Dave Rodgman
6921959b83
Remove unused variable
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-24 09:27:15 +00:00
Ronald Cron
4cf77e99ab
Merge pull request #6621 from ronald-cron-arm/tls13-early-data-write
...
TLS 1.3: Add definition of mbedtls_ssl_{write,read}_early_data
2022-11-24 09:58:07 +01:00
Dave Rodgman
358c7d6eb0
Fix naming inconsistency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 20:29:03 +00:00
Dave Rodgman
dd3103e9e7
Tidy up UNALIGNED_UINT32_T macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 19:42:13 +00:00
Dave Rodgman
e7cd137606
Define UNALIGNED_UINT32_PTR for unaligned access
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 19:14:26 +00:00
Dave Rodgman
a6778013b4
Tidy up UBSan detection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 17:17:30 +00:00
Dave Rodgman
468df317bf
Fix MSVC support for inline keyword
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 16:56:35 +00:00
Dave Rodgman
1bab27f983
Prevent unaligned access under ASan builds
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 16:51:59 +00:00
Dave Rodgman
3c8eb7e990
Provide external definition of mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 14:50:03 +00:00
Dave Rodgman
63d114305f
Whitespace cleanup
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 14:03:30 +00:00
Dave Rodgman
f9a1c37bc8
Whitespace cleanup
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 14:02:00 +00:00
Gabor Mezei
02d2313829
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:14 +01:00
Gabor Mezei
3411e949cd
Cas variable to proper type
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:13 +01:00
Gabor Mezei
4c7cf7d742
Add low level subtraction with modulus
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-11-23 14:44:07 +01:00
Janos Follath
531a871b88
Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int
...
Bignum: extract core_sub_int from the prototype
2022-11-23 13:32:02 +00:00
Ronald Cron
4a8c9e2cff
tls13: Add definition of mbedtls_ssl_{write,read}_early_data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-23 14:29:37 +01:00
Gilles Peskine
42649d9270
Fix NULL+0 undefined behavior in ECB encryption and decryption
...
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Ronald Cron
1d1d53622f
Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee
...
The internal CI merge job ran successfully.
2022-11-23 12:31:25 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over
...
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
2022-11-23 12:12:02 +01:00
Manuel Pégourié-Gonnard
660b396e41
Merge pull request #975 from yanesca/issue-946
...
Fix RSA side channel
2022-11-23 10:30:35 +01:00
Xiaokang Qian
b157e915ad
Move the early data status set afeter all of the extensions parse
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-23 08:12:26 +00:00
Xiaokang Qian
e861ba01d4
Remove the duplicate early_data_status check
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-23 03:21:02 +00:00
Xiaokang Qian
ca09afc60a
Remove useless function and parse early data in ee
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-23 02:16:49 +00:00
Moritz Fischer
a6a94ad599
lms: Move merkle tree generation to heap allocation
...
Larger height (e.g. H=20) trees cannot be put on the stack.
Allocate memory for them based on need using mbedtls_calloc().
Signed-off-by: Moritz Fischer <moritzf@google.com>
2022-11-22 15:49:56 -08:00
Janos Follath
3321b5842c
mpi_exp_mod: improve documentation
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
7d89d351e6
Zeroize sensitive data
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
0b270a5603
Explain a little more
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
4380d7b7f3
Simplify cleanup logic
...
Take advantage of the fact that there's a single point of failure.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
3b63d09fea
Make the main loop's logic clearer
...
The loop ends when there are no more bits to process, with one twist: when
that happens, we need to clear the window one last time. Since the window
does not start empty (E_limbs==0 is not supported), the loop always starts
with a non-empty window and some bits to process. So it's correct to move
the window clearing logic to the end of the loop. This lets us exit the loop
when the end of the exponent is reached.
It would be clearer not to do the final window clearing inside the loop, so
we wouldn't need to repeat the loop termination condition (end of exponent
reached) inside the loop. However, this requires duplicating the code to
clear the window. Empirically, this causes a significant code size increase,
even if the window clearing code is placed into a function.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
c718a3ce94
Simplify exponent bit selection
...
Use indices instead of mutating data to extract the bits of the exponent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
d83b5cb504
Local readability improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
0de0a049f1
Move window precomputation into an auxiliary function
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
cf979b0fc1
Define variables closer to their use
...
Make variables const where possible.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
7af166b827
Change E closer to where it's used
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:54 +00:00
Gilles Peskine
07f2c69511
More consistent variable names
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
0ec6e3f394
mpi_core_mod_exp: improve style and documentation
...
No intended change in behaviour.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
a77911e5c1
core_exp_mod: improve window selection
...
We are looking at the exponent at limb granularity and therefore
exponent bits can't go below 32.
The `mpi_` prefix is also removed as it is better not to have prefix at
all than to have just a partial. (Full prefix would be overly long and
would hurt readability.)
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
59cbd1be27
Make mbedtls_mpi_core_ct_uint_table_lookup static
...
Now that we have a function that calls
mbedtls_mpi_core_ct_uint_table_lookup(), the compiler won't complain if
we make it static.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
bad42c4d0d
mpi_core_exp_mod: fix local variable type
...
On platforms with size_t different from int, mismatch between size_t and
mpi_uint can cause incorrect results or complaints from the compiler.
Signed-off-by: Janos Follath <janos.follath@arm.com>
mpi_core_exp_mod: Cast local variable explicitly
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Janos Follath
b6673f0f19
Add modular exponentiation to bignum core
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 21:22:53 +00:00
Dave Rodgman
fdd967ebdc
Detect support for unaligned memory access
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 18:55:17 +00:00
Aditya Deshpande
5e3c70e3be
Merge branch 'development' into driver-wrapper-key-agreement
2022-11-22 17:58:52 +00:00
Aditya Deshpande
8cc1470c18
Merge branch 'development' into driver-wrapper-key-agreement
2022-11-22 17:55:53 +00:00
Valerio Setti
6d4e75f0c6
psa_crypto_pake: initialize psa_status_t stack variables
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 18:52:17 +01:00
Valerio Setti
fdb77cdae3
psa_crypto_pake: internally call to psa_pake_abort() in case of errors
...
In this way, in case of error, it is not possible to continue using
the same psa_pake_operation_t without reinitializing it.
This should make the PSA pake's behavior closer to what expected by
the specification
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 18:41:01 +01:00
Dave Rodgman
c36a56e890
Use mbedtls_xor in TLS messaging layer
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
74b345f282
Use mbedtls_xor in PKCS #5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
99a507ee55
Use mbedtls_xor in md
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
d22fb73e3e
Use mbedtls_xor in GCM
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
2e9db8e9bf
Use mbedtls_xor in DES
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
ffb5499988
Use mbedtls_xor in CTR_DRBG
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
8c0ff81ce7
Use mbedtls_xor in CMAC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
c1d9022bab
Use mbedtls_xor in ChaCha20
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
0d3b55bca8
Use mbedtls_xor in ccm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
d23399eb69
Use mbedtls_xor in Camellia
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
7bb6b84b29
Use mbedtls_xor in ARIA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
a8cf607458
Use mbedtls_xor in AES
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Janos Follath
3165f063b5
mpi_exp_mod: use x_index consistently
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
c8d66d50d0
mpi_exp_mod: reduce the table size by one
...
The first half of the table is not used, let's reuse index 0 for the
result instead of appending it in the end.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
060009518b
mpi_exp_mod: fix out of bounds access
...
The table size was set before the configured window size bound was
applied which lead to out of bounds access when the configured window
size bound is less.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
9c09326572
mpi_mod_exp: be pedantic about right shift
...
The window size starts giving diminishing returns around 6 on most
platforms and highly unlikely to be more than 31 in practical use cases.
Still, compilers and static analysers might complain about this and
better to be pedantic.
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:11 +00:00
Janos Follath
be54ca77e2
mpi_exp_mod: improve documentation
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
74601209fa
mpi_exp_mod: remove the 'one' variable
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b2c2fca974
mpi_exp_mod: simplify freeing loop
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
3646ff02ad
mpi_exp_mod: move X next to the precomputed values
...
With small exponents (for example, when doing RSA-1024 with CRT, each
prime is 512 bits and we'll use wsize = 5 which may be smaller that the
maximum - or even worse when doing public RSA operations which typically
have a 16-bit exponent so we'll use wsize = 1) the usage of W will have
pre-computed values, then empty space, then the accumulator at the very
end.
Move X next to the precomputed values to make accesses more efficient
and intuitive.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
7fa11b88f3
mpi_exp_mod: rename local variables
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
844614814e
mpi_exp_mod: remove memory ownership confusion
...
Elements of W didn't all have the same owner: all were owned by this
function, except W[x_index]. It is more robust if we make a proper copy
of X.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
f08b40eaab
mpi_exp_mod: improve documentation
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
b764ee1603
mpi_exp_mod: protect out of window zeroes
...
Out of window zeroes were doing squaring on the output variable
directly. This leaks the position of windows and the out of window
zeroes.
Loading the output variable from the table in constant time removes this
leakage.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Janos Follath
8e7d6a0386
mpi_exp_mod: load the output variable to the table
...
This is done in preparation for constant time loading that will be added
in a later commit.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-22 15:04:10 +00:00
Valerio Setti
99d88c1ab4
tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 16:03:43 +01:00
Dave Rodgman
c3d8041fe7
Introduce mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 15:01:39 +00:00
Tom Cosgrove
452c99c173
Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 14:58:15 +00:00
Tom Cosgrove
f7ff4c9a11
Tidy up, remove MPI_CORE(), and apply the naming convention
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 14:58:15 +00:00
Hanno Becker
d9b2348d8f
Extract MPI_CORE(sub_int) from the prototype
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-22 14:58:15 +00:00
Bence Szépkúti
a17d038ee1
Merge branch 'development' into pr3431
2022-11-22 15:54:52 +01:00
Gilles Peskine
4f19d86e3f
Merge pull request #6608 from mprse/ecjpake_password_fix
...
Make a copy of the password key in operation object while setting j-pake password
2022-11-22 14:52:12 +01:00
Aditya Deshpande
2f7fd76d91
Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal().
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-22 11:10:34 +00:00
Valerio Setti
d4a9b1ab8d
tls: psa_pake: remove useless defines and fix a comment
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-22 11:11:10 +01:00
Xiaokang Qian
8bee89994d
Add parse function for early data in encrypted extentions
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-22 09:40:07 +00:00
Przemek Stekiel
0bdec19c93
Further optimizations of pake set_password implementation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-22 09:10:35 +01:00
Jerry Yu
fdd24b8c49
Revert change in flight transmit
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-22 14:08:03 +08:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
...
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Przemek Stekiel
ad0f357178
Optimize pake code that sets/use password key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 15:04:37 +01:00
Przemek Stekiel
e2d6b5f45b
psa_key_slot_get_slot_number: Move documentation to header file
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-21 15:03:52 +01:00
Valerio Setti
5151bdf46e
tls: psa_pake: add missing braces
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-21 14:30:02 +01:00
Valerio Setti
79f6b6bb1b
tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round()
...
It might happen that the psa_pake_output() function returns
elements which are not exactly 32 or 65 bytes as expected, but
1 bytes less.
As a consequence, insted of hardcoding the expected value for
the length in the output buffer, we write the correct one as
obtained from psa_pake_output()
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-21 14:17:03 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
...
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Jerry Yu
9b421456b0
Revert change in dtls1.2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
668070d5f4
Remove unnecessary replace
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
a8d3c5048f
Rename new session ticket name for TLS 1.3
...
NewSessionTicket is different with TLS 1.2.
It should not share same state.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
cfda4bbeac
Replace handshake over in flight transmit
...
Fix deadloop in DTLS resumption test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
1fb3299ad7
Replace internal usage of is_handshake_over.
...
NEW_SESSION_TICKETS* are processed in handshake_step.
Change the stop condition from `mbedtls_ssl_is_handshake_over`
to directly check.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
5ed73ff6de
Add NEW_SESSION_TICKET* into handshake over states
...
All state list after HANDSHAKE_OVER as is_handshakeover
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
6848a61922
Revert "Replace internal usage of mbedtls_ssl_is_handshake_over"
...
This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Jerry Yu
e219c11b4e
Replace internal usage of mbedtls_ssl_is_handshake_over
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Valerio Setti
61ea17d30a
tls: psa_pake: fix return values in parse functions
...
Ensure they all belong to the MBEDTLS_ERR_SSL_* group
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-18 12:11:00 +01:00
Valerio Setti
aca21b717c
tls: psa_pake: enforce not empty passwords
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:20:50 +01:00
Valerio Setti
819de86895
tls: removed extra white spaces and other minor fix
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 18:05:19 +01:00
Valerio Setti
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:36:19 +01:00
Valerio Setti
30ebe11f86
tls: psa_pake: add a check on read size on both rounds
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a988364767
tls: psa_pake: fix missing new round one parsing function on tls12 server
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:35:02 +01:00
Valerio Setti
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-17 16:34:59 +01:00
Andrzej Kurek
ec71b0937f
Introduce a test for single signature algorithm correctness
...
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Przemek Stekiel
369ae0afc3
Zeroize pake password buffer before free
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 14:14:31 +01:00
Przemek Stekiel
152ae07682
Change password ec j-pake operation fields to more suitable
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-17 13:24:36 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
...
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Przemyslaw Stekiel
1def5becc2
Add psa_get_and_lock_key_slot_with_policy to header file
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 16:28:04 +01:00
Valerio Setti
6f1b5741ae
tls12: psa_pake: simplify EC info parsing in server's 2nd round
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:13 +01:00
Valerio Setti
4a9caaa0c9
tls12: psa_pake: check elliptic curve's TLS ID on handshake
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:50:10 +01:00
Valerio Setti
fbbc1f3812
tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 14:49:52 +01:00
Valerio Setti
02c25b5f83
tls12: psa_pake: use common code for parsing/writing round one and round two data
...
Share a common parsing code for both server and client for parsing
round one and two.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-16 13:56:12 +01:00
Ronald Cron
e9f92c4fbc
tls: Fix in_cid buffer size in transform structure
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-16 10:23:05 +01:00
Xiaokang Qian
0cc4320e16
Add EARLY_DATA guard to the early data extension in session ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:43:50 +00:00
Gilles Peskine
ef7f4e47b1
Express abs(z) in a way that satisfies GCC and MSVC
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:25:27 +01:00
Gilles Peskine
af601f9751
Fix undefined behavior with the most negative mbedtls_mpi_sint
...
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:02:14 +01:00
Gilles Peskine
db14a9d180
Fix NULL+0 in addition 0 + 0
...
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:00:21 +01:00
Przemek Stekiel
348410f709
Make a copy of the key in operation while setting pake password
...
Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key.
This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 22:22:07 +01:00
Gilles Peskine
4a768dd17d
Fix negative zero created by (-A) + (+A) or (-A) - (-A)
...
In mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi(), and by extention
mbedtls_mpi_add_int() and mbedtls_mpi_sub_int(), when the resulting value
was zero, the sign bit of the result was incorrectly set to -1 when the
left-hand operand was negative. This is not a valid mbedtls_mpi
representation. Fix this: always set the sign to +1 when the result is 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:36:18 +01:00
Gilles Peskine
72ee1e3f3c
Unify mbedtls_mpi_add_mpi and mbedtls_mpi_sub_mpi
...
mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() have the same logic, just
with one bit to flip in the sign calculation. Move the shared logic to a new
auxiliary function. This slightly reduces the code size (if the compiler
doesn't inline) and reduces the maintenance burden.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:30:09 +01:00
Xiaokang Qian
2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Janos Follath
4d0ea7f4cc
Merge pull request #6550 from minosgalanakis/minos/6017_add_montgomery_conversion
...
Bignum: Add Montgomery conversion from/to cannonical form
2022-11-14 11:12:13 +00:00
Xiaokang Qian
fe3483f9a1
Update early data doument and config dependencies
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
ae07cd995a
Change ticket_flag base on review
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
2d87a9eeb5
Pend one alert in case wrong EXT_EARLY_DATA length
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
a042b8406d
Address some format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:19 +00:00
Xiaokang Qian
f447e8a8d3
Address comments base on reviews
...
Improve early data indication check
Update test case to gnutls server
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:36 +00:00
Xiaokang Qian
a341225fd0
Change function name ssl_tls13_early_data_has_valid_ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
01323a46c6
Add session ticket related check when send early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
ecc2948f21
Fix format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
76332816c7
Define the EARLY_DATA_STATUS
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
338f727683
Move EARLY_DATA_OFF/ON guard to ssl_misc.h
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:03 +00:00
Xiaokang Qian
b781a2323c
Move ssl_tls13_has_configured_ticket() back to tls13 client
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:51 +00:00
Xiaokang Qian
893ad81966
Remove useless early_secrets field
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:51 +00:00
Xiaokang Qian
911c0cc4f0
Fix format issues in comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Xiaokang Qian
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Paul Elliott
aeb8bf2ab0
Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser
...
TLS 1.3: Add extension check for message parsers
2022-11-11 19:00:46 +00:00
Minos Galanakis
d9299c388e
bignum_mod_raw: Refactored Montgomery conversion functions
...
This patch updates the `mbedtls_mpi_mod_raw_conv_xx()` methods
as follows:
* Renamed for simplicity: conv_fwd -> from_mont_rep, conv_inv -> to_mont_rep.
* Uncoupled the dependency on the legaly bignum interface.
* `mbedtls_mpi` is no longer used for temporary buffer allocation.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-11 10:54:58 +00:00
Hanno Becker
5ad4a93596
bignum_mod_raw: Added conversion methods for internal/public data representation
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-11 10:54:58 +00:00
Dave Rodgman
f58172fe43
Merge remote-tracking branch 'origin/development' into pr3431
2022-11-10 09:54:49 +00:00
Gilles Peskine
ed4b34aa7c
Merge pull request #6570 from gilles-peskine-arm/bignum-mbedtls_test_read_mpi_core-nonempty
...
Forbid empty mpi_core in test data
2022-11-09 19:02:24 +01:00
Jerry Yu
97be6a913e
fix various issues
...
- typo error
- replace `ssl->hanshake` with handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-09 22:43:31 +08:00
Gilles Peskine
95b5addcd6
Don't test mbedtls_mpi_core_lt_ct with 0 limbs
...
A core MPI must have at least 1 limb. We can no longer test with 0 limbs,
and we don't need to anyway, so don't try.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-09 11:18:38 +01:00
Gilles Peskine
d4bd38ba5d
Merge pull request #6544 from KloolK/development
...
Fix outdated reference in debug message
2022-11-08 17:12:20 +01:00
Gilles Peskine
4a480ac5a1
Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex
...
`x509_info_subject_alt_name`: Render HardwareModuleName as hex
2022-11-08 17:11:07 +01:00
Jerry Yu
7de2ff0310
Refactor extension list print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 23:51:39 +08:00
Jerry Yu
79aa721ade
Rename ext print function and macro
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 23:51:39 +08:00
Jerry Yu
b95dd3683b
Add missing mask set and tls13 unrecognized extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 23:51:38 +08:00
Aditya Deshpande
c4646c08cd
Merge branch 'development' into driver-wrapper-key-agreement
2022-11-08 14:25:20 +00:00
Jerry Yu
c437ee3bac
fix wrong return value
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 21:04:15 +08:00
Jerry Yu
ea52ed91cf
fix typo and spell issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 21:01:17 +08:00
Gilles Peskine
42d75f2daf
Merge pull request #6013 from gstrauss/asn1-type-free
...
Shared code to free x509 structs like mbedtls_x509_named_data
2022-11-08 12:20:20 +01:00
Dave Rodgman
ae2635df6f
Merge pull request #6306 from tom-cosgrove-arm/issue-6305-fix
...
Return an error from mbedtls_ssl_handshake_step() if neither client nor server
2022-11-08 10:54:17 +00:00
Pengyu Lv
c1ecb25d8a
fix PSA_XXX typos detected by check_names.py
...
Fix the PSA_XXX typos detected by check_names.py.
PSA_WANT is actually not typo, but would cause a false negative
result. So PSA_WANT is reworded to PSA_WANT_xxx.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-08 18:22:53 +08:00
Neil Armstrong
ca7d506556
Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-08 10:58:45 +01:00
Jerry Yu
e5991328ff
fix tls13 psk only test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 16:16:29 +08:00
Glenn Strauss
82ba274c01
Deprecate mbedtls_asn1_free_named_data()
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-11-07 15:42:44 -05:00
Aditya Deshpande
d1b72a7b83
Merge branch 'development' into driver-wrapper-key-agreement
2022-11-07 17:36:23 +00:00
Gilles Peskine
faefe62013
Merge pull request #6390 from mpg/fix-ecjpake-psa-format
...
Fix ecjpake PSA format
2022-11-07 17:35:44 +01:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
...
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Jan Bruckner
f869bfdfef
Fix outdated reference in debug message
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-11-07 15:28:49 +01:00
Aditya Deshpande
5567c660cd
Fix formatting and code comments
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-07 10:43:29 +00:00
Aditya Deshpande
3f1606a1f6
Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA.
...
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-07 09:22:52 +00:00
Jerry Yu
50e00e3ac6
Refactor server hello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:22 +08:00
Jerry Yu
edab637b51
Refactor new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:22 +08:00
Jerry Yu
0d5cfb7703
Refactor Certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:22 +08:00
Jerry Yu
6d0e78ba22
Refactor certificate request
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:22 +08:00
Jerry Yu
9eba750916
Refactor encrypted extensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:22 +08:00
Jerry Yu
63a459cde5
Refactor client_hello parser and writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:21 +08:00
Jerry Yu
4b8f2f7266
Refactor sent extension message output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:21 +08:00
Jerry Yu
d25cab0327
Refactor debug helpers for exts and hs message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:21 +08:00
Janos Follath
5933f691a2
Add merge slots to Bignum files
...
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.
Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:25 +00:00
Janos Follath
2a8bcf8c6f
Add bignum merge scaffolding
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:25:48 +00:00
Gilles Peskine
22cdd0ccd3
Update some internal comments
...
The refactoring of fill_random had left some obsolete bits in comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
009d195a56
Move mbedtls_mpi_core_fill_random to the proper .c file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 16:00:01 +01:00
Gilles Peskine
5980f2bd36
Implement mbedtls_mpi_core_fill_random
...
Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It
had basically the right code except for how X is passed to the function.
Write unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 15:59:36 +01:00
Gilles Peskine
909e03c52f
Bignum core: fill_random: prototype
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-02 15:59:16 +01:00
Janos Follath
f1ed5815ba
Merge pull request #6512 from yanesca/extract_uint_table_lookup_core
...
Implement mbedtls_mpi_core_ct_uint_table_lookup()
2022-11-02 13:58:19 +00:00
Jerry Yu
df0ad658a3
tls13: Add allowed extesions constants.
...
- And refactor check_received_extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-02 21:35:27 +08:00
Dave Rodgman
90c6836271
Merge pull request #6524 from daverodgman/fix-duplicate-header
...
Remove duplicate function prototype
2022-11-02 13:06:08 +00:00
Dave Rodgman
0877dc8f55
Improve documentation for psa_crypto_cipher.h
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-02 09:29:50 +00:00
Dave Rodgman
1630447eed
Move declaration of mbedtls_cipher_info_from_psa into psa_crypto_cipher.h
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-02 09:25:38 +00:00
Dave Rodgman
ba864848e7
Remove duplicate function prototype
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:41:09 +00:00
Dave Rodgman
29b9b2b699
Fix zeroization at NULL pointer
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-01 16:08:14 +00:00
Janos Follath
8904a2db29
mpi_core_ct_uint_table_lookup: style and docs
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 16:51:56 +00:00
Nick Child
3951a4f3ad
pkcs7: Use better error codes
...
Remove an unnecessary debug print (whoops).
Use new error code for when the x509 is expired.
When there are no signers return invalid certificate.
Signed-off-by: Nick Child <nick.child@ibm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-31 09:38:42 -05:00
Dave Rodgman
e8734d8a55
Apply suggestions from code review
...
Two spelling fixes (changelog & a comment)
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-31 14:30:24 +00:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
...
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Janos Follath
e50f2f1a8e
Add mbedtls_mpi_core_ct_uint_table_lookup
...
This will be needed for extracting modular exponentiation from the
prototype. The function signature is kept aligned to the prototype, but
the implementation is new. (The implementation of this function in the
prototype has further optimisations which are out of scope for now.)
The function is not reused in the bignum counterpart as it will become
redundant soon.
This function is meant to be static, but doesn't have the qualifier as
it is not used yet and would cause compiler warnings. The
MBEDTLS_STATIC_TESTABLE macro will be added in a later commit.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 11:32:55 +00:00
Janos Follath
2dc2757cca
Merge pull request #6457 from minosgalanakis/minos/6017_update_modulus_lifecycle
...
Bignum: Updated the modulus lifecyle
2022-10-31 11:28:37 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey
...
Improve ECDSA verify validation
2022-10-31 09:37:26 +00:00
Jerry Yu
7a485c1fdf
Add ext id and utilities
...
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
c4bf5d658e
fix various issues
...
- Signature of
- mbedtls_tls13_set_hs_sent_ext_mask
- check_received_extension and issues
- Also fix comment issue.
- improve readablity.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
03112ae022
change input extension_type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
0c354a211b
introduce sent/recv extensions field
...
And remove `extensions_present`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
ffa1582793
move get_extension mask
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
9872eb2d69
change return type for unexpected extension
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
43ff252688
Remove unnecessary checks.
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
d15992d3ce
fix wrong setting of unrecognized ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
6ba9f1c959
Add extension check for NewSessionTicket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
2c5363e58b
Add extension check for ServerHello and HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
2eaa76044b
Add extension check for Certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
c55a6af9eb
Add extensions check for CertificateRequest
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
cbd082f396
Add extension check for EncryptedExtensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
e18dc7eb9a
Add forbidden extensions check for ClientHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
471dee5a12
Add debug helpers to track extensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
def7ae4404
Add auth mode check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 17:57:06 +08:00
Nick Child
5f39767495
pkcs7: Fix imports
...
Respond to feedback about duplicate imports[1] and new import style [2].
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-28 12:38:41 -05:00
Nick Child
bb82ab764f
pkcs7: Respond to feeback on parsing logic
...
After recieving review on the pkcs7 parsing functions, attempt
to use better API's, increase consisitency and use better
documentation. The changes are in response to the following
comments:
- use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1]
- make lack of support for authenticatedAttributes more clear [2]
- increment pointer in pkcs7_get_content_info_type rather than after [3]
- rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4]
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-28 12:28:54 -05:00
Glenn Strauss
7db3124c00
Skip asn1 zeroize if freeing shallow pointers
...
This skips zeroizing additional pointers to data.
(Note: actual sensitive data should still be zeroized when freed.)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Glenn Strauss
a4b4041219
Shared code to free x509 structs
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-28 12:51:35 -04:00
Nick Child
73621ef0f0
pkcs7: Improve verify logic and rebuild test data
...
Various responses to feedback regarding the
pkcs7_verify_signed_data/hash functions. Mainly, merge these two
functions into one to reduce redudant logic [1]. As a result, an
identified bug about skipping over a signer is patched [2].
Additionally, add a conditional in the verify logic that checks if
the given x509 validity period is expired [3]. During testing of this
conditional, it turned out that all of the testing data was expired.
So, rebuild all of the pkcs7 testing data to refresh timestamps.
[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-10-28 11:24:25 -05:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc
...
TLS 1.3: Update documentation for the coming release and misc
2022-10-28 11:09:03 +02:00
Gilles Peskine
75c4eaf1f8
Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak
...
Fix a timing leak in ecp_mul_mxz()
2022-10-27 19:46:48 +02:00
Minos Galanakis
4d4c98b1b9
bignum_mod: mbedtls_mpi_mod_modulus_setup()
refactoring.
...
This patch addresses more review comments, and fixes
a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-27 17:47:26 +01:00
Minos Galanakis
771c47055f
bignum_mod: Style changes
...
This patch addresses review comments with regards to style of
`mbedtls_mpi_mod_modulus_setup/free()`.
It also removes a test check which was triggering a use-after-free.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-27 12:36:24 +01:00
Minos Galanakis
8b33363315
bignum_mod: Updated modulus lifecycle with mm and rr.
...
This patch updates the `mbedtls_mpi_mod_modulus_setup/free()`
methods to precalculate mm and rr(Montgomery const squared) during
setup and zeroize it during free.
A static `set_mont_const_square()` is added to manage the memory allocation
and parameter checking before invoking the
`mbedtls_mpi_core_get_mont_r2_unsafe()`
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-27 11:43:54 +01:00
Minos Galanakis
760f5d6b6b
bignum_mod: Updated mbedtls_mpi_mod_modulus_setup/free with new fields
...
At the current state, those fields are initialised to 0, NULL.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-27 11:43:54 +01:00
Hanno Becker
cd860dfe02
bignum_mod: Added Montgomery constants
...
This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-27 11:43:54 +01:00
Gilles Peskine
9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add
...
Bignum: extract core_add from the prototype
2022-10-27 11:25:27 +02:00
Ronald Cron
77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory
...
Internal and Open CI merge job ran successfully. Good to go.
2022-10-27 10:40:56 +02:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa
...
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
2022-10-26 20:02:57 +02:00
Gilles Peskine
d4d080b41b
Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared
...
Bignum: Added pre-calculation of Montgomery constants
2022-10-26 14:28:16 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup
...
The Open CI ran successfully thus I think we can ignore the internal CI.
2022-10-26 14:27:54 +02:00
Xiaokang Qian
72dbfef6e4
Improve coding styles
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-26 06:33:57 +00:00
Ronald Cron
eac00ad2a6
tls13: server: Note down client not being authenticated in SSL context
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 20:02:03 +02:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
Ronald Cron
a709a0f2c6
tls13: Declare PSK ephemeral key exchange mode first
...
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 19:05:26 +02:00
Tom Cosgrove
6469fdfb0a
Fix whitespace issue spotted in review
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Tom Cosgrove
82f131063a
Update documentation following review comment
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Tom Cosgrove
af7d44b4d2
Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Hanno Becker
c98871339d
Extract MPI_CORE(add) from the prototype
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Minos Galanakis
a081c51cd3
Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
51d638baf6
bignum_core: Style update
...
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.
Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
ae4fb671b4
mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
b85506e250
bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Minos Galanakis
4f43f61c6a
Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Hanno Becker
ec440f2397
bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:08:08 +01:00
David Horstmann
3a334c2edc
Minor improvements to ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:53:44 +01:00
David Horstmann
7aee0ec0ba
Minor improvements in ssl_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:38:25 +01:00
David Horstmann
6e11687ba5
Minor improvements to ecp.c changes
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:32:08 +01:00
David Horstmann
9b0eb90131
Rename ARIA_SELF_TEST_IF_FAIL
...
Change to ARIA_SELF_TEST_ASSERT
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:23:34 +01:00
David Horstmann
059848ff23
Minor changes to asn1write.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:16:45 +01:00
Gilles Peskine
e5a715e8c0
Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r
...
Bignum core: shift_r
2022-10-25 10:40:39 +02:00
Xiaokang Qian
72de95dcf5
Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7
Remove useless early data related macros for the time being
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2
Add early data support preparatory work
...
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Andrzej Kurek
409248a73a
mbedtls_ssl_get_handshake_transcript is unusable without hashes
...
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
57d1063db9
Fix tls_prf generic dependencies
...
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
468c50656e
Fix key exchange dependencies for ssl_parse_server_ecdh_params
...
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:55:18 -04:00
Ronald Cron
083da8eb53
tls13: client: Improve coding style
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
a2900bcd1e
tls13: keys: Simplify code guard
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f
tls13: Add missing kex guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
82be0d4b4d
tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
de08cf3543
tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Gilles Peskine
abc6fbb8d7
Fix brief description
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 18:36:31 +02:00
Ronald Cron
d29e13eb1b
tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
2a87e9bf83
tls: Align set and usage check for PSK
...
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
fa1e04a7c4
tls13: keys: Fix PSK build only case
...
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
9a6a49c7cb
tls13: keys: Fail if the group type is not ECDHE or DHE
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
b15d4d8966
tls13: keys: Fix error code
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
3b056202d3
tls13: keys: Do not use handshake->premaster
...
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.
Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.
Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
4c7edb2b9b
tls13: keys: Fix indentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
831fee68c3
tls13: keys: Avoid input buffer copy
...
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.
This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.
With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Manuel Pégourié-Gonnard
45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded
...
Unified tests/scripts/depends.py - reloaded
2022-10-21 10:17:58 +02:00
Gilles Peskine
c279b2fa4a
Move mbedtls_mpi_core_shift_r to the proper source file
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-20 11:40:15 +02:00
Gilles Peskine
6641420951
Bignum core: Break shift_r function out of the classic shift_r
...
This commit contains the function prototype for mbedtls_mpi_core_shift_r,
and the implementation minimally modified from mbedtls_mpi_shift_r.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-20 11:40:15 +02:00
Gilles Peskine
4281ae0bd2
Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions
...
Spell out bignum core conventions
2022-10-19 15:53:33 +02:00
Gilles Peskine
db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum
...
Bignum: Add safe conditional assign and swap for the new MPI types
2022-10-19 15:51:19 +02:00
Andrzej Kurek
9387b7b34e
Add a temporary solution to create a seedfile
...
This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
c610e7402e
Formatting & unnecessary (void) fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
ecb630925f
Fix constant name in ssl_tls13_keys
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
e5a5cc1944
Remove the dependency of tls1_3 key evolution tests on curve25519
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
eabeb30c65
Fix SHA512 vs SHA384 dependencies
...
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
c19fb08dd3
Add missing ECDH dependency in tls 1.3 client
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3
Add missing dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
46a987367c
Formatting fix
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
084334c8f2
Compile constant time masking and hmac if there are suites using MAC
...
This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
2d59dbc032
Use TLS prf only if TLS 1.2 is compiled in
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
894edde991
Add tls prf handling when there's no SHA256 or SHA384
...
Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
252283f2aa
Fix missing cipher mode dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
David Horstmann
078250eb56
Fix incorrect return style
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-18 18:11:13 +01:00
David Horstmann
178ec96c89
Remove unnecessary NULL assignments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-18 18:09:30 +01:00
David Horstmann
11307a1933
Clarify wording on allocation
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-17 18:10:23 +01:00
Aditya Deshpande
cfb441d5ee
Fix spacing and formatting
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-10-17 15:17:30 +01:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
...
Add LMS implementation
2022-10-14 18:33:01 +02:00
Aditya Deshpande
40c05cc8e4
Newlines at end of file + trim trailing whitespace
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-10-14 16:46:51 +01:00
Aditya Deshpande
17845b8f71
Add driver wrapper function for raw key agreement, along with test call for transparent drivers.
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-10-14 16:46:00 +01:00
Gilles Peskine
dcd1717f5f
Forbid aliasing outputs
...
Aliasing between two outputs is hardly ever useful.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 17:15:21 +02:00
Gabor Mezei
4086de667d
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-14 16:29:42 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
...
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Raef Coles
1951259a10
Update how lms.c imports platform.h
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 16:47:13 +01:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
...
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
Raef Coles
cbd02adc6e
Simplify LMS context freeing
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:32 +01:00
Raef Coles
45c4ff93c9
Fix windows requiring explicit cast in LMS calloc
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:14 +01:00
Raef Coles
142e577c34
Add extra zeroization to LMS and LMOTS
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:03 +01:00
Raef Coles
9fc303a99a
Add extra LMOTS import negative tests
...
And fix failures that are related to the new tests
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:01 +01:00
Raef Coles
4829459c90
Validate LMOTS sig length before parsing type
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:47 +01:00
Raef Coles
285d44b180
Capitalize "Merkle" in LMS and LMOTS code
...
As it is a proper noun
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:43 +01:00
Raef Coles
faf59babe8
Make LMS verification return VERIFY_FAILED more
...
To align with PSA error code rules on when VERIFY_FAILED is returned vs
INVALID_ARGUMENT
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:42 +01:00
Raef Coles
fbd60ec775
Change LMS and LMOTS init functions to use memset
...
Instead of zeroize
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:40 +01:00
Raef Coles
9b0daf60fb
Improve LMS private function warning
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:38 +01:00
Raef Coles
f6cb5a4826
Fix LMS return statements having incorrect style
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:35 +01:00
Raef Coles
75b4c7790e
Fix LMS internal function documentation
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:34 +01:00
Raef Coles
d48f7e90bb
Allocate LMS C_RANDOM_VALUE as hash size
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:32 +01:00
Raef Coles
1fb2f32ef5
Check LMS offsets are sane at runtime
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:31 +01:00
Raef Coles
e34e3c0e59
Remove unneeded cast in LMS calloc
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:30 +01:00
Raef Coles
370cc43630
Make LMS public key export part of public key api
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:28 +01:00
Raef Coles
e89488debf
Fix bug in LMS public key loading
...
To avoid using the type before it is parsed from the signature
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:27 +01:00
Raef Coles
3f6cdd7aab
Fix LMS not checking RNG function return value
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:24 +01:00
Raef Coles
02cf8234b4
Fix ots sig length check in LMS validate function
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:22 +01:00
Raef Coles
f36874a535
Fix error type of lms_import_public_key
...
Was returning an incorrect error when bad public key sizes were input
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:21 +01:00
Raef Coles
dc8fb79e09
Simplify LMS private key generation error handling
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:20 +01:00
Raef Coles
be3bdd8240
Rename LMS and LMOTS init/free functions
...
To match convention
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:18 +01:00
Raef Coles
29117d2e4e
Update LMS PSA error conversion
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:17 +01:00
Raef Coles
be0c2f9183
Update LMS local variable allocation
...
To use a default failure value, and to avoid a call to
psa_hash_operation_init()
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:15 +01:00
Raef Coles
2ac352a322
Make LMS functions args const where required
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:14 +01:00
Raef Coles
5127e859d7
Update LMS and LMOTS dependency macros
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:11 +01:00
Raef Coles
56fe20a473
Move MBEDTLS_PRIVATE required defines into lms.h
...
From lmots.h, as it is a private header
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:10 +01:00
Raef Coles
ab300f15e8
Move public header content from lmots.h to lms.h
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:08 +01:00
Raef Coles
0b7da1b787
Fix overflow in LMS context init
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:03 +01:00
Raef Coles
57d5328ad5
Remove MBEDTLS_LM(OT)S prefix from internal macros
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:00 +01:00
Raef Coles
ad05425ab7
Update naming of internal LMS functions
...
To comply with the mbedtls_ requirement
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:59 +01:00
Raef Coles
40158e11fc
Add LMOTS test hook to header
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:58 +01:00
Raef Coles
3982040232
Fix LMS zeroization using wrong sizeof type
...
Causing a buffer write out of bounds
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:55 +01:00
Raef Coles
98d6e22050
Remove doxygen markup from internal LMS functions
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:54 +01:00
Raef Coles
40f184c83e
Cast LMS allocation sizes to size_t
...
To prevent implict casting errors on 64-bit platforms
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:52 +01:00
Raef Coles
1310ecb389
Update LMOTS function documentation
...
To avoid CI failure
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:51 +01:00
Raef Coles
9c9027b1a4
Add extra LMS and LMOTS tests
...
NULL-message and LMOTS signature leak tests
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:50 +01:00
Raef Coles
fa24f9d6ea
Minor fixes to LMS and LMOTS macros
...
Update some names, use the correct macro in certain places.
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:48 +01:00
Raef Coles
0a967ccf9a
Document LMS and LMOTS internal functions
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:47 +01:00
Raef Coles
8738a49d0c
Fix iterator types in LMOTS
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:45 +01:00
Raef Coles
e0a17610d1
Fix LMS/LMOTS if-statement style
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:41 +01:00
Raef Coles
9b88ee5d5d
Fix LMS and LMOTS coding style violations
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:40 +01:00
Raef Coles
366d67d9af
Shorted LMS and LMOTS line-lengths
...
To attempt to comply with the 80-char suggestion
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:38 +01:00
Raef Coles
e9479a0264
Update LMS API to support multiple parameter sets
...
Parameterise macros to allow variation of sizes
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:36 +01:00
Raef Coles
ab4f87413a
Add MBEDTLS_LMS_PRIVATE define
...
To enable private key operations
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:35 +01:00
Raef Coles
ebd35b5b80
Rename LMS internal tree-manipulation functions
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:31 +01:00
Raef Coles
891c613f31
Update LMOTS signature use of temporary variables
...
Document them properly, and move random value to a temporary variable
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:29 +01:00
Raef Coles
0c88d4e447
Remove superfluous casts in LMS and LMOTS
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:28 +01:00
Raef Coles
f5632d3efc
Remove MBEDTLS_PRIVATE usage from LMS and LMOTS
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:27 +01:00
Raef Coles
01c71a17b3
Update LMS and LMOTS api
...
Fix function names and parameters. Move macros to be more private.
Update implementation.
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:25 +01:00
Raef Coles
c8f9604d7b
Use PSA hashing for LMS and LMOTS
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:23 +01:00
Raef Coles
7dce69a27a
Make LMOTS a private api
...
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:22 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
...
Also an LM-OTS implementation as one is required for LMS.
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Manuel Pégourié-Gonnard
02f82bbfa9
Fix MSVC warning
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-13 13:32:02 +02:00
Manuel Pégourié-Gonnard
f155ab9a91
Abort on errors when we should
...
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.
Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.
Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-13 13:20:31 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
...
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Xiaokang Qian
28af501cae
Fix the ticket_lifetime equal to 0 issue
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-13 08:18:19 +00:00
Xiaokang Qian
126bf8e4d7
Address some comments
...
Delete reference immediately after shallow copy
Fix format issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-13 02:57:15 +00:00
Xiaokang Qian
997669aeeb
Fix heap use-after-free corruption issue
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 14:30:27 +00:00
Xiaokang Qian
307a7303fd
Rebase and replace session_negotiate
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:14:32 +00:00
Xiaokang Qian
baa4764d77
Fix typo issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
8730644da1
Move ticket and hostname set code just after shallow-copy
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed3afcd6c3
Fix various typo and macro guards issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed0620cb13
Refine code base on comments
...
Move code to proper macro guards protection
Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2
Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
d7adc374d3
Refine the server name compare logic
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
a3b451f950
Adress kinds of comments base on review
...
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038
Address comments base on review
...
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461
Refine code based on commnets
...
Change code layout
Change hostname_len type to size_t
Fix various issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c
Remove public api mbedtls_ssl_reset_hostname()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
be98f96de2
Remove useless hostname check in server side
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
6af2a6da74
Fix session save-load overflow issue
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
ecd7528c7f
Address some comments
...
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8
Add server name check when proposeing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
...
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d
Remove unnecessary empty line and fix format issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Jerry Yu
22c18c1432
Add NULL check in prepare hello
...
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
Jerry Yu
c2bfaf00d9
fix wrong typo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
Jerry Yu
4f77ecf409
disable session resumption when ticket expired
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 22:10:08 +08:00
Jerry Yu
03aa174d7c
Improve test message and title
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:48:37 +08:00
Jerry Yu
6916e70521
fix various issues
...
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Jerry Yu
21092062f3
Restrict cipher suite validation to TLS1.3
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:21:31 +08:00
Gabor Mezei
d7edb1d225
Initialize variable
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:32:09 +02:00
Gabor Mezei
e9c013c222
Handle if parameters are alised
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:26:57 +02:00
Przemek Stekiel
88ade84735
psa_aead_setup: remove redundant tag length check
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-08 17:56:18 +02:00
Przemek Stekiel
6ab50762e0
psa_aead_setup: validate tag length before calling driver setup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-08 17:54:30 +02:00
Jerry Yu
a99cbfa2d3
fix various issues
...
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:47 +08:00
Jerry Yu
40afab61a8
Add ciphersuite check in set_session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8
Revert "move ciphersuite validation to set_session"
...
This reverts commit 19ae6f62c7
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
Jerry Yu
379b91a393
add ticket age check
...
Remove ticket if it is expired.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 10:21:15 +08:00
David Horstmann
91e20a0580
Refactor macro-spanning ifs in ecdh.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
fc735dffd6
Refactor macro-spanning ifs in ecp.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
8a7629fd0f
Refactor macro-spanning if in asn1write.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
2788f6b668
Refactor macro-spanning if in sha512.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
687262ca7d
Refactor macro-spanning if in sha256.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
21b89761f8
Refactor macro-spanning if in ssl_tls13_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
10be134d8e
Refactor macro-spanning if in ssl_msg.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
4a28563e84
Refactor macro-spanning ifs in ssl_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
e0af39a2ef
Refactor macro-spanning ifs in ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:36 +01:00
Przemek Stekiel
86679c7bd8
psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-07 08:24:19 +02:00
Jerry Yu
4a698341c9
Re-org selected_identity parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470
Re-org binders writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1
Re-organize identities writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2
fix various issues
...
- Re-order code and comments
- move comment above `write_identities`
- move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7
move ciphersuite validation to set_session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781
Add dummy ticket support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be
add selected_identity parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416
Add binders writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c
Add identites writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e
empty pre_shared_key functions
...
To easy review
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075
Add server only guards for psk callback
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
David Horstmann
b21bbef061
Refactor macro-spanning if in ssl_tls12_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 18:00:51 +01:00
David Horstmann
3b2276a439
Refactor macro-spanning ifs in ssl_tls.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 17:59:57 +01:00
Przemek Stekiel
8a05a646f4
Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 17:01:58 +02:00
Przemek Stekiel
ff1efc9a84
psa_aead_check_nonce_length: Fix unused variable warining
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 16:53:47 +02:00
David Horstmann
0763ccf04f
Refactor ARIA_SELF_TEST_IF_FAIL macro
...
Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly.
Currently it expands to the body of an if statement, which causes
problems for automatic brace-addition for if statements.
Convert the macro to a function-like macro that takes the condition as
an argument and expands to a full if statement inside a do {} while (0)
idiom.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 14:32:30 +01:00
Manuel Pégourié-Gonnard
0771d41584
Fix missing length check
...
There was a check against the remaining size of the buffer, which used
to be correct, but was broken two commits ago when we started not just
copying the input but also adding to it.
Replace it with a check that the input length is not greater that what's
expected for this step. This guarantees we won't overflow the internal
buffer.
While at it, add an explicit cast to uint8_t when writing the length to
the buffer, so silence an MSVC warning. This cast is safe because we
checked that the length is no larger than 65 or 32 (depending on the
step), so in any case is fits in one byte.
This was found because some lengths had not been adjusted in the test
suite, and instead of failing cleanly, library code performed buffer
overflows. I'll fix the tests in the next commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-06 09:30:34 +02:00
Manuel Pégourié-Gonnard
79617d99ae
Fix namespacing issue
...
This macro is specific to the Mbed TLS implementation and not part of
the public API, so it shouldn't used the PSA_ namespace.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard
ec7012dbc7
Fix I/O format of PSA EC J-PAKE for compliance
...
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.
Add some length testing as well; would have caught the issue.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:52:48 +02:00
David Horstmann
ed79483aca
Free structs in mbedtls_x509_get_name() on error
...
mbedtls_x509_get_name() allocates a linked list of mbedtls_x509_name
structs but does not free these when there is an error, leaving the
caller to free them itself. Change this to cleanup these objects within
the function in case of an error.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-05 11:51:16 +01:00
Gilles Peskine
01af3ddc82
Fixed confusion between number size and limb size; define limb
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 16:23:29 +02:00
Gilles Peskine
2926484de1
Describe generic conventions for the bignum core module
...
This commit codifies some conventions that result from the original design
goals and others that have emerged after starting the implementation.
* Value ranges
* Bignum parameter naming and ordering
* Sizes
* Aliasing and overlap
* Error handling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:51:21 +02:00
Gilles Peskine
7aab2fbe41
Add a short description of what each module does
...
There was already a short introduction to _who_ should use each module, but
not to _what_ each module does.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:50:17 +02:00
Gilles Peskine
7f887bdc05
Move license out of Doxygen comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:50:17 +02:00
Gabor Mezei
dba2677597
Update documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-03 17:01:02 +02:00
Glenn Strauss
2ff77119df
mbedtls_ecp_point_read_binary from compressed fmt
...
mbedtls_ecp_point_read_binary from MBEDTLS_ECP_PF_COMPRESSED format
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-10-03 05:43:27 -04:00
Denis V. Lunev
2df73ae742
mbedtls: fix possible false success in ...check_tags() helpers
...
We should report a error when the security check of the security
tag was not made. In the other case false success is possible and
is not observable by the software.
Technically this could lead to a security flaw.
Signed-off-by: Denis V. Lunev <dlunev@gmail.com>
2022-09-30 17:15:49 +01:00
Gabor Mezei
86dfe384c2
Fix documentation tags to be lower case
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 14:03:04 +02:00
Gabor Mezei
e5b8585f1e
Follow parameter naming convention
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:54:02 +02:00
Gabor Mezei
1c628d5700
Follow parameter naming comvention
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
81e57021c6
Change the input parameters to be const
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
2b5bf4cec7
Fix doumentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
f4dd3b6a6d
Fix documentation
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
87638a9ead
Add missing include
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
63c3282ec4
Remove retrun code from mod_raw_cond_assign/swap
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
24d183aa00
Use the new swap and assign function in the old interface
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
9f6615f146
Remove argument checking from constant time functions
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
12071d4403
Add conditional assign and swap function for MPI modulus
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:35 +02:00
Gabor Mezei
e1d31c4aad
Add conditional swap and assign function for MPI core
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:30 +02:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
...
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f
Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 17:20:18 +01:00
Victor Barpp Gomes
47c7a732d2
Print RFC 4108 hwSerialNum in hex format
...
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
2022-09-29 11:34:23 -03:00
Tom Cosgrove
4386ead662
Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Przemek Stekiel
ce5b68c7a3
Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions"
...
This reverts commit a82290b727
.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:18 +02:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
...
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
...
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Xiaokang Qian
ca343ae280
Improve message logs and test cases description in psk
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00