Commit graph

7917 commits

Author SHA1 Message Date
Jerry Yu
5ccfcd4ca1 Add local variable to represent handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
de4fb2cc34 Apply check read ptr macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
fd532e506b fix set key exchange mode issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
0b17784932 Add finalize function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
e1b9c297b9 Add read_server_hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
1efa815db7 tls13: add ecdh_read_public
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
a0650ebb9d tls13: add handshake key schedule
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
61e35e0047 tls13: add generate handshake keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Mateusz Starzyk
594215be6e Add support for CCM*-no-tag to PSA.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:41 +02:00
Mateusz Starzyk
bb2ced33dd Ignore plaintext length for CCM*-no-tag.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:37 +02:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gabor Mezei
116cd6a6b4
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:18:37 +02:00
Gabor Mezei
6a426c9f9f
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:17:43 +02:00
Gilles Peskine
9202ba37b1
Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x
Clean up some remnants of TLS pre-1.2 support
2021-10-19 21:59:15 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
Gabor Mezei
291df7bbab
Add macro guard for header file
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 11:27:17 +02:00
Gabor Mezei
e212379810
Bind functions' availability for config options
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 19:38:02 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gabor Mezei
949455892f
Remove unused function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 17:02:29 +02:00
Gabor Mezei
a2d0f90c5a
Make functions static
These functions are only used as an auxiliary function for constant-time functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:56:50 +02:00
Gabor Mezei
a316fc8eb0
Update documentation and comments
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
63bbba5c13
Rename and reorder function parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
7013f62ee5
Use condition for not sensitive data
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
eab90bcc36
Move implementation specific comment
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gabor Mezei
1e64261da5
Make mbedtls_cf_size_mask_lt function static
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-18 16:39:13 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
4cad4fc8a9 psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 14:04:36 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
2021-10-11 19:23:12 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Jerry Yu
e4eefc716a Improve document for chk_buf_read_ptr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-09 10:40:40 +08:00
Gilles Peskine
f6892dec2a Readability improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 16:28:32 +02:00
Jerry Yu
fd320e9a6e Replace zeroize with memset
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Jerry Yu
88b756bacb move tls1_3 max md size
It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 18:41:38 +08:00
Jerry Yu
d1ab262844 define max md size for tls1_3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e fix check_name fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9 fix document issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b fix doxygen parameter wrong
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4 Address kex_modes check function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb fix comments and check return issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c tls13: add key exchange modes in handshake params
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6 Add check read ptr macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 14:00:29 +08:00
Paul Elliott
e193ea8cb9 Add Multipart AEAD CCM internal implementation
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-07 18:06:03 +01:00
Przemyslaw Stekiel
c0fe820dc9 psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 11:08:56 +02:00
Gilles Peskine
b9b817e977 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 14:26:25 +02:00
Mateusz Starzyk
c48f43b44d Fix PSA AEAD GCM's update output buffer length verification.
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:55 +02:00
Mateusz Starzyk
f28261fc14 Remove output buffer limitation for PSA with GCM.
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.

Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-04 13:54:54 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB
Fix test gap: mbedtls_cipher_setup_psa() with ECB
2021-10-01 14:49:10 +02:00
openluopworld
eab65acca4 bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly.
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-10-01 17:57:11 +08:00
LuoPeng
eb009232c0 Update library/gcm.c
Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com>
Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-10-01 17:57:11 +08:00
XiaokangQian
05420b120b TLS1.3: Add useful comments based on RFC8446
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 06:15:18 +00:00
XiaokangQian
16c61aa738 TLS1.3: Alignment coding styles based on comments
Fix kinds of alignment issues in fetch handshake messages.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
XiaokangQian
6b226b0874 Add fetch_hand_message in generic
This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-09-30 02:14:23 +00:00
Andrzej Kurek
a72fe641cc Do not zeroize the ssl context if a key exporting function is set
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 17:08:31 -04:00
Ronald Cron
cd51e76583
Merge pull request #4338 from paul-elliott-arm/psa-m-aead
Implement multipart PSA AEAD
2021-09-29 22:48:33 +02:00
Andrzej Kurek
324f72ec9c Fix a bug where the ssl context is used after it's nullified
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:52 -04:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Paul Elliott
60116aee9e Invert logic on nonce length tests
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
355f59edbe Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Paul Elliott
e716e6c00b Switch cipher enabled macros
Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-29 14:40:16 +01:00
Przemyslaw Stekiel
80c6a8e1a6 Add PSA support for MBEDTLS_CIPHER_AES_128_ECB
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-09-29 12:39:21 +02:00
Gilles Peskine
bfe3d87f24
Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
2021-09-29 12:37:09 +02:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-29 17:46:51 +08:00
gabor-mezei-arm
5b3a32d883
Fix missing includes
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-29 10:53:55 +02:00
Manuel Pégourié-Gonnard
1869377146
Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers
add tls13 client dummy state handlers and improve dispatch test
2021-09-29 10:45:16 +02:00
Paul Elliott
baff51c8b7 Make sure nonce length checks use base algorithm
Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 17:47:24 +01:00
gabor-mezei-arm
90d96cc741 Add documentation for the functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 17:07:51 +02:00
gabor-mezei-arm
b11a56e34c
Unify equality checker functions return value
The equality checker functions always return 0 or 1 value,
thus the type of return value can be the same dispite of the
size of the parameters.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
9cb55698aa
Propagate usage of mask generation functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
396438c57b
Unify mask generation functions
Generate all-bits 0 or all bits 1 mask from a value instead of from a bit.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:19 +02:00
gabor-mezei-arm
87ac5bef97 Unify function parameters
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:42:16 +02:00
gabor-mezei-arm
4602564d7a
Unify memcmp functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:47 +02:00
gabor-mezei-arm
2dcd7686ce Typo: Unify indentation of function parameters
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:44 +02:00
gabor-mezei-arm
fdb71183f8
Move mbedtls_cf_rsaes_pkcs1_v15_unpadding function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:45 +02:00
gabor-mezei-arm
bef600f27e
Move the constant-time part of mbedtls_rsa_rsaes_pkcs1_v15_decrypt to a function
Tne unpadding part of `mbedtls_rsa_rsaes_pkcs1_v15_decrypt` function is
contant-time therefore it moved to a separate function to be prepared
for moving to the contant-time module.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
65cefdbfcb
Create mbedtls_cf_size_if function
Add a constant-time function with size_t parameter for choosing
between two integer values, like the ?: ternary operator.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
c29a3da599
Move mbedtls_mpi_lt_mpi_ct function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
5c97621215
Move mbedtls_mpi_safe_cond_swap function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
40a4925128
Move mbedtls_mpi_safe_cond_assign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
9c1203fd67
Delete ssl_invasive.h due to duplicated function declarations
All function declaration provided by ssl_invasive.h is needed only for
testing purposes and all of them are provided by constant_time.h as well.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
1349ffde84
Move mbedtls_cf_hmac function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
0e7f71e1a9
Move mbedtls_cf_memcpy_offset function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:44 +02:00
gabor-mezei-arm
dee0fd33f1
Move mbedtls_cf_memcpy_if_eq function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:43 +02:00
gabor-mezei-arm
394aeaaefb Move mbedtls_cf_mem_move_to_left function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:28:41 +02:00
gabor-mezei-arm
be8d98b0be Move mbedtls_cf_mpi_uint_cond_assign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:23:57 +02:00
gabor-mezei-arm
d3230d533c
Move mbedtls_cf_cond_select_sign function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
b2dbf2c113
Move mbedtls_cf_uint_if function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
3f90fd540a
Move mbedtls_cf_mpi_uint_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
84dc02c8f5
Remove module dependency
Elinimate macros defined by modules locally in the functions that are
moving to the new constant-time module.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:10 +02:00
gabor-mezei-arm
5a85442604
Move mbedtls_cf_size_gt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:21:09 +02:00
gabor-mezei-arm
8d1d5fd204 Move mbedtls_cf_size_bool_eq function to the constant-time module
There were multiple functions called mbedtls_cf_size_bool_eq. They had exactly
the same behavior, so move the one in bignum.c and remove the other.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:20:07 +02:00
gabor-mezei-arm
16fc57bcc4
Move mbedtls_cf_size_mask_ge function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
c76227d808
Move mbedtls_cf_size_mask_lt function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
3733bf805a
Move mbedtls_cf_size_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
340948e4a5
Move mbedtls_cf_uint_mask function to the constant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
gabor-mezei-arm
9fa43ce238
Rename function to have suitable name
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:14:47 +02:00
Paul Elliott
814f0c5fb1 Remove check for lack of supported ciphers
Add comment explaining (currently) empty function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 14:42:36 +01:00
Paul Elliott
946c920475 Add safety for nonce length to internal driver
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 14:42:36 +01:00
Jerry Yu
d9a94fe3d0 Add counter length macro
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 20:10:26 +08:00
Jerry Yu
6ca7c7fd6b Remove useless variables
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 18:51:40 +08:00
Paul Elliott
bb0f9e1740 Move all nonce length checks to PSA Core
Remove duplicated code from oneshot API

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 11:16:27 +01:00
Paul Elliott
dff6c5d963 Restore internal driver for aead_set_lengths
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-28 11:16:27 +01:00
Jerry Yu
ad8d0bad10 Keep consistency order.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 17:58:26 +08:00
Jerry Yu
d52398d31f fix double underscore fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-28 16:13:44 +08:00
Paul Elliott
4ed1ed18d2 Move nonce size checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
325d374e3d Move set lengths checking to PSA Core
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 18:24:11 +01:00
Paul Elliott
c78833abc7 Add reminder of assumption to documentation
Key size is not verified by this function, but by the level above it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-27 16:00:40 +01:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 16:22:08 +02:00
Jerry Yu
148165cc6f Remove psa version of get_handshake_transcript
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
957f0fa1f7 Add length macro for in_ctr
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
e06f4532ef remove useless code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
4836952f9d fix tls1_3 prefix issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
92c1ca221f fix likely typos error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
b65eb2f3cf Revert "tls13: add generate handshake keys"
This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
5243142476 Add macro for length of input counter
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
e3131ef7f3 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
a63de352dc Revert "tls13: add ecdh_read_public"
This reverts commit 6a9d2ee4df88028e352e50d4f48687ce5b0f26ac.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
000f976070 Rename get_handshake_transcript
- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
c7875b5f11 add set in/out transform utils
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
d3f73349a7 tls13: add ecdh_read_public
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
7bea4bac96 tls13: add checksum of handshake message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
4925ef5da1 tls13: add generate handshake keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
89ea321d96 tls13: add key_schedule_stage_early_data
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
24c0ec31f9 tls13: add get_handshake_transcript
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:34:58 +08:00
Jerry Yu
3bf1f97a0e fix various issue on pending send alert
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
bbd5a3fded fix pending_alert issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
394ece6cdd Add function for set pending alert flag
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
e7047819ee add pend fatal alert
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:38 +08:00
Jerry Yu
e86cd65754 fix unused-variable fail without MBEDTLS_DEBUG_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
860b4ee42e Rename *_read_* to *_process_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
6e81b27003 Add client state number check
It is temporary check. If any change on `mbedtls_ssl_states`, please
double check those tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
435756ffc0 Keep consistent order in dummy functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
6c983524a8 Move msvc compatible fix to common.h
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
687101b2e6 tls13: add dummy state machine handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Gilles Peskine
aafb21f320
Merge pull request #4968 from davidhorstmann-arm/fix-aarch64-asm-constraints
Fix aarch64 assembly for bignum multiplication
2021-09-27 09:01:15 +02:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-24 11:18:13 +01:00
Ronald Cron
f2cb19f921
Merge pull request #4891 from yuhaoth/pr/enable-key-exchange-in-client-hello
TLS1.3: Client Hello : Add  extensions and test case.
2021-09-23 18:45:01 +02:00
Paul Elliott
90fdc117dd Make NULL tag check more explicit
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
Paul Elliott
70618b22a9 Change sizeof to variable rather than struct
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-22 22:34:17 +01:00
David Horstmann
11c81df707 Fix aarch64 assembly for bignum multiplication
Add memory constraints to the aarch64 inline assembly in MULADDC_STOP.
This fixes an issue where Clang 12 and 13 were generating
non-functional code on aarch64 platforms. See #4962, #4943
for further details.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-09-22 18:31:35 +01:00
LuoPeng
e3f23091d2
Merge branch 'ARMmbed:development' into development 2021-09-22 23:36:15 +08:00
Manuel Pégourié-Gonnard
a0b4b0c3cd Clean up some remnants of TLS pre-1.2 support
Now that support for earlier version have been removed, we no longer
need to care about them.

Since TLS 1.3 is being gradually introduced, we might still need a
version check in some places - but here the function is called
ssl_tls12_populate_tranform() and TLS 1.3 has its own function
mbedtls_ssl_tls13_populate_transform(), so when this function is called
we just know we're using TLS 1.2.

Reviewer hint: use the -b option of git diff / git show

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-09-21 14:12:59 +02:00
Gilles Peskine
f0f2294f57
Merge pull request #4708 from mstarzyk-mobica/ccm_chunked
Ccm chunked - enable multipart CCM in PSA
2021-09-21 13:46:52 +02:00
Gilles Peskine
6c12a1e9f2 Add ARIA to the PSA API
Use the encoding from an upcoming version of the specification.

Add as much (or as little) testing as is currently present for Camellia.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-21 11:59:39 +02:00
Gilles Peskine
304689e4c4
Merge pull request #4947 from gilles-peskine-arm/muladdc-amd64-memory-development
Fix x86_64 assembly for bignum multiplication
2021-09-20 22:23:49 +02:00
Gilles Peskine
93cb6111ba
Merge pull request #4878 from SiliconLabs/remove_dependency_4877
Remove dependency of built-in keys on storage
2021-09-20 22:20:16 +02:00
Paul Elliott
ec95cc9489 Add safety for NULL tag being passed to finish
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 22:39:06 +01:00
Paul Elliott
8ff74217e4 Add comment explaining finish output size
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
4c916e8d74 Improve comment on buffer clearing
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
69bf5fc901 Const correctness
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
70f447dfe5 Replace individual zeroization with memset
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:17 +01:00
Paul Elliott
eac6c757a2 Make nonce length check return error where it can
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
12acb6bb4c Remove missed references to aead_verify from docs
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
b183d56b5f Use safer size for tag checking
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
Paul Elliott
06b6b8c8d6 Add missing zeroize for sensitive tag data.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-19 18:43:16 +01:00
openluopworld
08fd463ee4 bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-09-19 11:20:03 +08:00
openluopworld
6c8183f0c9 bugfix: if the len of iv is not 96-bit, ghash is used to compute y0.
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-09-17 22:20:07 +08:00
openluopworld
2beb5f302a bugfix: if the len of iv is not 96-bit, ghash is used to compute y0.
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
2021-09-17 18:20:37 +08:00
Jerry Yu
388bd0d53c fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-15 22:06:11 +08:00
Gilles Peskine
d337fbc4cb x86_64 MULADDC assembly: add missing constraints about memory
MULADDC_CORE reads from (%%rsi) and writes to (%%rdi). This fragment is
repeated up to 16 times, and %%rsi and %%rdi are s and d on entry
respectively. Hence the complete asm statement reads 16 64-bit words
from memory starting at s, and writes 16 64-bit words starting at d.

Without any declaration of modified memory, Clang 12 and Clang 13 generated
non-working code for mbedtls_mpi_mod_exp. The constraints make the unit
tests pass with Clang 12.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-15 15:51:43 +02:00
Jerry Yu
dd1fb9e37e add mbedtls_ecdh_setup_no_everest
Setup ecdh without everest for TLS1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-15 11:10:15 +08:00
Jerry Yu
bdc71888fc Remove restartable and everest from tls1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-14 19:33:31 +08:00
Janos Follath
cacec723c8
Merge pull request #4938 from gilles-peskine-arm/psa_cipher_update_ecp-unused_parameter
Fix parameter set but unused on psa_cipher_update_ecb
2021-09-13 13:55:38 +01:00
Gilles Peskine
d87d87371f Fix the size in bytes
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 12:21:22 +02:00
Gilles Peskine
1716f32864 psa_cipher_update_ecb: remove parameter output_size
This parameter was set but not used, which was pointless. Clang 14 detects
this and legitimately complains.

Remove the parameter. This is an internal function, only called once. The
caller already has a sufficient check on the output buffer size which
applies in more cases, so there is no real gain in robustness in adding the
same check inside the internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 09:46:41 +02:00
Gilles Peskine
55dffe58a0 Document the internal function psa_cipher_update_ecb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-13 09:33:28 +02:00
Jerry Yu
335aca9c52 fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-12 20:18:56 +08:00
Jerry Yu
72fc69bd40 fix typo error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-10 10:23:37 +08:00
Archana
9d17bf4215
Styling and refactoring
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-10 07:16:08 +05:30
Archana
374fe5b8d2
Handle zeroed attributes key bits and type in copy
The target attributes for key copy could have key bits and
type zeroed. If so, they need to be overwritten/ inherited
from the source key.
This is now forcefully overwritten after validating the
optional attributes. As a result assigning attributes type
and bits after copy are no longer necessary.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-09 10:09:19 +05:30
Archana
449608bc61
Code style improvements
Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:13 +05:30
Archana
8a180368fb
Add opaque test driver support for copy key
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:07 +05:30
Archana
6ed4bda2c6
pre-existing validation extended
The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:04:00 +05:30
Archana
4d7ae1d8cf
Add test driver support for opaque key import
-Add test driver support to import/export while wrapping keys
 meant to be stored in the PSA core as opaque( emulating an
 SE without storage ).
-Export validate_unstructured_key_bit_size as
 psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
 cover opaque keys, thereby avoiding duplication.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:54 +05:30
Archana
d8a83dc172
Sizing of key buffer for opaque keys
Create a new sizing function for determining the size required for key
storage based on the input key data.
This is required for key imports where the key length might need to be
derived from the data.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-09-08 22:03:48 +05:30
Ronald Cron
3b097eb68f
psa: Remove psa_key_slot_is_external()
Remove psa_key_slot_is_external() that is not used anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:41 +05:30
Ronald Cron
9b8b69c30a
psa: Remove buggy report of RSA public exponent for opaque keys
The report of RSA public exponent for opaque keys is not
supported. Do not attempt to compute the RSA public
exponent of an RSA opaque key associated to a driver
implementing the new driver interface when
MBEDTLS_PSA_CRYPTO_SE_C is disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:32 +05:30
Ronald Cron
512ad81318
psa: Fix slot number key attribute
Slot number key attribute is specific of dynamically
registered drivers and should thus not be computed/
returned in case of keys associated to drivers
implementing the new unified driver interface.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:26 +05:30
Ronald Cron
ddae0f5642
Clarify psa_get_and_lock_transparent_key_slot_with_policy() purpose
Clarify the purpose of
psa_get_and_lock_transparent_key_slot_with_policy() and
define it even when MBEDTLS_PSA_CRYPTO_SE_C is disabled
for the purpose of static drivers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-09-08 22:03:20 +05:30
Jerry Yu
7c522d4941 Remove ecp_c undefine routines
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 17:55:09 +08:00
Jerry Yu
b60e3cf424 fix various issues
- format problems
- name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 16:41:02 +08:00
Jerry Yu
56fc07f7ae add key_share extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 10:37:20 +08:00
Jerry Yu
7236994aa9 add signature algorithms extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
6b64fe31ce add supported groups extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
e226cef124 Add NamedGroup IANA values and helper functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
26f4d15d13 Add key exchange modes helper functions
Add helper functions for `tls13_kex_modes`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
7533635e5a Change dummy extension return
With error return, server can not receive
Client Hello message.

If received , we can test current status.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 09:52:15 +08:00
Jerry Yu
fec982eacc fix coding style issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-07 17:26:06 +08:00
Jerry Yu
4e388286af fix usage of iteration
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-06 21:28:08 +08:00
Jerry Yu
bbe09526b7 fix name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-06 21:17:54 +08:00
Mateusz Starzyk
5d7f6b1fd5 Remove rendundat ctx->add_len check.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-06 12:09:34 +02:00
Jerry Yu
dbfb7bd873 fix various issues
- wrong cipher suite filter condition
- name conversion
- format issue

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-04 10:00:02 +08:00
Jerry Yu
8c02bb4b71 fix various comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 21:52:26 +08:00
Jerry Yu
ef387d79a4 change prototype of write body
To keep consistence with others

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
2c0fbf3405 modify proc_chk macros
- change the parameter
- remove debug output
- remove return value modify

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
0c63af6ed6 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
790656a0a6 fix name conversion issues
fix name conversion issues in `ssl_tls13_write_client_hello_body`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
1bc2c1f1a3 fix various issues
fix comments, format and name conversion issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
f171e836eb fix lenght mismatch error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
b7ab336b3a fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
a2cf7bd243 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
6a64310002 Cleanup client_hello body.
cleanup `ssl_tls13_write_client_hello_body`, fix comments issues.
And move ciphersuites to separate function

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
67d4ed5b22 force change state type
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
159c5a0e12 fix comments issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
08906d006b fix name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
e41dec0158 Rename write signature algorithms function
To keep similar name with other place.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
eecfbf001c fix format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
995ecd396f fix wrong iana values and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
c4d22444d6 fix undeclared variable error
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_tls13_client.c
2021-09-03 16:29:20 +08:00
Jerry Yu
5cc8f0a0d8 Add simple document for tls13 functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
275619336a fix name conversion issue for tls13 server entry
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
92c6b402d7 Remove prototype of static functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
9176c3ad8c trim spaces
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
9e42f6efd3 Revert "Move random function check"
This reverts commit cc88b34f7942f57ea0fd27ee4b3e29f49c91f10e.

It causes many test fail. It should be re-considered.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
d532fe7720 write client hello also in hello reqeust
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
f443681f56 fix function name conversion issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
55b9038600 fix coding style issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
2ac64193ad Apply MBEDTLS_PUT_xyz
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
e885b76980 fix too long lines
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:20 +08:00
Jerry Yu
6f13f64aa6 fix various format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
708202b7d0 Move random function check
move to `ssl_conf_check`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
c7ddeec229 Remove len_without_binders
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
8e7ca0432e fix extensions_present issues
fix comments for the mask values. follow same order
as IANA values.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
32cd5b19dc fix unused variable warning
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
ef6b36b484 add supported versions extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
bc20bdd3a9 Implement write_partial with dummy exts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
93bcd61a41 Add field into handshake params
Add `extensions_present` field. It represents
which are present.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
c8a392c47e Implement stages except write_partial
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
65dd2ccfe6 Add dummy stages for client_hello_process
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
a13c7e739c add dummy client hello process
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Jerry Yu
beb3f41f2f Add handshake_set_state helper function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-03 16:29:19 +08:00
Mateusz Starzyk
64f0b5f454 Return BAD_INPUT error for CCM context's erroneous state
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-02 11:50:54 +02:00
Gilles Peskine
88d681ca35 Make size_t -> int downcasts explicit
mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC
complains.

Where possible, just stick to size_t.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 16:57:23 +02:00
Gilles Peskine
6f015a8798
Merge pull request #2327 from kennethsoerensen/pkparse-warning
Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
2021-09-01 16:53:45 +02:00
Paul Elliott
3d7d52c2ed Formatting fixes
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-09-01 15:09:15 +01:00
Mateusz Starzyk
7251eda6ff Replace BAD_SEQUENCE error with BAD_INPUT
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-09-01 13:26:44 +02:00
Manuel Pégourié-Gonnard
5a8abb144c
Merge pull request #4883 from mstarzyk-mobica/fix_psa_sign_msg
PSA MAC computation with _HASH flag implies _MESSAGE.
2021-09-01 12:23:20 +02:00
Gilles Peskine
ce9e3a92fe Remove redundant null check
mbedtls_cipher_info_get_xxx has well-defined behavior on NULL, so no need to
check first.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Gilles Peskine
e720dbe177 Use cipher_info accessor functions in TLS code
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Kenneth Soerensen
e28d49b3b6 Remove compiler warning if only MBEDTLS_PK_PARSE_C is defined
Warning reported with IAR compiler:
"mbedtls\library\pkparse.c",1167  Warning[Pe550]: variable "ret" was set but never used

Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2021-08-31 13:05:12 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Paul Elliott
5e69aa5709 Remove NULL check for set nonce
Also remove tests which would pass NULL to this function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
2e450093e1 Remove variables declared as unused
They are now always being used.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
efda3408ce Fix formatting issues
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
3242f6c8ef Fix formatting issue
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
b8db2c5726 Remove extra blank lines
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
daf5c8954c Remove extraneous state checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Paul Elliott
d9343f2f0f Refactor is_encrypt into aead setup arguments
Avoid touching the operation until later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-25 17:40:40 +01:00
Jerry Yu
d85a52c508 Add mask for kex_modes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:57 +08:00
Jerry Yu
69e0ec46b7 Replace SHA512_C with SHA384_C
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:48 +08:00
Jerry Yu
cadebe5343 fix several format and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:42 +08:00
Mateusz Starzyk
cbefb6ba4d Merge branch 'development' into ccm_chunked
Conflicts:
	library/ccm.c

Conflict resolved by re-applying the MBEDTLS_BYTE_0 macro.
Conflict resolved by ignoring the MBEDTLS_PUT_UINT16_BE macro
used in development branch on the 'b' buffer, because the 'b'
buffer is removed in current branch.
2021-08-24 15:14:23 +02:00
Joe Subbiani
a5cb0d24d4 Tidy up grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-23 11:52:28 +01:00
Joe Subbiani
94180e708f Minor coding style improvement
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 16:20:44 +01:00
Joe Subbiani
e4603eece9 Compress byte reading macros in if statements
exchange MBEDTLS_BYTE_x in if statements with MBEDTLS_GET_UINT16_BE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 13:05:30 +01:00
Joe Subbiani
1f6c3aeb63 Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 12:19:57 +01:00
Mateusz Starzyk
ce0e6a9dea Require MESSAGE flag in PSA MAC setup.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-20 11:33:51 +02:00
Paul Elliott
36869706e2 Remove duplicated statements in documentation.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-19 19:18:28 +01:00
Paul Elliott
e0a12bd852 Refactor aead setup functions into single function
Move common encrypt / decrypt code into common function, and roll in
previously refactored setup checks function, as this is now the only
place it is called.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-19 19:18:28 +01:00
Paul Elliott
5d3a3c3ee4 Fix arguments formatting mistake
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-19 19:18:28 +01:00
Joe Subbiani
9ab1866b0d Remove trailing whitespace
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
d0687856af Improve documentation and add more uses of MBEDTLS_PUT
minor changes, such as improving the documentation for the byte reading
macros, and using MBEDTLS_PUT_UINT16_xy in place of byte reading
macro combinations

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
5241e343de Improve consitency throughout library/common.h
Replace the contents of MBEDTLS_PUT_UINTx_yz contained inconsitent
but similar/duplicate code to the MBEDTLS_BYTE_x macros. Therefore
the contents of the macros now utilise the byte reading macros.

MBEDTLS_PUT_UINT64_LE's written order was also not consitent with
the other PUT macros, so that was modified.

Documentation comment said LSB instead of MSB and that has also been
resolved.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
6dd7364553 Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:41 +01:00
Joe Subbiani
51b147add0 Remove trailing white space
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:48 +01:00
Joe Subbiani
4919bb46b0 Remove use of byte reading macro for uint16
Accidently used MBEDTLS_BYTE_16 for a uint16 variable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
b6511b04fa Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
fbeb692dd0 Use byte reading macros in places not using a byte mask
byte shifting opertations throughout library/ were only replaced with
the byte reading macros when an 0xff mask was being used.
The byte reading macros are now more widley used, however they have not
been used in all cases of a byte shift operation, as it detracted from
the immediate readability or otherwise did not seem appropriate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
99edd6c810 Add UINT64 GET and PUT macros
Copy over the GET/PUT_UINT64_LE/BE macros from aes.c and sha512.c
Add the MBEDTLS_ prefix to all 4 macros.
Modify the GET_UINT64 macros to no longer take a target variable
as a parameter, so when the macro function is called it must be
assigned to a variable in the same statement.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
2194dc477a Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x
The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
bf7ea84f83 Replace "four bytes" with "two bytes" in macro documentation
When writing the documentation 4 bytes was written instead of 2 for
MBEDTLS_UINT16_LE

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
f5462d989c Remove trailing whitespaces
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
54550f7fca Replace 3 byte shift with appropriate macro
aria.c has a shift by 3 bytes, but does not use the 0xff masking.
aparently this is not a problem and it is tidier to use the maco.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
635231a71e Improve common.h macro documentation
Imrpoved the descriptions of the macros and parameters and
changing the name of the MBEDTLS_PUT_UINT... macro parameters
to be more descriptive

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:42 +01:00
Joe Subbiani
cd84d76e9b Add Character byte reading macros
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:41 +01:00
Joe Subbiani
6a50631497 GET macros use a target variable
The GET macros used to write to a macro parameter, but now
they can be used to assign a value to the desired variable
rather than pass it in as an argument and have it modified
in the macro function.

Due to this MBEDTLS_BYTES_TO_U32_LE is the same as
MBEDTLS_GET_UINT32_LE and was there for replaced in the
appropriate files and removed from common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
394bdd662b Document common.h and remove changelog
Added documenttion comments to common.h and removed the changelog
as it is not really necessary for refactoring.

Also modified a comment in aria.c to be clearer

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
9fa9ac3612 Move GET/PUT_UINT16_LE macros to common.h
Although these only appear in one file: psa_crypto_storage.c
it is tidy to give it the same prefix as the UINT32 macros
and to store them in the fame file

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:55 +01:00
Joe Subbiani
5ecac217f0 Prefixed macros with MBEDTLS
As per tests/scripts/check-names.sh, macros in
library/ header files should be prefixed with
MBEDTLS_
The macro functions in common.h where also indented
to comply with the same test

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
9aaec54e57 Undo use of BYTE_x macro
The use of the BYTE_x macro in nist_kw did not seem appropriate
in hind sight as it is working with a character array not an int

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
6f2bb0c8ef Remove trailing whitespace
Trailing white spaces causing check_files.py to fail

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:54 +01:00
Joe Subbiani
c4f3d5b38e Add do-while protection to macros
missed do-while around function-like macros (UINT32_BE and
UINT_LE macros) originally present in the indivdual files,
before being moved to common.h.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
54c6134ff7 Move UINT32_LE macros to common.h
32-bit integer manipulation macros (little edian):
GET_UINT32_LE and PUT_UINT32_LE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Also provided brief comment in common.h for
BYTES_TO_U32_LE. comment/documentation will
probably need to be edited further for all
recent additions to library/common.h

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
30d974c232 Move UINT32_BE macros to common.h
32-bit integer manipulation macros (big edian):
GET_UINT32_BE and PUT_UINT32_BE appear in several
files in library/.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
3b394509da Move BYTES_TO_U32_LE to common.h
The macro BYTES_TO_U32_LE appears in poly1305.c and
chacha20.c.
Removes duplicate code and save vertical
space the macro has been moved to common.h.
Improves maintainability.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Joe Subbiani
50dde56543 Implement byte reading macros into library/
To improve readability by saving horizontal and vertical space.
Removed unecessary & 0xFF.
Byte reading macros implemented in library/common.h, All files
containing "& 0xff" were modified.
Comments/Documentation not yet added to the macro definitions.

Fixes #4274

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:31:53 +01:00
Manuel Pégourié-Gonnard
01a78599b0
Merge pull request #4864 from hanno-arm/upstream_sig_alg_identifers
TLS 1.3 MVP: Upstream TLS 1.3 SignatureAlgorithm identifiers and configuration API
2021-08-19 09:12:59 +02:00
Jerry Yu
7899de839c fix comments and format issues
Change-Id: I927d97f9d788389d6abb9edbda0f7c3e2f8e9b63
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 13:26:59 +08:00
Jerry Yu
f7fce9200c Remove rsa_pss_rsae_sha256 from preset_sig_algs.
To keep consistent with ssl_{clien2t,server2}.

Change-Id: I08dbe47a3d9b778ba3acad283f608fef4e63c626
CustomizedGitHooks: yes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 13:26:53 +08:00
Archana
0dc86b5a2a
Remove dependency of builtin keys on storage
The psa_open_key API depends on MBEDTLS_PSA_CRYPTO_STORAGE_C.
This is unnecessary for builtin keys and so is fixed.
Updated an open_fail test vector keeping with the same.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-08-17 02:46:00 +05:30
Paul Elliott
66696b5591 Improve nonce length checks
Add the missing nonce length checks (this function is being used by
oneshot functions as well as multipart, and thus all cipher suites are
being used) and cover the case where a NULL buffer gets passed in.
Extended the set nonce test to cover this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-16 18:44:50 +01:00
Paul Elliott
814fffbd72 Remove overly strict final checks
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-08-16 18:44:42 +01:00
Manuel Pégourié-Gonnard
5e344563e4
Merge pull request #4858 from hanno-arm/upstream_tls13_transforms
Upstream TLS 1.3 record transformations structure fields
2021-08-12 12:29:54 +02:00
Manuel Pégourié-Gonnard
2fb897ecf9
Merge pull request #4852 from hanno-arm/unify_cli_srv_hs_step
Share preparatory code between client and server handshake steps
2021-08-12 12:24:51 +02:00
Manuel Pégourié-Gonnard
b7745d2323
Merge pull request #4834 from hanno-arm/msg_layer_reset_helper
Move messaging related session reset into separate helper function
2021-08-12 12:20:33 +02:00
Manuel Pégourié-Gonnard
409c8f6e1b
Merge pull request #4851 from hanno-arm/hs_msg_without_checksum
Add handshake message writing variant that doesn't update checksum
2021-08-12 11:54:10 +02:00
Hanno Becker
30319f1f88 Remove misplaced comment in TLS 1.3 ciphersuite definitions
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
71f1ed66c2 Add identifiers and API for configuration of TLS 1.3 key exchanges
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
e2defad0bb Fix indentation of pre-existing code-block in ssl_tls.c
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
8ca26923eb Add TLS 1.3 ciphersuites
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Hanno Becker
e043d15d75 Turn comments of 1.3 record transforms into Doxygen documentation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:22:52 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
gabor-mezei-arm
d112534585 Add a new file for constant-time functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-08-11 15:35:28 +02:00
Hanno Becker
deb68ce2d1 Fix guard around TLS 1.3 SigAlg configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 16:04:05 +01:00
Hanno Becker
9c6aa7bb9a Add default values for TLS 1.3 SigAlg configuration
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:49 +01:00
Hanno Becker
1cd6e0021f Add experimental API for configuration of TLS 1.3 sig algs
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:43 +01:00
Mateusz Starzyk
2f1754916c Improve comment on local_output.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
b73c3ec1bc Restore MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED as default ret.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
62d22f9782 Use additional state in CCM to track auth data input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
4f2dd8aada Fix errors returned by CCM functions.
Add new error code for calling functions in wrong order.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 14:00:14 +02:00
Mateusz Starzyk
f337850738 Use const size buffer for local output in CCM decryption.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:59:36 +02:00
Mateusz Starzyk
c562788068 Fix local buffer allocation conditions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
c8bdf36a72 Validate tag pointer in ccm function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
1bda9451ef Factor out common code from ccm decrypt functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
eb395c00c9 Move 'Authenticated decryption' comment.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
22f7a35ca4 Do not use output buffer for internal XOR during decryption.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:58:39 +02:00
Mateusz Starzyk
36d3b89c84 Verify input data lengths.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
2d5652acee Move ccm error state handling.
Remove error clearing from ccm_starts() and ccm_set_lengths().
Add error check in ccm_update_ad(), ccm_update() and ccm_finish().

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
5d97601e81 Remove ccm input validation.
VALIDATE and VALIDATE_RET macros are obsolete.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
ca9dc8d1d7 Rename ccm_calculate_first_block function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
c52220d775 Clear temporary buffer after block crypt operation.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
a9cbdfbb34 Replace ccm status flags with bitshifts.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
663055f784 Remove UPDATE_CBC macro and working b buffer.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
20bac2fbe4 Fix chunked ccm update.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
05e92d67bb Fix crypt mode configuration. Validate parameters in chunked input functions.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
6a15bcf61b Add support for chunked plaintext/cyphertext input.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
2ad7d8e1ff Replace CCM_CRYPT macro with a more versatile static function.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
33392450b7 Add chunked auth data support
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
eb2ca96d69 Store set lenghts in ccm context.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
88c4d624f8 Clear context state if previous operation failed.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
793692cbcb Split ccm_auth function.
Move logic to ccm_starts, ccm_set_lengths, ccm_update_ad,
ccm_update and ccm_finish
Use separate variable to track context state.
Encode first block only if both mbedtls_ccm_starts() and
mbedtls_ccm_set_lengths() were called.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Mateusz Starzyk
89d469cdb4 Move working variables to ccm context structure
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-08-10 13:56:37 +02:00
Hanno Becker
3aa186f946 Add transforms to be used for TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 09:24:19 +01:00
Jerry Yu
b9930e7d70 Add dummy tls1.3 handshake dispatch functions
Base on version config, `handshack_{clinet,server}_step`
will call different step function. TLS1.3 features will
be gradully added base on it.

And a new test cases is added to make sure it reports
`feature is not available`.

Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
3cc4c2a506 Add dummy ssl_tls13_{client,server}.c
Change-Id: Ic1cd1d55b097f5a31c9f48e9d55733d75ab49982
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Jerry Yu
60835a88c3 Add config check utils functions
Check configuration parameter in structure setup
function to make sure the config data is available
and valid.

Current implementation checks the version config.
Available version configs are
- tls1_3 only
- tls1_2 only

issues: #4844

Change-Id: Ia762bd3d817440ae130b45f19b80a2868afae924
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-10 13:34:32 +08:00
Hanno Becker
41934dd20a Share preparatory code between client and server handshake steps
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 19:13:43 +01:00
Hanno Becker
f3cce8b0e1 Add handshake message writing variant that doesn't update checksum
The helper `mbedtls_ssl_write_handshake_msg` writes a handshake message
and updates the handshake transcript.

With TLS 1.3, we need finer control over the checksum: updating
at message granularity is not sufficient. To allow for manual maintenance
of the checksum in those cases, refine `mbedtls_ssl_write_handshake_msg()`
into `mbedtls_ssl_write_handshake_msg_ext()` which takes a parameter
determining whether the checksum should be updated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 14:29:49 +01:00
Hanno Becker
b0302c4c7b Move messaging related session reset into separate helper function
- Improves readability
- Will be useful when we introduce MPS as an alternative msg layer.
- Will be useful when we need to reset the messaging layer upon
  receipt of a HelloRetryRequest in TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-03 09:41:34 +01:00
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version
Store TLS version in SSL session structure
2021-08-02 12:45:55 +02:00
Hanno Becker
fa0d61e559 Fix typo
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 08:56:14 +01:00
Hanno Becker
dfba065d80 Adjust ssl_tls13_keys.c to consolidated CID/1.3 padding granularity
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
c0da10dc3a Remove TLS 1.3 specific code from TLS <= 1.2 transform generator
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
f62a730e80 Add missing semicolon in TLS 1.3 transform generation code
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00
Hanno Becker
edd5bf0a95 Fix and document minimum length of record ciphertext in TLS 1.3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-02 04:54:03 +01:00