mbedtls

Author	SHA1	Message	Date
Paul Elliott	588f8ed498	Add internal implementation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	2ba002cc2f	Make ECDSA restartable sign and verify functions public Make public the versions of ECSDA sign and verify which return raw signatures rather than returning ASN.1 encoded signatures, in order to use them for the internal implemention of psa_sign/verify_hash_interruptible. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Gabor Mezei	7e6fcc1fbc	Update documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:19:09 +01:00
Gabor Mezei	cf228706cd	Restrict input parameter size for ecp_mod_p521_raw The imput mpi parameter must have twice as many limbs as the modulus. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:19:08 +01:00
Gabor Mezei	d10d429380	Stack usage optimization for mod_p521 Instead of creating an mpi on the stack, reuse the unused part of the input mpi. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:51 +01:00
Janos Follath	fe24e91a34	mod_p521: document reduction algorithm Signed-off-by: Janos Follath <janos.follath@arm.com> Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:50 +01:00
Janos Follath	666673e83f	modp521: apply naming conventions Apply the usual parameter name and align the local variables and comments. This naming diverges from the standard notation, but this is beneficial as our variable meanings diverge as well and the difference can help avoiding confusion. Signed-off-by: Janos Follath <janos.follath@arm.com> Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:50 +01:00
Janos Follath	13c3aa13af	Revert changes to mod_p521 flow It is not necessary to save the middle limb upfront as overwriting it is the desired result: in the first step we are reducing modulo 2^{512+biL}. Arguably, the original flow is more intuitive and easier to see the idea behind it. Signed-off-by: Janos Follath <janos.follath@arm.com> Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:50 +01:00
Gabor Mezei	6bfbd36507	Fix coding style issues Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:49 +01:00
Gabor Mezei	b62ad5d569	Rename function to follow naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:48 +01:00
Gabor Mezei	b1c62caa1f	Add documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:13:48 +01:00
Gabor Mezei	2cb630edee	Change the ecp_mod_p521_raw to be testable Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:05:22 +01:00
Gabor Mezei	8450ab9c60	Fix Secp521r1 reduction The prototype calculated with wrong limb size and not taken into account the overflow in the shared limb. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:03:03 +01:00
Gabor Mezei	42df16c84b	Extract Secp521r1 from the prototype Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-15 18:02:57 +01:00
David Horstmann	f51851dc70	Change += to \|= for clearer semantics Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 15:44:24 +00:00
Gilles Peskine	e2a9f86755	Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction Extract Secp192r1 fast reduction from the prototype	2023-02-15 16:22:36 +01:00
David Horstmann	34b3f1b757	Make overflow checks more readable Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 13:46:53 +00:00
Paul Elliott	9fe12f666b	PSA level initial implementation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 12:13:17 +00:00
Paul Elliott	2d247923e5	Initial empty driver wrapper implementation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 12:13:17 +00:00
David Horstmann	9c1887c4c7	Disallow overlong encoding when parsing OIDs OID subidentifiers are encoded as follow. For every byte: * The top bit is 1 if there is another byte to come, 0 if this is the last byte. * The other 7 bits form 7 bits of the number. These groups of 7 are concatenated together in big-endian order. Overlong encodings are explicitly disallowed by the BER/DER/X690 specification. For example, the number 1 cannot be encoded as: 0x80 0x80 0x01 It must be encoded as: 0x01 Enforce this in Mbed TLS' OID DER-to-string parser. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-15 12:02:27 +00:00
Gilles Peskine	edc6ae9578	Merge pull request #7090 from paul-elliott-arm/fix_iar_warnings_dev Fix IAR Warnings	2023-02-14 20:01:00 +01:00
David Horstmann	c7f700c795	Fix incorrect printing of OIDs The first 2 components of an OID are combined together into the same subidentifier via the formula: subidentifier = (component1 * 40) + component2 The current code extracts component1 and component2 using division and modulo as one would expect. However, there is a subtlety in the specification[1]: >This packing of the first two object identifier components recognizes >that only three values are allocated from the root node, and at most >39 subsequent values from nodes reached by X = 0 and X = 1. If the root node (component1) is 2, the subsequent node (component2) may be greater than 38. For example, the following are real OIDs: * 2.40.0.25, UPU standard S25 * 2.49.0.0.826.0, Met Office * 2.999, Allocated example OID This has 2 implications that the current parsing code does not take account of: 1. The second component may be > 39, so (subidentifier % 40) is not correct in all circumstances. 2. The first subidentifier (containing the first 2 components) may be more than one byte long. Currently we assume it is just 1 byte. Improve parsing code to deal with these cases correctly. [1] Rec. ITU-T X.690 (02/2021), 8.19.4 Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-02-14 17:00:25 +00:00
Gabor Mezei	0b4b8e3c5e	Update documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-14 16:36:38 +01:00
Dave Rodgman	319a5675db	Merge pull request #7084 from daverodgman/sizemax-uintmax Assume SIZE_MAX >= INT_MAX, UINT_MAX	2023-02-14 10:06:22 +00:00
Ronald Cron	70341c17b7	Merge pull request #6773 from yanrayw/6675-change-early_secrets-to-local TLS 1.3: Key Generation: Change tls13_early_secrets to local variable	2023-02-14 09:03:32 +01:00
Paul Elliott	1748de160a	Fix IAR Warnings IAR was warning that conditional execution could bypass initialisation of variables, although those same variables were not used uninitialised. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-13 15:35:35 +00:00
Gabor Mezei	a264831cff	Update documentation and add comments Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-13 16:29:05 +01:00
Andrzej Kurek	7a05fab716	Added the uniformResourceIdentifier subtype for the subjectAltName. Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:03:07 -05:00
Manuel Pégourié-Gonnard	d3d8c852a0	Merge pull request #6997 from valeriosetti/issue6858 driver-only ECDSA: get testing parity in X.509	2023-02-13 15:30:06 +01:00
Valerio Setti	178b5bdddf	pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 11:15:06 +01:00
Dave Rodgman	ab1f3c153a	Merge pull request #7081 from tom-cosgrove-arm/dont-use-lstrlenW	2023-02-10 20:50:07 +00:00
Dave Rodgman	4a5c9ee7f2	Remove redundant SIZE_MAX guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 16:03:44 +00:00
Gilles Peskine	b8531c4b0b	Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev X.509: Fix bug in SAN parsing and enhance negative testing	2023-02-10 15:05:32 +01:00
Dave Rodgman	f691268ee9	Add missing initialisers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	35598adb78	pkcs7: Check that hash algs are in digestAlgorithms Since only a single hash algorithm is currenlty supported, this avoids having to perform hashing more than once. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	6cfc469296	pkcs7: reject signatures with internal data A CMS signature can have internal data, but mbedTLS does not support verifying such signatures. Reject them during parsing. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	e373a254c4	pkcs7: do not store content type OIDs They will always be constant. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	55d9df25ef	Simple cleanup No change in behavior. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	4ec8355795	Check for junk after SignedData There must not be any. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	aaf3c0028d	pkcs7: do not store content type OID Since only one content type (signed data) is supported, storing the content type just wastes memory. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	512818b1d2	pkcs7: check that content lengths fill whole buffer Otherwise invalid data could be accepted. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 12:56:10 +00:00
Dave Rodgman	a22749e749	Merge pull request #6816 from nick-child-ibm/pkcs7_coverage Pkcs7 coverage	2023-02-10 12:55:29 +00:00
Tom Cosgrove	b96c309395	Don't use lstrlenW() on Windows The lstrlenW() function isn't available to UWP apps, and isn't necessary, since when given -1, WideCharToMultiByte() will process the terminating null character itself (and the length returned by the function includes this character). Resolves #2994 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-02-10 12:52:13 +00:00
Ronald Cron	834e65d47f	Merge pull request #6499 from xkqian/tls13_write_end_of_early_data Tls13 write end of early data	2023-02-10 11:08:22 +01:00
Dave Rodgman	78c6f40736	Fix code-style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-09 09:21:14 +00:00
Nick Child	14f255f332	pkcs7: Remove unnecessary dependencies stdio, stdlib and string header files are not used. Remove them. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-08 15:38:48 +00:00
Valerio Setti	ce0caa3384	oid: fix comment in #endif Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	f972ce8d69	oid: replace ECDSA_C with new macros for ECDSA capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Xiaokang Qian	0de0d863b6	Rebase code to restore reco-delay and fix some style issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 07:41:42 +00:00
Xiaokang Qian	8dc4ce76c7	Fix various coding style and comment issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	6b980011e5	Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	53c4c27d35	Update the comment of ciphersuite check for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	64bc9bc33d	Add comments to describe the early data behavior-encrypt/rejected... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	e04afdc44f	Refine the condition of whether re-generate early keys Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	eb31cbc791	Share the hash check code between ticket and external psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	4ef8ba2938	Assign the ciphersuite in finalize_hrr{server_hello} Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	bb883244aa	Remove useless comments of outbound switch Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	02f5e14073	Combine the alert check of selected_id and ciphercuite Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	934ce6f6a9	Rename the finalize_client{server}_hello() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	ac4c625dea	Add hash check of ciphersuite for ticket psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	6be8290aba	Change to CCS after client hello only if we offer early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	7179f810f1	Restore the empty lines Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	b58462157e	Refine the ciphersuite and select id check for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	44051f6376	Refine the state change after write client hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	7892b6caad	Refine the comment about generating early secrects in post server hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	bd0ab06d50	Skip CCS once we proposed early data even it is rejected Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	f6d8fd3d6b	Improve the coding style of new lines Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	79f77528f5	Move state change to finalize client hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	3f616c2493	Move selected_identity zero check to post_server_hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	1d8e86ce00	Get hash_alg by mbedtls_psa_translate_md Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	ea28a78384	Revert new field and check ciphersuite match when resume by exist info_id Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	4224244883	Improve coding styles and add comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	33ff868dca	Fix various errors Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	43a83f247c	Move the place where call set_outbound_transform to switch handshake key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	907461319a	Fix compile error and warnings Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	f10f474981	Check server selected cipher suite indicating a Hash associated with the PSK Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	592021aceb	Add CCS after client hello in case of early data and comp mode Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	303f82c5b9	Skip generating early secrets in some cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	b46275c7ec	Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:43 +00:00
Xiaokang Qian	2a674937dd	Pend a illeagal allert when selected_identity isn't 0 Handshake should abort will illeagal parameter allert when receiving early data extentions but the selected_identity parsed from pre-share key isn't equal to 0. Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:46:48 +00:00
Xiaokang Qian	126929f825	Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:46:45 +00:00
Xiaokang Qian	19d4416a45	Refine code to remove finalize_write_end_of_early_data() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	7094f66879	Remove useless duplicted mbedtls_ssl_tls13_ticket_get_psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	854db28bb7	Set hs_psk,ciphercuit_info and kex mode when writing pre-share key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	57a138d5c3	Update message log for end of early data test cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	742578ca2c	Remove end_of_early_data_coordinate() to align with exist style Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	bc75bc0c3a	Switch to MBEDTLS_SSL_END_OF_EARLY_DATA as needed Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	c81a15a019	Change the comment format of end_of_early_data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	7ed30e59af	Fix the issue that gnutls server doesn't support packet Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00
Xiaokang Qian	8804e6d0ac	Put kex_exchange_mode in the guard of TLS13 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	da8402dde6	Switch outbound back to handshake key after end_of_early_data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	bf09376bda	Remove useless prepare_write_end_of_early_data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	df6f52e2b2	Generate early key and switch outbound key to it after write client hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	d05ac5dfce	Add extern apis mbedtls_ticket_get_psk. Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	32af4fbbdb	Set ciphersuite info and kex mode in set_session in re-connection Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:59 +00:00
Xiaokang Qian	34aab55aa7	Add prepare function to switch transform to early keys Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:58 +00:00
Xiaokang Qian	125afcb060	Add end-of-early-data write Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:58 +00:00
Nick Child	3dafc6c3b3	pkcs7: Drop support for signature in contentInfo of signed data The contentInfo field of PKCS7 Signed Data structures can optionally contain the content of the signature. Per RFC 2315 it can also contain any of the PKCS7 data types. Add test and comments making it clear that the current implementation only supports the DATA content type and the data must be empty. Return codes should be clear whether content was invalid or unsupported. Identification and fix provided by: - Demi Marie Obenour <demiobenour@gmail.com> - Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-07 20:04:52 +00:00
Valerio Setti	5b16e9eabc	pk_wrap: keep ECDSA_C for ECP_RESTARTABLE contexts Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-07 16:21:36 +01:00
Hanno Becker	dae916b05f	X.509: Add length consistency checks to x509_get_other_name() Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-07 05:24:32 -05:00

1 2 3 4 5 ...

10405 commits