condition - name conversion - format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-04 10:00:02 +08:00
Jerry Yu	8c02bb4b71	fix various comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 21:52:26 +08:00
Jerry Yu	ef387d79a4	change prototype of write body To keep consistence with others Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	2c0fbf3405	modify proc_chk macros - change the parameter - remove debug output - remove return value modify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	0c63af6ed6	fix comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	790656a0a6	fix name conversion issues fix name conversion issues in `ssl_tls13_write_client_hello_body` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	1bc2c1f1a3	fix various issues fix comments, format and name conversion issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	f171e836eb	fix lenght mismatch error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	b7ab336b3a	fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	a2cf7bd243	fix comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	6a64310002	Cleanup client_hello body. cleanup `ssl_tls13_write_client_hello_body`, fix comments issues. And move ciphersuites to separate function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	67d4ed5b22	force change state type Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	159c5a0e12	fix comments issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	08906d006b	fix name conversion issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	e41dec0158	Rename write signature algorithms function To keep similar name with other place. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	eecfbf001c	fix format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	995ecd396f	fix wrong iana values and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	c4d22444d6	fix undeclared variable error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_tls13_client.c	2021-09-03 16:29:20 +08:00
Jerry Yu	5cc8f0a0d8	Add simple document for tls13 functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	275619336a	fix name conversion issue for tls13 server entry Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	92c6b402d7	Remove prototype of static functions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	9176c3ad8c	trim spaces Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	9e42f6efd3	Revert "Move random function check" This reverts commit cc88b34f7942f57ea0fd27ee4b3e29f49c91f10e. It causes many test fail. It should be re-considered. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	d532fe7720	write client hello also in hello reqeust Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	f443681f56	fix function name conversion issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	55b9038600	fix coding style issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	2ac64193ad	Apply MBEDTLS_PUT_xyz Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	e885b76980	fix too long lines Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	6f13f64aa6	fix various format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	708202b7d0	Move random function check move to `ssl_conf_check` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	c7ddeec229	Remove `len_without_binders` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	8e7ca0432e	fix extensions_present issues fix comments for the mask values. follow same order as IANA values. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	32cd5b19dc	fix unused variable warning Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	ef6b36b484	add supported versions extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	bc20bdd3a9	Implement write_partial with dummy exts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	93bcd61a41	Add field into handshake params Add `extensions_present` field. It represents which are present. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	c8a392c47e	Implement stages except write_partial Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	65dd2ccfe6	Add dummy stages for `client_hello_process` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	a13c7e739c	add dummy client hello process Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Jerry Yu	beb3f41f2f	Add handshake_set_state helper function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Mateusz Starzyk	64f0b5f454	Return BAD_INPUT error for CCM context's erroneous state Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-09-02 11:50:54 +02:00
Gilles Peskine	88d681ca35	Make size_t -> int downcasts explicit mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC complains. Where possible, just stick to size_t. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-01 16:57:23 +02:00
Gilles Peskine	6f015a8798	Merge pull request #2327 from kennethsoerensen/pkparse-warning Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined	2021-09-01 16:53:45 +02:00
Paul Elliott	3d7d52c2ed	Formatting fixes Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-09-01 15:09:15 +01:00
Mateusz Starzyk	7251eda6ff	Replace BAD_SEQUENCE error with BAD_INPUT Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-09-01 13:26:44 +02:00
Manuel Pégourié-Gonnard	5a8abb144c	Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg PSA MAC computation with _HASH flag implies _MESSAGE.	2021-09-01 12:23:20 +02:00
Gilles Peskine	ce9e3a92fe	Remove redundant null check mbedtls_cipher_info_get_xxx has well-defined behavior on NULL, so no need to check first. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-08-31 22:54:27 +02:00
Gilles Peskine	e720dbe177	Use cipher_info accessor functions in TLS code Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-08-31 22:54:27 +02:00
Kenneth Soerensen	e28d49b3b6	Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined Warning reported with IAR compiler: "mbedtls\library\pkparse.c",1167 Warning[Pe550]: variable "ret" was set but never used Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>	2021-08-31 13:05:12 +02:00
Manuel Pégourié-Gonnard	e45ee40f7e	Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api Add TLS 1.3 ciphersuite and key exchange identifiers and API	2021-08-30 09:47:46 +02:00
Paul Elliott	5e69aa5709	Remove NULL check for set nonce Also remove tests which would pass NULL to this function. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Paul Elliott	2e450093e1	Remove variables declared as unused They are now always being used. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Paul Elliott	efda3408ce	Fix formatting issues Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Paul Elliott	3242f6c8ef	Fix formatting issue Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Paul Elliott	b8db2c5726	Remove extra blank lines Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Paul Elliott	daf5c8954c	Remove extraneous state checks Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Paul Elliott	d9343f2f0f	Refactor is_encrypt into aead setup arguments Avoid touching the operation until later. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-25 17:40:40 +01:00
Jerry Yu	d85a52c508	Add mask for kex_modes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-25 18:13:57 +08:00
Jerry Yu	69e0ec46b7	Replace SHA512_C with SHA384_C Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-25 18:13:48 +08:00
Jerry Yu	cadebe5343	fix several format and comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-25 18:13:42 +08:00
Mateusz Starzyk	cbefb6ba4d	Merge branch 'development' into ccm_chunked Conflicts: library/ccm.c Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro. Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro used in development branch on the 'b' buffer, because the 'b' buffer is removed in current branch.	2021-08-24 15:14:23 +02:00
Joe Subbiani	a5cb0d24d4	Tidy up grouped MBEDTLS_BYTE_x macros exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz and then shift the pointer afterwards. Easier to read as you can see how big the data is that you are putting in, and in the case of UINT32 AND UINT64 it saves some vertical space. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-23 11:52:28 +01:00
Joe Subbiani	94180e708f	Minor coding style improvement Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-20 16:20:44 +01:00
Joe Subbiani	e4603eece9	Compress byte reading macros in if statements exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-20 13:05:30 +01:00
Joe Subbiani	1f6c3aeb63	Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz and then shift the pointer afterwards. Easier to read as you can see how big the data is that you are putting in, and in the case of UINT32 AND UINT64 it saves some vertical space. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-20 12:19:57 +01:00
Mateusz Starzyk	ce0e6a9dea	Require MESSAGE flag in PSA MAC setup. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-08-20 11:33:51 +02:00
Paul Elliott	36869706e2	Remove duplicated statements in documentation. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-19 19:18:28 +01:00
Paul Elliott	e0a12bd852	Refactor aead setup functions into single function Move common encrypt / decrypt code into common function, and roll in previously refactored setup checks function, as this is now the only place it is called. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-19 19:18:28 +01:00
Paul Elliott	5d3a3c3ee4	Fix arguments formatting mistake Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-08-19 19:18:28 +01:00
Joe Subbiani	9ab1866b0d	Remove trailing whitespace Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:57:42 +01:00
Joe Subbiani	d0687856af	Improve documentation and add more uses of MBEDTLS_PUT minor changes, such as improving the documentation for the byte reading macros, and using MBEDTLS_PUT_UINT16_xy in place of byte reading macro combinations Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:57:42 +01:00
Joe Subbiani	5241e343de	Improve consitency throughout library/common.h Replace the contents of MBEDTLS_PUT_UINTx_yz contained inconsitent but similar/duplicate code to the MBEDTLS_BYTE_x macros. Therefore the contents of the macros now utilise the byte reading macros. MBEDTLS_PUT_UINT64_LE's written order was also not consitent with the other PUT macros, so that was modified. Documentation comment said LSB instead of MSB and that has also been resolved. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:57:42 +01:00
Joe Subbiani	6dd7364553	Replace instances of byte reading macros with PUT Instances of a group of byte reading macros which are equivilant to MBEDTLS_PUT_UINTx_yz Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:57:41 +01:00
Joe Subbiani	51b147add0	Remove trailing white space Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:56:48 +01:00
Joe Subbiani	4919bb46b0	Remove use of byte reading macro for uint16 Accidently used MBEDTLS_BYTE_16 for a uint16 variable Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:56:47 +01:00
Joe Subbiani	b6511b04fa	Replace instances of byte reading macros with PUT Instances of a group of byte reading macros which are equivilant to MBEDTLS_PUT_UINTx_yz Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:56:47 +01:00
Joe Subbiani	fbeb692dd0	Use byte reading macros in places not using a byte mask byte shifting opertations throughout library/ were only replaced with the byte reading macros when an 0xff mask was being used. The byte reading macros are now more widley used, however they have not been used in all cases of a byte shift operation, as it detracted from the immediate readability or otherwise did not seem appropriate. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:56:47 +01:00
Joe Subbiani	99edd6c810	Add UINT64 GET and PUT macros Copy over the GET/PUT_UINT64_LE/BE macros from aes.c and sha512.c Add the MBEDTLS_ prefix to all 4 macros. Modify the GET_UINT64 macros to no longer take a target variable as a parameter, so when the macro function is called it must be assigned to a variable in the same statement. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:56:47 +01:00
Joe Subbiani	2194dc477a	Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x The CHAR macros casted to an unsigned char which in this project is garunteed to be 8 bits - the same as uint8_t (which BYTE casts to) therefore, instances of CHAR have been swapped with BYTE and the number of macros have been cut down Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:56:47 +01:00
Joe Subbiani	bf7ea84f83	Replace "four bytes" with "two bytes" in macro documentation When writing the documentation 4 bytes was written instead of 2 for MBEDTLS_UINT16_LE Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:55:42 +01:00
Joe Subbiani	f5462d989c	Remove trailing whitespaces Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:55:42 +01:00
Joe Subbiani	54550f7fca	Replace 3 byte shift with appropriate macro aria.c has a shift by 3 bytes, but does not use the 0xff masking. aparently this is not a problem and it is tidier to use the maco. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:55:42 +01:00
Joe Subbiani	635231a71e	Improve common.h macro documentation Imrpoved the descriptions of the macros and parameters and changing the name of the MBEDTLS_PUT_UINT... macro parameters to be more descriptive Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:55:42 +01:00
Joe Subbiani	cd84d76e9b	Add Character byte reading macros These cast to an unsigned char rather than a uint8_t like with MBEDTLS_BYTE_x These save alot of space and will improve maintence by replacing the appropriate code with MBEDTLS_CHAR_x Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:55:41 +01:00
Joe Subbiani	6a50631497	GET macros use a target variable The GET macros used to write to a macro parameter, but now they can be used to assign a value to the desired variable rather than pass it in as an argument and have it modified in the macro function. Due to this MBEDTLS_BYTES_TO_U32_LE is the same as MBEDTLS_GET_UINT32_LE and was there for replaced in the appropriate files and removed from common.h Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:55 +01:00
Joe Subbiani	394bdd662b	Document common.h and remove changelog Added documenttion comments to common.h and removed the changelog as it is not really necessary for refactoring. Also modified a comment in aria.c to be clearer Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:55 +01:00
Joe Subbiani	9fa9ac3612	Move GET/PUT_UINT16_LE macros to common.h Although these only appear in one file: psa_crypto_storage.c it is tidy to give it the same prefix as the UINT32 macros and to store them in the fame file Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:55 +01:00
Joe Subbiani	5ecac217f0	Prefixed macros with MBEDTLS As per tests/scripts/check-names.sh, macros in library/ header files should be prefixed with MBEDTLS_ The macro functions in common.h where also indented to comply with the same test Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:54 +01:00
Joe Subbiani	9aaec54e57	Undo use of BYTE_x macro The use of the BYTE_x macro in nist_kw did not seem appropriate in hind sight as it is working with a character array not an int Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:54 +01:00
Joe Subbiani	6f2bb0c8ef	Remove trailing whitespace Trailing white spaces causing check_files.py to fail Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:54 +01:00
Joe Subbiani	c4f3d5b38e	Add do-while protection to macros missed do-while around function-like macros (UINT32_BE and UINT_LE macros) originally present in the indivdual files, before being moved to common.h. Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:53 +01:00
Joe Subbiani	54c6134ff7	Move UINT32_LE macros to common.h 32-bit integer manipulation macros (little edian): GET_UINT32_LE and PUT_UINT32_LE appear in several files in library/. Removes duplicate code and save vertical space the macro has been moved to common.h. Improves maintainability. Also provided brief comment in common.h for BYTES_TO_U32_LE. comment/documentation will probably need to be edited further for all recent additions to library/common.h Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>	2021-08-19 09:31:53 +01:00

... 36 37 38 39 40 ...

11079 commits