Commit graph

24299 commits

Author SHA1 Message Date
Gilles Peskine
30e9f2a293 Finish sentence in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:29:58 +01:00
Manuel Pégourié-Gonnard
0f60d09aa8 Add a test with all of ECC accelerated
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:23:17 +01:00
Manuel Pégourié-Gonnard
3831637e85 Handle dependency on ECP_C in ECC KDF
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:21:26 +01:00
Joakim Andersson
bb576febb2 psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
Fix psa_key_derivation_output_key not being able to derive ECC keys
without MBEDTLS_BUILTIN ECC key types enabled.
The PSA crypto drivers can generate these keys without requiring the
builtin key types.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-03-17 15:21:26 +01:00
David Horstmann
d50daedcca Add exemption for make.bat in checks for tabs
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-17 13:47:17 +00:00
Yanray Wang
69bc8403eb rsa_tests: use TEST_EQUAL instead of TEST_ASSERT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:33:08 +08:00
Yanray Wang
e05a21f084 rsa: add a test to check default padding mode and hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 20:09:20 +08:00
Yanray Wang
15d3df7aec rsa: add positive test cases for getter functions
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 19:49:04 +08:00
Dave Rodgman
8a7ed6951d Changelog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:58:11 +08:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
320f7eed3e
Merge pull request #1001 from paul-elliott-arm/development-restricted-test
Fix CI build after repository merge conflict
2023-03-17 10:13:47 +01:00
Manuel Pégourié-Gonnard
0d957d3a83
Merge pull request #7275 from valeriosetti/issue7255
Driver-only EC JPAKE: starter
2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard
6ea8d3414f Fix a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:50 +01:00
Manuel Pégourié-Gonnard
1b5ffc63cc Avoid double definition of MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard
ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa
Implement MD dispatch to PSA
2023-03-17 09:42:40 +01:00
Dave Rodgman
a6b9e11799
Merge pull request #994 from yanesca/threat_model_summary
Add Threat Model Summary
2023-03-16 21:58:10 +00:00
Gilles Peskine
28e4dc1e39 Fix use of arithmetic on void*
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 21:39:47 +01:00
Janos Follath
c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction
Extract Secp256r1 fast reduction from the prototype
2023-03-16 19:43:25 +00:00
David Horstmann
1305581114 Ignore mbedtls macros causing warnings
Sphinx's breathe plugin cannot readily parse the Mbed TLS macros, so
define the less essential ones away at the doxygen step to reduce the
number of warnings.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:58 +00:00
David Horstmann
633a081c7e Add configuration for Read The Docs
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:58 +00:00
David Horstmann
e84d61cb64 Add initial API doc configuration
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:58 +00:00
David Horstmann
4425383aaa Tell Doxygen to generate XML
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:01:57 +00:00
David Horstmann
d855b4680d Add space to appease doxygen bug
See doxygen/doxygen#8706

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-16 18:00:36 +00:00
Dave Rodgman
4a060ffa59
Merge pull request #7303 from daverodgman/msan_bzero_testcase
Add tests that cover msan explicit_bzero issue
2023-03-16 17:55:19 +00:00
Paul Elliott
646ee7ec2e Fix CI build after repo merge conflict
After merging the driver only ECDSA work, a conflict arose between that and
the previous work re-ordering the ciphersuite preference list. We can remove
the breaking requirement on this test, as this requirement is now auto-detected
when the server5 crt is used in the server's command line.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-16 17:10:34 +00:00
Gilles Peskine
74b4223c81 Announce the expanded AESNI support
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:50:15 +01:00
Gilles Peskine
0bfccfa537 Document the new state of AESNI support
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:49:44 +01:00
Gilles Peskine
9c682e724a AESNI: Overhaul implementation selection
Have clearly separated code to:
* determine whether the assembly-based implementation is available;
* determine whether the intrinsics-based implementation is available;
* select one of the available implementations if any.

Now MBEDTLS_AESNI_HAVE_CODE can be the single interface for aes.c and
aesni.c to determine which AESNI is built.

Change the implementation selection: now, if both implementations are
available, always prefer assembly. Before, the intrinsics were used if
available. This preference is to minimize disruption, and will likely
be revised in a later minor release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:21:33 +01:00
Gilles Peskine
0de8f853f0 Clean up AES context alignment code
Use a single auxiliary function to determine rk_offset, covering both
setkey_enc and setkey_dec, covering both AESNI and PADLOCK. For AESNI, only
build this when using the intrinsics-based implementation, since the
assembly implementation supports unaligned access.

Simplify "do we need to realign?" to "is the desired offset now equal to
the current offset?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:14:59 +01:00
Gilles Peskine
dd6021caf1 Remove the dependency of MBEDTLS_AESNI_C on MBEDTLS_HAVE_ASM
AESNI can now be implemented with intrinsics.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 16:51:40 +01:00
Valerio Setti
943f8ddf81 test: remove leftovers from debug sessions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 16:47:17 +01:00
Janos Follath
04fa1a4054 Threat Model: fix copy paste
Signed-off-by: Janos Follath <janos.follath@arm.com>
2023-03-16 15:04:21 +00:00
Dave Rodgman
3ac99fdf07
Merge pull request #7301 from gilles-peskine-arm/msan-explicit_bzero
Fix Msan failure with explicit_bzero
2023-03-16 14:55:18 +00:00
Gilles Peskine
0f454e4642 Use consistent guards for padlock code
The padlock feature is enabled if
```
defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
```
with the second macro coming from `padlock.h`. The availability of the
macro `MBEDTLS_PADLOCK_ALIGN16` is coincidentally equivalent to
`MBEDTLS_HAVE_X86` but this is not meaningful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:58:46 +01:00
Gilles Peskine
844f65dc65 Explicitly test AES contexts with different alignments
Don't leave it up to chance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:54:48 +01:00
Dave Rodgman
0a3c72df02 Add explanatory comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 13:43:32 +00:00
Gilles Peskine
5fcdf49f0e Move copy-context testing to an auxiliary function
This is in preparation for running it multiple times with different
alignments.

This commit also fixes the fact that we weren't calling mbedtls_aes_free()
on the context (we still aren't if the test fails). It's not an issue except
possibly in some ALT implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:42:39 +01:00
Gilles Peskine
f99ec202d7 AES context copy test: have one for each key size
Don't use all-bytes zero as a string, it's harder to debug.

This commit uses the test vectors from FIPS 197 appendix C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:27:40 +01:00
Gilles Peskine
d50cfddfd7 AES context copy test: clean up
Don't use hexcmp to compare binary data. Improve readability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:25:58 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Dave Rodgman
5d2024333b Fix missing line ending
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 12:14:51 +00:00
Gilles Peskine
148cad134a Fix unaligned access if the context is moved during operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:42 +01:00
Gilles Peskine
d0185f78c0 Fix typo in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:18 +01:00
Gilles Peskine
0cd9ab7107 Fix code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:06:14 +01:00
Dave Rodgman
ecd649205d Add tests that cover msan explicit_bzero issue
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-16 12:02:15 +00:00
Gilles Peskine
a8d2ff3fdf Fix Msan failure with explicit_bzero
On some platforms, including modern Linux, Clang with Msan does not
recognize that explicit_bzero() writes well-defined content to its output
buffer. For us, this causes CMAC operations to fail in Msan builds when
mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 10:53:46 +01:00