Commit graph

5701 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Valerio Setti
9b5e1da8f8 fixing a typo in comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:29:35 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Przemek Stekiel
cf6ff0fb43 Move common functions for crt/csr parsing to x509.c
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
21c37288e5 Adapt function names
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
cbaf3167dd mbedtls_x509_csr_info: Add parsing code for v3 csr extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Jens Alfke
2d9e359275 Parsing v3 extensions from a CSR
A parsed CSR struct (`mbedtls_x509_csr`) now includes some of the
X.509v3 extensions included in the CSR -- the key usage, Netscape
cert-type, and Subject Alternative Names.

Author: Jens Alfke <jens@couchbase.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:56:55 +01:00
Dave Rodgman
fa96026a0e Move definition of asm out of public header
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
cb0f2c4491 Tidy-up - move asm #define into build_info.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
ecaa7ca507 Add missing supported algorithm to psa/crypto_config.h
The following shell command lists features that seem to be supported, but
are missing from include/psa/crypto_config.h:
```
for x in $(grep -ho -Ew '(PSA_WANT|MBEDTLS_PSA_BUILTIN)_\w+_\w+' library/psa_crypto*.c | sed 's/^MBEDTLS_PSA_BUILTIN/PSA_WANT/' | sort -u); do grep -qw $x include/psa/crypto_config.h || echo $x; done
```
This looks for PSA_WANT_<kind>_<thing> macros that gate a part of the
library, as well as their MBEDTLS_PSA_BUILTIN_<kind>_<thing> counterparts.
This is not necessarily a complete list of identifiers that must appear
in the config file, since a few features are not gated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Pengyu Lv
acecf9c95b make ticket_flags param types consistent
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 11:23:24 +08:00
Pengyu Lv
ee455c01ce move ticket_flags debug helpers
The debug helpers printing ticket_flags status are
moved to ssl_tls.c and ssl_debug_helpers.h.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:01 +08:00
Pengyu Lv
189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:00 +08:00
Pengyu Lv
a1aa31b8b1 fix review comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
5b8dcd2097 Add debug helper to print ticket_flags status
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Valerio Setti
746def5ade x509: renaming of buffer variables in new serial setting function
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb x509: remove direct dependency from BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
b4ffe781ed
Merge pull request #6878 from gilles-peskine-arm/code-style-casts-psa-headers
Don't restyle some PSA macros
2023-01-10 22:09:13 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
Valerio Setti
8e45cdd440 fix wrong dependency for X509_TRUSTED_CERTIFICATE_CALLBACK
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 09:33:38 +01:00
Valerio Setti
8841d6b2f6 add missing dependency documentation for SSL_ASYNC_PRIVATE
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-05 08:40:24 +01:00
Gilles Peskine
a651607b37 Skip restyling of PSA macros also defined in psa-arch-tests
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

Two macros are also defined in headers in the PSA Compliance test suite, so
the test suite would fail to build if we changed the definitions. Preserve
those definitions. Technically this is a bug in the test suite, since having
extra spaces (or even a completely different constant expression with the
same value) would still be compliant. Bug reported as
https://github.com/ARM-software/psa-arch-tests/issues/337

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:55:35 +01:00
Gilles Peskine
45873ceba3 Skip restyling of PSA error code definitions
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.

For PSA error code definitions, the specific expansion is mandated by the
PSA Status code specification and the PSA Crypto API specification. In
particular, there must not be a space between (psa_status_t) and the
numerical value (whereas K&R would put a space).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-04 19:50:27 +01:00
Valerio Setti
a4bb0fabea check_config: add missing dependencies for the build without BIGNUM
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
e269750f0d sha: fix description for starts functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-23 14:29:54 +01:00
Valerio Setti
d55cb5b3f0 sha: decline MD defines for various SHA
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:26:55 +01:00
Valerio Setti
d10e0a6341 sha: fix minor issues/typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:25:26 +01:00
Manuel Pégourié-Gonnard
a6e0291c51 Update documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-21 09:59:33 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3
Merge back 3.3.0 3
2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
a3f99591f6 sha: make SHA-224 independent from SHA-256
Using proper configuration options (i.e. MBEDTLS_SHA224_C and
MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:56:54 +01:00
Valerio Setti
43363f5962 sha: make SHA-384 independent from SHA-512
Using proper configuration options (i.e. MBEDTLS_SHA384_C and
MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512
independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
b2812cc274 Clarify documentation of ECP_RESTARTABLE
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
ad45c4d386 Document that ECP_RESTARTABLE depends on ECP_C
This is not new, it had always been the case, just not documented.

Pointed out by depends.py pkalgs (again, now that restartable is part of
full).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
578664601e Fix missing dependency declaration in test
muladd() (restartable or not) is only available when at least one short
weirstrass curve is enabled.

Found by depends.py curves (now that restartable is part of full).

Also, document that restartable only work for short weierstrass curves
(actually unrelated, but this made me think of that).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
55a188b420 Clarify the "restart vs use PSA" situation in TLS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Jerry Yu
2e19981e17 tls13: guards transform negotiate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Dave Rodgman
48223bc19e Bump version to 3.3.0. No changes to .so versions.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-08 14:43:19 +00:00
Valerio Setti
c689ed8633 tls: pake: minor adjustments
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 14:40:38 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
David Horstmann
1b84781184 Disable code style correction in check_config.h
Code style correction currently messes up check_names.py

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 16:09:17 +00:00
Dave Rodgman
92011eef34
Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212
Fix typos prior to release
2022-12-06 15:00:34 +00:00
Manuel Pégourié-Gonnard
ad27b8074f Declare ECP_RESTARTABLE and USE_PSA compatible
This is only the beginning:
- some test failures in test_suite_pk, test_suite_x509 and ssl-opt.sh
will be fixed in the next few commits;
- then the interactions between those options will be documented and
tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 11:05:28 +01:00
Manuel Pégourié-Gonnard
2b7ad6472b Document all effects of MBEDTLS_ECP_RESTARTABLE
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.

Fix that.

While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.

We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.

Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 10:54:35 +01:00
Jerry Yu
12c46bd14f fix various issues
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:02:51 +08:00
Dave Rodgman
dbcbf44d65
Update include/mbedtls/mbedtls_config.h
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-05 11:15:10 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Dave Rodgman
235d1d8519 Improve wording
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:45:02 +00:00
Dave Rodgman
6ebaf7a1f8 Whitespace fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:33:58 +00:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-01 18:32:23 +00:00
Valerio Setti
e98db0b866 tls: pake: fix description for mbedtls_ssl_set_hs_ecjpake_password_opaque
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:52:57 +01:00
Jerry Yu
cc4e007ff6 Add max_early_data_size to mbedtls_ssl_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
16f6853b05 Add max_early_data_size config option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Valerio Setti
a9a97dca63 psa_pake: add support for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-28 18:26:16 +01:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0
Fix NULL+0 undefined behavior in PSA crypto ECB
2022-11-25 17:07:46 +00:00
Bence Szépkúti
6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7
PKCS7 Parser - RFC 2315
2022-11-25 15:55:46 +01:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-25 13:26:44 +01:00
Hannes Tschofenig
6b6b63f039 Added closing SECTION of doxygen markup
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:19:05 +01:00
Hannes Tschofenig
b2e6615625 Added deprecated warning in check_config.h
Warns about the removal of the legacy DTLS Connection ID feature in a future version of Mbed TLS.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:18:57 +01:00
Hannes Tschofenig
e2c46e0413 Reference to RFC 9146 added
Added deprecated keyword to MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:18:51 +01:00
Hannes Tschofenig
88e5566a9b Changed order of conditions in check_config.h
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:18:38 +01:00
Manuel Pégourié-Gonnard
91f88db019
Merge pull request #6639 from mpg/doc-driver-only-limitation
Document another limitation of driver-only hashes
2022-11-25 09:44:35 +01:00
Bence Szépkúti
ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Pengyu Lv
3bb0e43b41 fix review comment
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-24 17:30:29 +08:00
Manuel Pégourié-Gonnard
fecc6b2fe4 Minor tune-up to ChangeLog & documentation
- fix a recurring typo
- use clearer names

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-24 09:40:12 +01:00
Gilles Peskine
6157fee306 Unify defintions of inline for MSVC (and old armcc?)
Having multiple definitions was cumbersome, and meant we might forget the
definition when adding an inline definition to a file that didn't have one
before (as I did when I added an inline definition in common.h).

Resolves #6649.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 16:15:21 +01:00
Ronald Cron
4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-23 14:29:37 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
2022-11-23 12:12:02 +01:00
Ronald Cron
d8603a7b44
Merge pull request #6638 from ronald-cron-arm/tls13-misc
TLS 1.3: Adjustments for the coming release
2022-11-23 09:07:36 +01:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Gilles Peskine
4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix
Make a copy of the password key in operation object while setting j-pake password
2022-11-22 14:52:12 +01:00
Ronald Cron
da13072c5b tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental
We are considering using a callback instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 13:21:13 +01:00
Manuel Pégourié-Gonnard
18a3856a03 Document another limitation of driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-22 11:59:55 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 09:01:46 +01:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
0b61217c36 set new_session_ticket_* to handshake_over
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Valerio Setti
aca21b717c tls: psa_pake: enforce not empty passwords
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:20:50 +01:00
Przemek Stekiel
152ae07682 Change password ec j-pake operation fields to more suitable
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 13:24:36 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Xiaokang Qian
51c5a8b561 Update ticket flag macros
Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION
to the key exchange mode EXCHANGE_MODE_PSK and
EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check.
Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define
ALLOW_EARLY_DATA to 8( 1u<<3 ).

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:32:51 +00:00
Gilles Peskine
6110a16555 Document mbedtls_mpi_uint and mbedtls_mpi_sint
Since they're part of the public API (even if only through a few functions),
they should be documented.

I deliberately skipped documenting how to configure the size of the type.
Right now, MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 have no Doxygen
documentation, so it's ambiguous whether they're part of the public API.
Resolving this ambiguity is out of scope of my current work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 22:56:17 +01:00
Przemek Stekiel
348410f709 Make a copy of the key in operation while setting pake password
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 22:22:07 +01:00
Gilles Peskine
128895775d Document invariants of MPI objects
Note that s must be +1 for zero.

Note that p may be NULL for zero, when n is 0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:33:21 +01:00
Xiaokang Qian
2cd5ce0c6b Fix various issues cause rebase to latest code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Xiaokang Qian
72b9b17e11 Add comments to fix mini format issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:51:27 +00:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Xiaokang Qian
402bb1ee90 Update documents and check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
de95604f6c Update ticket_flags related macros
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
fe3483f9a1 Update early data doument and config dependencies
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
ae07cd995a Change ticket_flag base on review
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
29ee43c0e1 Update document base on comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
097771672d Update early data document and prerequisites check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
f447e8a8d3 Address comments base on reviews
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:36 +00:00
Xiaokang Qian
ecc2948f21 Fix format issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
76332816c7 Define the EARLY_DATA_STATUS
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
338f727683 Move EARLY_DATA_OFF/ON guard to ssl_misc.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:03 +00:00
Xiaokang Qian
911c0cc4f0 Fix format issues in comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Dave Rodgman
50e5616553 Fix typo in check_config.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-10 10:07:35 +00:00
Dave Rodgman
f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Nick Child
89e82e1685 pkcs7: Add dependecy on MBEDTLS_MD_C
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-11-09 10:36:10 -06:00
Moritz Fischer
ab45425623 include: mbedtls: Add missing private_access header
This adds a missing private access header.

Signed-off-by: Moritz Fischer <moritzf@google.com>
2022-11-08 14:55:32 -08:00
Gilles Peskine
69ae1ee4fe
Merge pull request #6552 from gstrauss/bignum-aliasing
Add comments for some forbidden aliasing in bignum.h interfaces
2022-11-08 17:15:37 +01:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free
Shared code to free x509 structs like mbedtls_x509_named_data
2022-11-08 12:20:20 +01:00
Pengyu Lv
c1ecb25d8a fix PSA_XXX typos detected by check_names.py
Fix the PSA_XXX typos detected by check_names.py.
PSA_WANT is actually not typo, but would cause a false negative
result. So PSA_WANT is reworded to PSA_WANT_xxx.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-08 18:22:53 +08:00
Glenn Strauss
0750d08601 Add comments for some forbidden aliasing in bignum
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-08 02:47:21 -05:00
Glenn Strauss
82ba274c01 Deprecate mbedtls_asn1_free_named_data()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-07 15:42:44 -05:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Nick Child
3951a4f3ad pkcs7: Use better error codes
Remove an unnecessary debug print (whoops).
Use new error code for when the x509 is expired.
When there are no signers return invalid certificate.

Signed-off-by: Nick Child <nick.child@ibm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-31 09:38:42 -05:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Nick Child
bb82ab764f pkcs7: Respond to feeback on parsing logic
After recieving review on the pkcs7 parsing functions, attempt
to use better API's, increase consisitency and use better
documentation. The changes are in response to the following
comments:
 - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1]
 - make lack of support for authenticatedAttributes more clear [2]
 - increment pointer in pkcs7_get_content_info_type rather than after [3]
 - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4]

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103

Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-28 12:28:54 -05:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Dave Rodgman
cd7fe3ee14
Merge pull request #6487 from gilles-peskine-arm/legacy_or_psa-internal 2022-10-27 20:21:43 +01:00
Ronald Cron
77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory
Internal and Open CI merge job ran successfully. Good to go.
2022-10-27 10:40:56 +02:00
Gilles Peskine
3a9ebd69c3 Declare legacy_or_psa.h as private
We think we're likely to change these macros. So make them *only* for
internal use, not just "mostly".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-26 18:03:14 +02:00
Gilles Peskine
49540ac529 Move copyright notice out of the Doxygen documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-26 18:02:56 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Manuel Pégourié-Gonnard
3e0ea98b7c
Merge pull request #6451 from mpg/fix-can-exercise
Fix can_exercise() for RSA and hashes
2022-10-26 10:18:52 +02:00
Xiaokang Qian
72dbfef6e4 Improve coding styles
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-26 06:33:57 +00:00
Xiaokang Qian
4ef4c89af2 Fix CI failure in build_info.h
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-26 02:48:47 +00:00
Xiaokang Qian
65fc0de894 Improve the prerequisites for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 09:08:57 +00:00
Xiaokang Qian
d69d06fffa Improve format issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 06:51:25 +00:00
Xiaokang Qian
95a0730f17 Change prerequisites of MBEDTLS_SSL_EARLY_DATA and add related check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:48 +00:00
Xiaokang Qian
72de95dcf5 Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7 Remove useless early data related macros for the time being
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2 Add early data support preparatory work
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00