Commit graph

534 commits

Author SHA1 Message Date
Jerry Yu
fb28b88e26 move client_auth to handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-28 11:05:58 +08:00
Jerry Yu
24811fb2e0 replace check_sig_hash with is_offered
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
f017ee4203 merge write sig_alg of tls12 and tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>

# Conflicts:
#	library/ssl_misc.h
2022-01-25 12:46:17 +08:00
Jerry Yu
1abd1bc22f Change write_sig_alg_ext of tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
2d0bd32982 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
0e5bcb6bf5 Replace directly access for sig_hashes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Jerry Yu
18cd43909b Align signature_algorithms extension name
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Jerry Yu
9d555ac003 Remove TLS12 version write_supported_group_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:27:58 +08:00
Jerry Yu
b47d0f893e Replace SUPPORTED_ELLIPTIC_CURVES with SUPPORTED_GROUPS
According to RFC7919 and RFC8442 , they are same.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 17:38:50 +08:00
Ronald Cron
69a63426af psa: Fix the size of hash buffers
Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Xiaofei Bai
f36e1677b1 Fix alignment
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-09 09:28:25 +00:00
Xiaofei Bai
6f435f07d2 Fix compile error
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-09 04:08:32 +00:00
Xiaofei Bai
58afdba887 Fix typo and remove wrapper
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-09 03:10:05 +00:00
Xiaofei Bai
15a56813a2 TLS1.3 Add hostname extention
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-05 10:52:12 +00:00
Brett Warren
01f3dae3f3 Refactor elliptic curve extension for NamedGroups
The refactoring is needed for the group api to work
properly. Code is modified to use mbedtls_get_supported_groups
instead of direct access so that both deprecated and new api
are useable.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
gabor-mezei-arm
4602564d7a
Unify memcmp functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:33:47 +02:00
gabor-mezei-arm
db9a38c672
Move contatnt-time memcmp functions to the contant-time module
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-09-28 16:16:14 +02:00
Joe Subbiani
94180e708f Minor coding style improvement
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 16:20:44 +01:00
Joe Subbiani
1f6c3aeb63 Tidy up ssl_*.c grouped MBEDTLS_BYTE_x macros
exchange groups of the byte reading macros with MBEDTLS_PUT_UINTxyz
and then shift the pointer afterwards. Easier to read as you can
see how big the data is that you are putting in, and in the case of
UINT32 AND UINT64 it saves some vertical space.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-20 12:19:57 +01:00
Joe Subbiani
d0687856af Improve documentation and add more uses of MBEDTLS_PUT
minor changes, such as improving the documentation for the byte reading
macros, and using MBEDTLS_PUT_UINT16_xy in place of byte reading
macro combinations

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:42 +01:00
Joe Subbiani
6dd7364553 Replace instances of byte reading macros with PUT
Instances of a group of byte reading macros which are equivilant to
MBEDTLS_PUT_UINTx_yz

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:57:41 +01:00
Joe Subbiani
fbeb692dd0 Use byte reading macros in places not using a byte mask
byte shifting opertations throughout library/ were only replaced with
the byte reading macros when an 0xff mask was being used.
The byte reading macros are now more widley used, however they have not
been used in all cases of a byte shift operation, as it detracted from
the immediate readability or otherwise did not seem appropriate.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
2194dc477a Replace MBEDTLS_CHAR_x with MBEDTLS_BYTE_x
The CHAR macros casted to an unsigned char which in this project
is garunteed to be 8 bits - the same as uint8_t (which BYTE casts
to) therefore, instances of CHAR have been swapped with BYTE and
the number of macros have been cut down

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:56:47 +01:00
Joe Subbiani
cd84d76e9b Add Character byte reading macros
These cast to an unsigned char rather than a uint8_t
like with MBEDTLS_BYTE_x
These save alot of space and will improve maintence by
replacing the appropriate code with MBEDTLS_CHAR_x

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-08-19 09:55:41 +01:00
Hanno Becker
41934dd20a Share preparatory code between client and server handshake steps
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-07 19:13:43 +01:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-07-23 06:25:48 +01:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
Dave Rodgman
39bd5a655e Address review comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 15:25:21 +01:00
Dave Rodgman
c50b717a19 Update a couple of ssl error codes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:40:23 +01:00
Dave Rodgman
bed8927538 Correct some TLS alerts and error codes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 12:06:44 +01:00
Dave Rodgman
53c8689e88 Introduce new TLS error codes
Introduce new codes:
* MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION
* MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL

These are returned when the corresponding alert is raised.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:02:06 +01:00
Dave Rodgman
43fcb8d7c1 Address review feedback
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 08:57:19 +01:00
Dave Rodgman
5f8c18b0d0 Update error code from ssl_parse_signature_algorithm
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Dave Rodgman
8f127397f8 Update alert message for parsing PSK hint
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
77b4a6592a Address review feedback
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
2fc9a652bc Address review feedback
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
c3411d4041 Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
9ed1ba5926 Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE

Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
as fit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
5697af0d3d Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
cbc8f6fd5d Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
029cc2f97b Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
241c19707b Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Gilles Peskine
f00f152444 Add output size parameter to signature functions
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.

No change to RSA because for RSA, the output size is trivial to calculate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Thomas Daubney
e1c9a40bc4 Removes truncated HMAC code from ssl_X.c
Removes conditional code blocks relating
to MBEDTLS_SSL_TRUNCATED_HMAC from ssl_cli.c
and ssl_srv.c.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-06-16 16:19:53 +01:00
Gilles Peskine
cd07e22048 New function mbedtls_ecjpake_set_point_format
Use this instead of accessing the field directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00
Gilles Peskine
487bbf6805 DHM: new functions to query the length of the modulus
Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to
query the length of the modulus in bytes or bits.

Remove the len field: the cost of calling mbedtls_dhm_get_len() each time
it's needed is negligible, and this improves the abstraction of the DHM
module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-15 00:12:37 +02:00