Commit graph

18316 commits

Author SHA1 Message Date
Ronald Cron
d21e6b71d5 tests: psa: Fix the dependencies on some driver wrappers fallback tests
The driver wrappers fallback tests depend on the builtin
support not builtin or driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
ae4a690926 tests: psa: Fix MD5 support not available dependencies
MD5 should not be supported by the library and any driver.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
18cd8db99a tests: ssl: Add misssing dependencies on SHA-1
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
40e46cf89c tests: psa: Remove wrong test function dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
81ca97e080 tests: psa driver: Align RSA/ECP sign/verify hash dispatch
Align RSA/ECP sign/verify hash dispatch with the
corresponding code of the library. The library
code was modified recently but not the test code
one and these modifications ease the following work.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
a72b12defb tests: psa: driver: mac: Remove opaque entry points in library
Opaque test entry points will be implemented only in
test code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Ronald Cron
170067043f psa: Fix unused variable warnings
Fix unused variable warnings when no AEAD
algorithm is enabled in the build.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:24 +01:00
Gilles Peskine
d895f52c4b
Merge pull request #5197 from gilles-peskine-arm/pip-requirements
In-tree Python package requirements
2021-12-03 17:25:53 +01:00
Gilles Peskine
28de59c50a
Merge pull request #5246 from adeaarm/development
Align function parameter names for mbedtls_set_key_owner_id
2021-12-03 17:24:46 +01:00
Gilles Peskine
1bbf6d645b
Merge pull request #5149 from mfil/feature/additional_cipher_info_getters
Additional cipher_info getters
2021-12-03 17:21:51 +01:00
Paul Elliott
cce0f5a085 Fix typo
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-03 16:13:30 +00:00
Ronald Cron
c7a40bc9c2 tests: psa: driver: cipher: Remove unnecessary check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 15:12:01 +01:00
Gilles Peskine
3d57afe2b0 Correct default requirements file name in help
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-03 13:32:51 +01:00
Paul Elliott
2fd6b61420 Remove incorrect hashing
Incorrect interpretation of 'empty'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 18:03:12 +00:00
Paul Elliott
7298bef693 Add explanation for safety in function
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 17:51:34 +00:00
Ronald Cron
9a37ff6364 tests: psa: aead: Fix operation type in entry point prototypes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-02 17:51:52 +01:00
Paul Elliott
c0d335bc1e Second draft of explanation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-02 16:38:05 +00:00
Xiaofei Bai
8b5c3824ee Fix (d)tls1_2 into (d)tls12 in version options
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 13:22:18 +00:00
Gilles Peskine
26f60b38de Add Cryptodome to maintainer requirements
See e.g. https://github.com/ARMmbed/mbedtls/pull/5218

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:50:06 +01:00
Gilles Peskine
b3e5340b1f Clarify comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:48:50 +01:00
Gilles Peskine
2673aa5812 Remove accidental requirement on the worktree content
This made the build impossible since mbedtls isn't available when building
the container.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-02 12:44:50 +01:00
Xiaofei Bai
d25fab6f79 Update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Paul Elliott
117282f25e Delete unneccesary changelog entry
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-01 17:18:12 +00:00
Paul Elliott
4768a30d9b Simplify Input usage macros
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:39:51 +00:00
Paul Elliott
df00695bfc Rename (and relabel) pkcs12 test case
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:31:10 +00:00
Paul Elliott
3584ae4d5f Remove incorrect test dependency
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 16:21:27 +00:00
Paul Elliott
ad7e8a7092 Documentation fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 15:37:49 +00:00
Antonio de Angelis
e2b6866e0b Align function parameter names for mbedtls_set_key_owner_id in PSA headers
static function mbedtls_set_key_owner() is declared in psa/crypto.h
and defined in psa/crypto_struct.h with different parameter name for
the  mbedtls_key_owner_id_t parameter and that may trigger errors
from static code analysis tool as cppcheck.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
2021-11-30 12:26:58 +00:00
Paul Elliott
fe08944246 Fix spelling error
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 10:55:53 +00:00
Paul Elliott
89c8e098ee Convert tabs to spaces
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-30 10:54:52 +00:00
Gilles Peskine
533a728392 mbedtls_ssl_config: Replace bit-fields by separate bytes
This slightly increases the RAM consumption per context, but saves code
size on architectures with an instruction for direct byte access (which is
most of them).

Although this is technically an API break, in practice, a realistic
application won't break: it would have had to bypass API functions and rely
on the field size (e.g. relying on -1 == 1 in a 1-bit field).

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19543 -> 19559 (diff: -16)
library/ssl_msg.o: 24726 -> 24690 (diff: 36)
library/ssl_srv.o: 20462 -> 20418 (diff: 44)
library/ssl_tls.o: 20707 -> 20555 (diff: 152)
library/ssl_tls13_client.o: 7252 -> 7244 (diff: 8)
library/ssl_tls13_generic.o: 4705 -> 4693 (diff: 12)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2876 -> 2864 (diff: 12)
library/ssl_msg.o: 3068 -> 3080 (diff: -12)
library/ssl_srv.o: 3372 -> 3340 (diff: 32)
library/ssl_tls.o: 6658 -> 6566 (diff: 92)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:44:49 +01:00
Gilles Peskine
8834d87ef6 mbedtls_ssl_config, mbedtls_ssl_session: reorder fields
Move small fields first so that more fields can be within the Arm Thumb
128-element direct access window.

Keep the int section after the pointer section: moving int fields first cost
a few bytes on the reference baremetal-m0plus build.

The ordering in this commit is not based on field access frequency.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19687 -> 19543 (diff: 144)
library/ssl_msg.o: 24834 -> 24726 (diff: 108)
library/ssl_srv.o: 20562 -> 20462 (diff: 100)
library/ssl_tls.o: 20907 -> 20707 (diff: 200)
library/ssl_tls13_client.o: 7272 -> 7252 (diff: 20)
library/ssl_tls13_generic.o: 4721 -> 4705 (diff: 16)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2936 -> 2876 (diff: 60)
library/ssl_msg.o: 3080 -> 3068 (diff: 12)
library/ssl_srv.o: 3400 -> 3372 (diff: 28)
library/ssl_tls.o: 6730 -> 6658 (diff: 72)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:39:29 +01:00
Gilles Peskine
ec45c1e174 mbedtls_ssl_handshake_params: reorder fields to save code size
Reorder fields mbedtls_ssl_handshake_params in order to save code on Arm
Thumb builds. The general idea is to put often-used fields in the direct
access window of 128 elements from the beginning of the structure.

The reordering is a human selection based on a report of field offset and
use counts, and informed by measuring the code size with various
arrangements. Some notes:
* This is the same reordering as the corresponding commit in #5189 for 2.2x.
* I moved most byte-sized fields at the beginning where they're sure to be
  in the direct access window.
* I moved buffering earlier because it can be around the threshold depending
  on the configuration, and it's accessed in a lot of places.
* I moved several fields, including update_checksum and friends, early so
  that they're guaranteed to be in the early access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19763 -> 19687 (diff: 76)
library/ssl_msg.o: 24874 -> 24834 (diff: 40)
library/ssl_srv.o: 20754 -> 20562 (diff: 192)
library/ssl_tls.o: 21003 -> 20907 (diff: 96)
library/ssl_tls13_client.o: 7284 -> 7272 (diff: 12)
library/ssl_tls13_generic.o: 4749 -> 4721 (diff: 28)
library/ssl_tls13_keys.o: 5133 -> 5077 (diff: 56)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 3000 -> 2936 (diff: 64)
library/ssl_msg.o: 3084 -> 3080 (diff: 4)
library/ssl_srv.o: 3428 -> 3400 (diff: 28)
library/ssl_tls.o: 6754 -> 6730 (diff: 24)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:18:09 +01:00
Gilles Peskine
55490d4e1f mbedtls_ssl_handshake_params: use bytes for some small values
Replace bitfields mbedtls_ssl_handshake_params by bytes. This saves some
code size, and since the bitfields weren't group, this doesn't increase the
RAM usage.

Replace several ints that only store values in the range 0..255 by uint8_t.
This can increase or decrease the code size depending on the architecture
and on how the field is used. I chose changes that save code size on Arm
Thumb builds and will save more after field reordering.

Leave the bitfields in struct mbedtls_ssl_hs_buffer alone: replacing them by
uint8_t slightly increases the code size.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19759 -> 19763 (diff: -4)
library/ssl_srv.o: 20790 -> 20754 (diff: 36)
library/ssl_tls13_keys.o: 5153 -> 5133 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-29 12:01:39 +01:00
Paul Elliott
66491c7d08 Edit docs to explain not changing curve order
TLS1.3 MVP would benefit from a different curve group preference order
in order to not cause a HelloRetryRequest (which are not yet handled),
however changing the curve group preference order would affect both
TLS1.2 and TLS1.3, which is undesirable for something rare that can
be worked around.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-29 10:39:44 +00:00
Ronald Cron
cae5909053 psa: aead: Fix invalid output buffer usage in generate_nonce()
Don't use the output buffer in psa_aead_generate_nonce()
to pass the generated nonce to the driver as a local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-29 08:43:15 +01:00
吴敬辉
0b71611c80 [session] fix a session copy bug
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.

Signed-off-by: 吴敬辉 <11137405@vivo.com>
2021-11-29 10:50:04 +08:00
Max Fillinger
72abd8a9c3 Fix type for iv size and block size in tests
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:52 +01:00
Max Fillinger
c3cffae420 Document return value for IV size getter on NULL
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-28 14:13:43 +01:00
Gabor Mezei
a09697527b
Add documentation for the functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:25:14 +01:00
Gabor Mezei
14d5fac11d
Unify function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:23:26 +01:00
Gabor Mezei
c0d8dda60d
Make mbedtls_ct_uchar_mask_of_range function static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:36 +01:00
Gabor Mezei
d77b86cc5b
Delete base64_invasive.h due to functions are moved to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:20:02 +01:00
Gabor Mezei
358829abc9
Move mbedtls_ct_base64_dec_value function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:14:52 +01:00
Gabor Mezei
9a4074aa1e
Move mbedtls_ct_base64_enc_char function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:14:21 +01:00
Gabor Mezei
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 17:09:38 +01:00
Gabor Mezei
b8d78926eb
Rename functions to have suitable name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-11-26 16:51:18 +01:00
Ronald Cron
c6e6f50d47 psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt()
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
13ed5c1c05 test: psa driver wrapper: Add non regression test for psa_cipher_encrypt()
Add non regression test for invalid usage of
the output buffer in psa_cipher_encrypt().
The output buffer should not be used to pass
the IV to the driver as a local attacker could
be able to control the used IV.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00
Ronald Cron
c60772c5d9 test: psa driver wrapper: Add cipher_encrypt negative testing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-11-26 15:46:20 +01:00