yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
23444 commits 89 branches 205 tags 114 MiB
Commit graph

10349 commits

Author SHA1 Message Date
Janos Follath 97915c8685
Merge pull request #6619 from minosgalanakis/bignum/add_high_lv_IO_methods 
Bignum: Adding High level I/O methods
 2022-11-28 17:27:48 +00:00
Valerio Setti a9a97dca63 psa_pake: add support for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-28 18:26:16 +01:00
Dave Rodgman 6d23ff60dd Make use of optimised bswap from bignum 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman f7f1f748e3 Support built-in byteswap routines from clang, gcc, MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman a5110b0d79 Make use of efficient unaligned access functions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman 6298b24127 Add byteswap routines 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman e5c42594e5 Add byte order detection macro 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:13 +00:00
Dave Rodgman a360e1987a Add efficent unaligned get/put functions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-28 15:41:04 +00:00
Dave Rodgman d98ac8b75e Merge remote-tracking branch 'dave/fast_xor' into fast_unaligned 2022-11-28 15:06:25 +00:00
Janos Follath 1f8afa22a4 Bignum Mod: improve documentation and style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-28 14:58:08 +00:00
Aditya Deshpande 1ac41dec09 Add test function for opaque driver (simply returns PSA_ERROR_NOT_SUPPORTED), and address other review comments. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-28 14:46:30 +00:00
Janos Follath 84bee4c492 mbedtls_mpi_mod_write: improve readability 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-28 10:27:14 +00:00
Jerry Yu 3d78e08ac0 erase early secrets and transcripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu a5db6c0ce3 fix coding style issues. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu e31688b7fa fix comments issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu a8771839e8 Refactor make_traffic_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 3ce61ffca6 fix comments and function name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu b094e124f2 fix various issues 
- Alignments
- comment words in doxygen paragraph

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 91b560f38d Add compute early transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 3d9b590f02 guards transform_earlydata 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu 84a6edac10 change signature of get_cipher_key_info 
- it is a static function. The name is not follow nameing ruler
- move the position.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Gilles Peskine 4f01121f6e Fix memory leak on error in pkcs7_get_signers_info_set 
mbedtls_x509_name allocates memory, which must be freed if there is a
subsequent error.

Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53811).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 22:02:10 +01:00
Gilles Peskine e7f8c616d0 Fix dangling freed pointer in pkcs7_free_signer_info 
This may have been a use-after-free, but I haven't worked out whether it was
a problem or not. Even if it turns out to have been ok, keeping invalid
pointers around is fragile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine 47a732635b Simplify control flow in PKCS7 functions 
Remove useless goto in several functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine 290f01b3f5 Fix dangling freed pointer on error in pkcs7_get_signers_info_set 
This fixes a use-after-free in PKCS#7 parsing when the signer data is
malformed.

Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53798).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Janos Follath 6eb92c0410 Bignum Mod: improve documentation and style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 17:34:37 +00:00
Janos Follath 8dfc8c41b7 mbedtls_mpi_mod_write: prevent data corruption 
The function wasn't converting back data to internal representation when
writing it out.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 15:39:02 +00:00
Janos Follath d7bb35257b mbedtls_mpi_mod_read/write: restrict pre-conditions 
Require equality for the number of limbs in the modulus and the residue.
This makes these functions consistent with residue_setup().

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 14:59:27 +00:00
Janos Follath 75b9f0fd2e mbedtls_mpi_mod_read/write: remove redundant checks 
The function isn't documented as accepting null pointer, and there's no
reason why it should be. Just let it dereference the pointer.

The null/zero checks are only marginally useful: they validate that m
and r are properly populated objects, not freshly initialized ones. For
that, it's enough to check that the pointers aren't null or that the
sizes aren't zero, we don't need to check both.

Also, use separate if statements for unrelated checks.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-26 14:28:50 +00:00
Gilles Peskine 89e31adbee Move mps modules to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:18:45 +01:00
Gilles Peskine 898db6b8e5 Move ssl_debug_helpers_generated to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:15:32 +01:00
Janos Follath ee530cc644 Bignum Mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath fc6fbb4e96 Bignum Mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>

Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 41427dee80 Bignum Mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 91295d2b8f Bignum Mod: remove endianness from modulus 
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).

These are higher level concepts and are out of scope for Bignum and for
the modulus structure.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 3e3fc91c33 Bignum Mod: pass endianness as a parameter 
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).

These are higher level concepts and are out of scope for Bignum and for
the modulus structure.

Passing endianness as a parameter is a step towards removing it from the
modulus structure.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath d3eed33709 Bignum Mod Raw: pass endianness as a parameter 
The external representation before included more than just endianness
(like reading in Mongtomery curve scalars or converting hashes to
numbers in a standard compliant way).

These are higher level concepts and are out of scope for Bignum and for
the modulus structure.

Passing endianness as a parameter is a step towards removing it from the
modulus structure.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 50cd4b842b Bignum Mod: Restrict residue setup 
In theory we could allow residues to have more allocated limbs than the
modulus, but we might or might not need it in the end.

Go for the simpler option for now and we can extend it later if we
really need it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath b62bad442e Bidnum Mod: fix check in setup 
We want to make sure that the value has at least as many limbs allocated
as the modulus as we need this to be able to do any operations in
constant time.

An invariant of the API is that the residue values are canonical, make
sure that the residue is compared to the entire modulus.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis 8b375451c5 bignum_mod: Refactored mbedtls_mpi_mod_read/write() 
This patch adjusts the I/O methods and the tests.
Documentation has also been updated to be more clear.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis aed832ac16 bignum_mod: Adjusted input checking for mbedtls_mpi_mod_residue_setup() 
This patch adjusts the logic of the size checking of the method,
and refactors the tests. Documentation has also been updated.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis a17ad48e2d bignum_mod: Fixed an issue with input checking in mpi_mod_residue_setup 
This patch is inverting the input type checking logic in the method,
in order to ensure that residue < modulus.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Minos Galanakis 81f4b11010 bignum_mod: Added mbedtls_mpi_mod_read/write() IO functions 
This patch adds input and ouput fucntions in the `bignum_mod` layer.
The data will be automatically converted between Cannonical and
Montgomery representation if required.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-25 17:55:00 +00:00
Janos Follath 590ae5363d
Merge pull request #6656 from tom-cosgrove-arm/bignum_pr_6225-updated 
Bignum: add mod_raw_add
 2022-11-25 17:53:31 +00:00
Dave Rodgman a616afeae4 Remove redundant inline workarounds 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-25 17:11:45 +00:00
Dave Rodgman 5a1d00f03d Merge remote-tracking branch 'origin/development' into fast_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-25 17:10:25 +00:00
Dave Rodgman bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti 6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Janos Follath 505a228b7b
Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction 
Bignum: Add low level subtraction
 2022-11-25 13:27:23 +00:00
Gilles Peskine 7d23778178 Explain why p + n isn't good enough 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:34:59 +01:00
Gilles Peskine 5a34b36bbd Remove more now-redundant definitions of inline 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:26:44 +01:00
Dave Rodgman f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164 
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
 2022-11-25 10:55:10 +00:00
Manuel Pégourié-Gonnard 61336848a9 Fix bug when legacy CID is enabled but not used 
When legacy CID is enabled at compile time, but not used at runtime, we
would incorrectly skip the sequence number at the beginning of the AAD.

There was already two "else" branches for writing the sequence number
but none of them was taken in that particular case.

Simplify the structure of the code: with TLS 1.2 (we're already in that
branch), we always write the sequence number, unless we're using
standard CID.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:48:17 +01:00
Dave Rodgman 8f6583d836 Fix for MSVC unsupported #inline keyword 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-25 09:16:41 +00:00
Bence Szépkúti ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Dave Rodgman b8c4a0d940 Minor formatting tweaks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 21:18:55 +00:00
Dave Rodgman 7a910a8be0 Minor formatting tweaks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 21:17:40 +00:00
Dave Rodgman 875d2383d0 Improve documentation 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:43:15 +00:00
Dave Rodgman aaf69fd682 Fix missing newline 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:40:28 +00:00
Dave Rodgman c58858865b Fix off-by-one error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:35:04 +00:00
Dave Rodgman 66433444fc Fix static inline linker issues 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 20:07:39 +00:00
Dave Rodgman 4b910c1ed1 Fix whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 19:44:52 +00:00
Dave Rodgman 069e7f462a Correct mixed up comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 19:37:26 +00:00
Dave Rodgman 96d61d14d8 Use memcpy for unaligned accesses 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 19:33:22 +00:00
Dave Rodgman fbc23225d6 Tidy up alignment-related code into separate header 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 18:07:37 +00:00
Tom Cosgrove abddad4af8 Add note about aliasing of operands for mbedtls_mpi_mod_raw_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:22:43 +00:00
Werner Lewis e4c0a6c3ba Change cast to correct type 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 1a277d9ad6 Replace comparison with XOR 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis d391b8ce61 Change types and move const before type 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 9fa91ebcb9 Use modulus structure in mbedtls_mpi_mod_raw_add 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 0eea827cbd Rename MPI_CORE(add_mod) to mbedtls_mpi_mod_raw_add 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Hanno Becker a45b6fee91 Extract MPI_CORE(add_mod) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:17:49 +00:00
Dave Rodgman 6921959b83 Remove unused variable 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-24 09:27:15 +00:00
Ronald Cron 4cf77e99ab
Merge pull request #6621 from ronald-cron-arm/tls13-early-data-write 
TLS 1.3: Add definition of mbedtls_ssl_{write,read}_early_data
 2022-11-24 09:58:07 +01:00
Dave Rodgman 358c7d6eb0 Fix naming inconsistency 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 20:29:03 +00:00
Dave Rodgman dd3103e9e7 Tidy up UNALIGNED_UINT32_T macro 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 19:42:13 +00:00
Dave Rodgman e7cd137606 Define UNALIGNED_UINT32_PTR for unaligned access 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 19:14:26 +00:00
Dave Rodgman a6778013b4 Tidy up UBSan detection 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 17:17:30 +00:00
Dave Rodgman 468df317bf Fix MSVC support for inline keyword 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 16:56:35 +00:00
Dave Rodgman 1bab27f983 Prevent unaligned access under ASan builds 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 16:51:59 +00:00
Dave Rodgman 3c8eb7e990 Provide external definition of mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 14:50:03 +00:00
Dave Rodgman 63d114305f Whitespace cleanup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 14:03:30 +00:00
Dave Rodgman f9a1c37bc8 Whitespace cleanup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-23 14:02:00 +00:00
Gabor Mezei 02d2313829
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-11-23 14:44:14 +01:00
Gabor Mezei 3411e949cd
Cas variable to proper type 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-11-23 14:44:13 +01:00
Gabor Mezei 4c7cf7d742
Add low level subtraction with modulus 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-11-23 14:44:07 +01:00
Janos Follath 531a871b88
Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int 
Bignum: extract core_sub_int from the prototype
 2022-11-23 13:32:02 +00:00
Ronald Cron 4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-23 14:29:37 +01:00
Gilles Peskine 42649d9270 Fix NULL+0 undefined behavior in ECB encryption and decryption 
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847 
Use PSA EC-JPAKE in TLS (1.2) - Part 2
 2022-11-23 13:27:30 +01:00
Ronald Cron 1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee 
The internal CI merge job ran successfully.
 2022-11-23 12:31:25 +01:00
Ronald Cron cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over 
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
 2022-11-23 12:12:02 +01:00
Manuel Pégourié-Gonnard 660b396e41
Merge pull request #975 from yanesca/issue-946 
Fix RSA side channel
 2022-11-23 10:30:35 +01:00
Xiaokang Qian b157e915ad Move the early data status set afeter all of the extensions parse 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 08:12:26 +00:00
Xiaokang Qian e861ba01d4 Remove the duplicate early_data_status check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 03:21:02 +00:00
Xiaokang Qian ca09afc60a Remove useless function and parse early data in ee 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-23 02:16:49 +00:00
Moritz Fischer a6a94ad599 lms: Move merkle tree generation to heap allocation 
Larger height (e.g. H=20) trees cannot be put on the stack.
Allocate memory for them based on need using mbedtls_calloc().

Signed-off-by: Moritz Fischer <moritzf@google.com>
 2022-11-22 15:49:56 -08:00
Janos Follath 3321b5842c mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 7d89d351e6 Zeroize sensitive data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 0b270a5603 Explain a little more 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 4380d7b7f3 Simplify cleanup logic 
Take advantage of the fact that there's a single point of failure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 3b63d09fea Make the main loop's logic clearer 
The loop ends when there are no more bits to process, with one twist: when
that happens, we need to clear the window one last time. Since the window
does not start empty (E_limbs==0 is not supported), the loop always starts
with a non-empty window and some bits to process. So it's correct to move
the window clearing logic to the end of the loop. This lets us exit the loop
when the end of the exponent is reached.

It would be clearer not to do the final window clearing inside the loop, so
we wouldn't need to repeat the loop termination condition (end of exponent
reached) inside the loop. However, this requires duplicating the code to
clear the window. Empirically, this causes a significant code size increase,
even if the window clearing code is placed into a function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine c718a3ce94 Simplify exponent bit selection 
Use indices instead of mutating data to extract the bits of the exponent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine d83b5cb504 Local readability improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 0de0a049f1 Move window precomputation into an auxiliary function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine cf979b0fc1 Define variables closer to their use 
Make variables const where possible.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 7af166b827 Change E closer to where it's used 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:54 +00:00
Gilles Peskine 07f2c69511 More consistent variable names 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath 0ec6e3f394 mpi_core_mod_exp: improve style and documentation 
No intended change in behaviour.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath a77911e5c1 core_exp_mod: improve window selection 
We are looking at the exponent at limb granularity and therefore
exponent bits can't go below 32.

The `mpi_` prefix is also removed as it is better not to have prefix at
all than to have just a partial. (Full prefix would be overly long and
would hurt readability.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath 59cbd1be27 Make mbedtls_mpi_core_ct_uint_table_lookup static 
Now that we have a function that calls
mbedtls_mpi_core_ct_uint_table_lookup(), the compiler won't complain if
we make it static.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath bad42c4d0d mpi_core_exp_mod: fix local variable type 
On platforms with size_t different from int, mismatch between size_t and
mpi_uint can cause incorrect results or complaints from the compiler.

Signed-off-by: Janos Follath <janos.follath@arm.com>

mpi_core_exp_mod: Cast local variable explicitly

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Janos Follath b6673f0f19 Add modular exponentiation to bignum core 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 21:22:53 +00:00
Dave Rodgman fdd967ebdc Detect support for unaligned memory access 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 18:55:17 +00:00
Aditya Deshpande 5e3c70e3be Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:58:52 +00:00
Aditya Deshpande 8cc1470c18 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:55:53 +00:00
Valerio Setti 6d4e75f0c6 psa_crypto_pake: initialize psa_status_t stack variables 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:52:17 +01:00
Valerio Setti fdb77cdae3 psa_crypto_pake: internally call to psa_pake_abort() in case of errors 
In this way, in case of error, it is not possible to continue using
the same psa_pake_operation_t without reinitializing it.
This should make the PSA pake's behavior closer to what expected by
the specification

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 18:41:01 +01:00
Dave Rodgman c36a56e890 Use mbedtls_xor in TLS messaging layer 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 74b345f282 Use mbedtls_xor in PKCS #5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 99a507ee55 Use mbedtls_xor in md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman d22fb73e3e Use mbedtls_xor in GCM 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 2e9db8e9bf Use mbedtls_xor in DES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman ffb5499988 Use mbedtls_xor in CTR_DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman 8c0ff81ce7 Use mbedtls_xor in CMAC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:44 +00:00
Dave Rodgman c1d9022bab Use mbedtls_xor in ChaCha20 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman 0d3b55bca8 Use mbedtls_xor in ccm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman d23399eb69 Use mbedtls_xor in Camellia 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman 7bb6b84b29 Use mbedtls_xor in ARIA 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Dave Rodgman a8cf607458 Use mbedtls_xor in AES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 17:32:43 +00:00
Janos Follath 3165f063b5 mpi_exp_mod: use x_index consistently 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath c8d66d50d0 mpi_exp_mod: reduce the table size by one 
The first half of the table is not used, let's reuse index 0 for the
result instead of appending it in the end.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath 060009518b mpi_exp_mod: fix out of bounds access 
The table size was set before the configured window size bound was
applied which lead to out of bounds access when the configured window
size bound is less.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath 9c09326572 mpi_mod_exp: be pedantic about right shift 
The window size starts giving diminishing returns around 6 on most
platforms and highly unlikely to be more than 31 in practical use cases.
Still, compilers and static analysers might complain about this and
better to be pedantic.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:11 +00:00
Janos Follath be54ca77e2 mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 74601209fa mpi_exp_mod: remove the 'one' variable 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath b2c2fca974 mpi_exp_mod: simplify freeing loop 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 3646ff02ad mpi_exp_mod: move X next to the precomputed values 
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.

Move X next to the precomputed values to make accesses more efficient
and intuitive.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 7fa11b88f3 mpi_exp_mod: rename local variables 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 844614814e mpi_exp_mod: remove memory ownership confusion 
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath f08b40eaab mpi_exp_mod: improve documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath b764ee1603 mpi_exp_mod: protect out of window zeroes 
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.

Loading the output variable from the table in constant time removes this
leakage.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Janos Follath 8e7d6a0386 mpi_exp_mod: load the output variable to the table 
This is done in preparation for constant time loading that will be added
in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-22 15:04:10 +00:00
Valerio Setti 99d88c1ab4 tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 16:03:43 +01:00
Dave Rodgman c3d8041fe7 Introduce mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-22 15:01:39 +00:00
Tom Cosgrove 452c99c173 Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Tom Cosgrove f7ff4c9a11 Tidy up, remove MPI_CORE(), and apply the naming convention 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Hanno Becker d9b2348d8f Extract MPI_CORE(sub_int) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-22 14:58:15 +00:00
Bence Szépkúti a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Gilles Peskine 4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix 
Make a copy of the password key in operation object while setting j-pake password
 2022-11-22 14:52:12 +01:00
Aditya Deshpande 2f7fd76d91 Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal(). 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-22 11:10:34 +00:00
Valerio Setti d4a9b1ab8d tls: psa_pake: remove useless defines and fix a comment 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 11:11:10 +01:00
Xiaokang Qian 8bee89994d Add parse function for early data in encrypted extentions 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-22 09:40:07 +00:00
Przemek Stekiel 0bdec19c93 Further optimizations of pake set_password implementation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-22 09:10:35 +01:00
Jerry Yu fdd24b8c49 Revert change in flight transmit 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-22 14:08:03 +08:00
Gilles Peskine 339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub 
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
 2022-11-21 19:51:58 +01:00
Przemek Stekiel ad0f357178 Optimize pake code that sets/use password key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:04:37 +01:00
Przemek Stekiel e2d6b5f45b psa_key_slot_get_slot_number: Move documentation to header file 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-21 15:03:52 +01:00
Valerio Setti 5151bdf46e tls: psa_pake: add missing braces 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-21 14:30:02 +01:00
Valerio Setti 79f6b6bb1b tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() 
It might happen that the psa_pake_output() function returns
elements which are not exactly 32 or 65 bytes as expected, but
1 bytes less.
As a consequence, insted of hardcoding the expected value for
the length in the output buffer, we write the correct one as
obtained from psa_pake_output()

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-21 14:17:03 +01:00
Dave Rodgman 9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs 
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
 2022-11-21 10:09:57 +00:00
Jerry Yu 9b421456b0 Revert change in dtls1.2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu 668070d5f4 Remove unnecessary replace 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu a8d3c5048f Rename new session ticket name for TLS 1.3 
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu cfda4bbeac Replace handshake over in flight transmit 
Fix deadloop in DTLS resumption test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu 1fb3299ad7 Replace internal usage of is_handshake_over. 
NEW_SESSION_TICKETS* are processed in handshake_step.
Change the stop condition from `mbedtls_ssl_is_handshake_over`
to directly check.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu 5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states 
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu 6848a61922 Revert "Replace internal usage of mbedtls_ssl_is_handshake_over" 
This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu e219c11b4e Replace internal usage of mbedtls_ssl_is_handshake_over 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Valerio Setti 61ea17d30a tls: psa_pake: fix return values in parse functions 
Ensure they all belong to the MBEDTLS_ERR_SSL_* group

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-18 12:11:00 +01:00
Valerio Setti aca21b717c tls: psa_pake: enforce not empty passwords 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 18:20:50 +01:00
Valerio Setti 819de86895 tls: removed extra white spaces and other minor fix 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 18:05:19 +01:00
Valerio Setti 6b3dab03b5 tls: psa_pake: use a single function for round one and two in key exchange read/write 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 17:14:54 +01:00
Valerio Setti 9bed8ec5d8 tls: psa_pake: make round two reading function symmatric to the writing one 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:36:19 +01:00
Valerio Setti 30ebe11f86 tls: psa_pake: add a check on read size on both rounds 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:35:02 +01:00
Valerio Setti a988364767 tls: psa_pake: fix missing new round one parsing function on tls12 server 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:35:02 +01:00
Valerio Setti a08b1a40a0 tls: psa_pake: move move key exchange read/write functions to ssl_tls.c 
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:34:59 +01:00
Andrzej Kurek ec71b0937f Introduce a test for single signature algorithm correctness 
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-11-17 14:58:14 +00:00
Paul Elliott 96a0fd951f Fix signature algorithms list entry getting overwritten by length. 
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-11-17 14:58:14 +00:00
Przemek Stekiel 369ae0afc3 Zeroize pake password buffer before free 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-17 14:14:31 +01:00
Przemek Stekiel 152ae07682 Change password ec j-pake operation fields to more suitable 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-17 13:24:36 +01:00
Ronald Cron d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication 
The merge job of the internal CI ran successfully. This is good to go.
 2022-11-17 12:48:50 +01:00
Przemyslaw Stekiel 1def5becc2 Add psa_get_and_lock_key_slot_with_policy to header file 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-16 16:28:04 +01:00
Valerio Setti 6f1b5741ae tls12: psa_pake: simplify EC info parsing in server's 2nd round 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:50:13 +01:00
Valerio Setti 4a9caaa0c9 tls12: psa_pake: check elliptic curve's TLS ID on handshake 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:50:10 +01:00
Valerio Setti fbbc1f3812 tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:49:52 +01:00
Valerio Setti 02c25b5f83 tls12: psa_pake: use common code for parsing/writing round one and round two data 
Share a common parsing code for both server and client for parsing
round one and two.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 13:56:12 +01:00
Ronald Cron e9f92c4fbc tls: Fix in_cid buffer size in transform structure 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-16 10:23:05 +01:00
Xiaokang Qian 0cc4320e16 Add EARLY_DATA guard to the early data extension in session ticket 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-16 08:43:50 +00:00
Gilles Peskine ef7f4e47b1 Express abs(z) in a way that satisfies GCC and MSVC 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:25:27 +01:00
Gilles Peskine af601f9751 Fix undefined behavior with the most negative mbedtls_mpi_sint 
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:02:14 +01:00
Gilles Peskine db14a9d180 Fix NULL+0 in addition 0 + 0 
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 23:00:21 +01:00
Przemek Stekiel 348410f709 Make a copy of the key in operation while setting pake password 
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-11-15 22:22:07 +01:00
Gilles Peskine 4a768dd17d Fix negative zero created by (-A) + (+A) or (-A) - (-A) 
In mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi(), and by extention
mbedtls_mpi_add_int() and mbedtls_mpi_sub_int(), when the resulting value
was zero, the sign bit of the result was incorrectly set to -1 when the
left-hand operand was negative. This is not a valid mbedtls_mpi
representation. Fix this: always set the sign to +1 when the result is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 20:36:18 +01:00
Gilles Peskine 72ee1e3f3c Unify mbedtls_mpi_add_mpi and mbedtls_mpi_sub_mpi 
mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() have the same logic, just
with one bit to flip in the sign calculation. Move the shared logic to a new
auxiliary function. This slightly reduces the code size (if the compiler
doesn't inline) and reduces the maintenance burden.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-15 20:30:09 +01:00
Xiaokang Qian 2cd5ce0c6b Fix various issues cause rebase to latest code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 10:33:53 +00:00
Dave Rodgman d384b64dd2
Merge branch 'development' into rfc9146_2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-14 17:43:15 +00:00
Janos Follath 4d0ea7f4cc
Merge pull request #6550 from minosgalanakis/minos/6017_add_montgomery_conversion 
Bignum: Add Montgomery conversion from/to cannonical form
 2022-11-14 11:12:13 +00:00
Xiaokang Qian fe3483f9a1 Update early data doument and config dependencies 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian ae07cd995a Change ticket_flag base on review 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian 2d87a9eeb5 Pend one alert in case wrong EXT_EARLY_DATA length 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian a042b8406d Address some format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:19 +00:00
Xiaokang Qian f447e8a8d3 Address comments base on reviews 
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:36 +00:00
Xiaokang Qian a341225fd0 Change function name ssl_tls13_early_data_has_valid_ticket 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 01323a46c6 Add session ticket related check when send early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian ecc2948f21 Fix format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 76332816c7 Define the EARLY_DATA_STATUS 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian 338f727683 Move EARLY_DATA_OFF/ON guard to ssl_misc.h 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:03 +00:00
Xiaokang Qian b781a2323c Move ssl_tls13_has_configured_ticket() back to tls13 client 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:51 +00:00
Xiaokang Qian 893ad81966 Remove useless early_secrets field 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:51 +00:00
Xiaokang Qian 911c0cc4f0 Fix format issues in comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Xiaokang Qian 0e97d4d16d Add early data indication to client side 
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Paul Elliott aeb8bf2ab0
Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser 
TLS 1.3: Add extension check for message parsers
 2022-11-11 19:00:46 +00:00
Minos Galanakis d9299c388e bignum_mod_raw: Refactored Montgomery conversion functions 
This patch updates the `mbedtls_mpi_mod_raw_conv_xx()` methods
as follows:

* Renamed for simplicity: conv_fwd -> from_mont_rep, conv_inv -> to_mont_rep.
* Uncoupled the dependency on the legaly bignum interface.
* `mbedtls_mpi` is no longer used for temporary buffer allocation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-11 10:54:58 +00:00
Hanno Becker 5ad4a93596 bignum_mod_raw: Added conversion methods for internal/public data representation 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-11-11 10:54:58 +00:00
Dave Rodgman f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Gilles Peskine ed4b34aa7c
Merge pull request #6570 from gilles-peskine-arm/bignum-mbedtls_test_read_mpi_core-nonempty 
Forbid empty mpi_core in test data
 2022-11-09 19:02:24 +01:00
Jerry Yu 97be6a913e fix various issues 
- typo error
- replace `ssl->hanshake` with handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-09 22:43:31 +08:00
Gilles Peskine 95b5addcd6 Don't test mbedtls_mpi_core_lt_ct with 0 limbs 
A core MPI must have at least 1 limb. We can no longer test with 0 limbs,
and we don't need to anyway, so don't try.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-09 11:18:38 +01:00
Gilles Peskine d4bd38ba5d
Merge pull request #6544 from KloolK/development 
Fix outdated reference in debug message
 2022-11-08 17:12:20 +01:00
Gilles Peskine 4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex 
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
 2022-11-08 17:11:07 +01:00
Jerry Yu 7de2ff0310 Refactor extension list print 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:39 +08:00
Jerry Yu 79aa721ade Rename ext print function and macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:39 +08:00
Jerry Yu b95dd3683b Add missing mask set and tls13 unrecognized extension 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:38 +08:00
Aditya Deshpande c4646c08cd Merge branch 'development' into driver-wrapper-key-agreement 2022-11-08 14:25:20 +00:00
Jerry Yu c437ee3bac fix wrong return value 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 21:04:15 +08:00
Jerry Yu ea52ed91cf fix typo and spell issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 21:01:17 +08:00
Gilles Peskine 42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free 
Shared code to free x509 structs like mbedtls_x509_named_data
 2022-11-08 12:20:20 +01:00
Dave Rodgman ae2635df6f
Merge pull request #6306 from tom-cosgrove-arm/issue-6305-fix 
Return an error from mbedtls_ssl_handshake_step() if neither client nor server
 2022-11-08 10:54:17 +00:00
Pengyu Lv c1ecb25d8a fix PSA_XXX typos detected by check_names.py 
Fix the PSA_XXX typos detected by check_names.py.
PSA_WANT is actually not typo, but would cause a false negative
result. So PSA_WANT is reworded to PSA_WANT_xxx.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2022-11-08 18:22:53 +08:00
Neil Armstrong ca7d506556 Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-08 10:58:45 +01:00
Jerry Yu e5991328ff fix tls13 psk only test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 16:16:29 +08:00
Glenn Strauss 82ba274c01 Deprecate mbedtls_asn1_free_named_data() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-11-07 15:42:44 -05:00
Aditya Deshpande d1b72a7b83 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-07 17:36:23 +00:00
Gilles Peskine faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format 
Fix ecjpake PSA format
 2022-11-07 17:35:44 +01:00
Gilles Peskine bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost 
BUG: Fix session resumption fail when hostname is not localhost
 2022-11-07 17:33:38 +01:00
Jan Bruckner f869bfdfef Fix outdated reference in debug message 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2022-11-07 15:28:49 +01:00
Aditya Deshpande 5567c660cd Fix formatting and code comments 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-07 10:43:29 +00:00
Aditya Deshpande 3f1606a1f6 Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA. 
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-07 09:22:52 +00:00
Jerry Yu 50e00e3ac6 Refactor server hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu edab637b51 Refactor new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu 0d5cfb7703 Refactor Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu 6d0e78ba22 Refactor certificate request 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu 9eba750916 Refactor encrypted extensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:22 +08:00
Jerry Yu 63a459cde5 Refactor client_hello parser and writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu 4b8f2f7266 Refactor sent extension message output 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu d25cab0327 Refactor debug helpers for exts and hs message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Janos Follath 5933f691a2 Add merge slots to Bignum files 
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.

Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-02 17:27:25 +00:00
Janos Follath 2a8bcf8c6f Add bignum merge scaffolding 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-02 17:25:48 +00:00
Gilles Peskine 22cdd0ccd3 Update some internal comments 
The refactoring of fill_random had left some obsolete bits in comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-02 16:00:01 +01:00
Gilles Peskine 009d195a56 Move mbedtls_mpi_core_fill_random to the proper .c file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-02 16:00:01 +01:00
Gilles Peskine 5980f2bd36 Implement mbedtls_mpi_core_fill_random 
Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It
had basically the right code except for how X is passed to the function.

Write unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-02 15:59:36 +01:00
Gilles Peskine 909e03c52f Bignum core: fill_random: prototype 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-02 15:59:16 +01:00
Janos Follath f1ed5815ba
Merge pull request #6512 from yanesca/extract_uint_table_lookup_core 
Implement mbedtls_mpi_core_ct_uint_table_lookup()
 2022-11-02 13:58:19 +00:00
Jerry Yu df0ad658a3 tls13: Add allowed extesions constants. 
- And refactor check_received_extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-02 21:35:27 +08:00
Dave Rodgman 90c6836271
Merge pull request #6524 from daverodgman/fix-duplicate-header 
Remove duplicate function prototype
 2022-11-02 13:06:08 +00:00
Dave Rodgman 0877dc8f55 Improve documentation for psa_crypto_cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-02 09:29:50 +00:00
Dave Rodgman 1630447eed Move declaration of mbedtls_cipher_info_from_psa into psa_crypto_cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-02 09:25:38 +00:00
Dave Rodgman ba864848e7 Remove duplicate function prototype 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:41:09 +00:00
Dave Rodgman 29b9b2b699 Fix zeroization at NULL pointer 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-01 16:08:14 +00:00
Janos Follath 8904a2db29 mpi_core_ct_uint_table_lookup: style and docs 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-10-31 16:51:56 +00:00
Nick Child 3951a4f3ad pkcs7: Use better error codes 
Remove an unnecessary debug print (whoops).
Use new error code for when the x509 is expired.
When there are no signers return invalid certificate.

Signed-off-by: Nick Child <nick.child@ibm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-31 09:38:42 -05:00
Dave Rodgman e8734d8a55
Apply suggestions from code review 
Two spelling fixes (changelog & a comment)

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-31 14:30:24 +00:00
Dave Rodgman 55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277 
cert_write - add a way to set extended key usages - rebase
 2022-10-31 13:27:49 +00:00
Janos Follath e50f2f1a8e Add mbedtls_mpi_core_ct_uint_table_lookup 
This will be needed for extracting modular exponentiation from the
prototype. The function signature is kept aligned to the prototype, but
the implementation is new. (The implementation of this function in the
prototype has further optimisations which are out of scope for now.)

The function is not reused in the bignum counterpart as it will become
redundant soon.

This function is meant to be static, but doesn't have the qualifier as
it is not used yet and would cause compiler warnings. The
MBEDTLS_STATIC_TESTABLE macro will be added in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-10-31 11:32:55 +00:00
Janos Follath 2dc2757cca
Merge pull request #6457 from minosgalanakis/minos/6017_update_modulus_lifecycle 
Bignum: Updated the modulus lifecyle
 2022-10-31 11:28:37 +00:00
Dave Rodgman 1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey 
Improve ECDSA verify validation
 2022-10-31 09:37:26 +00:00
Jerry Yu 7a485c1fdf Add ext id and utilities 
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu c4bf5d658e fix various issues 
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 03112ae022 change input extension_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 0c354a211b introduce sent/recv extensions field 
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu ffa1582793 move get_extension mask 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 9872eb2d69 change return type for unexpected extension 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 43ff252688 Remove unnecessary checks. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu d15992d3ce fix wrong setting of unrecognized ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 6ba9f1c959 Add extension check for NewSessionTicket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 2c5363e58b Add extension check for ServerHello and HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 2eaa76044b Add extension check for Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu c55a6af9eb Add extensions check for CertificateRequest 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu cbd082f396 Add extension check for EncryptedExtensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu e18dc7eb9a Add forbidden extensions check for ClientHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu 471dee5a12 Add debug helpers to track extensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu def7ae4404 Add auth mode check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-30 17:57:06 +08:00
Nick Child 5f39767495 pkcs7: Fix imports 
Respond to feedback about duplicate imports[1] and new import style [2].

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 12:38:41 -05:00
Nick Child bb82ab764f pkcs7: Respond to feeback on parsing logic 
After recieving review on the pkcs7 parsing functions, attempt
to use better API's, increase consisitency and use better
documentation. The changes are in response to the following
comments:
 - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1]
 - make lack of support for authenticatedAttributes more clear [2]
 - increment pointer in pkcs7_get_content_info_type rather than after [3]
 - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4]

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 12:28:54 -05:00
Glenn Strauss 7db3124c00 Skip asn1 zeroize if freeing shallow pointers 
This skips zeroizing additional pointers to data.
(Note: actual sensitive data should still be zeroized when freed.)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Glenn Strauss a4b4041219 Shared code to free x509 structs 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Nick Child 73621ef0f0 pkcs7: Improve verify logic and rebuild test data 
Various responses to feedback regarding the
pkcs7_verify_signed_data/hash functions. Mainly, merge these two
functions into one to reduce redudant logic [1]. As a result, an
identified bug about skipping over a signer is patched [2].

Additionally, add a conditional in the verify logic that checks if
the given x509 validity period is expired [3]. During testing of this
conditional, it turned out that all of the testing data was expired.
So, rebuild all of the pkcs7 testing data to refresh timestamps.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 11:24:25 -05:00
Ronald Cron 04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc 
TLS 1.3: Update documentation for the coming release and misc
 2022-10-28 11:09:03 +02:00
Gilles Peskine 75c4eaf1f8
Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak 
Fix a timing leak in ecp_mul_mxz()
 2022-10-27 19:46:48 +02:00
Minos Galanakis 4d4c98b1b9 bignum_mod: mbedtls_mpi_mod_modulus_setup() refactoring. 
This patch addresses more review comments, and fixes
a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 17:47:26 +01:00
Minos Galanakis 771c47055f bignum_mod: Style changes 
This patch addresses review comments with regards to style of
`mbedtls_mpi_mod_modulus_setup/free()`.

It also removes a test check which was triggering a use-after-free.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 12:36:24 +01:00
Minos Galanakis 8b33363315 bignum_mod: Updated modulus lifecycle with mm and rr. 
This patch updates the `mbedtls_mpi_mod_modulus_setup/free()`
methods to precalculate mm and rr(Montgomery const squared) during
setup and zeroize it during free.

A static `set_mont_const_square()` is added to manage the memory allocation
and parameter checking before invoking the
`mbedtls_mpi_core_get_mont_r2_unsafe()`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Minos Galanakis 760f5d6b6b bignum_mod: Updated mbedtls_mpi_mod_modulus_setup/free with new fields 
At the current state, those fields are initialised to 0, NULL.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Hanno Becker cd860dfe02 bignum_mod: Added Montgomery constants 
This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Gilles Peskine 9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add 
Bignum: extract core_add from the prototype
 2022-10-27 11:25:27 +02:00
Ronald Cron 77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory 
Internal and Open CI merge job ran successfully. Good to go.
 2022-10-27 10:40:56 +02:00
Gilles Peskine 88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa 
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
 2022-10-26 20:02:57 +02:00
Gilles Peskine d4d080b41b
Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared 
Bignum: Added pre-calculation of Montgomery constants
 2022-10-26 14:28:16 +02:00
Ronald Cron 4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup 
The Open CI ran successfully thus I think we can ignore the internal CI.
 2022-10-26 14:27:54 +02:00
Xiaokang Qian 72dbfef6e4 Improve coding styles 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-26 06:33:57 +00:00
Ronald Cron eac00ad2a6 tls13: server: Note down client not being authenticated in SSL context 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-25 20:02:03 +02:00
Gilles Peskine 744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 
Fix unusual macros
 2022-10-25 19:55:29 +02:00
Ronald Cron a709a0f2c6 tls13: Declare PSK ephemeral key exchange mode first 
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-25 19:05:26 +02:00
Tom Cosgrove 6469fdfb0a Fix whitespace issue spotted in review 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Tom Cosgrove 82f131063a Update documentation following review comment 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Tom Cosgrove af7d44b4d2 Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Hanno Becker c98871339d Extract MPI_CORE(add) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Minos Galanakis a081c51cd3 Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis 51d638baf6 bignum_core: Style update 
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.

Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis ae4fb671b4 mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis b85506e250 bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:23 +01:00
Minos Galanakis 4f43f61c6a Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:23 +01:00
Hanno Becker ec440f2397 bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:08:08 +01:00
David Horstmann 3a334c2edc Minor improvements to ssl_tls12_server.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:53:44 +01:00
David Horstmann 7aee0ec0ba Minor improvements in ssl_client.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:38:25 +01:00
David Horstmann 6e11687ba5 Minor improvements to ecp.c changes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:32:08 +01:00
David Horstmann 9b0eb90131 Rename ARIA_SELF_TEST_IF_FAIL 
Change to ARIA_SELF_TEST_ASSERT

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:23:34 +01:00
David Horstmann 059848ff23 Minor changes to asn1write.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:16:45 +01:00
Gilles Peskine e5a715e8c0
Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r 
Bignum core: shift_r
 2022-10-25 10:40:39 +02:00
Xiaokang Qian 72de95dcf5 Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 05:34:25 +00:00
Xiaokang Qian 600804b0e7 Remove useless early data related macros for the time being 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 03:00:18 +00:00
Xiaokang Qian 54413b10c2 Add early data support preparatory work 
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 03:00:18 +00:00
Andrzej Kurek 409248a73a mbedtls_ssl_get_handshake_transcript is unusable without hashes 
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:56:10 -04:00
Andrzej Kurek 57d1063db9 Fix tls_prf generic dependencies 
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:56:10 -04:00
Andrzej Kurek 468c50656e Fix key exchange dependencies for ssl_parse_server_ecdh_params 
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:55:18 -04:00
Ronald Cron 083da8eb53 tls13: client: Improve coding style 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron a2900bcd1e tls13: keys: Simplify code guard 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 766c0cdb1f tls13: Add missing kex guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 82be0d4b4d tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron de08cf3543 tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron 928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Gilles Peskine abc6fbb8d7 Fix brief description 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-21 18:36:31 +02:00
Ronald Cron d29e13eb1b tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron 2a87e9bf83 tls: Align set and usage check for PSK 
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron fa1e04a7c4 tls13: keys: Fix PSK build only case 
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron 9a6a49c7cb tls13: keys: Fail if the group type is not ECDHE or DHE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron b15d4d8966 tls13: keys: Fix error code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron 3b056202d3 tls13: keys: Do not use handshake->premaster 
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron 4c7edb2b9b tls13: keys: Fix indentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron 831fee68c3 tls13: keys: Avoid input buffer copy 
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.

This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.

With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Manuel Pégourié-Gonnard 45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded 
Unified tests/scripts/depends.py - reloaded
 2022-10-21 10:17:58 +02:00
Gilles Peskine c279b2fa4a Move mbedtls_mpi_core_shift_r to the proper source file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-20 11:40:15 +02:00
Gilles Peskine 6641420951 Bignum core: Break shift_r function out of the classic shift_r 
This commit contains the function prototype for mbedtls_mpi_core_shift_r,
and the implementation minimally modified from mbedtls_mpi_shift_r.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-20 11:40:15 +02:00
Gilles Peskine 4281ae0bd2
Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions 
Spell out bignum core conventions
 2022-10-19 15:53:33 +02:00
Gilles Peskine db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum 
Bignum: Add safe conditional assign and swap for the new MPI types
 2022-10-19 15:51:19 +02:00
Andrzej Kurek 9387b7b34e Add a temporary solution to create a seedfile 
This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek c610e7402e Formatting & unnecessary (void) fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek ecb630925f Fix constant name in ssl_tls13_keys 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek e5a5cc1944 Remove the dependency of tls1_3 key evolution tests on curve25519 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek eabeb30c65 Fix SHA512 vs SHA384 dependencies 
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek c19fb08dd3 Add missing ECDH dependency in tls 1.3 client 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 68327748d3 Add missing dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 46a987367c Formatting fix 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 084334c8f2 Compile constant time masking and hmac if there are suites using MAC 
This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 2d59dbc032 Use TLS prf only if TLS 1.2 is compiled in 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 894edde991 Add tls prf handling when there's no SHA256 or SHA384 
Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 252283f2aa Fix missing cipher mode dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
David Horstmann 078250eb56 Fix incorrect return style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-18 18:11:13 +01:00
David Horstmann 178ec96c89 Remove unnecessary NULL assignments 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-18 18:09:30 +01:00
David Horstmann 11307a1933 Clarify wording on allocation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-17 18:10:23 +01:00
Aditya Deshpande cfb441d5ee Fix spacing and formatting 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-17 15:17:30 +01:00
Gilles Peskine 8874cd570e
Merge pull request #4826 from RcColes/development 
Add LMS implementation
 2022-10-14 18:33:01 +02:00
Aditya Deshpande 40c05cc8e4 Newlines at end of file + trim trailing whitespace 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-14 16:46:51 +01:00
Aditya Deshpande 17845b8f71 Add driver wrapper function for raw key agreement, along with test call for transparent drivers. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-10-14 16:46:00 +01:00
Gilles Peskine dcd1717f5f Forbid aliasing outputs 
Aliasing between two outputs is hardly ever useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-14 17:15:21 +02:00
Gabor Mezei 4086de667d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-10-14 16:29:42 +02:00
Manuel Pégourié-Gonnard b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test 
Enable testing of AEAD drivers with libtestdriver1
 2022-10-14 11:11:01 +02:00
Raef Coles 1951259a10
Update how lms.c imports platform.h 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 16:47:13 +01:00
Ronald Cron 49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check 
Add server name check when proposing pre-share key
 2022-10-13 16:00:59 +02:00
Raef Coles cbd02adc6e
Simplify LMS context freeing 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:32 +01:00
Raef Coles 45c4ff93c9
Fix windows requiring explicit cast in LMS calloc 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:14 +01:00
Raef Coles 142e577c34
Add extra zeroization to LMS and LMOTS 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:03 +01:00
Raef Coles 9fc303a99a
Add extra LMOTS import negative tests 
And fix failures that are related to the new tests

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:30:01 +01:00
Raef Coles 4829459c90
Validate LMOTS sig length before parsing type 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:47 +01:00
Raef Coles 285d44b180
Capitalize "Merkle" in LMS and LMOTS code 
As it is a proper noun

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:43 +01:00
Raef Coles faf59babe8
Make LMS verification return VERIFY_FAILED more 
To align with PSA error code rules on when VERIFY_FAILED is returned vs
INVALID_ARGUMENT

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:42 +01:00
Raef Coles fbd60ec775
Change LMS and LMOTS init functions to use memset 
Instead of zeroize

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:40 +01:00
Raef Coles 9b0daf60fb
Improve LMS private function warning 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:38 +01:00
Raef Coles f6cb5a4826
Fix LMS return statements having incorrect style 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:35 +01:00
Raef Coles 75b4c7790e
Fix LMS internal function documentation 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:34 +01:00
Raef Coles d48f7e90bb
Allocate LMS C_RANDOM_VALUE as hash size 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:32 +01:00
Raef Coles 1fb2f32ef5
Check LMS offsets are sane at runtime 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:31 +01:00
Raef Coles e34e3c0e59
Remove unneeded cast in LMS calloc 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:30 +01:00
Raef Coles 370cc43630
Make LMS public key export part of public key api 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:28 +01:00
Raef Coles e89488debf
Fix bug in LMS public key loading 
To avoid using the type before it is parsed from the signature

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:27 +01:00
Raef Coles 3f6cdd7aab
Fix LMS not checking RNG function return value 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:24 +01:00
Raef Coles 02cf8234b4
Fix ots sig length check in LMS validate function 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:22 +01:00
Raef Coles f36874a535
Fix error type of lms_import_public_key 
Was returning an incorrect error when bad public key sizes were input

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:21 +01:00
Raef Coles dc8fb79e09
Simplify LMS private key generation error handling 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:20 +01:00
Raef Coles be3bdd8240
Rename LMS and LMOTS init/free functions 
To match convention

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:18 +01:00
Raef Coles 29117d2e4e
Update LMS PSA error conversion 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:17 +01:00
Raef Coles be0c2f9183
Update LMS local variable allocation 
To use a default failure value, and to avoid a call to
psa_hash_operation_init()

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:15 +01:00
Raef Coles 2ac352a322
Make LMS functions args const where required 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:14 +01:00
Raef Coles 5127e859d7
Update LMS and LMOTS dependency macros 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:11 +01:00
Raef Coles 56fe20a473
Move MBEDTLS_PRIVATE required defines into lms.h 
From lmots.h, as it is a private header

Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:10 +01:00
Raef Coles ab300f15e8
Move public header content from lmots.h to lms.h 
Signed-off-by: Raef Coles <raef.coles@arm.com>
 2022-10-13 14:29:08 +01:00