Commit graph

19517 commits

Author SHA1 Message Date
XiaokangQian
3207a32b1e Fix unused parameter issue and not defined cookie issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7ac3ab3404 Add hello retry request count for server
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
a9c58419f2 Fix compile and test issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
5e4528cd12 Add test cases for server side parse client hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
7807f9f5c9 Add client hello into server side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Gilles Peskine
f4d70b2944
Merge pull request #5608 from AndrzejKurek/raw-key-agreement-fail
Add a test for a raw key agreement failure
2022-04-19 14:00:48 +02:00
Manuel Pégourié-Gonnard
46435f05e1
Merge pull request #5706 from hanno-arm/bn_mul_cleanup
Simplify structure of bignum inline assembly
2022-04-19 11:30:05 +02:00
Hanno Becker
606cb1626f Add comment explaining structure of UMAAL assembly
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:59:33 +01:00
Hanno Becker
d46d96cc3f Add 2-fold unrolled assembly for umaal based multiplication
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:19:55 +01:00
Hanno Becker
63eb28c728 Use separate counters for 8-fold and single multiplication steps
Compilers are likely to generate shorter assembly for loops of the
form `while( cnt-- ) { ... }` rather than
`for( ; count >= X; count -= X ) { ... }`. (E.g. the latter needs
a subtract+compare+branch after each loop, while the former only
needs decrement+branch).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:16:03 +01:00
Hanno Becker
eacf3b9eb4 Simplify organization of inline assembly for bignum
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-17 06:16:03 +01:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Manuel Pégourié-Gonnard
63ed7cbf36
Merge pull request #5701 from hanno-arm/mpi_mul_hlp
Make size of output in mpi_mul_hlp() explicit
2022-04-15 10:09:06 +02:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
bbdc83b55b Use mbedtls_ssl_protocol_version in public structs
Use mbedtls_ssl_protocol_version in public structs, even when doing
so results in a binary-incompatible change to the public structure

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
59b0d54ba0 Convert tests to use mbedtls_ssl_conf_(min|max)_tls_version()
Replace use of mbedtls_ssl_conf_(min/max)_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
d09b343ffc Deprecate mbedtls_ssl_conf_(min/max)_version()
Deprecate mbedtls_ssl_conf_max_version()
Replaced with mbedtls_ssl_conf_max_tls_version()

Deprecate mbedtls_ssl_conf_min_version()
Replaced with mbedtls_ssl_conf_min_tls_version()

(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
39e624ca76 Convert tests to use MBEDTLS_SSL_VERSION_TLS1_*
(PR feedback from @ronald-cron-arm)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
cd78df6aa4 handshake->min_minor_ver to ->min_tls_version
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
2dfcea2b9d mbedtls_ssl_config min_tls_version, max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible on little-endian platforms,
but is compatible on big-endian platforms.  For systems supporting
only TLSv1.2, the underlying values are the same (=> 3).

New setter functions are more type-safe,
taking argument as enum mbedtls_ssl_protocol_version:
mbedtls_ssl_conf_max_tls_version()
mbedtls_ssl_conf_min_tls_version()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:39:43 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Glenn Strauss
07c641605e Rename mbedtls_ssl_transform minor_ver to tls_version
Store the TLS version in tls_version instead of minor version number.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:54 -04:00
Glenn Strauss
dff84620a0 Unify internal/external TLS protocol version enums
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 13:45:20 -04:00
Andrzej Kurek
83e60eef4d tests: fix bitflip comment
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-14 08:51:41 -04:00
Gilles Peskine
473d585abf
Merge pull request #5006 from JoeSubbiani/CleanCompat.sh2_dev
clean up compat.sh
2022-04-14 14:04:33 +02:00
Hanno Becker
3577131bb4 Reintroduce trimming of input in mbedtls_mpi_mul_int()
Removing the trimming has significant memory impact. While it is clearly what
we want to do eventually for constant-time'ness, it should be fixed alongside
a strategy to contain the ramifications on memory usage.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-14 11:52:11 +01:00
Manuel Pégourié-Gonnard
636b5f10da Add comment in compat.sh about callers
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:56 +02:00
Manuel Pégourié-Gonnard
9473229996 Fix compat.sh invocation in basic-built-test.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:38 +02:00
Manuel Pégourié-Gonnard
296787f75c Rm DES from invocations of compat.sh
It no longer makes sense, either in -e or -f: those ciphersuites have
been removed anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Manuel Pégourié-Gonnard
4111b73d8f Update comment and default exclude
- comments about (3)DES were inconsistent (one saying "keep 3DES" and
the other "exclude it")
- we don't have any DES or 3DES ciphersuite anyway, so no need to
exclude them or comment about it
- while at it, fix comment about ARIA: it's in the default config now

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Joe Subbiani
32df1450f1 Order ciphersuite names alphabetically
The ciphers were originally separated by the version conditions, and the spacing
was retained in case it was required later. It has been decided it would be better
to have an unbroken list in alphabetically order to quickly locate ciphers when
necessary

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:45:08 +02:00
Joe Subbiani
f05fae0f7a Remove unsupported ciphersuites
Remove ciphersuites that are no longer supported.
running ./test/compat.sh -e '^$' -p mbedtls no longer skips any tests

Fixes #4818

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:41:43 +02:00
Joe Subbiani
9f84761c66 Removed redundant mode checks
As anything below (D)TLS 1.2 is no longer supported, checks for the
minor version will always be true, and have therefore been removed

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2022-04-13 10:40:49 +02:00
Manuel Pégourié-Gonnard
6c242a01f7
Merge pull request #5634 from superna9999/5625-pk-opaque-rsa-basics
PK Opaque RSA sign
2022-04-13 09:55:42 +02:00
Hanno Becker
0dbf04a9a6 Remove unnecessary memory operations in p25519 quasireduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-13 07:26:53 +01:00
Hanno Becker
1772e05fca Reduce the scope of local variable in mbedtls_mpi_mul_mpi()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-13 07:26:53 +01:00
Hanno Becker
da763de7d0 Revert "Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()"
This reverts commit 808e666eee.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-13 07:26:42 +01:00
Hanno Becker
127fcabb21 Fail gracefully upon unexpectedly large input to p25519 reduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 22:18:36 +01:00
Manuel Pégourié-Gonnard
927410ded3
Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk
TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)
2022-04-12 13:28:02 +02:00
Hanno Becker
bb04cb992f Fix check in p25519 quasi-reduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:18:11 +01:00
Hanno Becker
d830feb256 Simplify check in p25519 quasi-reduction
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:10:19 +01:00
Hanno Becker
2ef0cff6c3 Fix size check in p25519 modular reduction
The check was meant to precisely catch an underflow.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:02:05 +01:00
Hanno Becker
0235f7512f Reduce scope of local variables in mpi_montmul()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:02:03 +01:00
Hanno Becker
9137b9c587 Note alternative implementation strategy in mbedtls_mpi_mul_int()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:01:58 +01:00
Hanno Becker
808e666eee Don't trim MPIs to minimal size in mbedtls_mpi_mul_mpi()
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-04-12 11:01:57 +01:00
Gilles Peskine
43b0943736
Merge pull request #1946 from hanno-arm/alert_reentrant
Make mbedtls_ssl_send_alert_message() reentrant
2022-04-12 11:05:20 +02:00