Commit graph

17601 commits

Author SHA1 Message Date
Brett Warren
01f3dae3f3 Refactor elliptic curve extension for NamedGroups
The refactoring is needed for the group api to work
properly. Code is modified to use mbedtls_get_supported_groups
instead of direct access so that both deprecated and new api
are useable.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Brett Warren
7f813d5d88 add group api tests
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Brett Warren
e0edc8407b Add mbedtls_ssl_conf_groups to API
mbedtls_ssl_conf_groups allows supported groups for key
sharing to be configured via their IANA NamedGroup ID.

This is added in anticipation of PQC and Hybrid key
sharing algorithms being integrated into Mbed TLS.

mbedtls_ssl_conf_curves is deprecated in favor of
mbedtls_ssl_conf_groups. handshake_init has been
modified to translate and copy curves configured
via conf_curves into a heap allocatied array of
NamedGroup IDs. This allows the refactoring of code
interacting with conf_curve related variables (such
as curve_list) to use NamedGroup IDs while retaining
the deprecated API.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 11:27:00 +01:00
Brett Warren
36b70b2a4e Change MBEDTLS_ECP_DP_MAX to 14
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-28 16:00:13 +01:00
Brett Warren
9e98573ca2 fix build fail with MBEDTLS_DEPRECATED
When deprecated functions are allowed

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-20 23:33:15 +01:00
Brett Warren
3a96d09898 export MBEDTLS_DEPRECATED from platform_util.h
Since there are no longer any alternative
MBEDTLS_DEPRECATED definitions in the codebase,
MBEDTLS_DEPRECATED can now be exported without breaking
anything.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-20 23:33:15 +01:00
Gilles Peskine
9202ba37b1
Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x
Clean up some remnants of TLS pre-1.2 support
2021-10-19 21:59:15 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
e7997c494b
Merge pull request #5085 from daverodgman/fix_naming
Fix naming examples in TLS 1.3 style guide
2021-10-18 17:52:07 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Dave Rodgman
c8aaac89d0 Fix naming examples in TLS 1.3 style guide
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-10-18 13:00:51 +01:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
0d4640ad90
Merge pull request #4984 from gilles-peskine-arm/check-names-files
check_names.py: more robust handling of excluded files
2021-10-15 13:33:50 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
ed61c5e8b0 Add change-log file (issue #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-14 09:14:09 +02:00
Gilles Peskine
1c66bf8061
Merge pull request #5070 from mpg/fix-resumption-openssl-client-tests
Use newer OpenSSL for tests failing with the old
2021-10-13 21:05:15 +02:00
Paul Elliott
0421715ade Use 127.0.0.1 rather than localhost
This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:47 +01:00
Paul Elliott
1428f252ad Fix incorrect check for DTLS
Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:40 +01:00
Paul Elliott
09cfa18976 Spelling fix
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:13:44 +01:00
Przemyslaw Stekiel
4cad4fc8a9 psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 14:04:36 +02:00
Przemyslaw Stekiel
1ecfdea002 all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 13:27:34 +02:00
Manuel Pégourié-Gonnard
d60950c2d0 Use newer OpenSSL for tests failing with the old
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 13:12:47 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
2021-10-11 19:23:12 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Przemyslaw Stekiel
b576c7b779 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Jerry Yu
e4eefc716a Improve document for chk_buf_read_ptr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-09 10:40:40 +08:00
Jerry Yu
fd320e9a6e Replace zeroize with memset
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Przemyslaw Stekiel
25f7063533 enerate_psa_tests.py fix format
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:28:45 +02:00
Jerry Yu
88b756bacb move tls1_3 max md size
It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 18:41:38 +08:00
Przemyslaw Stekiel
d9d630cdf3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00
Jerry Yu
d1ab262844 define max md size for tls1_3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e fix check_name fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9 fix document issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b fix doxygen parameter wrong
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4 Address kex_modes check function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb fix comments and check return issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c tls13: add key exchange modes in handshake params
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6 Add check read ptr macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Przemyslaw Stekiel
770153e836 Add change-log entry
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:12:41 +02:00
Przemyslaw Stekiel
c0fe820dc9 psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:08:56 +02:00
Gilles Peskine
0c7c524b25
Merge pull request #5001 from gilles-peskine-arm/readme-add-contacts
Add contact information directly on the home page
2021-10-06 19:35:52 +02:00
Gilles Peskine
bf3ec84b1c
Merge pull request #5003 from gilles-peskine-arm/all.sh-makeflags-nproc
Limit make parallelism to the number of CPUs in all.sh
2021-10-06 19:35:12 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB
Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:10 +02:00
Gilles Peskine
2aefc9ef2e Fix typo in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 20:34:53 +02:00
Gilles Peskine
fcc93d797b Make MBEDTLS_IGNORE_RETURN configurable
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:56:17 +02:00
Gilles Peskine
252b758dd6 Cleaner implementation of MBEDTLS_IGNORE_RETURN
The previous implementation was misparsed in constructs like
`if (condition) MBEDTLS_IGNORE_RETURN(...); else ...;`.

Implement it as an expression, tested with GCC, Clang and MSVC.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:54:51 +02:00
Gilles Peskine
cd79dfc4bb Fix mistake in the sample implementation of MBEDTLS_CHECK_RETURN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:53:36 +02:00