Commit graph

9872 commits

Author SHA1 Message Date
Xiaokang Qian
54413b10c2 Add early data support preparatory work
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Andrzej Kurek
409248a73a mbedtls_ssl_get_handshake_transcript is unusable without hashes
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
57d1063db9 Fix tls_prf generic dependencies
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
468c50656e Fix key exchange dependencies for ssl_parse_server_ecdh_params
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:55:18 -04:00
Ronald Cron
083da8eb53 tls13: client: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
a2900bcd1e tls13: keys: Simplify code guard
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f tls13: Add missing kex guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
82be0d4b4d tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
de08cf3543 tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Gilles Peskine
abc6fbb8d7 Fix brief description
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 18:36:31 +02:00
Ronald Cron
d29e13eb1b tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
2a87e9bf83 tls: Align set and usage check for PSK
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
fa1e04a7c4 tls13: keys: Fix PSK build only case
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
9a6a49c7cb tls13: keys: Fail if the group type is not ECDHE or DHE
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
b15d4d8966 tls13: keys: Fix error code
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
3b056202d3 tls13: keys: Do not use handshake->premaster
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
4c7edb2b9b tls13: keys: Fix indentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
831fee68c3 tls13: keys: Avoid input buffer copy
In mbedtls_ssl_tls13_evolve_secret() avoid
to copy the input buffer into a local buffer
as the copy is avoidable.

This also fixes a potential overflow as the
size of the local buffer was not checked when
copying into it.

With the current calls to mbedtls_ssl_tls13_evolve_secret()
no buffer overflow was expected to happen though.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Manuel Pégourié-Gonnard
45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded
Unified tests/scripts/depends.py - reloaded
2022-10-21 10:17:58 +02:00
Gilles Peskine
c279b2fa4a Move mbedtls_mpi_core_shift_r to the proper source file
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-20 11:40:15 +02:00
Gilles Peskine
6641420951 Bignum core: Break shift_r function out of the classic shift_r
This commit contains the function prototype for mbedtls_mpi_core_shift_r,
and the implementation minimally modified from mbedtls_mpi_shift_r.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-20 11:40:15 +02:00
Gilles Peskine
4281ae0bd2
Merge pull request #6373 from gilles-peskine-arm/bignum-core-conventions
Spell out bignum core conventions
2022-10-19 15:53:33 +02:00
Gilles Peskine
db2996357c
Merge pull request #6289 from gabor-mezei-arm/6237_Add_conditional_assign_and_swap_for_bignum
Bignum: Add safe conditional assign and swap for the new MPI types
2022-10-19 15:51:19 +02:00
Andrzej Kurek
9387b7b34e Add a temporary solution to create a seedfile
This caused problems if a config with SHA512 was
compiled after a config without it and the seedfile
did not contain enough data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
c610e7402e Formatting & unnecessary (void) fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
ecb630925f Fix constant name in ssl_tls13_keys
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
e5a5cc1944 Remove the dependency of tls1_3 key evolution tests on curve25519
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
eabeb30c65 Fix SHA512 vs SHA384 dependencies
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
c19fb08dd3 Add missing ECDH dependency in tls 1.3 client
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
46a987367c Formatting fix
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
084334c8f2 Compile constant time masking and hmac if there are suites using MAC
This is used in TLS 1.2 authentication with NULL cipher,
when there are no TLS_CBC suites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
2d59dbc032 Use TLS prf only if TLS 1.2 is compiled in
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
894edde991 Add tls prf handling when there's no SHA256 or SHA384
Return a null prf function pointer and check for it when populating transform.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
252283f2aa Fix missing cipher mode dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
David Horstmann
078250eb56 Fix incorrect return style
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-18 18:11:13 +01:00
David Horstmann
178ec96c89 Remove unnecessary NULL assignments
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-18 18:09:30 +01:00
David Horstmann
11307a1933 Clarify wording on allocation
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-17 18:10:23 +01:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Gilles Peskine
dcd1717f5f Forbid aliasing outputs
Aliasing between two outputs is hardly ever useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 17:15:21 +02:00
Gabor Mezei
4086de667d
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-14 16:29:42 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Raef Coles
1951259a10
Update how lms.c imports platform.h
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 16:47:13 +01:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
Raef Coles
cbd02adc6e
Simplify LMS context freeing
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:32 +01:00
Raef Coles
45c4ff93c9
Fix windows requiring explicit cast in LMS calloc
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:14 +01:00
Raef Coles
142e577c34
Add extra zeroization to LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:03 +01:00
Raef Coles
9fc303a99a
Add extra LMOTS import negative tests
And fix failures that are related to the new tests

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:01 +01:00
Raef Coles
4829459c90
Validate LMOTS sig length before parsing type
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:47 +01:00
Raef Coles
285d44b180
Capitalize "Merkle" in LMS and LMOTS code
As it is a proper noun

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:43 +01:00
Raef Coles
faf59babe8
Make LMS verification return VERIFY_FAILED more
To align with PSA error code rules on when VERIFY_FAILED is returned vs
INVALID_ARGUMENT

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:42 +01:00
Raef Coles
fbd60ec775
Change LMS and LMOTS init functions to use memset
Instead of zeroize

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:40 +01:00
Raef Coles
9b0daf60fb
Improve LMS private function warning
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:38 +01:00
Raef Coles
f6cb5a4826
Fix LMS return statements having incorrect style
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:35 +01:00
Raef Coles
75b4c7790e
Fix LMS internal function documentation
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:34 +01:00
Raef Coles
d48f7e90bb
Allocate LMS C_RANDOM_VALUE as hash size
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:32 +01:00
Raef Coles
1fb2f32ef5
Check LMS offsets are sane at runtime
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:31 +01:00
Raef Coles
e34e3c0e59
Remove unneeded cast in LMS calloc
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:30 +01:00
Raef Coles
370cc43630
Make LMS public key export part of public key api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:28 +01:00
Raef Coles
e89488debf
Fix bug in LMS public key loading
To avoid using the type before it is parsed from the signature

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:27 +01:00
Raef Coles
3f6cdd7aab
Fix LMS not checking RNG function return value
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:24 +01:00
Raef Coles
02cf8234b4
Fix ots sig length check in LMS validate function
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:22 +01:00
Raef Coles
f36874a535
Fix error type of lms_import_public_key
Was returning an incorrect error when bad public key sizes were input

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:21 +01:00
Raef Coles
dc8fb79e09
Simplify LMS private key generation error handling
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:20 +01:00
Raef Coles
be3bdd8240
Rename LMS and LMOTS init/free functions
To match convention

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:18 +01:00
Raef Coles
29117d2e4e
Update LMS PSA error conversion
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:17 +01:00
Raef Coles
be0c2f9183
Update LMS local variable allocation
To use a default failure value, and to avoid a call to
psa_hash_operation_init()

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:15 +01:00
Raef Coles
2ac352a322
Make LMS functions args const where required
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:14 +01:00
Raef Coles
5127e859d7
Update LMS and LMOTS dependency macros
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:11 +01:00
Raef Coles
56fe20a473
Move MBEDTLS_PRIVATE required defines into lms.h
From lmots.h, as it is a private header

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:10 +01:00
Raef Coles
ab300f15e8
Move public header content from lmots.h to lms.h
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:08 +01:00
Raef Coles
0b7da1b787
Fix overflow in LMS context init
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:03 +01:00
Raef Coles
57d5328ad5
Remove MBEDTLS_LM(OT)S prefix from internal macros
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:00 +01:00
Raef Coles
ad05425ab7
Update naming of internal LMS functions
To comply with the mbedtls_ requirement

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:59 +01:00
Raef Coles
40158e11fc
Add LMOTS test hook to header
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:58 +01:00
Raef Coles
3982040232
Fix LMS zeroization using wrong sizeof type
Causing a buffer write out of bounds

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:55 +01:00
Raef Coles
98d6e22050
Remove doxygen markup from internal LMS functions
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:54 +01:00
Raef Coles
40f184c83e
Cast LMS allocation sizes to size_t
To prevent implict casting errors on 64-bit platforms

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:52 +01:00
Raef Coles
1310ecb389
Update LMOTS function documentation
To avoid CI failure

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:51 +01:00
Raef Coles
9c9027b1a4
Add extra LMS and LMOTS tests
NULL-message and LMOTS signature leak tests

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:50 +01:00
Raef Coles
fa24f9d6ea
Minor fixes to LMS and LMOTS macros
Update some names, use the correct macro in certain places.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:48 +01:00
Raef Coles
0a967ccf9a
Document LMS and LMOTS internal functions
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:47 +01:00
Raef Coles
8738a49d0c
Fix iterator types in LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:45 +01:00
Raef Coles
e0a17610d1
Fix LMS/LMOTS if-statement style
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:41 +01:00
Raef Coles
9b88ee5d5d
Fix LMS and LMOTS coding style violations
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:40 +01:00
Raef Coles
366d67d9af
Shorted LMS and LMOTS line-lengths
To attempt to comply with the 80-char suggestion

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:38 +01:00
Raef Coles
e9479a0264
Update LMS API to support multiple parameter sets
Parameterise macros to allow variation of sizes

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:36 +01:00
Raef Coles
ab4f87413a
Add MBEDTLS_LMS_PRIVATE define
To enable private key operations

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:35 +01:00
Raef Coles
ebd35b5b80
Rename LMS internal tree-manipulation functions
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:31 +01:00
Raef Coles
891c613f31
Update LMOTS signature use of temporary variables
Document them properly, and move random value to a temporary variable

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:29 +01:00
Raef Coles
0c88d4e447
Remove superfluous casts in LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:28 +01:00
Raef Coles
f5632d3efc
Remove MBEDTLS_PRIVATE usage from LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:27 +01:00
Raef Coles
01c71a17b3
Update LMS and LMOTS api
Fix function names and parameters. Move macros to be more private.
Update implementation.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:25 +01:00
Raef Coles
c8f9604d7b
Use PSA hashing for LMS and LMOTS
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:23 +01:00
Raef Coles
7dce69a27a
Make LMOTS a private api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:22 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Manuel Pégourié-Gonnard
02f82bbfa9 Fix MSVC warning
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-13 13:32:02 +02:00
Manuel Pégourié-Gonnard
f155ab9a91 Abort on errors when we should
We're not strictly required to abort, but at least to leave the context
is an invalid state. For "late" functions like input() and output(),
calling abort() is the easiest way to do that. Do it systematically for
input() and output() by using a wrapper. psa_pake_get_implicit_key() was
already doing it. For "early" function, we can just leave the operation
in its current state which is already invalid.

Restore previous tests about that. Not adding systematic tests, though,
just test the two functions that are the most important, and more likely
to return errors.

Since we now abort in more cases, we need to make sure we don't
invalidate the operation that's going to be re-used later in the test.
For that reason, use a copy of the operation for calls to input() and
output() that are expected to return errors.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-13 13:20:31 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Xiaokang Qian
28af501cae Fix the ticket_lifetime equal to 0 issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-13 08:18:19 +00:00
Xiaokang Qian
126bf8e4d7 Address some comments
Delete reference immediately after shallow copy
Fix format issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-13 02:57:15 +00:00
Xiaokang Qian
997669aeeb Fix heap use-after-free corruption issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 14:30:27 +00:00
Xiaokang Qian
307a7303fd Rebase and replace session_negotiate
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:14:32 +00:00
Xiaokang Qian
baa4764d77 Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
8730644da1 Move ticket and hostname set code just after shallow-copy
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
ed0620cb13 Refine code base on comments
Move code to proper macro guards protection
Fix typo issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
d7adc374d3 Refine the server name compare logic
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
a3b451f950 Adress kinds of comments base on review
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038 Address comments base on review
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
be98f96de2 Remove useless hostname check in server side
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
6af2a6da74 Fix session save-load overflow issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
ecd7528c7f Address some comments
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Jerry Yu
22c18c1432 Add NULL check in prepare hello
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
Jerry Yu
c2bfaf00d9 fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
Jerry Yu
4f77ecf409 disable session resumption when ticket expired
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 22:10:08 +08:00
Jerry Yu
03aa174d7c Improve test message and title
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:48:37 +08:00
Jerry Yu
6916e70521 fix various issues
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Jerry Yu
21092062f3 Restrict cipher suite validation to TLS1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:21:31 +08:00
Gabor Mezei
d7edb1d225
Initialize variable
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:32:09 +02:00
Gabor Mezei
e9c013c222
Handle if parameters are alised
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-10 14:26:57 +02:00
Przemek Stekiel
88ade84735 psa_aead_setup: remove redundant tag length check
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-08 17:56:18 +02:00
Przemek Stekiel
6ab50762e0 psa_aead_setup: validate tag length before calling driver setup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-08 17:54:30 +02:00
Jerry Yu
a99cbfa2d3 fix various issues
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:47 +08:00
Jerry Yu
40afab61a8 Add ciphersuite check in set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8 Revert "move ciphersuite validation to set_session"
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
Jerry Yu
379b91a393 add ticket age check
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 10:21:15 +08:00
David Horstmann
91e20a0580 Refactor macro-spanning ifs in ecdh.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
fc735dffd6 Refactor macro-spanning ifs in ecp.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
8a7629fd0f Refactor macro-spanning if in asn1write.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
2788f6b668 Refactor macro-spanning if in sha512.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
687262ca7d Refactor macro-spanning if in sha256.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
21b89761f8 Refactor macro-spanning if in ssl_tls13_server.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
10be134d8e Refactor macro-spanning if in ssl_msg.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
4a28563e84 Refactor macro-spanning ifs in ssl_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
David Horstmann
e0af39a2ef Refactor macro-spanning ifs in ssl_tls12_server.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:36 +01:00
Przemek Stekiel
86679c7bd8 psa_validate_tag_length(): use PSA_WANT_ALG_xxx instead MBEDTLS_PSA_BUILTIN_ALG_xxx guards
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-07 08:24:19 +02:00
Jerry Yu
4a698341c9 Re-org selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
6183cc7470 Re-org binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f75364bee1 Re-organize identities writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8b41e893a2 fix various issues
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
19ae6f62c7 move ciphersuite validation to set_session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
25ab654781 Add dummy ticket support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
b300e3c5be add selected_identity parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
1a0a0f4416 Add binders writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
f7c125917c Add identites writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
0c6105bc9e empty pre_shared_key functions
To easy review

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075 Add server only guards for psk callback
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
David Horstmann
b21bbef061 Refactor macro-spanning if in ssl_tls12_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 18:00:51 +01:00
David Horstmann
3b2276a439 Refactor macro-spanning ifs in ssl_tls.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 17:59:57 +01:00
Przemek Stekiel
8a05a646f4 Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 17:01:58 +02:00
Przemek Stekiel
ff1efc9a84 psa_aead_check_nonce_length: Fix unused variable warining
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 16:53:47 +02:00
David Horstmann
0763ccf04f Refactor ARIA_SELF_TEST_IF_FAIL macro
Change the ARIA_SELF_TEST_IF_FAIL macro to be more code-style friendly.
Currently it expands to the body of an if statement, which causes
problems for automatic brace-addition for if statements.

Convert the macro to a function-like macro that takes the condition as
an argument and expands to a full if statement inside a do {} while (0)
idiom.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-06 14:32:30 +01:00
Manuel Pégourié-Gonnard
0771d41584 Fix missing length check
There was a check against the remaining size of the buffer, which used
to be correct, but was broken two commits ago when we started not just
copying the input but also adding to it.

Replace it with a check that the input length is not greater that what's
expected for this step. This guarantees we won't overflow the internal
buffer.

While at it, add an explicit cast to uint8_t when writing the length to
the buffer, so silence an MSVC warning. This cast is safe because we
checked that the length is no larger than 65 or 32 (depending on the
step), so in any case is fits in one byte.

This was found because some lengths had not been adjusted in the test
suite, and instead of failing cleanly, library code performed buffer
overflows. I'll fix the tests in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-06 09:30:34 +02:00
Manuel Pégourié-Gonnard
79617d99ae Fix namespacing issue
This macro is specific to the Mbed TLS implementation and not part of
the public API, so it shouldn't used the PSA_ namespace.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:55:50 +02:00
Manuel Pégourié-Gonnard
ec7012dbc7 Fix I/O format of PSA EC J-PAKE for compliance
The format used by the mbedtls_ecjpake_xxx() APIs and that defined by
the PSA Crypto PAKE extension are quite different; the former is
tailored to the needs of TLS while the later is quite generic and plain.
Previously we only addressed some part of this impedance mismatch: the
different number of I/O rounds, but failed to address the part where the
legacy API adds some extras (length bytes, ECParameters) that shouldn't
be present in the PSA Crypto version. See comments in the code.

Add some length testing as well; would have caught the issue.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-05 12:52:48 +02:00
David Horstmann
ed79483aca Free structs in mbedtls_x509_get_name() on error
mbedtls_x509_get_name() allocates a linked list of mbedtls_x509_name
structs but does not free these when there is an error, leaving the
caller to free them itself. Change this to cleanup these objects within
the function in case of an error.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-05 11:51:16 +01:00
Gilles Peskine
01af3ddc82 Fixed confusion between number size and limb size; define limb
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 16:23:29 +02:00
Gilles Peskine
2926484de1 Describe generic conventions for the bignum core module
This commit codifies some conventions that result from the original design
goals and others that have emerged after starting the implementation.

* Value ranges
* Bignum parameter naming and ordering
* Sizes
* Aliasing and overlap
* Error handling

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:51:21 +02:00
Gilles Peskine
7aab2fbe41 Add a short description of what each module does
There was already a short introduction to _who_ should use each module, but
not to _what_ each module does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:50:17 +02:00
Gilles Peskine
7f887bdc05 Move license out of Doxygen comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 14:50:17 +02:00
Gabor Mezei
dba2677597
Update documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-10-03 17:01:02 +02:00
Denis V. Lunev
2df73ae742 mbedtls: fix possible false success in ...check_tags() helpers
We should report a error when the security check of the security
tag was not made. In the other case false success is possible and
is not observable by the software.

Technically this could lead to a security flaw.

Signed-off-by: Denis V. Lunev <dlunev@gmail.com>
2022-09-30 17:15:49 +01:00
Gabor Mezei
86dfe384c2
Fix documentation tags to be lower case
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 14:03:04 +02:00
Gabor Mezei
e5b8585f1e
Follow parameter naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:54:02 +02:00
Gabor Mezei
1c628d5700
Follow parameter naming comvention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
3eff425b1a
Use only one limb parameter for assign
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
81e57021c6
Change the input parameters to be const
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
2b5bf4cec7
Fix doumentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
f4dd3b6a6d
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:40 +02:00
Gabor Mezei
cfc0eb8d22
Remove unused parameter
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
87638a9ead
Add missing include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
63c3282ec4
Remove retrun code from mod_raw_cond_assign/swap
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
24d183aa00
Use the new swap and assign function in the old interface
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
9f6615f146
Remove argument checking from constant time functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:36:39 +02:00
Gabor Mezei
12071d4403
Add conditional assign and swap function for MPI modulus
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:35 +02:00
Gabor Mezei
e1d31c4aad
Add conditional swap and assign function for MPI core
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-09-30 13:33:30 +02:00
Gilles Peskine
845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication
Montgomery multiplication from bignum prototype
2022-09-30 10:35:21 +02:00
Tom Cosgrove
6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 17:20:18 +01:00
Victor Barpp Gomes
47c7a732d2 Print RFC 4108 hwSerialNum in hex format
Signed-off-by: Victor Barpp Gomes <17840319+Kabbah@users.noreply.github.com>
2022-09-29 11:34:23 -03:00
Tom Cosgrove
4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-29 14:40:21 +01:00
Przemek Stekiel
ce5b68c7a3 Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions"
This reverts commit a82290b727.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:18 +02:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Xiaokang Qian
ca343ae280 Improve message logs and test cases description in psk
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-28 02:07:54 +00:00
Przemek Stekiel
4c49927bad Fix unused variables warnings in default + stream cipher only build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Przemek Stekiel
a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Przemek Stekiel
89ad62352d Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq()
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Ronald Cron
c27a9074c4 tls13: server: Add comment when trying another sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 10:07:55 +02:00
Xiaokang Qian
cb6e96305f Change kex mode string name
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-27 08:02:41 +00:00
Ronald Cron
b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-27 09:25:47 +02:00
Andrzej Kurek
b510cd2c50 Fix a copy-paste error - wrong macro used
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:50:22 -04:00
Andrzej Kurek
5603efd525 Improve readability and formatting
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-26 10:49:16 -04:00
Nick Child
5f9456f3e3 pkcs7: Fix trailing whitespace
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-09-26 09:18:12 -05:00
Xiaokang Qian
5beec4b339 Refine ssl_get_kex_mode_str() for easy automatic generation
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 08:23:45 +00:00
Xiaokang Qian
ac8195f4f7 Fix wrongly kex mode fallback issue in psk cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-26 06:31:58 +00:00
Gilles Peskine
5596c74a98
Merge pull request #6140 from Zaya-dyno/validation_remove_change_auth_enc
Validation remove change auth enc
2022-09-23 17:04:31 +02:00
Gilles Peskine
12a1e85caa
Merge pull request #6138 from Zaya-dyno/validation_remove_change_key_agree
Validation remove change key agree
2022-09-23 17:04:20 +02:00
Gilles Peskine
87953f228f
Merge pull request #6091 from Zaya-dyno/validation_remove_change_pk
Validation remove change pk
2022-09-23 17:03:30 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Xiaokang Qian
8939930b82 Rebase and fix some test failures
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
Xiaokang Qian
5001bfc619 Add key exchange mode log in client side
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
XiaokangQian
335cfaadf9 Finalize client side code for psk
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-09-23 01:48:26 +00:00
Jerry Yu
359e65f784 limit session ticket number when resumption
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:43 +08:00
Jerry Yu
f3bdf9dd51 fix various issues
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:14 +08:00
Tom Cosgrove
87d9c6c4d8 Ensure client mbedtls_ssl_handshake_step() returns success for HELLO_REQUEST
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-22 09:27:56 +01:00
Gilles Peskine
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg
TLS 1.3: PSK: Exclude pre_shared_key for HRR
2022-09-22 10:21:06 +02:00
Manuel Pégourié-Gonnard
1475ac49a4
Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash
Validation remove change hash
2022-09-22 09:24:44 +02:00
Manuel Pégourié-Gonnard
d5c82fb821
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher
Validation remove and change in files related to cipher in library
2022-09-22 09:10:13 +02:00
Jerry Yu
b7e3fa7fbd move count decrement after success sent
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Jerry Yu
d0766eca58 fix various issues
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Tom Cosgrove
2fdc7b3599 Return an error from mbedtls_ssl_handshake_step() if neither client nor server
This prevents an infinite loop in mbedtls_ssl_handshake(). Fixes #6305.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-21 12:33:17 +01:00
Tom Cosgrove
c573882674 Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication 2022-09-21 12:08:43 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Tom Cosgrove
4782823ec3 Ensure we explicitly document the modulus for fixed-width arithmetic
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:51:50 +01:00
Tom Cosgrove
b0b77e1b13 Document and test aliasing of the bignums given to mbedtls_mpi_core_mla()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:33:40 +01:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
38391bf9b6 tls13: Do not impose minimum hash size for RSA PSS signatures
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.

We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:29:41 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Tom Cosgrove
ea45c1d2d4 Document and test aliasing of output for mbedtls_mpi_core_montmul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-20 13:17:51 +01:00
Jerry Yu
d4e7500a07 Enable multi session tickets on Server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:24:03 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Andrzej Kurek
7763829c5c Add missing ifdef when calculating operation capacity
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 12:24:52 -04:00
Andrzej Kurek
3c4c514302 Remove PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:24:14 -04:00
Andrzej Kurek
b093650033 Add proper capacity calculation for EC J-PAKE to PMS KDF
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 07:13:00 -04:00
Andrzej Kurek
702776f7cc Restrict the EC J-PAKE to PMS input type to secret
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-16 06:22:44 -04:00
Jerry Yu
ad4d2bb3e1 Exclude pre_shared_key for HRR
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 18:16:49 +08:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public.
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Jerry Yu
6ee726e1ab Replace md translation function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 16:32:27 +08:00
Jerry Yu
a5df584d87 fix build fail for test_psa_crypto_config_accel_hash_use_psa
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-16 11:28:54 +08:00
Gilles Peskine
ed1c7f4cd7 Include platform.h unconditionally: gcm
gcm.c had a slightly different pattern for the conditional inclusion of
platform.h which didn't fit the general replacement. Simplify it manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:50 +02:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:15 +02:00
Gilles Peskine
a7aa80c058 Include platform.h unconditionally: second automatic part
Some source files included platform.h in a nested conditional. The previous
commit "Include platform.h unconditionally: automatic part" only removed
the outer conditional. This commit removes the inner conditional.

This commit once again replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:10 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Tom Cosgrove
3bd7bc3add Use X rather than A for accumulator-style input (and output!) params, and rename others accordingly
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:55:07 +01:00
Tom Cosgrove
5c0e8104bc Prefer 'fixed-size' to 'known-size' in doc comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:46:10 +01:00
Tom Cosgrove
b7438d1f62 Update name of mbedtls_mpi_montg_init()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:05:59 +01:00
Tom Cosgrove
2701deaa4b Use mbedtls_ct_mpi_uint_mask() rather than rolling our own
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-09-15 15:00:07 +01:00